后续到:GydF4y2BaSecurity Mindset and Ordinary Paranoia
((GydF4y2BaTwo days later, Amber returns with another question.)GydF4y2Ba
琥珀色:GydF4y2Ba嗯,说,珊瑚。当您构建一种全新的系统时,安全心态有多重要 - 例如,您希望它具有某种稳健性的属性,其中一个受到潜在不利优化压力的影响?金宝博官方GydF4y2Ba
珊瑚:GydF4y2Ba系统有多新颖?金宝博官方GydF4y2Ba
琥珀色:GydF4y2BaVery novel.
珊瑚:GydF4y2Ba小说足以发明自己的新最佳实践,而不是查找它们?GydF4y2Ba
琥珀色:GydF4y2Ba正确的。GydF4y2Ba
珊瑚:GydF4y2BaThat’s serious business. If you’re building a very simple Internet-connected system, maybe a smart ordinary paranoid could look up how we usually guard against adversaries, use as much off-the-shelf software as possible that was checked over by real security professionals, and not do too horribly. But if you’re doing something qualitatively new and complicated that has to be robust against adverse optimization, well… mostly I’d think you were operating in almost impossibly dangerous territory, and I’d advise you to figure out what to do after your first try failed. But if you wanted to actually succeed, ordinary paranoia absolutely would not do it.
琥珀色:GydF4y2Ba换句话说,建立关键任务系统的项目的项目应该具有完整的安全心态的顾问,以便顾问可以说出系统构建者真正需要做什么以确保金宝博官方安全。GydF4y2Ba
珊瑚:GydF4y2Ba((GydF4y2Ba笑可悲GydF4y2Ba)No.
琥珀色:GydF4y2Ba不?GydF4y2Ba
珊瑚:GydF4y2BaLet’s say for the sake of concreteness that you want to build a new kind of secure operating system. That is不是GydF4y2Bathe sort of thing you can do by attaching one advisor with security mindset, who has limited political capital to use to try to argue people into doing things. “Building a house when you’re only allowed to touch the bricks using tweezers” comes to mind as a metaphor. You’re going to need experienced security professionals working full-time with high authority. Three of them, one of whom is a cofounder. Although even then, we might still be operating in the territory of Paul Graham’s Design Paradox.
琥珀色:GydF4y2Ba设计悖论?那是什么?GydF4y2Ba
珊瑚:GydF4y2Ba保罗·格雷厄姆(Paul Graham)的设计悖论是,在UIS中拥有良好品味的人可以告诉其他人何时设计好UI,但是大型公司的大多数首席执行官都缺乏良好的口味来告诉谁其他人的品味。这就是为什么大公司不能仅仅雇用像史蒂夫·乔布斯(Steve Jobs)那样有才华的其他人为他们建造美好的事物,尽管史蒂夫·乔布斯(Steve Jobs)当然不是地球上最好的设计师。苹果之所以存在,是因为幸运的历史,史蒂夫·乔布斯最终负责。三星无法以平等的才能雇用其他人,因为三星最终会和一个穿着西装的家伙一起,他擅长假装在首席执行官面前成为史蒂夫·乔布斯(Steve Jobs),他无法分辨出差异。GydF4y2Ba
Similarly, people with security mindset can notice when other people lack it, but I’d worry that an ordinary paranoid would have a hard time telling the difference, which would make it hard for them to hire a truly competent advisor. And of course lots of the people in the larger social system behind technology projects lack even the ordinary paranoia that many good programmers possess, and they just end up with empty suits talking a lot about “risk” and “safety”. In other words, if we’re talking about something as hard as building a secure operating system, and your project hasn’t started upalreadyheaded up by someone with the full security mindset, you are in trouble. Where by “in trouble” I mean “totally, irretrievably doomed”.
琥珀色:GydF4y2Ba看,嗯,我投资的一个项目已经筹集了一亿美元来创建商人无人机。GydF4y2Ba
珊瑚:GydF4y2Ba商人无人机?GydF4y2Ba
琥珀色:GydF4y2BaSo there are a lot of countries that have poor market infrastructure, and the idea is, we’re going to make drones that fly around buying and selling things, and they’ll use machine learning to figure out what prices to pay and so on. We’re not just in it for the money; we think it could be a huge economic boost to those countries, really help them move forwards.
