*

Offline markjo

  • *
  • Posts: 7849
  • Zetetic Council runner-up
    • View Profile
Re: How many people are in on the conspiracy?
« Reply #80 on: December 12, 2014, 01:51:42 PM »
Just because it's open source, it doesn't make it impervious. As I recall it was recently leaked by the Snowden documents that the NSA snuck code into public cryptographic standards by using highly complex and indecipherable advanced mathematics which only few could understand, and written in an inconvenient way. The random number generator produced keys which seemed random but were actually subtly not. This allowed the NSA, knowing how the number was tainted, to calculate the private key from a public key.
Didn't Snowden work for the NSA?  How can you trust anything that he has to say?  After all, for all anyone knows, he could still be working for the government and all of those documents were either faked of harmless so that he could establish the cover of being a traitor and flee to Russia so that he could spy on them.  After all, faking a few thousand leaks is child's play compared to covering up the true shape of the earth.

Since it was open source, everyone made the same literal justification you made in defense of legitimacy, the software passed several "code reviews," and the world proceeded to use it, basically giving the NSA free reign to access the most sensitive computers and networks as they pleased, without needing to hack anything.
Well, now that programmers know that that there may be suspicious code in the software, they have a better idea of what to look for in the next review.

The mere fact that this software was produced by someone receiving checks from the government invalidates its use as a tool for demonstrating the honesty of the government.
Yes, because everyone who has ever worked for the government, including myself, is a member of the conspiracy,  ::)
Abandon hope all ye who press enter here.

Science is what happens when preconception meets verification.

Ignorance more frequently begets confidence than does knowledge. -- Charles Darwin

If you can't demonstrate it, then you shouldn't believe it.

Re: How many people are in on the conspiracy?
« Reply #81 on: December 12, 2014, 04:24:19 PM »
Just because it's open source, it doesn't make it impervious. As I recall it was recently leaked by the Snowden documents that the NSA snuck code into public cryptographic standards by using highly complex and indecipherable advanced mathematics which only few could understand, and written in an inconvenient way. The random number generator produced keys which seemed random but were actually subtly not. This allowed the NSA, knowing how the number was tainted, to calculate the private key from a public key.

Since it was open source, everyone made the same literal justification you made in defense of legitimacy, the software passed several "code reviews," and the world proceeded to use it, basically giving the NSA free reign to access the most sensitive computers and networks as they pleased, without needing to hack anything.

The mere fact that this software was produced by someone receiving checks from the government invalidates its use as a tool for demonstrating the honesty of the government.

You're referring to Dual_EC_DRBG, yeah?

Everything you wrote here is wildly incorrect. 

https://www.schneier.com/essays/archives/2007/11/did_nsa_put_a_secret.html
http://eprint.iacr.org/2006/190
http://eprint.iacr.org/2007/048
http://www.math.ntnu.no/~kristiag/drafts/dual-ec-drbg-comments.pdf
I have visited from prestigious research institutions of the highest caliber, to which only our administrator holds with confidence.

*

Offline Tom Bishop

  • Zetetic Council Member
  • **
  • Posts: 10638
  • Flat Earth Believer
    • View Profile
Re: How many people are in on the conspiracy?
« Reply #82 on: December 13, 2014, 07:53:57 AM »
Well, now that programmers know that that there may be suspicious code in the software, they have a better idea of what to look for in the next review.

The point is that an entire world of programmers missed it in a very public open source security project used by millions of computers. Yet you are telling me that, simply because it it open source, that Joe Taylor's somewhat more obscure software project has probably been vetted so that all math is perfectly sound, the code is constructed to flow instantly without any subtle delays, and there are no hidden functions, all without the software reviewers, if it was even ever looked over, knowing what to look for.

Quote
Yes, because everyone who has ever worked for the government, including myself, is a member of the conspiracy,  ::)

If you were working for the Army accounting office and gave us a study proving that there was no corruption in Army finances, your work would absolutely be invalid.

Legitimate evidence comes from an outside source - external auditors, peer review by unconnected persons, etc. This should not be difficult to understand.
« Last Edit: December 13, 2014, 05:04:55 PM by Tom Bishop »

Re: How many people are in on the conspiracy?
« Reply #83 on: December 13, 2014, 03:03:00 PM »
The point is that an entire world of programmers missed it in a very public open source security project used by millions of computers. Yet you are telling me that, simply because it it open source, that Joe Taylor's somewhat more obscure software project has probably been vetted so that all math is perfectly sound, the code is constructed to flow instantly without any subtle delays, and there are no hidden functions, all without the software reviewers, if it was even ever looked over, knowing what to look for.

