[e2e] What if there were no well known numbers?

David P. Reed dpreed at reed.com
Tue Aug 8 10:55:08 PDT 2006 

Perhaps the following will clarify my point, Joe.

I happily proceed unscathed  in 130 decibels of audio noise and 1 kW/sq. 
meter of photonic noise, because I do not choose to interpret that noise 
as a requirement to act.   On the other hand, I believe that much of 
that noise is present because the senders presume that I will act on it 
(advertisments on screens and billboards,

So that reinforces your point, Joe, that the receiver opens himself to 
"attack" whatever that is.  

But we do ask our neighbors not to run unmuffled motorcycles, to keep 
their use of obscene language to a minimum, and not to shout fire in 
crowded theaters.  Similarly, we choose to expect our neighbors not to 
put up ugly structures, not to shine projected images into our bedroom 
windows at night, etc. Even though they can.

So that reinforces Jon's point, that restraint matters because we are in 
the world together.

I tend to believe that your view, Joe, was  historically applicable in a 
world where communications was rare.   Now one must assume that one is 
connected in numerous ways, in order just to exist (for examples, one 
would be stupid not to be connected to the Windows Update service when 
running Windows.   Computers are no longer IN ANY SENSE self-contained).

Jon's view is far more applicable in a world where connection is NOT 
optional, and connection is pervasive.

Today, computers exist in a world with billboards, honking taxis, and 
other metaphorical "city" concepts of communications.   Messages are 
omnipresent, and must be explicitly blocked rather than explicitly 
requested.

A baby does not "choose" to be exposed to signals.   It is inherently 
exposed.


Joe Touch wrote:
> David P. Reed wrote:
>   
>> Deep philosophical question, Joe.   What does it mean to receive or send?
>>
>> Consider a human infant.   When born it is physically in an
>> environment.   However in terms of speech it is neither sending nor
>> receiving messages.
>>
>> Which does it do first?   In fact, it probably starts by sending.  
>> Eventually sending (cries, kicks, smiles) provoke responses that seem to
>> be correlated with sensed input.
>>     
>
> In a two-party system, "receiver open to input" always precedes "sender
> issues message".
>
> I.e., both the parent and child are open to input first. THEN either of
> them sends.
>
> In both cases, receiving precedes sending.
>
>   
>> Or maybe it starts by receiving.   But it is NOT "open to attack"
>> because the messages that arrive are not acted upon in a predictable
>> way.  
>>     
>
> It can be attacked by overloading the input (e.g., send noise). That
> attack prevents it from proceeding.
>
>   
>> Only after 12-18 months does a parent teach the child what
>> messages is must act upon in order to get fed, etc.
>>
>> The underlying philosophical question is the difference between energy
>> impinging on a computer and its willingness to act upon it.
>>
>> My computer cannot be attacked unless it is running a program that
>> causes it to ACT upon incoming data.   Merely being connected to
>> incoming data does not make it vulnerable.
>>     
>
> Talk about philosophy. What does it mean to be connected to incoming
> data and NOT act on it? That's basically not receiving it.
>
>   
>> Similarly, a sender cannot cause my computer to do anything predictable
>> or interesting unless it can predict what impinging energy structures
>> will cause predictable actions.
>>     
>
> Sure it can. You can send to it, watch what it does (whether it responds
> or not) and adjust your input accordingly. This is what both parent and
> child already do.
>
>   
>> Thus putting responsibility on a "3rd party" to protect a receiver or
>> limit a sender is a long way from the point where communications is
>> turned on or enabled.
>>     
>
> That '3rd party' isn't 3rd anything. That party is a receiver, who needs
> to be told something by the two parties in the communication. Then IT is
> open to attack as well.
>
>   
>> The step of installing Windows or Linux on the computer (with device
>> drivers) is the first step.   If you install Windows you increase your
>> risk hugely.   Though Linux with a crappy device driver is just as
>> easily killed - a malformed packet can cause code to be executed in the
>> kernel in many cases, since the device driver executes in the kernel
>> address space.
>>     
>
> The risks are statistical: a crappy OS that is not widely deployed is
> probably nearly as secure as a good OS that is widely deployed. The
> issue is both that the receiver is open to attack and that the sender
> knows it (otherwise, which OS does the sender attack?)
>
> I don't see how that has any bearing on this discussion, though.
>
> Joe
>
>

More information about the end2end-interest mailing list