Wow! Is the trick that we now have powerful microcomputers small enough to fit into a USB plug? That's pretty incredible technology. How many years ago did this become possible? My IT security training is dated, I am aware of the risks of plugging in a random USB key, but just a cable from a helpful "coworker"? Yikes.
It’s a copy of the NSA ANT Coppermouth cables. That was part of the Snowden leak, so it’s been possible since at least then (the doc itself is circa 2008) if you have a three-letter name and a national security black budget.
The real answer? Because these people are just like us, geeks, nerds, techies, early adopters. They are just the same people we live and work with.
The film Enemy of the State (1998) was science fiction except with the parts where the techy operators were just normal nerds like us. That what was most scary part of the film not the (at the time fantastic) surveillance.
Couldn't be me: the private sector pays me waaaaaaaay more.
Also, you can't work for the feds if you ever touch the ganja, which is ridiculous. Everyone I personally know in infosec leads a very... alternative west-coast lifestyle which is not conducive to career progression in an east-coast, button-down-shirt environment.
> Also, you can't work for the feds if you ever touch the ganja, which is ridiculous
I believe it is possible to get security clearance after cessation of drugs for multiple years, even drugs like Heroin. I found the full rules[0] while reading an AMA on /r/SecurityClearance.
I entertained the idea of working in the public sector a while ago, for a brief time, until I learned that pot is fine in my past, but not in my present. "How the heck do you expect me to get the code written?"
Also, I've been told that getting a clearance is more burden than blessing. You have restrictions that an "ordinary person" doesn't have, along with criminal penalties for violating them. Whereas, without a clearance, if they really need you for something, they'll bring you in anyway.
> I've been told that getting a clearance is more burden than blessing
Yes it definitely can be, but depends on your personality and stage of life. You are always cognizant of having a clearance and the need to maintain it, and so you consider that in your every day life. You also have to open your life up in uncomfortable ways, even if your only objection is in principal.
You probably don't sweat it too much later in life since you generally are a more 'boring' person, but I had mine in my mid 20's so was a lot more active in terms of social life. One time I was in downtown SF with a buddy hitting up bars etc and eventually had to cut out early because things were getting more drug oriented. I also used to play a lot of cards before getting a clearance and had contacts who were in some shady stuff. I basically excommunicated them from my life to avoid the clearance hassle.
Friend of mine is head of IT for some government agency. Not a spooky one - just a routine agency. However, given the nature of IT and the data they need to store - they are required to get security clearance.
For him it's been a minor nuisance at worst. He has strong restrictions on travel. I think he needs approval to travel abroad. He has relatives in other countries and visits them often, so it can't be too much of a nuisance.
I believe he told me that he does have to report details of where he went in each country and who he interacted with upon his return. Not sure about the details.
Things may have changed, but in my prior life when I had a clearance, for example, dating (or marrying for that matter) a foreign national would result in heavy vetting, including possibly losing your clearance and/or being terminated.
Don't do drugs (including marijuana), don't get blackout drunk, don't talk about your work, don't need psychiatric help...
For the last sentence...Trump had all sorts of clearance when he clearly should not have. But he was in an important position.
Putting aside the politics of it for a second, all clearence stems from the executive branch which stems from the president. Saying the president shouldn't have clearance doesn't make a lot of sense, he's the one who authorized it. He's the one who decides who gets it.
Anyone who thinks differently is arguing for a shadow gov, i.e. unelected bureaucrats who answer to no one and can make decisions unilaterally without consequence... not exactly democracy.
> Anyone who thinks differently is arguing for a shadow gov, i.e. unelected bureaucrats who answer to no one and can make decisions unilaterally without consequence... not exactly democracy.
Lots of countries have an establishment "civil service" comprised of those "unelected bureaucrats" that you mention, and it actually works out quite well for them.
That said, they aren't unaccountable: they answer to departmental heads, MPs, committees, etc. A big advantage of the system is to prevent mad-swings in policy just because the head-of-government changed.
Yes, of course - but if a country already had a well-oiled establishment civil-service which kept its finger on the pulse of the nation then it would already be aligned with the electorates' interests and voting-intent.
Any power structure naturally seeks permanence. Democratic elections with short office terms goes against the nature. If we are not vigilant, shadowy forces will take control of this mechanism too. Some could argue it already has happened.
That statement wasn't about politics at all. Let me put it another way: Had he been trying to get clearance for a normal position, he would probably not have received it.
I also never said he had access to everything. Nobody has access to everything. Not arguing for a shadow government--it's already a fact. It happened when classification rules went from "what would harm national security" to "what would cause problems if American citizens found out we were doing this."