Did you not read the links I just posted?  The backdoor wasn't missed.  Wired was writing articles about it in 2007.
I have visited from prestigious research institutions of the highest caliber, to which only our administrator holds with confidence.

*

Offline Tom Bishop

  • Zetetic Council Member
  • **
  • Posts: 10638
  • Flat Earth Believer
    • View Profile
Re: How many people are in on the conspiracy?
« Reply #84 on: December 13, 2014, 04:40:35 PM »
Suspicion in 2007 != proof. Programmers looked at the code up and down and couldn't find where the NSA tainted it. It was argued by defenders that the random key generator was 'random enough' given the time and hardware limited constraints an average public-private key needs to be generated, and that it was hard to create something truly mathematically random. If you throw more time and computing resources at random number generation, it was argued, the number would of course be more random. No direct evidence of foul play could be found. There was never any proof of a backdoor or malicious intent. The tool could be called 'weak' at worst. Suspicions stayed suspicions and the tool continued to be used world wide. Only until the Snowden leaks occurred was the tool renounced.

From a more recent 2014 article:

http://www.itworldcanada.com/post/second-nsa-security-tool-further-weakens-rsas-cryptography-kit

Quote
experts had previously aired suspicions about Dual Elliptic Curve, but it was only after Snowden’s leak of NSA documents that RSA and the National Institute of Standards and Technology renounced the technology.

If there was actual proof of a back door the tool would have been renounced in 2007. Programmers had the code, right there in front of them, with hundreds of people in the security community out to put the NSA's head on a stake, and couldn't find where it was tainted. Yet we're supposed to trust "code reviews".
« Last Edit: December 14, 2014, 01:37:24 AM by Tom Bishop »

*

Offline markjo

  • *
  • Posts: 7849
  • Zetetic Council runner-up
    • View Profile
Re: How many people are in on the conspiracy?
« Reply #85 on: December 13, 2014, 06:44:23 PM »
Suspicion in 2007 != proof.
It looks like it is for you.  After all, you seem to think that possibly tainted optional code contributed by the NSA to an encryption program is enough proof to distrust a niche HAM radio communication protocol because the original programmer worked for a observatory that received some government funds.  Personally, I'd be a lot more worried by Facebook selling personal information to anyone who's willing to pay for it.
Abandon hope all ye who press enter here.

Science is what happens when preconception meets verification.

Ignorance more frequently begets confidence than does knowledge. -- Charles Darwin

If you can't demonstrate it, then you shouldn't believe it.

*

Offline Tom Bishop

  • Zetetic Council Member
  • **
  • Posts: 10638
  • Flat Earth Believer
    • View Profile
Re: How many people are in on the conspiracy?
« Reply #86 on: December 13, 2014, 07:28:52 PM »
It is a story which shows why open source code cannot be trusted simply because it is reviewed by the community. Things can be hidden in plain sight. This runs against your justification that the code must be untainted because it is open source.

That the programmer receives a paycheck from government observatories is another, separate discrediting point. Legitimate evidences comes from external sources. Per the previous example; a study by an Army accountant proving that there was no corruption in Army finances is in no way valid.
« Last Edit: December 14, 2014, 01:39:09 AM by Tom Bishop »

*

Offline markjo

  • *
  • Posts: 7849
  • Zetetic Council runner-up
    • View Profile
Re: How many people are in on the conspiracy?
« Reply #87 on: December 14, 2014, 04:34:22 AM »
It is a story which shows why open source code cannot be trusted simply because it is reviewed by the community. Things can be hidden in plain sight. This runs against your justification that the code must be untainted because it is open source.
Tom, I'm not sure if you understand how open source software works.  Perhaps you should ask Parsifal explain it to you some time.

That the programmer receives a paycheck from government observatories is another, separate discrediting point.
???  Why should someone automatically distrust a weak signal HAM radio communication protocol written by an astrophysicist who worked at several national observatories? 

Legitimate evidences comes from external sources. Per the previous example; a study by an Army accountant proving that there was no corruption in Army finances is in no way valid.
???  So you're saying that internal audits never find any problems or that GAO auditors shouldn't be trusted to track down fraud, waste or abuse within government agencies?
Abandon hope all ye who press enter here.

