(RM Jr of worm fame was just a kid then.)
AFAIK the only group to discover Ken’s hack was us in PWB/UNIX. One of the other guys noticed C prepreprocessor had gotten bigger, looked at binary namelist, found symbol not in source code. I got onto Ken’s system, found the code, very clever.
(RM Jr of worm fame was just a kid then.)
More chortling, then (must have been Bob): uhh, NSA really doesn’t have sense of humor.
We did audit, agreed with that, BUT:
1) Many terminals had yellow stickies with root password.
2) They’d reused unused lab space w/o adequate HVAC, room got hot, so they often left door open.
As usual, good tech helps, but human error/laziness must always be guarded against.
Same thing happened later with workstations & then PCs: user depts got impatient with central IT.
Just as happened later with workstations/PCs, BTL Directors found that running own computer center well was a pain. The main computer centers then offered to do facilities management, with good HVAC,
I recall centralized mainframe service bureaus of 1960s,reborrn as cloud🙂
More from Software
The Great Software Stagnation is real, but we have to understand it to fight it. The CAUSE of the TGSS is not "teh interwebs". The cause is the "direct manipulation" paradigm : the "worst idea in computer science" \1
Progress in CS comes from discovering ever more abstract and expressive languages to tell the computer to do something. But replacing "tell the computer to do something in language" with "do it yourself using these gestures" halts that progress. \2
Stagnation started in the 1970s after the first GUIs were invented. Every genre of software that gives users a "friendly" GUI interface, effectively freezes progress at that level of abstraction / expressivity. Because we can never abandon old direct manipulation metaphors \3
The 1990s were simply the point when most people in the world finally got access to a personal computer with a GUI. So that's where we see most of the ideas frozen. \4
It's no surprise that the improvements @jonathoda cites, that are still taking place are improvements in textual representation : \5
The Great Software\xa0Stagnation https://t.co/A6peSPERaU
— Jonathan Edwards (@jonathoda) January 1, 2021
Progress in CS comes from discovering ever more abstract and expressive languages to tell the computer to do something. But replacing "tell the computer to do something in language" with "do it yourself using these gestures" halts that progress. \2
Stagnation started in the 1970s after the first GUIs were invented. Every genre of software that gives users a "friendly" GUI interface, effectively freezes progress at that level of abstraction / expressivity. Because we can never abandon old direct manipulation metaphors \3
The 1990s were simply the point when most people in the world finally got access to a personal computer with a GUI. So that's where we see most of the ideas frozen. \4
It's no surprise that the improvements @jonathoda cites, that are still taking place are improvements in textual representation : \5
As the year wrap's up, let's run through some of the worst public security mistakes and delays in fixes by AWS in 2020. A thread.
First, that time when an AWS employee posted confidential AWS customer information including including AWS access keys for those customer accounts to
Discovery by @SpenGietz that you can disable CloudTrail without triggering GuardDuty by using cloudtrail:PutEventSelectors to filter all events.
Amazon launched their bug bounty, but specifically excluded AWS, which has no bug bounty.
Repeated, over and over again examples of AWS having no change control over their Managed IAM policies, including the mistaken release of CheesepuffsServiceRolePolicy, AWSServiceRoleForThorInternalDevPolicy, AWSCodeArtifactReadOnlyAccess.json, AmazonCirrusGammaRoleForInstaller.
First, that time when an AWS employee posted confidential AWS customer information including including AWS access keys for those customer accounts to
Fresh data breach news-
— Chris Vickery (@VickerySec) January 23, 2020
Amazon AWS engineer exposes work-related keys, passwords, and documents marked "Amazon Confidential" via public Github repository: https://t.co/7gkIegnslx
Discovered within 30 minutes of exposure by my team at @UpGuard.
Discovery by @SpenGietz that you can disable CloudTrail without triggering GuardDuty by using cloudtrail:PutEventSelectors to filter all events.
"Disable" most #AWS #CloudTrail logging without triggering #GuardDuty:https://t.co/zVe4uSHog9
— Rhino Security Labs (@RhinoSecurity) April 23, 2020
Reported to AWS Security and it is not a bug.
Amazon launched their bug bounty, but specifically excluded AWS, which has no bug bounty.