珊瑚:GydF4y2Ba亲爱的上帝。好的。您的公司有两件事:系统安全和法规合规性。金宝博官方好吧,也是营销,但这并不重要,因为每个公司都是关于营销的。想象您的公司与无人机硬件或机器学习等其他任何事物都将是一个严重的错误。GydF4y2Ba
琥珀色:GydF4y2BaWell, the sentiment inside the company is that the time to begin thinking about legalities and security will be after we’ve proven we can build a prototype and have at least a small pilot market in progress. I mean, until we know how people are using the system and how the software ends up working, it’s hard to see how we could do any productive thinking about security or compliance that wouldn’t just be pure speculation.
珊瑚:GydF4y2Ba哈!哈哈哈,哈哈哈……哦,天哪,你不是在开玩笑。GydF4y2Ba
琥珀色:GydF4y2BaWhat?
珊瑚:GydF4y2BaPlease tell me that what you actually mean is that you have a security and regulatory roadmap which calls for you to do some of your work later, but clearly lays out what work needs to be done, when you are to start doing it, and when each milestone needs to be complete. Surely you don’tliterallymean that youintend to start thinking about it之后?GydF4y2Ba
琥珀色:GydF4y2Ba很多时候,我们在午餐时谈论我们必须处理法规多么烦人,如果政府更加自由主义者,将会有多好。这很重要,对吧?GydF4y2Ba
珊瑚:GydF4y2Ba我的天啊。GydF4y2Ba
琥珀色:GydF4y2Ba当我们不确定要确保什么时,我看不到我们如何制定安全计划。该计划不是错吗?GydF4y2Ba
珊瑚:GydF4y2BaAll business plans for startups turn out to be wrong, but you still need them—and not just as works of fiction. They represent the written form of your current beliefs about your key assumptions. Writing down your business plan checks whether your current beliefs can possibly be coherent, and suggests which critical beliefs to test first, and which results should set off alarms, and when you are falling behind key survival thresholds. The idea isn’t that you stick to the business plan; it’s that having a business plan (a) checks that it seems possible to succeed in any way whatsoever, and (b) tells you when one of your beliefs is being falsified so you can explicitly change the plan and adapt. Having a written plan that you intend to rapidly revise in the face of new information is one thing.没有计划GydF4y2Bais其他GydF4y2Ba。GydF4y2Ba
琥珀色:GydF4y2Ba事情是,我GydF4y2Ba是GydF4y2Ba有点担心该项目的负责人Topaz先生对某人欺骗无人机在不应该时捐出钱的可能性还不够。我的意思是,我试图引起这种关注,但他说,当然,我们不会为无人机编程以向任何人捐款。您可以给他一些提示吗?对于开始考虑安全性的时候,我的意思是。GydF4y2Ba
珊瑚:GydF4y2Ba哦。哦,亲爱的,亲爱的夏天的孩子,对不起。我无能为力。GydF4y2Ba
琥珀色:GydF4y2Ba嗯?但是您甚至还没有看我们美丽的商业模式!GydF4y2Ba
珊瑚:GydF4y2Ba我认为也许您的公司只是一个毫无希望的案例,因为难以被低估并放错了优先事项。但是现在听起来您的领导者甚至没有使用普通的妄想症,并且对此表示怀疑。称之为“绝望”这样的案件将是一种轻描淡写。GydF4y2Ba
琥珀色:GydF4y2BaBut a security failure would be very bad for the countries we’re trying to help! They need安全的GydF4y2Ba商人无人机!GydF4y2Ba
珊瑚:GydF4y2BaThen they will need drones built by some project that is not led by Mr. Topaz.
琥珀色:GydF4y2Ba但这似乎很难安排!GydF4y2Ba
珊瑚:GydF4y2Ba…我不明白您在说什么应该与我说的话相矛盾。GydF4y2Ba
琥珀色:GydF4y2BaLook, aren’t you judging Mr. Topaz a little too quickly? Seriously.
珊瑚:GydF4y2Ba我还没有见过他,所以您可能将他歪曲了他。但是,如果您准确地代表了他的态度?然后,是的,我确实很快判断,但这是一个很好的猜测。安全心态在先验上已经很少见。“我不打算让我的无人机捐给随机的人”,这意味着他想象自己的系统如何按照自己的意图运作,而不是想象一下它可能无法按照他的意图工作。金宝博官方如果某人甚至没有表现出普通的妄想症,那就自发地认识而没有外部提示,那么他们就无法进行安全时期。对可能出问题的建议甚至超出了这种绝望,但基本水平已经足够绝望。GydF4y2Ba
琥珀色:GydF4y2BaLook… can you just go to Mr. Topaz and try to tell him what he needs to do to add some security onto his drones? Just try? Because it’s super important.
