A simple command allows the CIA to commandeer vulnerable Cisco switches(arstechnica.com)
arstechnica.com
A simple command allows the CIA to commandeer vulnerable Cisco switches
https://arstechnica.com/security/2017/03/a-simple-command-allows-the-cia-to-commandeer-318-models-of-cisco-switches/
89 comments
1. The vulnerability was probably exploited before the CIA guy joined Cisco. The Vault 7 cache contains some seriously legacy docs.
2. Why would the ex-CIA guy hurt his current employer to help his former? Don't people do it the other way around?
3. Good luck finding a single Fortune 500 company that doesn't employ someone that used to be in the Intelligence Community.
4. Telnet options are pretty arcane. It seems like an easy bug to write. The modus operandi of U.S. backdoor attempts in the past matches a different model. U.S. backdoor attempts fit two models: backdoor dependent on secret key (Dual_EC RNG), and backdoor dependent on physical sabotage (interdiction). This is stuff available in the Snowden docs and related news reports.
It's a common HN meme that Cisco and Microsoft help the U.S. government spy, but there isn't credible evidence supporting it. They actively resist government espionage attempts.
Yahoo, RSA, et. al. deserve the negative attention, not companies that fight the good fight.
2. Why would the ex-CIA guy hurt his current employer to help his former? Don't people do it the other way around?
3. Good luck finding a single Fortune 500 company that doesn't employ someone that used to be in the Intelligence Community.
4. Telnet options are pretty arcane. It seems like an easy bug to write. The modus operandi of U.S. backdoor attempts in the past matches a different model. U.S. backdoor attempts fit two models: backdoor dependent on secret key (Dual_EC RNG), and backdoor dependent on physical sabotage (interdiction). This is stuff available in the Snowden docs and related news reports.
It's a common HN meme that Cisco and Microsoft help the U.S. government spy, but there isn't credible evidence supporting it. They actively resist government espionage attempts.
Yahoo, RSA, et. al. deserve the negative attention, not companies that fight the good fight.
>3. Good luck finding a single Fortune 500 company that doesn't employ someone that used to be in the Intelligence Community.
This is actually a completely fair point...
Look at all the ex SS at FB.
This is actually a completely fair point...
Look at all the ex SS at FB.
> It's a common HN meme that Cisco and Microsoft help the U.S. government spy, but there isn't credible evidence supporting it. They actively resist government espionage attempts.
Microsoft was the only company featured in slides about teamwork and collaboration.
https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-...
Microsoft was the only company featured in slides about teamwork and collaboration.
https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-...
> 2. Why would the ex-CIA guy hurt his current employer to help his former? Don't people do it the other way around?
When you get into the big wide world of making billions of dollars, you'll find that people are more than willing to throw you a bone long after you're gone to make sure you're still invested.
I've seen this first hand (unfortunately/fortunately, not the recipient of said bone).
When you get into the big wide world of making billions of dollars, you'll find that people are more than willing to throw you a bone long after you're gone to make sure you're still invested.
I've seen this first hand (unfortunately/fortunately, not the recipient of said bone).
> 2. Why would the ex-CIA guy hurt his current employer to help his former? Don't people do it the other way around?
I don't think quitting your CIA job lets you off the hook for essentially giving away something they consider to be a secret. Or at least I'm sure the CIA would not look at you kindly for doing so.
I don't think quitting your CIA job lets you off the hook for essentially giving away something they consider to be a secret. Or at least I'm sure the CIA would not look at you kindly for doing so.
The edit window just expired as I attempted to amend my original comment, so I'll amend it here:
Those links were the result of a few cursory Google searches. It wasn't intended as a comprehensive representation of Cisco's CIA ties, nor to imply that anyone mentioned was directly involved in backdoors. Rather, the point was that when a security-oriented organization employs ex-spooks, it increases the likelihood of spooky things happening. At the very minimum it fosters distrust.
>2. Why would the ex-CIA guy hurt his current employer to help his former? Don't people do it the other way around?
While I didn't mean to imply any specific individual, I'll address the underlying rationale: When someone's former employer is a powerful government spy agency built on secrets, the loyalty dynamic is a bit different than that of normal private sector job hopping.
Moreover, I'm sure the CIA isn't stupid and tends to maintain relationships—intentionally or not—with former employees that cross over to private sector work, especially high-level people since they're already trusted, reliable, and may be taking positions that later prove to be beneficial to CIA interests in the future.
>3. Good luck finding a single Fortune 500 company that doesn't employ someone that used to be in the Intelligence Community.
This is a fair point. Given the nature of Cisco's products, and combined with recent leaks detailing the pervasive nature of US offensive cyber efforts, it should raise more suspicion than normal when former IC people go to work for a company dealing with network hardware.
That said, I'm not sure how you'd quantify the number of former IC people Cisco hires versus a normal Fortune 500 company. For all I know it could even be lower than average.
>... and backdoor dependent on physical sabotage (interdiction) ...
This approach is far superior to baking vulnerabilities into entire product ranges (or even standards). It doesn't compromise the private sector in the process, beyond perhaps supply chain integrity. The flipside of course is that physical implants don't really scale well, but at least the blowback is relatively minimal when things go wrong. Not to mention it's just badass in a James Bond kind of way.
>It's a common HN meme that Cisco and Microsoft help the U.S. government spy, but there isn't credible evidence supporting it. They actively resist government espionage attempts.
While that's true, it's also possible a company can publicly say or do one thing—genuine or not—and actively do another because of either connections, or that they're being compelled against their will by NSLs. It's also possible to have factions or even individual employees within a company that are actively subverting security with the addition of backdoors, unbeknownst to management.
Those links were the result of a few cursory Google searches. It wasn't intended as a comprehensive representation of Cisco's CIA ties, nor to imply that anyone mentioned was directly involved in backdoors. Rather, the point was that when a security-oriented organization employs ex-spooks, it increases the likelihood of spooky things happening. At the very minimum it fosters distrust.
>2. Why would the ex-CIA guy hurt his current employer to help his former? Don't people do it the other way around?
While I didn't mean to imply any specific individual, I'll address the underlying rationale: When someone's former employer is a powerful government spy agency built on secrets, the loyalty dynamic is a bit different than that of normal private sector job hopping.
Moreover, I'm sure the CIA isn't stupid and tends to maintain relationships—intentionally or not—with former employees that cross over to private sector work, especially high-level people since they're already trusted, reliable, and may be taking positions that later prove to be beneficial to CIA interests in the future.
>3. Good luck finding a single Fortune 500 company that doesn't employ someone that used to be in the Intelligence Community.
This is a fair point. Given the nature of Cisco's products, and combined with recent leaks detailing the pervasive nature of US offensive cyber efforts, it should raise more suspicion than normal when former IC people go to work for a company dealing with network hardware.
That said, I'm not sure how you'd quantify the number of former IC people Cisco hires versus a normal Fortune 500 company. For all I know it could even be lower than average.