In principle the president has access to EVERYTHING. There is literally nothing he shouldn't have access to, at least within the executive branch which includes nearly all military/defense/intel secrets.
The only thing he does not have unrestricted access to is Justice department stuff (e.g. FBI), although there'd better be a damn good reason to deny it to POTUS if he asks, and legislative branch secrets which really infrequently comes into play. That's due to the whole separation-of-powers, checks-and-balances thing. But security clearances for everything in the executive branch stem FROM the president. If he wants to reveal some state secret, he can just tweet it with no consequences, or blurt it out while on the phone with foreign states. As Trump did on multiple occasions.
That said, of course there is a significant deep state bureaucracy which attempts at times to keep certain things hidden, even from the current president. But if the president were to ask about it, they have to tell him.
I don't know. I haven't worked in that system for many years. That said, it was more received wisdom than a written rule, and I was aware of exceptions who were prescribed more than ADHD meds.
> Also, you can't work for the feds if you ever touch the ganja, which is ridiculous.
Calling it 'ridiculous' removes the debate concerning the pros and cons on such rule. If you consider someone can become vulnerable if they're addicted (to anything, really) then it makes sense to be wary of a drugs addiction. Especially if the resource the person is addicted to is illegal.
That being said, I'd find it reasonable if they OK'ed medical marihuana usage. I hope my gov (NL) does.
Well it's a comparison. Not once on the security clearance paperwork is alcohol mentioned, while if you have smoked/eaten/etc. marijuana at ALL in the past 7 years, it's practically an instant deny unless it was under some exigent circumstance. You can even be denied if you don't partake but are close contacts with other marijuana users.
Obviously if someone is _addicted_ to either, that is a security risk. But the extent to which they reject people for recreational marijuana use is laughable.
They contact all your close contacts listed on the paperwork. Lying also constitutes perjury in this case.
The unofficial advice I’ve heard is to not even bother with SC if you use weed. Generally, it will be found out. I looked into this as needing an SC was a possibility with my current job.
Here’s a different picture. Put in your 20y at NSA right out of school. Get retirement benefits, and then move to the private sector, where they pay a premium for NSA experience. Or, do contract work for NSA since you already have clearance and contacts. They will pay you about 4x more as a contractor.
You are commenting on a forum full of people who build tools and technology for facebook and google and probably palintir and a thousand other facial recognition and thoughtcrime style systems.
There are probably some generalizable differences between software engineers who work for intelligence agencies vs private sector engineers. The most significant factor being that government engineers need to be able to get a security clearance and pass the attendant background checks and interviews. Most of the engineers I've worked with in the private sector probably couldn't pass these checks because of foreign nationality or recreational drug use. It's a virtual certainty that the need for a security clearance produces a strong selection effect. Not saying it makes the intelligence engineers better or worse just that I'm sure there are some significant differences.
I just wanted to point out that obtaining a security clearance is not nearly as hard as you make it sound. For most organizations prior recreational drug use does not preclude you from the clearance.
A lot of what they look for is consistency in accounts of previous behaviors between you and any references / interviews they undertake, trying to assess if you're currently honest.
Another big thing they are trying to decide is if you are blackmailable.
(throwaway because I have the sort of clearance you are not supposed to advertise that you have)
John McAfee discussing getting his security clearance when he worked for Lockheed-Martin:
"They asked me very revealing questions.... Had I ever taken drugs? Yes. What kinds? Almost every kind. Uh, how much? A lot. Have you ever sold drugs? Yes. So I assumed I would never get the clearance but I did and it came in very quickly."
(clearly decades ago, and he's less than reliable, but fun nonetheless!)
Can confirm (source: I have a friend that works for a three-letter agency). Before I sit for a clearance interview, I asked him about it. I used to think I'd probably be disqualified, but I learned that was not the case at all. Much of what they're trying to determine is your exposure to potential blackmail.
How recent? Posts like "FBI can't find hackers" have been frontpaging for years but people who have responded to the ads say they were dismissed at the clearance step or advised to not continue due to it.
Sure, Facebook and Google are pretty evil organisations but they can never match the scope of surveillance of governmental agencies.
Facebook and Google need the user to use their services and they say (despite the message being in legalese) what they're going to track. There is consent involved in these organisations, it's a voluntary transaction.
The government can (and did) just intrude on everything without consent or penalties.
From a moral point of view, I would be open to work for BigTech, but I wouldn't work for a state actor.