珊瑚:GydF4y2BaI could try, yes. I can’t succeed, but I could try.
琥珀色:GydF4y2BaOh, but please be careful to not be harsh with him. Don’t put the focus on what he’s doing wrong—and try to make it clear that these problems aren’t也GydF4y2Baserious. He’s been put off by the media alarmism surrounding apocalyptic scenarios with armies of evil drones filling the sky, and it took me some trouble to convince him that I wasn’t just another alarmist full of fanciful catastrophe scenarios of drones defying their own programming.
珊瑚:GydF4y2Ba…GydF4y2Ba
琥珀色:GydF4y2Ba也许保持开放对话哦ay from what might sound like crazy edge cases, like somebody forgetting to check the end of a buffer and an adversary throwing in a huge string of characters that overwrite the end of the stack with a return address that jumps to a section of code somewhere else in the system that does something the adversary wants. I mean, you’ve convinced me that these far-fetched scenarios are worth worrying about, if only because they might be canaries in the coal mine for more realistic failure modes. But Mr. Topaz thinks that’s all a bit silly, and I don’t think you should open by trying to explain to him on a meta level why it isn’t. He’d probably think you were being condescending, telling him how to think. Especially when you’re just an operating-systems guy and you have no experience building drones and seeing what actually makes them crash. I mean, that’s what I think he’d say to you.
珊瑚:GydF4y2Ba…GydF4y2Ba
琥珀色:GydF4y2Ba另外,从您提供建议时,请从更便宜的干预措施开始。我认为,如果您告诉他他需要以另一种编程语言重新开始,或者为所有代码更改或其他任何内容建立审核委员会,我认为Topaz先生不会做出反应。他担心竞争对手首先进入市场,因此他不想做任何会减慢他的事情的事情。GydF4y2Ba
珊瑚:GydF4y2Ba…GydF4y2Ba
琥珀色:GydF4y2Ba呃,珊瑚?GydF4y2Ba
珊瑚:GydF4y2Ba…on his novel project, entering new territory, doing things not exactly like what has been done before, carrying out novel mission-critical subtasks for which there are no standardized best security practices, nor any known understanding of what makes the system robust or not-robust.
琥珀色:GydF4y2Ba正确的!GydF4y2Ba
珊瑚:GydF4y2Ba托帕兹先生本人似乎对他面前的这项恐怖任务并不感到恐惧。GydF4y2Ba
琥珀色:GydF4y2Ba好吧,他担心其他人首先制造商人无人机,并出于不良目的滥用这一关键的经济基础设施。那是同一回事,对吗?就像,它表明他可以担心事情吗?GydF4y2Ba
珊瑚:GydF4y2Ba它是完全不同的。猴子可以害怕of other monkeys getting to the bananas first are far, far more common than monkeys who worry about whether the bananas will exhibit weird system behaviors in the face of adverse optimization.
琥珀色:GydF4y2Ba哦。GydF4y2Ba
珊瑚:GydF4y2Ba恐怕Topaz先生会监督强大软件的创建比月亮会自发地转变为有机养殖的山羊奶酪的可能性。GydF4y2Ba
琥珀色:GydF4y2Ba我认为您对他太苛刻。我遇到了Topaz先生,他对我来说似乎很聪明。GydF4y2Ba
珊瑚:GydF4y2BaAgain, assuming you’re representing him accurately, Mr. Topaz seems to lack what I called ordinary paranoia. If he does have that ability as a cognitive capacity, which many bright programmers do, then he obviously doesn’t feel passionate about applying that paranoia to his drone project along key dimensions. It also sounds like Mr. Topaz doesn’t realize there’s a skill that he is missing, and would be insulted by the suggestion. I am put in mind of the story of the farmer who was asked by a passing driver for directions to get to Point B, to which the farmer replied, “If I was trying to get to Point B, I sure wouldn’t start from here.”