>... and backdoor dependent on physical sabotage (interdiction) ...
This approach is far superior to baking vulnerabilities into entire product ranges (or even standards). It doesn't compromise the private sector in the process, beyond perhaps supply chain integrity. The flipside of course is that physical implants don't really scale well, but at least the blowback is relatively minimal when things go wrong. Not to mention it's just badass in a James Bond kind of way.
>It's a common HN meme that Cisco and Microsoft help the U.S. government spy, but there isn't credible evidence supporting it. They actively resist government espionage attempts.
While that's true, it's also possible a company can publicly say or do one thing—genuine or not—and actively do another because of either connections, or that they're being compelled against their will by NSLs. It's also possible to have factions or even individual employees within a company that are actively subverting security with the addition of backdoors, unbeknownst to management.
Thanks for a reasoned response. I admit I get emotional when people and organizations get unfairly accused.
> it should raise more suspicion than normal when former IC people go to work for a company dealing with network hardware.
Fair enough about the perception of former IC employees entering the private sector. For the most part, "former IC employee" only impacts an organization once something else newsworthy occurs. Cisco considered the risk to be low that the CIA would pay a former official to order Cisco employees to insert a backdoor without a single one reporting this outside their chain. Personally, I think it benefits companies to hire employees with a diversity of backgrounds.
> [backdoor] approach is far superior ... [they] just don't scale well ... it's just badass.
The lack of scalability is a feature if you ask me. It should be expensive and difficult enough to limit espionage to those target that matter. And it's more palatable to the people who these agencies ultimately report to.
> it should raise more suspicion than normal when former IC people go to work for a company dealing with network hardware.
Fair enough about the perception of former IC employees entering the private sector. For the most part, "former IC employee" only impacts an organization once something else newsworthy occurs. Cisco considered the risk to be low that the CIA would pay a former official to order Cisco employees to insert a backdoor without a single one reporting this outside their chain. Personally, I think it benefits companies to hire employees with a diversity of backgrounds.
> [backdoor] approach is far superior ... [they] just don't scale well ... it's just badass.
The lack of scalability is a feature if you ask me. It should be expensive and difficult enough to limit espionage to those target that matter. And it's more palatable to the people who these agencies ultimately report to.
> At the very minimum it fosters distrust.
why? how is someone who has been vetted by the IC as a trustworthy keeper of their secrets become less trustworthy?
> CIA isn't stupid and tends to maintain relationships with former employees that cross over to private sector work
what kind of "relationships" are you talking about here?
why? how is someone who has been vetted by the IC as a trustworthy keeper of their secrets become less trustworthy?
> CIA isn't stupid and tends to maintain relationships with former employees that cross over to private sector work
what kind of "relationships" are you talking about here?
>why? how is someone who has been vetted by the IC as a trustworthy keeper of their secrets become less trustworthy?
Because their loyalties may lie with their former employer. National security matters tend to take priority over private sector loyalty for many people, and I'd imagine especially so for former IC types since they tend to be extremely patriotic. I mean that as a compliment, not an insult.
>what kind of "relationships" are you talking about here?
Personal relationships. Say Joe retires for private sector work. He's good friends with Bill, who's a case officer. Later when some national security matter comes down the pipe requiring access at Company Y, Bill knows Joe who works there. Seeing that Bill and Joe have been through some shit together, that relationship is probably going to supersede loyalty to any private sector employer when there are underlying national security motivations involved.
It's not tinfoil hat conspiracy allegations, just basic human dynamics.
Because their loyalties may lie with their former employer. National security matters tend to take priority over private sector loyalty for many people, and I'd imagine especially so for former IC types since they tend to be extremely patriotic. I mean that as a compliment, not an insult.
>what kind of "relationships" are you talking about here?
Personal relationships. Say Joe retires for private sector work. He's good friends with Bill, who's a case officer. Later when some national security matter comes down the pipe requiring access at Company Y, Bill knows Joe who works there. Seeing that Bill and Joe have been through some shit together, that relationship is probably going to supersede loyalty to any private sector employer when there are underlying national security motivations involved.
It's not tinfoil hat conspiracy allegations, just basic human dynamics.
Again, I'm glad you're engaging. I'm not down voting you.
> Because their loyalties may lie with their former employer.
By that logic, Apple shouldn't hire any employees from Google, because they might reveal iOS secrets.
> Personal relationships... that relationship is probably going to supersede loyalty to any private sector employer
Sure, anything could happen. In your example, Joe gets nothing except enormous risk of public humiliation and expensive litigation in exchange for the favor to Bill. Any employee that is involved in this would almost certainly speak to someone. This isn't like a National Security Letter; there's no force of law to compel silence. It would be a foolish move for Joe.
Then Bill gets a call on his gray phone from his boss. "Why is the CIA in the newspapers for attempted backdooring of Cisco products?" We don't hear about this stuff because it doesn't happen like this.
People that are so loyal to the CIA don't leave for a pure private sector company. They go to a contractor so they can stay in the ecosystem. People going to Cisco are (1) physically moving away from Northern Virginia, (2) losing access to secrets.
Besides, it doesn't sound very patriotic to insert backdoor that's not even protected by a secret (e.g. key escrowed Clipper Chip, P and Q in Dual_EC) that goes into hardware purchased by more Americans than anyone else in the world.
> Because their loyalties may lie with their former employer.
By that logic, Apple shouldn't hire any employees from Google, because they might reveal iOS secrets.
> Personal relationships... that relationship is probably going to supersede loyalty to any private sector employer
Sure, anything could happen. In your example, Joe gets nothing except enormous risk of public humiliation and expensive litigation in exchange for the favor to Bill. Any employee that is involved in this would almost certainly speak to someone. This isn't like a National Security Letter; there's no force of law to compel silence. It would be a foolish move for Joe.
Then Bill gets a call on his gray phone from his boss. "Why is the CIA in the newspapers for attempted backdooring of Cisco products?" We don't hear about this stuff because it doesn't happen like this.
People that are so loyal to the CIA don't leave for a pure private sector company. They go to a contractor so they can stay in the ecosystem. People going to Cisco are (1) physically moving away from Northern Virginia, (2) losing access to secrets.
Besides, it doesn't sound very patriotic to insert backdoor that's not even protected by a secret (e.g. key escrowed Clipper Chip, P and Q in Dual_EC) that goes into hardware purchased by more Americans than anyone else in the world.
>By that logic, Apple shouldn't hire any employees from Google, because they might reveal iOS secrets.
Apple and Google are on the same playing field though. They're fundamentally the same type of entity. An intelligence agency vs a pure private-sector company is not.
>Any employee that is involved in this would almost certainly speak to someone. This isn't like a National Security Letter; there's no force of law to compel silence. It would be a foolish move for Joe.
While certainly risky, I'm not saying Joe wouldn't be legally protected. His favor very well could be under the auspices of an official program. Heck, IANAL but it possibly could even be in the form of an NSL. As far as I'm aware they're the legal equivalents of blank slates and don't necessarily require informing the upper echelon of a company of their issuance, but I could be wrong on that. I know that it is at least customary to do so, however.