Science is what happens when preconception meets verification.

Ignorance more frequently begets confidence than does knowledge. -- Charles Darwin

If you can't demonstrate it, then you shouldn't believe it.

*

Offline Tom Bishop

  • Zetetic Council Member
  • **
  • Posts: 10638
  • Flat Earth Believer
    • View Profile
Re: How many people are in on the conspiracy?
« Reply #88 on: December 14, 2014, 04:54:52 AM »
Tom, I'm not sure if you understand how open source software works.  Perhaps you should ask Parsifal explain it to you some time.

Will Parsifal tell me that all open source software is reviewed by top experts and that there is no possible way to insert slight variances in the coding or the math involved to cause a delay or change the result of an output?

Quote
Why should someone automatically distrust a weak signal HAM radio communication protocol written by an astrophysicist who worked at several national observatories?
 

Because we want to know if those national observatories are honest when they do their moon bounce experiments.

We can't trust someone who works for those national observatories. That is a tainted source.

Quote
???  So you're saying that internal audits never find any problems or that GAO auditors shouldn't be trusted to track down fraud, waste or abuse within government agencies?

The GAO auditing the Army is a whole lot more legitimate than the Army auditing itself. The GAO can't be truly trustworthy, however, since it is still part of the government. It is still possible that someone high up at the GAO would have incentive to cover things up in some situation, perhaps at request of the president, or as not to cause embarrassment to the country.
« Last Edit: December 14, 2014, 04:58:42 AM by Tom Bishop »

Rama Set

Re: How many people are in on the conspiracy?
« Reply #89 on: December 14, 2014, 04:39:01 PM »
It is a story which shows why open source code cannot be trusted simply because it is reviewed by the community. Things can be hidden in plain sight. This runs against your justification that the code must be untainted because it is open source.

That the programmer receives a paycheck from government observatories is another, separate discrediting point. Legitimate evidences comes from external sources. Per the previous example; a study by an Army accountant proving that there was no corruption in Army finances is in no way valid.

An anecdote !=evidence. A spy agency was caught spying and you want to use this as evidence that scientists are not doing science. It makes no sense.

*

Offline markjo

  • *
  • Posts: 7849
  • Zetetic Council runner-up
    • View Profile
Re: How many people are in on the conspiracy?
« Reply #90 on: December 14, 2014, 05:17:15 PM »
Tom, I'm not sure if you understand how open source software works.  Perhaps you should ask Parsifal explain it to you some time.

Will Parsifal tell me that all open source software is reviewed by top experts and that there is no possible way to insert slight variances in the coding or the math involved to cause a delay or change the result of an output?
I have a feeling that part of the review/testing process is to check the results of the new code against the results of the old code.  Discrepancies in the results would likely raise suspicions.

Quote
Why should someone automatically distrust a weak signal HAM radio communication protocol written by an astrophysicist who worked at several national observatories?
 

Because we want to know if those national observatories are honest when they do their moon bounce experiments.

We can't trust someone who works for those national observatories. That is a tainted source.
Ummm...  First of all, WSJT is not used for moon bounce experiments.  It's used for long distance HAM radio communication where bouncing off the atmosphere, a meteor ion trail or the moon result in weak signals and/or low signal to noise ratios.

Secondly, by your reasoning, no on who has ever gone to college can be trusted because most colleges and/or students receive some sort of government funding or aid.

Quote
???  So you're saying that internal audits never find any problems or that GAO auditors shouldn't be trusted to track down fraud, waste or abuse within government agencies?

The GAO auditing the Army is a whole lot more legitimate than the Army auditing itself. The GAO can't be truly trustworthy, however, since it is still part of the government. It is still possible that someone high up at the GAO would have incentive to cover things up in some situation, perhaps at request of the president, or as not to cause embarrassment to the country.
Are you suggesting that outside auditors, such as Arthur Andersen are completely trustworthy?   Also, did you know the the MCI scandal was uncovered by internal auditors?
Abandon hope all ye who press enter here.

Science is what happens when preconception meets verification.

Ignorance more frequently begets confidence than does knowledge. -- Charles Darwin

If you can't demonstrate it, then you shouldn't believe it.

*

Offline Tom Bishop

  • Zetetic Council Member
  • **
  • Posts: 10638
  • Flat Earth Believer
    • View Profile
Re: How many people are in on the conspiracy?
« Reply #91 on: December 14, 2014, 09:01:34 PM »
An anecdote !=evidence. A spy agency was caught spying and you want to use this as evidence that scientists are not doing science. It makes no sense.