琥珀色:GydF4y2BaTopaz先生在无人机技术方面取得了重大进展,所以他不能愚蠢,对吗?GydF4y2Ba
珊瑚:GydF4y2Ba“安全心态”似乎是独特的认知才能GydF4y2BaGGydF4y2Bafactor or even programming ability. In fact, there doesn’t seem to be a level of human genius that even guarantees you’ll be skilled at ordinary paranoia. Which does make some security professionals feel a bit weird, myself included—the same way a lot of programmers have trouble understanding why not everyone can learn to program. But it seems to be an observational fact that both ordinary paranoia and security mindset are things that can decouple fromGGydF4y2Bafactor and programming ability—and if this were not the case, the Internet would be far more secure than it is.
琥珀色:GydF4y2Ba您认为,如果我们与其他VCS资助该项目并让他们要求Topaz先生任命一名有关鲁棒性的特别顾问直接向CTO报告,这将有所帮助?对我来说,这在政治上听起来很困难,但是我们有可能摆动它。Once the press started speculating about drones going rogue and maybe aggregating into larger Voltron-like robots that could acquire laser eyes, Mr. Topaz did tell the VCs that he was very concerned about the ethics of drone safety and that he’d had many long conversations about it over lunch hours.
珊瑚:GydF4y2BaI’m venturing slightly outside my own expertise here, which isn’t corporate politics per se. But on a project like this one that’s trying to enter novel territory, I’d guess the person with security mindset needs at least cofounder status, and must be personally trusted by any cofounders who don’t have the skill. It can’t be an outsider who was brought in by VCs, who is operating on limited political capital and needs to win an argument every time she wants to not have all the services conveniently turned on by default. I suspect you just have the wrong person in charge of this startup, and that this problem is not repairable.
琥珀色:GydF4y2Ba请不要只是放弃!即使事情就像您所说的那样糟糕,只要将我们项目的安全可能从0%增加到10%的可能性对于所有需要商人无人机的人来说,这对于所有需要商品的人来说都是非常有价值的。GydF4y2Ba
珊瑚:GydF4y2Ba…看,在生活的某个时刻,我们必须尝试为我们的努力分类,并放弃无法挽救的事情。您知道吗?距离以乘法赔率为单位,而不是加性百分比。您不能采用这样的项目,并假设通过投入更多的努力,您可以将成功的绝对机会增加10%。More like, the odds of this project’s failure versus success start out as 1,000,000:1, and if we’re very polite and navigate around Mr. Topaz’s sense that he is higher-status than us and manage to explain a few tips to him without ever sounding like we think we know something he doesn’t, we can quintuple his chances of success and send the odds to 200,000:1. Which is to say that in the world of percentage points, the odds go from 0.0% to 0.0%. That’s one way to look at the “持续失败定律GydF4y2Ba”.
If you had the kind of project where the fundamentals implied, say, a 15% chance of success, you’d then be on the right part of the logistic curve, and inthat案例可能有意义地寻找使它碰到30%或80%的机会。GydF4y2Ba
琥珀色:GydF4y2Ba看,我担心,如果Topaz先生首先使用不安全的无人机到达市场,那真的很糟糕。Like, I think that merchant drones could be very beneficial to countries without much existing market backbone, and if there’s a grand failure—especially if some of the would-be customers have their money or items stolen—then it could poison the potential market for years. It will be terrible! Really, genuinely terrible!
珊瑚:GydF4y2Ba哇。当然,这听起来确实像是一种不愉快的场景。GydF4y2Ba
琥珀色:GydF4y2Ba但是我们现在该怎么办?GydF4y2Ba
珊瑚:GydF4y2BaDamned if I know. I do suspect you’re screwed so long as you can only win if somebody like Mr. Topaz creates a robust system. I guess you could try to have some other drone project come into existence, headed up by somebody that, say, Bruce Schneier assures everyone is unusually good at security-mindset thinking and hence can hire people like me and listen to all the harsh things we have to say. Though I have to admit, the part where you think it’s drastically important that you beat an insecure system to market with a secure system—well, that sounds positively nightmarish. You’re going to need a lot more resources than Mr. Topaz has, or some other kind of very major advantage. Security takes time.