Either way, let's say the government wants to issue a NSL requesting a very specific, perhaps even temporary backdoor to a Bay Area company. The normal route would likely start a veritable war with that company's legal department, and runs a non-insignificant chance of being leaked by those who know about it.
Contrast that scenario to issuing the NSL directly to Joe, who they know in advance is solid. If Joe happens to be an engineer, mission accomplished. If he isn't technical, then maybe he just happens to bring a USB stick to the office one day and plugs it in.
If that sounds far-fetched, keep in mind that the NSA compromised Google's internal network during the course of their operations, so network exploitation against U.S. companies isn't even off the table.
>People that are so loyal to the CIA don't leave for a pure private sector company. They go to a contractor so they can stay in the ecosystem. People going to Cisco are (1) physically moving away from Northern Virginia, (2) losing access to secrets.
All good points, but it doesn't mean they're cutting ties and shunning their former life either.
>Again, I'm glad you're engaging. I'm not down voting you.
Thanks. :)
Apple and Google are on the same playing field though. They're fundamentally the same type of entity. An intelligence agency vs a pure private-sector company is not.
>Any employee that is involved in this would almost certainly speak to someone. This isn't like a National Security Letter; there's no force of law to compel silence. It would be a foolish move for Joe.
While certainly risky, I'm not saying Joe wouldn't be legally protected. His favor very well could be under the auspices of an official program. Heck, IANAL but it possibly could even be in the form of an NSL. As far as I'm aware they're the legal equivalents of blank slates and don't necessarily require informing the upper echelon of a company of their issuance, but I could be wrong on that. I know that it is at least customary to do so, however.
Either way, let's say the government wants to issue a NSL requesting a very specific, perhaps even temporary backdoor to a Bay Area company. The normal route would likely start a veritable war with that company's legal department, and runs a non-insignificant chance of being leaked by those who know about it.
Contrast that scenario to issuing the NSL directly to Joe, who they know in advance is solid. If Joe happens to be an engineer, mission accomplished. If he isn't technical, then maybe he just happens to bring a USB stick to the office one day and plugs it in.
If that sounds far-fetched, keep in mind that the NSA compromised Google's internal network during the course of their operations, so network exploitation against U.S. companies isn't even off the table.
>People that are so loyal to the CIA don't leave for a pure private sector company. They go to a contractor so they can stay in the ecosystem. People going to Cisco are (1) physically moving away from Northern Virginia, (2) losing access to secrets.
All good points, but it doesn't mean they're cutting ties and shunning their former life either.
>Again, I'm glad you're engaging. I'm not down voting you.
Thanks. :)
> Apple and Google are on the same playing field though. They're fundamentally the same type of entity. An intelligence agency vs a pure private-sector company is not.
Good point; my analogy fails.
> NSA compromised Google's internal network
News stories that used that phrasing were being inaccurate; the collection was of plaintext traffic between international Google datacenters. The Intercept explains it pretty well.
> As far as I'm aware they're the legal equivalents of blank slates and don't necessarily require informing the upper echelon of a company of their issuance, but I could be wrong on that. I know that it is at least customary to do so, however.
The point I'm making is that it's rational for people not well-versed in the minutiae of foreign intelligence regulations to think that intelligence agencies can and do intrude however they please on private companies. In reality, its with great caveats and with a (perhaps insufficient) legal process that introduces friction. It is far more overt and less cloak-and-dagger than would ordinarily be desired. The most clandestine way possible to spy would be with the badass methods we talked about earlier.
> Either way, let's say the government wants to issue a NSL requesting a very specific, perhaps even temporary backdoor to a Bay Area company. The normal route would likely start a veritable war with that company's legal department, and runs a non-insignificant chance of being leaked by those who know about it.
NSLs aren't a magic spell that gives the government whatever it wants. They go through a company's legal department and are subject to limitations. Several companies have successfully defeated the gag order portions of their NSLs. Having an inside man wouldn't be particularly advantageous since the company lawyers must get involved (the U.S. hasn't yet prohibited a person's legal representative from viewing writs).
At the end of the day, the government has a monopoly on violence and can sent the Army to invade Cisco or anyone else it doesn't like. But due to the conscientious individuals that make up the government, and the public relations and legal risks that are involved, this is unlikely to happen. What I'm describing is a series of norms that are unlikely to be broken in the course of spying business. There are far cheaper, easier, and less risky ways to accomplish espionage than a covert, mass-distributed, plaintext backdoor.
I do wish that the credibility of U.S. companies was taken into account more often when espionage decisions are made. The terrible optics behind PRISM made it look like companies were volunteering information, when the government was coercing them through the NSL program.
Good point; my analogy fails.
> NSA compromised Google's internal network
News stories that used that phrasing were being inaccurate; the collection was of plaintext traffic between international Google datacenters. The Intercept explains it pretty well.
> As far as I'm aware they're the legal equivalents of blank slates and don't necessarily require informing the upper echelon of a company of their issuance, but I could be wrong on that. I know that it is at least customary to do so, however.
The point I'm making is that it's rational for people not well-versed in the minutiae of foreign intelligence regulations to think that intelligence agencies can and do intrude however they please on private companies. In reality, its with great caveats and with a (perhaps insufficient) legal process that introduces friction. It is far more overt and less cloak-and-dagger than would ordinarily be desired. The most clandestine way possible to spy would be with the badass methods we talked about earlier.
> Either way, let's say the government wants to issue a NSL requesting a very specific, perhaps even temporary backdoor to a Bay Area company. The normal route would likely start a veritable war with that company's legal department, and runs a non-insignificant chance of being leaked by those who know about it.
NSLs aren't a magic spell that gives the government whatever it wants. They go through a company's legal department and are subject to limitations. Several companies have successfully defeated the gag order portions of their NSLs. Having an inside man wouldn't be particularly advantageous since the company lawyers must get involved (the U.S. hasn't yet prohibited a person's legal representative from viewing writs).
At the end of the day, the government has a monopoly on violence and can sent the Army to invade Cisco or anyone else it doesn't like. But due to the conscientious individuals that make up the government, and the public relations and legal risks that are involved, this is unlikely to happen. What I'm describing is a series of norms that are unlikely to be broken in the course of spying business. There are far cheaper, easier, and less risky ways to accomplish espionage than a covert, mass-distributed, plaintext backdoor.
I do wish that the credibility of U.S. companies was taken into account more often when espionage decisions are made. The terrible optics behind PRISM made it look like companies were volunteering information, when the government was coercing them through the NSL program.
[deleted]
>News stories that used that phrasing were being inaccurate; the collection was of plaintext traffic between international Google datacenters.
A US intelligence agency targeting a portion of a US company's infrastructure that just happens to be international still constitutes a breach of trust. Whether that means they'd go as far as compromising an office network located in the United States is another matter, but I seem to recall a talk given by a security chief at Google discussing their use of custom RISC-V silicon for security due to their threat model including nation-state actors, with explicit mention of Western intelligence agencies. I wish I could find the link.