In theory, yes. In practice, if you'll try to avoid any interaction with sites affiliated with Google, Facebook or feeding surveillance data to them, you'll quickly discover that the internet became very small and much less usable than before. You don't need to use Facebook or search on Google to be tracked by them. Google owns one of the largest ad networks in existence, so if you visit any site that has ads or analytics trackers, the data about it will go to Google. Any site featuring Facebook social button may feed the data to Facebook. If you write to somebody with @gmail address Google knows about it. And so on, and so forth. For a highly technically skilled person, it might be possible to avoid interactions with Big Tech while being able to still using modern technology, but it won't be easy. For a normal person without deep technical background it's pretty much hopeless unless they avoid using the internet entirely. Of course, using the internet is "voluntary", but this is a very weak consolation.
And, also, both Google and Facebook eagerly cooperate with state actors in censorship and other aspects - likely surveillance too. So there's not much difference in that aspect whether you work for the government directly or for somebody who takes marching orders from the government while being formally independent.
Morality is the difference. That's not exactly "norms" but somewhat on an adjacent path. But in terms of interest and participation in our club, *they are us*. That's the true terrible reality.
A more accessible idea which is quite different but allows some truth to shine in similarly is to consider how many of us are utterly dependent on advertising in our careers but we all adblock personally.
> That's not exactly "norms" but somewhat on an adjacent path. But in terms of interest and participation in our club, they are us. That's the true terrible reality.
I remember "Spot the Fed" at DEF CON where I thought it was reflecting this deep and kind of intractable antagonism between the hackers and the government. It turned out that the government was regularly recruiting people there and at other hacker conferences, fairly successfully, and still does. (First I thought that all computer nerds would be at least somewhat anti-military or anti-surveillance, and then I thought that at least those who actively associate themselves with computer culture and counterculture would be, and now I don't really think either of those.)
The social distance between people working for spy agencies and people who vocally criticize and oppose the spy agencies is tiny. I worked at EFF and I've known socially, or kind-of-socially, four people I can immediately think of who worked directly for NSA at some point in their careers, and those are, of course, just the ones who chose to mention it. I've also seen someone unsuccessfully try to recruit someone for NSA face-to-face right in front of me, and had a boss whose next job was alongside an NSA alum.
I also think that NSA alums are more likely to mention it because they're less likely to have worked under false pretenses in other countries (compared to, say, CIA alums).
I had a relative who was a super-huge computer nerd (the biggest computer nerd in my whole family, possibly more than myself, and taught me a lot of my early Unix knowledge) who had previously held a clearance and worked in aerospace engineering (I think on radars or something). He didn't work for a spy agency, but did work on military projects. And nobody could hold a candle to his Unix expertise.
It's pretty striking how diverse in our beliefs we all are (not just about surveillance and espionage, but kind of on every issue and question). Maybe we don't notice it because of social pressures to act like we agree more than we do. Being fascinated with surveillance and secrecy is a common trait in our circles, but it seems that might translate into trying to fight it, or into trying to do it.
> The social distance between people working for spy agencies and people who vocally criticize and oppose the spy agencies is tiny.
That sort of makes sense to me? The average member of the public doesn't generally think about what spy agencies do. If you assume that recruitment is based more on topical proximity than positive/negative opinion, that's what you'd expect to see.
I would say it's that the set of morals or beliefs are different. Believing that someone is without morals or immoral is just the perspective of the observer.
Some of us don't agree with the intelligence gathering behaviors of our governments, but they certainly might not view it as an issue.
I for one don't necessarily disagree with government having a monopoly on violence and all that jazz. But I guess that what makes me HN crowd is that I'm also easily convinced to change my mind if someone brings up a convincing argument.
There are several industries built around hacking human minds: advertising, pay-to-win mobile games, political consulting, user engagement services like Facebook, and of course literature.
Absolutely. It's the human mind's responsibility not to be "hacked", by which I assume you mean exploited to e.g. mindlessly scroll Facebook all day.
If most people are weak enough to become matrix-like slaves to the machine, so be it. I don't believe in free will and I don't think we need to preserve human life in a certain way (e.g. the way our ancestors lived).
Sure, a lot of people will fail this test, or maybe they prefer to live their life like that. I don't care, that's on them, that's their choice - or, better, the way DNA and the environment shaped this human shell.
If instead you wiretap my device, you're attacking my privacy and I don't have a way to defend myself. You are committing violence.
If you don't believe in free will, why should anyone care about your will to preserve your privacy? Sounds like you only believe in your own free will.