琥珀色:GydF4y2Ba真的很难为无人机系统增加安全性吗?金宝博官方GydF4y2Ba
珊瑚:GydF4y2Ba您一直在谈论“添加”安全性。金宝博官方系统鲁棒性不是您可以作为事后想法将软件螺栓固定到软件上的那种属性。GydF4y2Ba
琥珀色:GydF4y2BaI guess I’m having trouble seeing why it’s so much more expensive. Like, if somebody foolishly builds an OS that gives access to just anyone, you could instead put a password lock on it, using your clever system where the OS keeps the hashes of the passwords instead of the passwords. You just spend a couple of days rewriting all the services exposed to the Internet to ask for passwords before granting access. And then the OS has security on it! Right?
珊瑚:GydF4y2BaNO. Everything inside your system that is potentially subject to adverse selection in its probability of weird behavior is a liability! Everything exposed to an attacker, and everything those subsystems interact with, and everything那些GydF4y2Ba零件与之互动!你必须建造GydF4y2Baall它坚固!如果要构建安全的操作系统,则需要一个“建立安全的操作系统,而不是不安全的操作系统”的整个特殊项目。金宝博官方而且,您还需要限制野心的范围,而不是做您想做的一切,并服从其他诫命,这些诫命对没有完全安全心态的人会感到巨大的牺牲。OpenBSD不能做Ubuntu所做的十分之一。他们负担不起!它的攻击表面太大了!他们无法使用他们用来开发安全软件的特殊过程来查看这么多代码!他们无法在他们的脑海中掌握那么多的假设!GydF4y2Ba
琥珀色:GydF4y2Ba做这项努力GydF4y2Ba有GydF4y2Ba花大量额外的时间?您确定如果我们快点,它不能在几个星期内完成吗?GydF4y2Ba
珊瑚:GydF4y2Ba是的。鉴于这是一个进入新领域的新型项目,因此期望它需要GydF4y2Ba至少GydF4y2Ba两年的时间或更多的开发时间(越来越少)与一个安全性的项目相比,否则具有相同的工具,见解,人员和资源。这是一个非常非常乐观的下限。GydF4y2Ba
琥珀色:GydF4y2BaThis story seems to be heading in a worrying direction.
珊瑚:GydF4y2BaWell, I’m sorry, but creating robust systems takes longer than creating non-robust systems even in cases where it would be really, extraordinarily bad if creating robust systems took longer than creating non-robust systems.
琥珀色:GydF4y2BaCouldn’t it be the case that, like, projects which are implementing good security practices do everything so much cleaner and better that they can come to market faster than any insecure competitors could?
珊瑚:GydF4y2Ba…老实说,我很难看到GydF4y2Bawhy你是GydF4y2Ba特权这一假设GydF4y2Bafor consideration. Robustness involves assurance processes that take additional time. OpenBSD does not go through lines of code faster than Ubuntu.
但更重要的是,如果每个人都可以访问相同的工具,见解和资源,那么谨慎地做某事的一种异常快速的方法可以始终被简化为更快地做事的方法。现在没有,也不会有一种编程语言,其中编写不良程序最困难。现在没有,也没有任何方法,使编写不安全软件的方法本质上比编写安全软件要慢。任何听说过您的希望的安全专家都会笑。如果你不相信我,也要问他们。GydF4y2Ba
琥珀色:GydF4y2BaBut shouldn’t engineers who aren’t cautious just be unable to make software at all, because of ordinary bugs?
珊瑚:GydF4y2BaI am afraid that it is both possible, and极其GydF4y2Ba常见的在实践中,为人们解决所有的bugthat are crashing their systems in ordinary testing today, using methodologies that are indeed adequate to fixing ordinary bugs that show up often enough to afflict a significant fraction of users, and then ship the product. They get everything working today, and they don’t feel like they have the slack to delay any longer than that before shipping because the product is already behind schedule. They don’t hire exceptional people to do ten times as much work in order to prevent the product from having holes that only show up under adverse optimization pressure, that somebody else finds first and that they learn about after it’s too late.
It’s not even the wrong decision, for products that aren’t connected to the Internet, don’t have enough users for one to go rogue, don’t handle money, don’t contain any valuable data, and don’t do anything that could injure people if something goes wrong. If your software doesn’t destroy anything important when it explodes, it’s probably a better use of limited resources to plan on fixing bugs as they show up.
…当然,您需要一些安全心态才能意识到哪个软件GydF4y2Bacanin fact destroy the company if it silently corrupts data and nobody notices this until a month later. I don’t suppose it’s the case that your drones only carry a limited amount of the full corporate budget in cash over the course of a day, and you always have more than enough money to reimburse all the customers if all items in transit over a day were lost, taking into account that the drones might make many more purchases or sales than usual? And that the systems are generating internal paper receipts that are clearly shown to the customer and non-electronically reconciled once per day, thereby enabling you to notice a problem before it’s too late?