>The point I'm making is that it's rational for people not well-versed in the minutiae of foreign intelligence regulations to think that intelligence agencies can and do intrude however they please on private companies.
The mental gymnastics[0] that the NSA already uses to legally justify domestic collection on US citizens doesn't really inspire confidence that the IC wouldn't stoop to similar antics when it came to private companies.
>Having an inside man wouldn't be particularly advantageous since the company lawyers must get involved ...
Must they? My point was that legally compelling an insider who's already on your side might serve as an interesting loophole. Especially if they're not required to inform counsel and have no intention of doing so. Like I said though, IANAL.
>... (the U.S. hasn't yet prohibited a person's legal representative from viewing writs).
It's worth noting that in the early days that wasn't so clear:
"CONAN: And they are roughly equivalent to subpoenas.
Mr. LICHTBLAU: Yes and no. There are differences - one of the key differences is that for a long time the recipient was not even allowed to tell you when they received such a letter.
CONAN: Even their own lawyer.
Mr. LICHTBLAU: There was debate about whether or not you could even get a lawyer." [1]
>I do wish that the credibility of U.S. companies was taken into account more often when espionage decisions are made. The terrible optics behind PRISM made it look like companies were volunteering information, when the government was coercing them through the NSL program.
Agreed.
[0] https://news.ycombinator.com/item?id=10605489
[1] http://www.npr.org/templates/transcript/transcript.php?story...
A US intelligence agency targeting a portion of a US company's infrastructure that just happens to be international still constitutes a breach of trust. Whether that means they'd go as far as compromising an office network located in the United States is another matter, but I seem to recall a talk given by a security chief at Google discussing their use of custom RISC-V silicon for security due to their threat model including nation-state actors, with explicit mention of Western intelligence agencies. I wish I could find the link.
>The point I'm making is that it's rational for people not well-versed in the minutiae of foreign intelligence regulations to think that intelligence agencies can and do intrude however they please on private companies.
The mental gymnastics[0] that the NSA already uses to legally justify domestic collection on US citizens doesn't really inspire confidence that the IC wouldn't stoop to similar antics when it came to private companies.
>Having an inside man wouldn't be particularly advantageous since the company lawyers must get involved ...
Must they? My point was that legally compelling an insider who's already on your side might serve as an interesting loophole. Especially if they're not required to inform counsel and have no intention of doing so. Like I said though, IANAL.
>... (the U.S. hasn't yet prohibited a person's legal representative from viewing writs).
It's worth noting that in the early days that wasn't so clear:
"CONAN: And they are roughly equivalent to subpoenas.
Mr. LICHTBLAU: Yes and no. There are differences - one of the key differences is that for a long time the recipient was not even allowed to tell you when they received such a letter.
CONAN: Even their own lawyer.
Mr. LICHTBLAU: There was debate about whether or not you could even get a lawyer." [1]
>I do wish that the credibility of U.S. companies was taken into account more often when espionage decisions are made. The terrible optics behind PRISM made it look like companies were volunteering information, when the government was coercing them through the NSL program.
Agreed.
[0] https://news.ycombinator.com/item?id=10605489
[1] http://www.npr.org/templates/transcript/transcript.php?story...
>I wish I could find the link.
Eric Grosse at 5th RISC-V Workshop, 2016:
https://www.youtube.com/watch?v=0knR6vXba7g
Slides: https://riscv.org/wp-content/uploads/2016/12/Tue1330-RISC-V-...
Eric Grosse at 5th RISC-V Workshop, 2016:
https://www.youtube.com/watch?v=0knR6vXba7g
Slides: https://riscv.org/wp-content/uploads/2016/12/Tue1330-RISC-V-...
>why? how is someone who has been vetted by the IC as a trustworthy keeper of their secrets become less trustworthy?
once any single person enters the IC, they have lost trust of anyone outside of the IC... simple - and answers your other question as well...
once any single person enters the IC, they have lost trust of anyone outside of the IC... simple - and answers your other question as well...
You're right, there are some pretty arcane telnet options floating around out there, whose implementations are open to (mis)interpretation...
https://tools.ietf.org/html/rfc748
NWG/RFC# 748, M. Crispin, 1 April 1978
Telnet Randomly-Lose Option
1. Command name and code.
RANDOMLY-LOSE 256
2. Command meanings.
IAC WILL RANDOMLY-LOSE
The sender of this command REQUESTS permission to, or confirms that it will, randomly lose.
IAC WON'T RANDOMLY-LOSE
The sender of this command REFUSES to randomly lose.
IAC DO RANDOMLY-LOSE
The sender of this command REQUESTS that the receiver, or grants the receiver permission to, randomly lose.
IAC DON'T RANDOMLY-LOSE
The command sender DEMANDS that the receiver not randomly lose.
3. Default.
WON'T RANDOMLY-LOSE
DON'T RANDOMLY-LOSE
i.e., random lossage will not happen.
4. Motivation for the option.
Several hosts appear to provide random lossage, such as system crashes, lost data, incorrectly functioning programs, etc., as part of their services. These services are often undocumented and are in general quite confusing to the novice user. A general means is needed to allow the user to disable these features.
5. Description of the option.
The normal mode does not allow random lossage; therefore the system is not allowed to crash, mung user files, etc. If the server wants to provide random lossage, it must first ask for permission from the user by sending IAC WILL RANDOMLY-LOSE.
If the user wants to permit the server to randomly lose, it replys with IAC DO RANDOMLY-LOSE. Otherwise it sends IAC DONT RANDOMLY-LOSE, and the server is forbidden from randomly losing.
Alternatively, the user could request the server to randomly lose, by sending IAC DO RANDOMLY-LOSE, and the server will either reply with IAC WILL RANDOMLY-LOSE, meaning that it will then proceed to do some random lossage (garbaging disk files is recommended for an initial implementation). Or, it could send IAC WONT RANDOMLY-LOSE, meaning that it insists upon being reliable.
Since this is implemented as a TELNET option, it is expected that servers which do not implement this option will not randomly lose; ie, they will provide 100% reliable uptime.
https://tools.ietf.org/html/rfc748
NWG/RFC# 748, M. Crispin, 1 April 1978
Telnet Randomly-Lose Option
1. Command name and code.
RANDOMLY-LOSE 256
2. Command meanings.
IAC WILL RANDOMLY-LOSE
The sender of this command REQUESTS permission to, or confirms that it will, randomly lose.
IAC WON'T RANDOMLY-LOSE
The sender of this command REFUSES to randomly lose.
IAC DO RANDOMLY-LOSE
The sender of this command REQUESTS that the receiver, or grants the receiver permission to, randomly lose.
IAC DON'T RANDOMLY-LOSE
The command sender DEMANDS that the receiver not randomly lose.
3. Default.
WON'T RANDOMLY-LOSE
DON'T RANDOMLY-LOSE
i.e., random lossage will not happen.