Actually, the analogy showing a spy agency inserting an undetectable backdoor into the algorithm of an open source project is evidence that open source software can be undetectably tainted.
« Last Edit: December 14, 2014, 10:59:38 PM by Tom Bishop »

Rama Set

Re: How many people are in on the conspiracy?
« Reply #92 on: December 14, 2014, 09:15:07 PM »
An anecdote !=evidence. A spy agency was caught spying and you want to use this as evidence that scientists are not doing science. It makes no sense.

Actually, the analogy shows that a spy agency inserting an undetectable backdoor into the algorithm of an open source project is evidence that open source software can be undetectably tainted.

But you have no evidence of any such tainting and other than this anecdote have no reason based in fact to believe that the code is not working as intended.

If we were to grant your point we are now forced to incorporate an entirely new and substantial entity into your conspiracy whose ability to operate with 100% clandestine efficiency is undreamt of in any other field of endeavor in human history. Please pipe the bloat on to your conspiracy theory.

*

Offline Tom Bishop

  • Zetetic Council Member
  • **
  • Posts: 10638
  • Flat Earth Believer
    • View Profile
Re: How many people are in on the conspiracy?
« Reply #93 on: December 14, 2014, 09:20:29 PM »
I have a feeling that part of the review/testing process is to check the results of the new code against the results of the old code.  Discrepancies in the results would likely raise suspicions.

What if the original code was tainted?

Quote
Ummm...  First of all, WSJT is not used for moon bounce experiments.  It's used for long distance HAM radio communication where bouncing off the atmosphere, a meteor ion trail or the moon result in weak signals and/or low signal to noise ratios.

Secondly, by your reasoning, no on who has ever gone to college can be trusted because most colleges and/or students receive some sort of government funding or aid.

Actually, university student research can't be trusted either. If a university is government funded, the government can easily tell them "we want you to bounce a laser off of the Apollo retoreflector with the university observatory's quadrillion-watt laser you have on loan, using this here software package designed for this purpose," and wa-la, it's done. Another paper to prove that America achieved moon victory in the summer of 1969.

Quote
Are you suggesting that outside auditors, such as Arthur Andersen are completely trustworthy?   Also, did you know the the MCI scandal was uncovered by internal auditors?

By rule if thumb and standard practice, audits by external groups are more creditable than an internal audit. If a company conducts solely internal audits, that would be a red flag for investors. Financial statements are more credible if an external auditor evaluates them and agrees that they are accurate.
« Last Edit: December 14, 2014, 09:41:00 PM by Tom Bishop »

*

Offline Tom Bishop

  • Zetetic Council Member
  • **
  • Posts: 10638
  • Flat Earth Believer
    • View Profile
Re: How many people are in on the conspiracy?
« Reply #94 on: December 14, 2014, 09:31:15 PM »
An anecdote !=evidence. A spy agency was caught spying and you want to use this as evidence that scientists are not doing science. It makes no sense.

Actually, the analogy shows that a spy agency inserting an undetectable backdoor into the algorithm of an open source project is evidence that open source software can be undetectably tainted.

But you have no evidence of any such tainting and other than this anecdote have no reason based in fact to believe that the code is not working as intended.

If we were to grant your point we are now forced to incorporate an entirely new and substantial entity into your conspiracy whose ability to operate with 100% clandestine efficiency is undreamt of in any other field of endeavor in human history. Please pipe the bloat on to your conspiracy theory.

It just takes one nefarious protocol/software package being written for moon bounce experiments, which gets passed around from government observatory to government observatory, when the experiments are repeated. I doubt every such researcher is reinventing the wheel and programming software from scratch that interacts with the hardware. There are standard protocols and software packages which get shared between observatories.
« Last Edit: December 14, 2014, 09:34:42 PM by Tom Bishop »

Rama Set

Re: How many people are in on the conspiracy?
« Reply #95 on: December 14, 2014, 09:44:51 PM »
An anecdote !=evidence. A spy agency was caught spying and you want to use this as evidence that scientists are not doing science. It makes no sense.

Actually, the analogy shows that a spy agency inserting an undetectable backdoor into the algorithm of an open source project is evidence that open source software can be undetectably tainted.