琥珀色:GydF4y2Ba没有!GydF4y2Ba
珊瑚:GydF4y2Ba然后,正如您所说,如果您的公司不存在,并且不想向这个新领域充电并用壮观的搞砸毒药,那对世界会更好。GydF4y2Ba
琥珀色:GydF4y2BaIf I believed that… well, Mr. Topaz certainly isn’t going to stop his project or let somebody else take over. It seems the logical implication of what you say you believe is that I should try to persuade the venture capitalists I know to launch a safer drone project with even more funding.
珊瑚:GydF4y2Ba嗯,很抱歉对此感到直率,但我不确定GydF4y2Ba你GydF4y2Ba拥有足够高的安全性思维方式,可以识别出比您更好的高管。试图获得足够的资源优势来击败不安全的产品上市,只是您启动竞争项目的一半问题。您问题的另一半是超越了具有真正深厚安全心态的人的先前稀有性,并让像这样的人完全坚定地承诺。或者至少将他们作为一个备受信任的,完全忠诚的联合创始人,他们没有短暂的政治资本预算。我会再说一遍:VCS任命的顾问对于像您这样的项目还不够。即使顾问是一位真正良好的安全专业人员 -GydF4y2Ba
琥珀色:GydF4y2Ba这似乎是一个不合理的困难要求!你不能稍微退缩吗?GydF4y2Ba
珊瑚:GydF4y2Ba- 负责人可能会试图讨价还价,这是安全专业人员不受欢迎的声音所代表的,他们将没有足够的社会资本将他们纳入“不合理”的措施。这意味着您失败了完全自动。GydF4y2Ba
琥珀色:GydF4y2Ba…那我该怎么办?GydF4y2Ba
珊瑚:GydF4y2BaI don’t know, actually. But there’s no point in launching another drone project with even more funding, if it just ends up with another Mr. Topaz put in charge. Which, by default, is exactly what your venture capitalist friends are going to do. Then you’ve just set an even higher competitive bar for anyone actually trying to be first to market with a secure solution, may God have mercy on their souls.
此外,如果Topaz先生认为他有一个竞争对手呼吸着自己的脖子并将产品赶到市场,那么他创建安全系统的机会可能会下降十倍,并从0.0%到0.0%。金宝博官方GydF4y2Ba
琥珀色:GydF4y2BaSurely my VC friends have faced this kind of problem before and know how to identify and hire executives who can do security well?
珊瑚:GydF4y2Ba…If one of your VC friends is Paul Graham, then maybe yes. But in the average case,NO。GydF4y2Ba
如果普通风投始终确保需要安全性的项目具有具有强大安全心态的创始人或联合创始人 - 如果他们有GydF4y2Ba能力GydF4y2Bato do that即使在他们决定要去的情况下GydF4y2Ba—the Internet would again look like a very different place. By default, your VC friends will be fooled by somebody who looks very sober and talks a lot about how terribly concerned he is with cybersecurity and how the system is going to be ultra-secure and reject over nine thousand common passwords, including the thirty-six passwords listed on this slide here, and the VCs will ooh and ah over it, especially as one of them realizes that their own password is on the slide.That项目负责人绝对不想收到我的来信,甚至比Topaz先生少。对他来说,我是一个政治威胁,可能会损害风险投资人。GydF4y2Ba
琥珀色:GydF4y2Ba我很难相信所有这些聪明的人真的那么愚蠢。GydF4y2Ba
珊瑚:GydF4y2BaYou’re compressing your innate sense of social status and your estimated level of how good particular groups are at this particular ability into a single dimension. That is not a good idea.