4. Motivation for the option.
Several hosts appear to provide random lossage, such as system crashes, lost data, incorrectly functioning programs, etc., as part of their services. These services are often undocumented and are in general quite confusing to the novice user. A general means is needed to allow the user to disable these features.
5. Description of the option.
The normal mode does not allow random lossage; therefore the system is not allowed to crash, mung user files, etc. If the server wants to provide random lossage, it must first ask for permission from the user by sending IAC WILL RANDOMLY-LOSE.
If the user wants to permit the server to randomly lose, it replys with IAC DO RANDOMLY-LOSE. Otherwise it sends IAC DONT RANDOMLY-LOSE, and the server is forbidden from randomly losing.
Alternatively, the user could request the server to randomly lose, by sending IAC DO RANDOMLY-LOSE, and the server will either reply with IAC WILL RANDOMLY-LOSE, meaning that it will then proceed to do some random lossage (garbaging disk files is recommended for an initial implementation). Or, it could send IAC WONT RANDOMLY-LOSE, meaning that it insists upon being reliable.
Since this is implemented as a TELNET option, it is expected that servers which do not implement this option will not randomly lose; ie, they will provide 100% reliable uptime.
They PUBLICLY resist government espionage attempts. we don't know for sure what they do in private.
>> "Why would the ex-CIA guy hurt his current employer to help his former?"
Once you're a made man in an intelligence service, you're in for life, regardless of whether or not your name appears on the official payroll.
Once you're a made man in an intelligence service, you're in for life, regardless of whether or not your name appears on the official payroll.
What movie did you get that from? It sounds really cool. Like a cross between Goodfellas and the Bourne Identity.
Sounds legit.
Cisco buying an In-Q-Tel-funded company is about the most banal observation you can make. In-Q-Tel is one of the more prominent investors in network and information security companies (IIRC, that's their founding charter!) and Cisco is the bizdev endgame strategy for most VC-funded security product companies.
I doubt ThreatGrid is the only IQT company Cisco has bought. I am as certain they're not a CIA plant inside Cisco as I am of anything else in my perceived reality; I know several of their key people, one of whom has a framed Che poster. They're not the type. :)
You're going to drive yourself seriously crazy if you try to trace every IQT investment that's been acquired by any company and then game them out as "compromised by the CIA".
I doubt ThreatGrid is the only IQT company Cisco has bought. I am as certain they're not a CIA plant inside Cisco as I am of anything else in my perceived reality; I know several of their key people, one of whom has a framed Che poster. They're not the type. :)
You're going to drive yourself seriously crazy if you try to trace every IQT investment that's been acquired by any company and then game them out as "compromised by the CIA".
>I am as certain they're not a CIA plant inside Cisco as I am of anything else in my perceived reality ...
Of course they aren't. All I'm saying is if you have a company that has a routine acquisition deal flow from the CIA's venture capital arm, that there's probably healthy working relationships there.
Of course they aren't. All I'm saying is if you have a company that has a routine acquisition deal flow from the CIA's venture capital arm, that there's probably healthy working relationships there.
By that logic, In-Q-Tel is a stroke of genius, because they've also built "healthy working relationships" with Network Appliance, IBM, Amazon, EMC, Microsoft, Intel, Oracle, Google, and Nokia.
I think you just can't read anything into In-Q-Tel involvement with a company.
I think you just can't read anything into In-Q-Tel involvement with a company.
>By that logic, In-Q-Tel is a stroke of genius, because they've also built "healthy working relationships" with Network Appliance, IBM, Amazon, EMC, Microsoft, Intel, Oracle, Google, and Nokia.
Perhaps the plan with In-Q-Tel was partly to achieve pervasive private sector influence, and it was somewhat successful.
While I appreciate the conceited scare quotes there, I'm not saying that working relationships directly translate to backdoors, just that it translates to influence, and that can indirectly lead to bad things over time.
>I think you just can't read anything into In-Q-Tel involvement with a company.
As a thought experiment, say Open Whisper Systems took money from In-Q-Tel, or even acqui-hired a team from one of their portfolio companies. Right or wrong, people would very much read into it, and probably lose their minds in short order. Signal's user base would plummet overnight.
Perhaps the plan with In-Q-Tel was partly to achieve pervasive private sector influence, and it was somewhat successful.
While I appreciate the conceited scare quotes there, I'm not saying that working relationships directly translate to backdoors, just that it translates to influence, and that can indirectly lead to bad things over time.
>I think you just can't read anything into In-Q-Tel involvement with a company.
As a thought experiment, say Open Whisper Systems took money from In-Q-Tel, or even acqui-hired a team from one of their portfolio companies. Right or wrong, people would very much read into it, and probably lose their minds in short order. Signal's user base would plummet overnight.
Because people would write comments like the one you did upthread, deceptively implying they had an understanding of what In-Q-Tel was that they could reason from as if a first principle. That's the problem. You don't need In-Q-Tel to cause the kind of damage you're talking about; you have many other vectors for this kind of deception.
I'm not sticking up for In-Q-Tel. I wouldn't take money from IQT. But it is, for the most part, just what it says it is: an investment firm that funds things that the CIA believes will be helpful to its mission, which includes virtually all network security, database, networking, and RF technology.
I'm not sticking up for In-Q-Tel. I wouldn't take money from IQT. But it is, for the most part, just what it says it is: an investment firm that funds things that the CIA believes will be helpful to its mission, which includes virtually all network security, database, networking, and RF technology.
>Because people would write comments like the one you did upthread, deceptively implying ...
Wasn't my intention for that comment to be deceptive in its implication. After seeing how some of the replies were going, I did try to amend it in a more balanced fashion—then ended up having to move that further down the thread due to the edit window expiring.
Funny enough the original comment's karma continued to skyrocket while the more measured words teetered on the brink of downvote for some time. It was surprising, since usually HN is pretty good at punishing anything that even has the slightest perception of hyperbole.
That said, I think we can agree that the 2-hour edit window represents a grave threat to civil discourse, freedom of expression, also freedom itself, probably national security, and nothing less than the future of Hacker News. It must be extended. :)
Wasn't my intention for that comment to be deceptive in its implication. After seeing how some of the replies were going, I did try to amend it in a more balanced fashion—then ended up having to move that further down the thread due to the edit window expiring.
Funny enough the original comment's karma continued to skyrocket while the more measured words teetered on the brink of downvote for some time. It was surprising, since usually HN is pretty good at punishing anything that even has the slightest perception of hyperbole.
That said, I think we can agree that the 2-hour edit window represents a grave threat to civil discourse, freedom of expression, also freedom itself, probably national security, and nothing less than the future of Hacker News. It must be extended. :)
> I know several of their key people, one of whom has a framed Che poster. They're not the type. :)
Perhaps a bit OT, but you're dead wrong about Che. He was a mass murderer, and I'd treat someone with a framed picture of him with the same suspicion I'd reserve for someone with a Stalin or Hitler portrait.
http://www.therealcuba.com/?page_id=32
Perhaps a bit OT, but you're dead wrong about Che. He was a mass murderer, and I'd treat someone with a framed picture of him with the same suspicion I'd reserve for someone with a Stalin or Hitler portrait.
http://www.therealcuba.com/?page_id=32
The point he was making is that Che isn't a widely admired figure in U.S. intelligence circles.