But you have no evidence of any such tainting and other than this anecdote have no reason based in fact to believe that the code is not working as intended.

If we were to grant your point we are now forced to incorporate an entirely new and substantial entity into your conspiracy whose ability to operate with 100% clandestine efficiency is undreamt of in any other field of endeavor in human history. Please pipe the bloat on to your conspiracy theory.

It just takes one nefarious protocol/software package being written for moon bounce experiments, which gets passed around from government observatory to government observatory, when the experiments are repeated. I doubt every such researcher is reinventing the wheel and programming software from scratch that interacts with the hardware. There are standard protocols and software packages which get shared between observatories.

Speculation again. Do you have evidence that such a protocol exists?  Endless bloviating about what could be is the field of novelists not those endeavor ing to investigate the truth.

*

Offline markjo

  • *
  • Posts: 7849
  • Zetetic Council runner-up
    • View Profile
Re: How many people are in on the conspiracy?
« Reply #96 on: December 14, 2014, 10:51:08 PM »
I have a feeling that part of the review/testing process is to check the results of the new code against the results of the old code.  Discrepancies in the results would likely raise suspicions.

What if the original code was tainted?
What if the original code wasn't tainted and did just what it claimed?

Actually, university student research can't be trusted either. If a university is government funded, the government can easily tell them "we want you to bounce a laser off of the Apollo retoreflector with the university observatory's quadrillion-watt laser you have on loan, using this here software package designed for this purpose," and wa-la, it's done. Another paper to prove that America achieved moon victory in the summer of 1969.
Tom, do you have any personal, hands on experience with the inner workings of the laser moon bounce process at any of the observatories that do these measurements, or are you deliberately misrepresenting the process in order to make it look suspicious?

By rule if thumb and standard practice, audits by external groups are more creditable than an internal audit. If a company conducts solely internal audits, that would be a red flag for investors. Financial statements are more credible if an external auditor evaluates them and agrees that they are accurate.
What about when the external auditor is an integral part of the scandal?
Abandon hope all ye who press enter here.

Science is what happens when preconception meets verification.

Ignorance more frequently begets confidence than does knowledge. -- Charles Darwin

If you can't demonstrate it, then you shouldn't believe it.

*

Offline Tom Bishop

  • Zetetic Council Member
  • **
  • Posts: 10638
  • Flat Earth Believer
    • View Profile
Re: How many people are in on the conspiracy?
« Reply #97 on: December 20, 2014, 08:37:29 AM »
What if the original code wasn't tainted and did just what it claimed?

We've only seen that the government can produce RET results.

Quote
Tom, do you have any personal, hands on experience with the inner workings of the laser moon bounce process at any of the observatories that do these measurements, or are you deliberately misrepresenting the process in order to make it look suspicious?

There is an entire internet designed for universities to share resources like this called "Internet 2".

Quote
What about when the external auditor is an integral part of the scandal?

What are you talking about. It's a fact of life that audits by external sources are significantly more credible than audits by internal sources. External sources are not incorruptible, simply more creditable.

Rama Set

Re: How many people are in on the conspiracy?
« Reply #98 on: December 20, 2014, 01:44:11 PM »
Three questions and not one answer that is direct.

*

Offline markjo

  • *
  • Posts: 7849
  • Zetetic Council runner-up
    • View Profile
Re: How many people are in on the conspiracy?
« Reply #99 on: December 20, 2014, 04:37:47 PM »
What if the original code wasn't tainted and did just what it claimed?

We've only seen that the government can produce RET results.
Have you considered the possibility  that RET results are easier because the earth is actually round?

Quote
Tom, do you have any personal, hands on experience with the inner workings of the laser moon bounce process at any of the observatories that do these measurements, or are you deliberately misrepresenting the process in order to make it look suspicious?
There is an entire internet designed for universities to share resources like this called "Internet 2".
???  What doe that have to do with your own personal experience with moon bounces?

Quote
What about when the external auditor is an integral part of the scandal?
What are you talking about. It's a fact of life that audits by external sources are significantly more credible than audits by internal sources. External sources are not incorruptible, simply more creditable.
How credible was Arthur Andersen's external audit of MCI when MCI's internal auditors found almost $4 billion in irregularities?
Abandon hope all ye who press enter here.

Science is what happens when preconception meets verification.

Ignorance more frequently begets confidence than does knowledge. -- Charles Darwin

If you can't demonstrate it, then you shouldn't believe it.