琥珀色:GydF4y2Ba我并不是说我认为每个人身份高的每个人都已经知道深厚的安全技能。我只是很难相信他们一旦被告知就无法快速学习,或者可能无法确定拥有它的好顾问。那将意味着他们不知道您知道的事,看起来很重要,只是……感觉到GydF4y2Ba离开GydF4y2Bato me, somehow. Like, there are all these successful and important people out there, and you’re saying你是GydF4y2Ba更好的GydF4y2Ba比他们GydF4y2Ba, even with all their influence, their skills, their resources—
珊瑚:GydF4y2BaLook, you don’t have to take my word for it. Think of all the websites you’ve been on, with snazzy-looking design, maybe with millions of dollars in sales passing through them, that want your password to be a mixture of uppercase and lowercase letters and numbers. In other words, they want you to enter “Password1!” instead of “correct horse battery staple”. Every one of those websites is doing a thing that looks humorously silly to someone with a full security mindset or even just somebody who regularly readsXKCDGydF4y2Ba。It says that the security system was set up by somebody who didn’t know what they were doing and was blindly imitating impressive-looking mistakes they saw elsewhere.
您认为这给他们的客户留下了深刻的印象吗?没错,确实如此!因为客户不了解。您是否认为登录系统给公司的投资者带来了良好的印象金宝博官方,包括专业风险投资和一些具有自己的创业经验的天使?没错,确实如此!因为VC不了解任何更好的了解,甚至天使都不知道,他们也没有意识到他们缺少重要的技能,也没有咨询任何了解更多的人。无辜的是GydF4y2Baimpressedif a website requires a mix of uppercase and lowercase letters and numbersand标点。他们认为,运行该网站的人员必须真正介意采取一种不寻常和不便的安全措施。运行该网站的人认为这也是他们正在做的事情。GydF4y2Ba
具有深度安全心态的人既罕见又很少GydF4y2Ba感谢GydF4y2Ba。你可以看just from the login system that none of the VCs and none of the C-level executives at that startup thought they needed to consult a real professional, or managed to find a real professional rather than an empty suit if they went consulting. There was, visibly, nobody in the neighboring system with the combined knowledge and status to walk over to the CEO and say, “Your login system is embarrassing and you need to hire a real security professional.” Or if anybody did say that to the CEO, the CEO was offended and shot the messenger for not phrasing it ever-so-politely enough, or the CTO saw the outsider as a political threat and bad-mouthed them out of the game.
您应一厢情愿的假设,即可以触摸全部安全心态的人们比风险投资和天使投资生态系统更普遍。金宝博官方针对广为众所周知的对抗病例的普通偏执狂在更大的生态系统中足够密集,以发挥广泛的社会影响力,尽管在许多个人和地区仍然没有可笑的情况。金宝博官方拥有全部安全心态的人太罕见了,无法拥有相同的存在。就是这样GydF4y2Ba容易看到GydF4y2Ba真相。你可以GydF4y2Ba看GydF4y2Ba想要在密码中标点符号金宝博官方的登录系统。您不是在幻觉。GydF4y2Ba
琥珀色:GydF4y2Ba如果这是真的,那么我只是看不到我如何获胜。也许我应该只是在您所说的错误的情况下进行条件,因为如果这是真的,我的获胜似乎不太可能 - 在这种情况下,我的所有胜利都会带入其他背景假设的世界中。GydF4y2Ba
珊瑚:GydF4y2Ba…这是您经常说的吗?GydF4y2Ba
琥珀色:GydF4y2BaWell, I say it whenever my victory starts to seem sufficiently unlikely.
珊瑚:GydF4y2Ba天哪。我可以,GydF4y2Ba可能是GydF4y2Ba看到有人说,在他们一生的一生中,就有一个不太可能的有条件,但是不止一次的疯狂。我希望有条件的不太可能建立得非常快,并使您的心理世界的可能性有效地为零。这很诱人,但是侧身滑入自己的私人通常是个坏主意GydF4y2Ba幻觉宇宙GydF4y2Bawhen you feel you’re under emotional pressure. I tend to believe that no matter what the difficulties, we are most likely to come up with good plans when we are mentally living in reality as opposed to somewhere else. If things seem difficult, we must face the difficulty squarely to succeed, to come up with some solution that faces down how bad the situation really is, rather than deciding to condition on things not being difficult because then it’s too hard.
琥珀色:GydF4y2BaCan you at leasttrytalking to Mr. Topaz and advise him how to make things be secure?
珊瑚:GydF4y2BaSure. Trying things is easy, and I’m a character in a dialogue, so my opportunity costs are low. I’m sure Mr. Topaz is trying to build secure merchant drones, too. It’s succeeding at things that is the hard part.