It may be possible to believe you don’t have free will, yet act like you do and to find meaning in life. After all, given how hard it is to even define “free will”, how can we know for sure whether we have it? Now recent research seems to indicate (note the weasel words) that we have less of this “free will” stuff than we like to think. Yet hopefully, if you dig a little deeper, we find something that qualifies as free will, even if we live in a deterministic world. Which we don,t quite; see quantum mechanics. But a free will based on QM seems no better. Who wants a “free will” based on randomness?
Please forgive my ramblings. I may have been reading Daniel Dennett too much, most likely with too little understanding.
To be fair, I too have ended up thinking that free will probably does not exist. Yet everyone else and I will always continue to behave and live as if it existed, that is my consolation.
That does not follow. Reduction in entropy generation surely has meaning, it has thermodynamic consequences, regardless of any ‘free will’ here or there.
‘You can't predict unless you have the will to perform a prediction.’
I’m fairly certain fish can predict the course of future events, to a fairly high degree of accuracy, in relation to seasonal changes in water temp, food density, etc…
e.g. spawning salmon
That's comparing apples and oranges. Perhaps, fish have free will, but this conversation is about human beings, where we have the internal laboratory apparatus required for introspection and determination. We can create hypothesis and tests, then inspect results. We are directly able to test, through choice, to prove that we have free will. It is foolish to compare yourself to a fish, though your ability to compare your mentality to that of a fish was your free choice made from your own free will.
That’s a fairly reductive definition of ‘will’ if fish can have it.
It is not clear at all your claim is true in the general case, which is the point. Humans differ from fish not in kind, but only in degree, a few hundred million years of evolutionary divergence as the biologists would have it. Unless of course special factors such as a ‘soul’ are assigned to humans and so on.
You didn't address anything I wrote, instead choosing to create a strawman about the will of fish. I sincerely hope that one day you will grow into realizing that you have free will.
‘You can't predict unless you have the will to perform a prediction.’
That is a general claim that you wrote that I have shown is not correct unless you have an interpretation of the word ‘will’ that is so broad as to render your other statements somewhat meaningless.
In fact you are the one creating the strawman since you dodged addressing the question. I have made no separate claims about my personal free will, or lack thereof.
Thanks for pretending to be the arbitar of truth, but you are the one who responded to my comment (made to another), "If you don't accept that you have free will, than nothing you write or say has any meaning."
It is now obvious you have no point other than wanting to debate words and are being intentionally obtuse. This is not a high school debate class, and I will no longer engage in your foolishness, since you have stated that you are not actually commenting on the subject of the conversation.
I’m not exactly sure why you think I would care so much about your opinions to be ‘the arbiter of truth’ for any topic. You’ve made claims that are clearly erroneous and I’ve been pointing them out to the passing reader, so they are not waylaid. I won’t comment on the correct interpretation of ‘free will’ since I myself don’t know, and decline to pretend to know.
Not exactly, you, have been convinced that protecting your Nation against terrorism was an important priority, so you endorse the budget going into it and the infringements on your liberties, in exchange for the feeling of safety.
IIRC the funny thing is, the system that provides the codenames is random in order for the system to not leak information about what the code name is for. But since there's no limit to how many times you can request a code name, the system is being abused and users try until they get a good one.
"During WWII, British intelligence was able to glean details of new German technologies simply by considering their code names. For instance, when they began hearing of a new system known as Wotan, Reginald Victor Jones asked around and found that Wotan was a one-eyed god. Based on this, he guessed it was a radio navigation system using a single radio beam. This proved correct, and the Royal Air Force was able to quickly render it useless through jamming."
Read R.V. Jones book "Most secret* war" if this kind of war-engineering interests you.
* Pay attention to "most secret" rather than the ghastly Americanism "top secret"!
Because projects start in the smouldering ruins of as-is, and their business case is mythical (and if you want to rise in this environment you’d better be flame-retardant).
My apologies! I completely missed that I made that typo. Either I was in the throes of exhaustion or my phone spellchecked me :( Now it's too late to edit.
The NSA implant was a passive retroreflector implant, which when illuminated by powerful radio waves, broadcasted back what was being typed, or what was visible on screen.
This seems to be more of a tiny chip that captures and stores keystrokes etc.
There is already an Arm Cortex M0+ in the end of every USB type C cable for power negotiation.
It has a complex codebase and firmware update methods to migrate to new USB specs. Cheap cables don't even support signing so go to town tampering with stock cables if you are so inclined.
Also an Attiny85 can fit inside just about anything.
My favorite BadUSB hello world is using the Arduino HID library to make a Digispark toggle caps lock randomly with maybe 10 lines of code. Drives people nuts.