Which is funny, because they had a lot in common at one point (and possibly still now).
http://nsarchive.gwu.edu/NSAEBB/NSAEBB4/ciaguat2.html
http://nsarchive.gwu.edu/NSAEBB/NSAEBB4/ciaguat2.html
Yes. I'm left-of-center (through probably right-of-HN as I perceive it) and also find Che to be an odious figure.
I very much doubt that high-level employees are able to inject covert intrusion code without it raising a stink inside the company. If that were the goal then you would want an engineer, not a manager.
"We are shocked that the CIA has the ability to use the command that we left in our firmware for them..."
[deleted]
If you're exposing telnet to the public internet on anything you need to rethink whether you're competent to run internet infrastructure.
I doubt that many Cisco shops expose telnet to the public internet, but I bet plenty of them have it exposed on a "secure" internal network since they know that no outside attacker can possibly reach it.
99% that I know of have at least disabled telnet even on internal. SSH2 only. And/or access via secured bastion/console server to a login prompt via RS232 9600-8N1 connection.
ArsTechnica article as of this posting:
>Cisco Systems said that more than 300 models of switches it sells contain a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code that takes full control of the devices. There currently is no fix.
Text on Cisco Support Site linked on ArsTechnica:
>This vulnerability affects the following Cisco devices when running a vulnerable Cisco IOS software release and configured to accept incoming Telnet connections: [Models list]
Put aside for a moment the 'desireability' of the outcome, but from what I gather on Cisco's site, by turning off incoming Telnet connections, the vulnerability can be fixed. I'm rather confused about this.
>Cisco Systems said that more than 300 models of switches it sells contain a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code that takes full control of the devices. There currently is no fix.
Text on Cisco Support Site linked on ArsTechnica:
>This vulnerability affects the following Cisco devices when running a vulnerable Cisco IOS software release and configured to accept incoming Telnet connections: [Models list]
Put aside for a moment the 'desireability' of the outcome, but from what I gather on Cisco's site, by turning off incoming Telnet connections, the vulnerability can be fixed. I'm rather confused about this.
Disabling the service is a way to protect you from the vulnerability, but it is not a fix for the vulnerability. A fix for the vulnerability would allow you to continue using the service.
The article kind of makes it sound like telnet is somehow necessary and that disabling it hasn't been a best practice for years.
Maybe there are still old devices that don't support SSH and you literally have no option, but really, what other reason is there to have telnet enabled?
Maybe there are still old devices that don't support SSH and you literally have no option, but really, what other reason is there to have telnet enabled?
That's what I was thinking about. On the Cisco support site Telnet gets barely a mention. It is apparently not the flagship feature of these switches and whatnot. Okay maybe it's customary to leave it open but there's a lot of lazy practices that result in bad security, not just headline "vulnerabilities" that affect - gasp - 300+ models!
So, basically I think Ars Technica's sub-par quality strikes again, in that a tech site gets a fundamental understanding of technology wrong. If something isn't mission critical, can be turned off, and alleviates a vulnerability, then that's a way to fix it. Plain fucking English.
So, basically I think Ars Technica's sub-par quality strikes again, in that a tech site gets a fundamental understanding of technology wrong. If something isn't mission critical, can be turned off, and alleviates a vulnerability, then that's a way to fix it. Plain fucking English.
No, that is a workaround. Telnet is still broken until they patch the security hole.
Please, use an RPi attached to a serial port and SSH through it.
Right? We have issued a fix for the router - simply unplug all network cables from the router, and you are no longer vulnerable.
Heh, telnet. Reminds me of:
http://m.slashdot.org/story/80056
"(...) vulnerability in Solaris 10 and 11 telnet that allows anyone to remotely connect as any account, including root, without authentication. Remote access can be gained with nothing more than a telnet client. More information and a Snort signature can be found at riosec.com. Worse, this is almost identical to a bug in AIX and Linux rlogin from way back in 1994." February of 2007
http://m.slashdot.org/story/80056
"(...) vulnerability in Solaris 10 and 11 telnet that allows anyone to remotely connect as any account, including root, without authentication. Remote access can be gained with nothing more than a telnet client. More information and a Snort signature can be found at riosec.com. Worse, this is almost identical to a bug in AIX and Linux rlogin from way back in 1994." February of 2007
i wonder, is it that century old regex bug?
Thank god only the CIA knows the "simple command".
It was previously thought there were only two kinds of vulnerability. Those that can only be exploited by nation states and those that anyone can exploit with a simple command. Perhaps this is a new hybrid exploit, the simple command that only nation states can run.
It was probably that simple on purpose, knowing Cisco's ties to intelligence agencies.
What are those ties? Besides speculation and the fact they sell equipment to intelligence agencies (and everyone else).
Shameless plug for my old buddy Ang's product, Symbiote Defense. Definitely watch the DEFCON talk about this.
https://www.redballoonsecurity.com/ https://www.youtube.com/watch?v=HyEiMyyrfyE
https://www.redballoonsecurity.com/ https://www.youtube.com/watch?v=HyEiMyyrfyE
Headline is pretty click-baity.
It looks like a better version might be "Some older Cisco switches are vulnerable to a simple telnet-based exploit." And then buried deep in the body it could be noted that, while the CIA should probably be expected to be aware of any vulnerabilities, we actually know that they are aware of this one in particular due to some leaks.
(Whereas the existing headline suggests that ONLY the CIA can use this vulnerability, which was false even before the leak.)
But then, an article about how you shouldn't expose telnet to the public internet wouldn't be very newsworthy would it? :)
It looks like a better version might be "Some older Cisco switches are vulnerable to a simple telnet-based exploit." And then buried deep in the body it could be noted that, while the CIA should probably be expected to be aware of any vulnerabilities, we actually know that they are aware of this one in particular due to some leaks.
(Whereas the existing headline suggests that ONLY the CIA can use this vulnerability, which was false even before the leak.)
But then, an article about how you shouldn't expose telnet to the public internet wouldn't be very newsworthy would it? :)
s/CIA/arbitrary third party/
Headline makes it sound like the Cisco routers come with a CIA SSH key baked in.
Headline makes it sound like the Cisco routers come with a CIA SSH key baked in.
It is one thing to try penetrate a system (solely for the purposes of,..&c.) that to all appearances seems impermeable to your meagre skills but once you know that these impregnable walls you face can and do become doors placed there by like-purposed if not necessarily like-minded individuals then what a filip! What more encouragement to keep you fuzzing just that little bit longer and who knows maybe you will stumble upon it! That sir, is the damage. Software can be patched. Trust cannot. (And this is what I sound like from my high horse apparently).
[deleted]
> and organizations get unfairly accused.
I understand people, but why organisations? Capitalist firms literally thrive on the exploitation of labour, disregard for the environment and otherwise reckless pursuit of profit.
I understand people, but why organisations? Capitalist firms literally thrive on the exploitation of labour, disregard for the environment and otherwise reckless pursuit of profit.
Please don't take HN threads on generic ideological tangents. It's tedious and leads to flamewars.
We detached this subthread from https://news.ycombinator.com/item?id=13926144 and marked it off-topic.
We detached this subthread from https://news.ycombinator.com/item?id=13926144 and marked it off-topic.
Capitalist firms employ people, who support families. They may have relocated to a region where they can't find alternate work if the company folds.
Capitalist firms are owned by asshole billionaires, nice billionaires, pension funds, individual investors, and retirement funds. They're still owned by and made up of people.
Instead of inventing false accusations about them, debate them on their merits.
Capitalist firms are owned by asshole billionaires, nice billionaires, pension funds, individual investors, and retirement funds. They're still owned by and made up of people.
Instead of inventing false accusations about them, debate them on their merits.
>Capitalist firms employ people, who support families.
The feudal lord supports families by giving them a place to live while the workers pay tribute with the fruit of their labour. The idea that the workers ought to be grateful for being exploited is, in my opinion, silly. Capitalist firms pay for the labour-time, which includes the cost of (i) the worker staying in the work force (ii) the worker "recharging" with a moderate amount of sleep and entertainment (iii) the worker adding more to the workforce via reproduction, so the children are also paid for.
The worker is an expense, the family is an expense. The family is an expense because if it was not paid for, the workers could not work or the supply of workers becomes more scarce.
So yes, while the capitalist firm may employ people who provide for the family, so does the slave owner, for the purpose of future slaves. And as soon as the worker is not profitable, what happens to that support for the family? It disappears.
So the merits are thus: people are kept in servitude by virtue of their status of being a worker, with just enough income to pay to replenish the work force and stay motivated. That's the merits of the capitalist firm.
Edit: if the downvoters would like to ask questions or respond, it would be nice to know where I'm going wrong, thanks :)
The feudal lord supports families by giving them a place to live while the workers pay tribute with the fruit of their labour. The idea that the workers ought to be grateful for being exploited is, in my opinion, silly. Capitalist firms pay for the labour-time, which includes the cost of (i) the worker staying in the work force (ii) the worker "recharging" with a moderate amount of sleep and entertainment (iii) the worker adding more to the workforce via reproduction, so the children are also paid for.
The worker is an expense, the family is an expense. The family is an expense because if it was not paid for, the workers could not work or the supply of workers becomes more scarce.
So yes, while the capitalist firm may employ people who provide for the family, so does the slave owner, for the purpose of future slaves. And as soon as the worker is not profitable, what happens to that support for the family? It disappears.
So the merits are thus: people are kept in servitude by virtue of their status of being a worker, with just enough income to pay to replenish the work force and stay motivated. That's the merits of the capitalist firm.
Edit: if the downvoters would like to ask questions or respond, it would be nice to know where I'm going wrong, thanks :)
You seem to not be a fan of capitalism. Do you live in China, Cuba, Vietnam, Laos or North Korea? If not, why not?
>China, Cuba, Vietnam
These are capitalist countries, in which wage labour is the primary way by which workers sustain themselves; property is privately owned (and yes, the government can privately own property).
>North Korea
North Korea is an ethno-nationalist dictatorship run by a hereditary monarchy.
What's your point?
These are capitalist countries, in which wage labour is the primary way by which workers sustain themselves; property is privately owned (and yes, the government can privately own property).
>North Korea
North Korea is an ethno-nationalist dictatorship run by a hereditary monarchy.
What's your point?
Others disagree with your sentiment: http://www.thenewstrack.com/top-5-communist-countries-in-the...
Where is an example of a good system then?
Where is an example of a good system then?
People disagreeing with me does not mean that I'm wrong. Communism is defined as a stateless, classless and monelyess and anarchistic society in which peolpe are not paid with wages for work. Even in Socialism, the means of production are owned by the workers. None of the countries in this post have either of these qualities.
However they all exhibit the fundamental properties of capitalism: the primacy of wage labour, private ownership of capital and the means of production, and production is for exchange value to be maximised over use value.
I am an anarcho-Communist. I believe in the demolishing of the state and all unjustified hierarchical relations, including but not limited to the government and the bourgeoisie, to advance toward a society in which the means of production are collectively owned by the workers. Distributed networks of councils of workers, each of which implementing direct democracy to decide what is made and in what quantity. The workers take home the products of their labour, or agree to have them distributed to those who are unable to work, again via direct democracy.
My system is the abolishment of exploitation of the workers and with it the system of oppression aided by capitalism's power structures, including misogyny, racism, homophobia etc.
However they all exhibit the fundamental properties of capitalism: the primacy of wage labour, private ownership of capital and the means of production, and production is for exchange value to be maximised over use value.
I am an anarcho-Communist. I believe in the demolishing of the state and all unjustified hierarchical relations, including but not limited to the government and the bourgeoisie, to advance toward a society in which the means of production are collectively owned by the workers. Distributed networks of councils of workers, each of which implementing direct democracy to decide what is made and in what quantity. The workers take home the products of their labour, or agree to have them distributed to those who are unable to work, again via direct democracy.
My system is the abolishment of exploitation of the workers and with it the system of oppression aided by capitalism's power structures, including misogyny, racism, homophobia etc.
Anarchism - belief in the abolition of all government and the organization of society on a voluntary, cooperative basis without recourse to force or compulsion.
Communism - a political theory derived from Karl Marx, advocating class war and leading to a society in which all property is publicly owned and each person works and is paid according to their abilities and needs.
If there is no government, who distributes things based on needs? Why don't I just kill you and take everything you own? Communism is total government, Anarchism is no government. Its oil and water.
Communism - a political theory derived from Karl Marx, advocating class war and leading to a society in which all property is publicly owned and each person works and is paid according to their abilities and needs.
If there is no government, who distributes things based on needs? Why don't I just kill you and take everything you own? Communism is total government, Anarchism is no government. Its oil and water.
That why it's the best system to support in Internet forums! You can just pick the parts from each that work for the argument you are making. Since they are polar opposites you have a lot of ground to pick ideals from. Thus winning the argument.
On what evidence do you proclaim that Communism works with a state? Or that there is wage labour? Can you find any quotation at all from Marx or Engels in support of the state? How do you explain the existence of anarcho-Communism if you believe Communism has a state?
There is no need to be snarky. You could have just come out and said the point, vacuous as it is.
There is no need to be snarky. You could have just come out and said the point, vacuous as it is.
>Communism is total government, Anarchism is no government. Its oil and water.
This is false. Communism leads to a stateless society, which is known as anarchism, i.e without rulers. Where do you get your information that Communism has a government?
> each person works and is paid according to their abilities and needs.
Wrong! Workers are not paid within Communism, they collectively own the means of production and decide what to do with the products. Payment is a form of wage, and Communism abolishes wage labour completely. Communism is also moneyless.
"All Socialists are agreed that the political state, and with it political authority, will disappear as a result of the coming social revolution, that is, that public functions will lose their political character and will be transformed into the simple administrative functions of watching over the true interests of society."
-- Freidrich Engels, one of the founders of Marxism (https://www.marxists.org/archive/marx/works/1872/10/authorit...)
>If there is no government, who distributes things based on needs?
The workers collectively decide in the form of democratic voluntary participation councils whether anything should be distributed, to whom it will be distributed, how much is produced, etc; ideally these would be distributed, and several such councils exist all connected to each other, but none with authority over the other. In Communism, goods are not necessarily distributed, the workers receive the goods. However with the state of automation and abundance of resources (all resources are accessible collectively by the workers) sufficient can be produced to sustain others. However again, this is the collective and democratic choice of the workers. The kind of democracy I am talking about is not representative, it is direct or delegatory, and if delegatory the delegates are subject to instant recall.
>Why don't I just kill you and take everything you own?
Why would you steal in a society in which you yourself, a worker, collectively own the automation and tools to make what you want for yourself? Of all the offences, why would you choose theft? Within anarchism, how to deal with a violent offender would probably be a democratic decision. If you're interested in the crime question (which is a little problematic because 'crime' is defined by the state) then here is some reading:
https://theanarchistlibrary.org/library/scott-of-the-insurge...
https://theanarchistlibrary.org/library/robert-anton-wilson-...
http://anarchy101.org/2784/would-anarchist-society-with-crim...
https://www.reddit.com/r/DebateAnarchism/comments/44n3zi/how...
https://www.reddit.com/r/DebateAnarchism/comments/3uhbfv/how...
https://www.reddit.com/r/Anarchy101/comments/2ph8uw/how_woul...
This is false. Communism leads to a stateless society, which is known as anarchism, i.e without rulers. Where do you get your information that Communism has a government?
> each person works and is paid according to their abilities and needs.
Wrong! Workers are not paid within Communism, they collectively own the means of production and decide what to do with the products. Payment is a form of wage, and Communism abolishes wage labour completely. Communism is also moneyless.
"All Socialists are agreed that the political state, and with it political authority, will disappear as a result of the coming social revolution, that is, that public functions will lose their political character and will be transformed into the simple administrative functions of watching over the true interests of society."
-- Freidrich Engels, one of the founders of Marxism (https://www.marxists.org/archive/marx/works/1872/10/authorit...)
>If there is no government, who distributes things based on needs?
The workers collectively decide in the form of democratic voluntary participation councils whether anything should be distributed, to whom it will be distributed, how much is produced, etc; ideally these would be distributed, and several such councils exist all connected to each other, but none with authority over the other. In Communism, goods are not necessarily distributed, the workers receive the goods. However with the state of automation and abundance of resources (all resources are accessible collectively by the workers) sufficient can be produced to sustain others. However again, this is the collective and democratic choice of the workers. The kind of democracy I am talking about is not representative, it is direct or delegatory, and if delegatory the delegates are subject to instant recall.
>Why don't I just kill you and take everything you own?
Why would you steal in a society in which you yourself, a worker, collectively own the automation and tools to make what you want for yourself? Of all the offences, why would you choose theft? Within anarchism, how to deal with a violent offender would probably be a democratic decision. If you're interested in the crime question (which is a little problematic because 'crime' is defined by the state) then here is some reading:
https://theanarchistlibrary.org/library/scott-of-the-insurge...
https://theanarchistlibrary.org/library/robert-anton-wilson-...
http://anarchy101.org/2784/would-anarchist-society-with-crim...
https://www.reddit.com/r/DebateAnarchism/comments/44n3zi/how...
https://www.reddit.com/r/DebateAnarchism/comments/3uhbfv/how...
https://www.reddit.com/r/Anarchy101/comments/2ph8uw/how_woul...
[deleted]
jesus christ you guys; I have been telling you about this since 1997
Scope of "this" ?
So, in about 1997 or so I inherited a network where we had a Cisco router connecting Silicon Valley to a remote office but didn't have the password, so I hired a Ccie to help unpack the network and reset the password to this device...
So as we were working on the 3640, and we got the password out of it (which was "Feet4Monkey") he was telling me about how they (Cisco) was required to provide back-door access to the NSA
Again this was in the late 90s, and everyone thought EChelon was bullshit....
The company he worked for had a logo and slogan: "get caught in our web"
Some telling stuff but everyone thought we were loons when we talked about the spying.
Then room 641A happened years later ....
So as we were working on the 3640, and we got the password out of it (which was "Feet4Monkey") he was telling me about how they (Cisco) was required to provide back-door access to the NSA
Again this was in the late 90s, and everyone thought EChelon was bullshit....
The company he worked for had a logo and slogan: "get caught in our web"
Some telling stuff but everyone thought we were loons when we talked about the spying.
Then room 641A happened years later ....
The thing is guys, I started complaining in the eighties. It was published knowledge back then, just not widely published. Being looked at as a loon back then didn't bother me. Being looked at as a loon POST-Snowden - and not infrequently - has really shaken me. People are choosing an alternate reality with alternate facts 'cause rose-colored glasses are just so much more comfortable.
Yeah - I was following echelon since about 88 - the 97 insight was just final confirmation I needed.... I have been modding /r/conspiracy for years.
people think "oh conspiracy! so like 'bigfoot'?" -- uh, no government conspiracy/corruption/collusion...
I didnt need snowden to tell me a thing, but I am sure glad he told everyone else.
people think "oh conspiracy! so like 'bigfoot'?" -- uh, no government conspiracy/corruption/collusion...
I didnt need snowden to tell me a thing, but I am sure glad he told everyone else.
[deleted]
CIA ECHELON GOLD BOMB.
[deleted]
So a couple of years after Snowden's revelations, we're again being told "use US tech, be the bitch of the powerful".
And - honest question - why and how exactly would that ever become a thing of the past?
And - honest question - why and how exactly would that ever become a thing of the past?
Your best bet is open hardware and open source software.
I think there were some foreign manufacturer 0days revealed in the Snowden docs.
"Cisco vice president of services Mike Quinn, a former CIA operations officer, ..." [0]
"... Cisco's recent acquisition of In-Q-Tel-backed security company ThreatGRID ..." [1]
"After retiring with 30+ years of service from the Agency, I spent several years as adviser to Cisco System’s Chief Security Officer, and I found Cisco was doing great work; they’re one of the backbones of the internet." [2]
Imagine that.
[0] http://www.networkworld.com/article/2223473/data-center/cisc...
[1] http://www.networkworld.com/article/2358453/security/cisco-p...
[2] https://www.forbes.com/sites/realspin/2012/10/12/what-do-for...