Amazon Vulnerability Research Program - Doesn't include AWS D:https://t.co/stJHDG68pj#BugBounty #AWS
— Spencer Gietzen (@SpenGietz) April 22, 2020
Repeated, over and over again examples of AWS having no change control over their Managed IAM policies, including the mistaken release of CheesepuffsServiceRolePolicy, AWSServiceRoleForThorInternalDevPolicy, AWSCodeArtifactReadOnlyAccess.json, AmazonCirrusGammaRoleForInstaller.
@JuliaLMarcus @Iplaywithgerms This paper gives documentation on software (with causal reasoning, assumptions reviewed in appendix) for a parametric approach to estimating either "total effects" or "controlled direct effects" with competing events and time-varying
@Iplaywithgerms Total effects capture paths by which treatment affects competing event (e.g. protective total effect of lifesaving treatment on dementia may be wholly/partially due to effect on survival). Controlled direct effects do not capture these paths
@Iplaywithgerms More detailed reasoning on the difference and tradeoffs between total and controlled direct effects and causal reasoning in the point treatment context provided here along with description of some estimators and
@Iplaywithgerms If you are familiar with more robust approaches like IPW or even better TMLE for time-varying treatment, these are trivially adapted to go after the controlled direct effect by simply treating competing events like loss to follow-up (censoring). e.g.
@Iplaywithgerms Examples of IPW estimation of the total effect of a time-varying treatment described in Appendix D of this paper:
https://t.co/RNhcgTBMkb
And here
https://t.co/rMWmwFBWwV
Others in reference lists of above papers.
@Iplaywithgerms Total effects capture paths by which treatment affects competing event (e.g. protective total effect of lifesaving treatment on dementia may be wholly/partially due to effect on survival). Controlled direct effects do not capture these paths
@Iplaywithgerms More detailed reasoning on the difference and tradeoffs between total and controlled direct effects and causal reasoning in the point treatment context provided here along with description of some estimators and
@Iplaywithgerms If you are familiar with more robust approaches like IPW or even better TMLE for time-varying treatment, these are trivially adapted to go after the controlled direct effect by simply treating competing events like loss to follow-up (censoring). e.g.
@Iplaywithgerms Examples of IPW estimation of the total effect of a time-varying treatment described in Appendix D of this paper:
https://t.co/RNhcgTBMkb
And here
https://t.co/rMWmwFBWwV
Others in reference lists of above papers.
You May Also Like
Trump is gonna let the Mueller investigation end all on it's own. It's obvious. All the hysteria of the past 2 weeks about his supposed impending firing of Mueller was a distraction. He was never going to fire Mueller and he's not going to
Mueller's officially end his investigation all on his own and he's gonna say he found no evidence of Trump campaign/Russian collusion during the 2016 election.
Democrats & DNC Media are going to LITERALLY have nothing coherent to say in response to that.
Mueller's team was 100% partisan.
That's why it's brilliant. NOBODY will be able to claim this team of partisan Democrats didn't go the EXTRA 20 MILES looking for ANY evidence they could find of Trump campaign/Russian collusion during the 2016 election
They looked high.
They looked low.
They looked underneath every rock, behind every tree, into every bush.
And they found...NOTHING.
Those saying Mueller will file obstruction charges against Trump: laughable.
What documents did Trump tell the Mueller team it couldn't have? What witnesses were withheld and never interviewed?
THERE WEREN'T ANY.
Mueller got full 100% cooperation as the record will show.
BREAKING: President Donald Trump has submitted his answers to questions from special counsel Robert Mueller
— Ryan Saavedra (@RealSaavedra) November 20, 2018
Mueller's officially end his investigation all on his own and he's gonna say he found no evidence of Trump campaign/Russian collusion during the 2016 election.
Democrats & DNC Media are going to LITERALLY have nothing coherent to say in response to that.
Mueller's team was 100% partisan.
That's why it's brilliant. NOBODY will be able to claim this team of partisan Democrats didn't go the EXTRA 20 MILES looking for ANY evidence they could find of Trump campaign/Russian collusion during the 2016 election
They looked high.
They looked low.
They looked underneath every rock, behind every tree, into every bush.
And they found...NOTHING.
Those saying Mueller will file obstruction charges against Trump: laughable.
What documents did Trump tell the Mueller team it couldn't have? What witnesses were withheld and never interviewed?
THERE WEREN'T ANY.
Mueller got full 100% cooperation as the record will show.