In the leaks that happened around the time of Snowden's revelations, there were DVI/monitor cables that had transmitters that would broadcast the decrypted signal so that someone with the receiver nearby could "share" the screen. No software installed for security software to find. Just a cable that could be installed by the cleaning crew after hours.
That level of miniaturization is far older than Apple's removal of the iPhone headphone jack in 2016, but the related lightning-to-audio jack dongle had a microcontroller with a DAC inside that you'd never think existed due to the form factor.
The Lightning-to-HDMI adapter is also an insane miniaturization. It runs a (very) stripped down version of iOS/darwin (not sure what apple counts it as) that is loaded in about a second when you plug in the phone, establishes a network connection, and streams compressed video frames over the network over USB to the HDMI.
That's why when you use the iPhone HDMI adapter, everything looks a little bit compressed. Because it is.
Yup. It's actually an incredibly clever piece of tech that lets the iPad/iPhone get around the fact that lightning doesn't have enough bandwidth to transmit HDMI.
For regular home/app views, it does hardware compression of the iPad's screen, outputs that over lightning, then the adapter decompresses it to raw HDMI.
While for Netflix/etc. streams, it outputs the stream directly to the adapter to decompress, without quality loss. (And at full size as well, rather than double-letterboxed.)
I still haven't figured out the magic of how apps like Netflix are able to do overlays of subtitles on top of the compressed video stream. Best I can tell, there must be a separate API for that, that gets sent in parallel.
As far as working within the constraints of USB 2, it's a solid way to do things.
And I'll even leave aside the issue of running a whole OS just to decode video.
But this is dealing with 1080p output. That's not very intensive. A lightning port has two high speed data pairs. You don't even need USB 3 speeds to transmit HDMI over one of those data pairs, and then put in like a $2 redriver.
If you set up double-sided output I think you could even have a passive lightning to HDMI adapter. But that's a side issue, my main point is the bandwidth available that makes these tradeoffs unnecessary.
I'm not sure what point you're trying to make? Basic 1080p is 3.96 Gbps. Lightning is 480 Mbps. The bandwidth isn't there according to how lightning was designed.
Yes. (Well technically you need 3.20 or 3.33 for 1080p60, and HDMI 1.0 supports 3.96)
> Lightning is 480 Mbps. The bandwidth isn't there according to how lightning was designed.
Not true. Lightning has two differential data pairs. The port can do much more than 480 Mbps.
If your response to that is "oh, but it's only connected to pins that do 480", they would have to reconnect it to video pins anyway to do HDMI out. And nothing else in the lightning ecosystem would limit it, because this is a directly-attached adapter.
Also some of the iPad Pros have actual usb 3 support on their lightning ports.
Funny enough, that shouldn't be a challenge for Apple since the world's slimmest smartphone ever made actually has a headphone jack[1], so Apple excuse of not enough space inside the phone is horse shit to force everyone into the Airpods ecosystem.
What's the difference in this case? Volume is a multiplication of dimensions on all axis. If they didn't compromise on thickness that means they have more international volume available to reduce the other dimensions which they didn't as modern iPhones don't lack depth either, barring the mini, they're all quite large on all axis.
I don't know, but I do know that back in 2013 you could get an ARM computer running linux and a webserver with wifi and 16Gb storage in a space the size of an SD card. That is still a bit too big to fit inside a USB plug without being obvious, but not by much. https://hackaday.com/2013/08/12/hacking-transcend-wifi-sd-ca...
Fitting the electronics inside the usb plug itself has been used for years in slimline usb memory sticks and in tiny readers for micro-sd too.
I expect that this has been possible for nearly 10 years, but maybe just not commercially viable for consumers for most of that.
I'd say the total size of silicon has been small enough for this for at least 20 years. The level of integration between these components, skipping the need for packaging and interconnect is what's allowed these covert devices, probably driven by manufacturing optimization that makes is financially tractable to only make 100 units, so that bit is much cheaper yeah. Things like antennas and other bulky non-silicon passive components are probably the limiting factor now.
Not just the microcontroller but also the wifi radio and antenna... But a USB-A socket is pretty big anyway. This isn't too different from the tiny wireless mouse dongles that have been around for a few decades.
In 2008 we had USB flash drives which extended only two millimeters beyond the laptop when you plugged them in, and Wifi dongles in the same form factor.
> now have powerful microcomputers small enough to fit into a USB plug
Like 20 years ago? 32 bit micros were actually not that far behind low end CPUs until they start to fall off dramatically in the 90, and post-90nm age because perf was good enough.
After nineties, CPU improvements were guided as much by software getting worse, slower, and more shoddily written, than genuine need for more raw computing power.