琥珀色:GydF4y2BaGreat, I’ll see if I can get Mr. Topaz to talk to you. But do please be polite! If you think he’s doing something wrong, try to point it out more gently than the way you’ve talked to me. I think I have enough political capital to get you in the door, but that won’t last if you’re rude.
珊瑚:GydF4y2BaYou know, back in mainstream computer security, when you propose a new way of securing a system, it’s considered traditional and wise for everyone to gather around and try to come up with reasons why your idea might not work. It’s understood that no matter how smart you are, most seemingly bright ideas turn out to be flawed, and that you shouldn’t be touchy about people trying to shoot them down. Does Mr. Topaz have no acquaintance at all with the practices in computer security? A lot of programmers do.
琥珀色:GydF4y2Ba我认为他会说他尊重计算机安全为自己的领域,但他不认为构建安全的操作系统与建造商人无人机是相同的问题。金宝博官方GydF4y2Ba
珊瑚:GydF4y2Ba而且,如果我建议这种情况可能类似于建立安全操作系统的问题,并且这种情况会产生类似的需求,以更加努力和谨慎,则需要(a)(a)额外的开发时间和(b)特殊需求金宝博官方为了谨慎行事,除了普通偏执狂之外,具有异常思维方式的人提供了不寻常的思维方式,他们的技能不寻常,在一个普通偏执狂会判断火力判断出足够紧急需要提出的情况下,在安全故事中识别出摇摇欲坠的假设,他们可以使用他们的问题来解决问题与普通的偏执狂相比,在反对想象的攻击时会产生更深的解决方案?GydF4y2Ba
If I suggested, indeed, that this scenario might hold generally wherever we demand robustness of a complex system that is being subjected to strong external or internal optimization pressures? Pressures that strongly promote the probabilities of particular states of affairs via optimization that searches across a large and complex state space? Pressures which therefore in turn subject other subparts of the system to selection for weird states and previously unenvisioned execution paths? Especially if some of these pressures may be in some sense creative and find states of the system or environment that surprise us or violate our surface generalizations?
琥珀色:GydF4y2Ba我认为他可能会认为您试图通过对他使用过度抽象的语言来看起来很聪明。或者他会回答说,他没有看到为什么仅仅通过测试无人机来确保他们不会崩溃或付出太多钱,所以这比他已经使用了更多的谨慎。GydF4y2Ba
珊瑚:GydF4y2Ba我懂了。GydF4y2Ba
琥珀色:GydF4y2Ba那么,我们会离开吗?GydF4y2Ba
珊瑚:GydF4y2Ba当然!没问题!我只会与Topaz先生见面,并使用口头说服力将他变成Bruce Schneier。GydF4y2Ba
琥珀色:GydF4y2Ba就是这样spirit!
珊瑚:GydF4y2Ba上帝,我希望我生活在与您的地图相对应的领土上。GydF4y2Ba
琥珀色:GydF4y2Ba嘿,快点。是认真的吗?GydF4y2Bathat很难通过与他们交谈来赋予人们异常罕见的心理技能?我同意,这是一个不好的迹象,表明Topaz先生没有想获得这些技能的迹象,并且认为如果我们说他不想听到的话,我们没有足够的相对地位继续聆听。但这只是意味着我们必须巧妙地表达我们的建议,以便他GydF4y2Bawillwant to hear it!
珊瑚:GydF4y2Ba我想您可以将您的信息修改为Topaz先生没有那么令人不愉快的声音。听起来与无人机安全有关的话题相关的事情,但并不花很多钱,当然也不会导致他的无人机最终安全,因为那将是不愉快和昂贵的。您可以在现实中向侧面滑动一点,并说服自己,您已经让Topaz先生与您盟友,因为他现在听起来很愉快。您对高地位猴子在您政治方面的本能渴望会感觉到它的问题已经解决。您可以代替解决该问题的感觉,因为没有确保实际无人机的不愉快意义。您可以告诉自己,较大的猴子将在他似乎处于愉快的政治方面,现在就会照顾一切。因此,您会很高兴。当然,直到商人无人机上市之前,那不愉快的经验应该是简短的。GydF4y2Ba
琥珀色:GydF4y2BaCome on, we can do this! You’ve just got to think positively!
珊瑚:GydF4y2Ba…Well, if nothing else, this should be an interesting experience. I’ve never tried to do anything quite this doomed before.
你喜欢这个帖子吗?GydF4y2BaYou may enjoy our other分析GydF4y2Baposts, including:
