安全Mindset and the Logistic Success Curve

|GydF4y2Ba|GydF4y2Bayabo app

后续到:GydF4y2Ba安全Mindset and Ordinary Paranoia

(两天后,琥珀回来了另一个问题。GydF4y2Ba)

琥珀色:GydF4y2Ba嗯,说,珊瑚。当您构建一种全新的系统时,安全心态有多重要 - 例如,您希望它具有某种稳健性的属性,其中一个受到潜在不利优化压力的影响?亚博体育苹果app官方下载GydF4y2Ba

珊瑚:GydF4y2BaHow novel is the system?

琥珀色:GydF4y2BaVery novel.

珊瑚:GydF4y2BaNovel enough that you’d have to invent your own new best practices instead of looking them up?

琥珀色:GydF4y2Ba正确的。GydF4y2Ba

珊瑚:GydF4y2Ba那是严肃的生意。If you’re building a very simple Internet-connected system, maybe a smart ordinary paranoid could look up how we usually guard against adversaries, use as much off-the-shelf software as possible that was checked over by real security professionals, and not do too horribly. But if you’re doing something qualitatively new and complicated that has to be robust against adverse optimization, well… mostly I’d think you were operating in almost impossibly dangerous territory, and I’d advise you to figure out what to do after your first try failed. But if you wanted to actually succeed, ordinary paranoia absolutely would not do it.

琥珀色:GydF4y2BaIn other words, projects to build novel mission-critical systems ought to have advisors with the full security mindset, so that the advisor can say what the system builders really need to do to ensure security.

珊瑚:GydF4y2Ba(笑可悲GydF4y2Ba) 不。GydF4y2Ba

琥珀色:GydF4y2Ba不?GydF4y2Ba

珊瑚:GydF4y2BaLet’s say for the sake of concreteness that you want to build a new kind of secure operating system. That is不是GydF4y2Ba您可以通过将一位顾问与安全思维方式相连,后者有限的政治资本来试图辩论人们做事。“当您只允许使用镊子触摸砖头时,建造房屋”是一个隐喻。您将需要经验丰富的安全专业人员全职工作。其中三个是共同创始人。尽管即使那样,我们仍可能仍在保罗·格雷厄姆(Paul Graham)的设计悖论领域中运作。GydF4y2Ba

琥珀色:GydF4y2Ba设计悖论?那是什么?GydF4y2Ba

珊瑚:GydF4y2BaPaul Graham’s Design Paradox is that people who have good taste in UIs can tell when other people are designing good UIs, but most CEOs of big companies lack the good taste to tell who else has good taste. And that’s why big companies can’t just hire other people as talented as Steve Jobs to build nice things for them, even though Steve Jobs certainly wasn’t the best possible designer on the planet. Apple existed because of a lucky history where Steve Jobs ended up in charge. There’s no way for Samsung to hire somebody else with equal talents, because Samsung would just end up with some guy in a suit who was good at pretending to be Steve Jobs in front of a CEO who couldn’t tell the difference.

同样,具有安全心态的人会注意到其他人何时缺乏它,但是我担心普通的偏执狂会很难说出差异,这将使他们很难聘请真正有能力的顾问。当然,技术项目背后的大型社会系统中的许多人甚至都缺乏许多好的程序员所拥有的普通妄想症,而最终他们的空虚西服谈亚博体育苹果app官方下载论了很多关于“风险”和“安全”的信息。换句话说,如果我们谈论的是建立安全的操作系统等难度,而您的项目尚未启动亚博体育苹果app官方下载GydF4y2Ba已经GydF4y2Baheaded up by someone with the full security mindset, you are in trouble. Where by “in trouble” I mean “totally, irretrievably doomed”.

琥珀色:GydF4y2BaLook, uh, there’s a certain project I’m invested in which has raised a hundred million dollars to create merchant drones.

珊瑚:GydF4y2BaMerchant drones?

琥珀色:GydF4y2BaSo there are a lot of countries that have poor market infrastructure, and the idea is, we’re going to make drones that fly around buying and selling things, and they’ll use machine learning to figure out what prices to pay and so on. We’re not just in it for the money; we think it could be a huge economic boost to those countries, really help them move forwards.

珊瑚:GydF4y2BaDear God. Okay. There are exactly two things your company is about: system security, and regulatory compliance. Well, and also marketing, but that doesn’t count because every company is about marketing. It would be a severe error to imagine that your company is about anything else, such as drone hardware or machine learning.

琥珀色:GydF4y2Ba好吧,公司内部的观点是,在我们证明我们可以建立原型并至少有一个小型试点市场的情况下,开始考虑合法和安全的时间。我的意思是,除非我们知道人们如何使用该系统以及软件最终如何工作,否则很难看到我们如何对安全或合亚博体育苹果app官方下载规性进行任何富有成效的思考,而不仅仅是纯粹的猜测。GydF4y2Ba

珊瑚:GydF4y2Ba哈!哈哈哈,哈哈哈……哦,天哪,你不是在开玩笑。GydF4y2Ba

琥珀色:GydF4y2Ba什么?GydF4y2Ba

珊瑚:GydF4y2Ba请告诉我,您实际上的意思是您有一个安全性和监管路线图,要求您以后做一些工作,但显然会列出需要做的工作,何时开始进行工作以及何时进行每个里程碑都需要完成。当然,你不GydF4y2Ba字面上地GydF4y2Ba意味着你GydF4y2Ba打算开始考虑GydF4y2Ba之后?GydF4y2Ba

琥珀色:GydF4y2BaA lot of times at lunch we talk about how annoying it is that we’ll have to deal with regulations and how much better it would be if governments were more libertarian. That counts as thinking about it, right?

珊瑚:GydF4y2Ba我的天啊。GydF4y2Ba

琥珀色:GydF4y2BaI don’t see how we could have a security plan when we don’t know exactly what we’ll be securing. Wouldn’t the plan just turn out to be wrong?

珊瑚:GydF4y2Ba所有初创企业的业务计划都是错误的,但您仍然需要它们,而不仅仅是小说的作品。它们代表了您当前对关键假设的信念的书面形式。写下您的业务计划会检查您当前的信念是否可能是连贯的,并建议首先测试哪些批判性信念,以及哪些结果应引发警报,以及何时落后于关键的生存阈值。这个想法不是您坚持业务计划;正是有一个商业计划(a)检查似乎可以以任何方式取得成功,并且(b)告诉您何时伪造自己的信念之一,以便您可以明确改变计划并适应。您打算在面对新信息时快速修改的书面计划是一回事。GydF4y2Ba不T HAVING A PLAN是GydF4y2Baanother。GydF4y2Ba

琥珀色:GydF4y2BaThe thing is, Iama little worried that the head of the project, Mr. Topaz, isn’t concerned enough about the possibility of somebody fooling the drones into giving out money when they shouldn’t. I mean, I’ve tried to raise that concern, but he says that of course we’re not going to program the drones to give out money to just anyone. Can you maybe give him a few tips? For when it comes time to start thinking about security, I mean.

珊瑚:GydF4y2Ba哦。哦,亲爱的,亲爱的夏天的孩子,对不起。我无能为力。GydF4y2Ba

琥珀色:GydF4y2Ba嗯?但是您甚至还没有看我们美丽的商业模式!GydF4y2Ba

珊瑚:GydF4y2BaI thought maybe your company merely had a hopeless case of underestimated difficulties and misplaced priorities. But now it sounds like your leader is not even using ordinary paranoia, and reacts with skepticism to it. Calling a case like that “hopeless” would be an understatement.

琥珀色:GydF4y2Ba但是,对于我们试图提供帮助的国家,安全失败将非常糟糕!他们需要GydF4y2Ba安全的GydF4y2Ba商人无人机!GydF4y2Ba

珊瑚:GydF4y2Ba然后,他们将需要由Topaz先生领导的某个项目建造的无人机。GydF4y2Ba

琥珀色:GydF4y2Ba但这似乎很难安排!GydF4y2Ba

珊瑚:GydF4y2Ba…我不明白您在说什么应该与我说的话相矛盾。GydF4y2Ba

琥珀色:GydF4y2Ba看,您不是要判断Topaz先生太快了吗?严重地。GydF4y2Ba

珊瑚:GydF4y2BaI haven’t met him, so it’s possible you misrepresented him to me. But if you’ve accurately represented his attitude? Then, yes, I did judge quickly, but it’s a hell of a good guess. Security mindset is already rare on priors. “I don’t plan to make my drones give away money to random people” means he’s imagining how his system could work as he intends, instead of imagining how it might not work as he intends. If somebody doesn’t even exhibit ordinary paranoia, spontaneously on their own cognizance without external prompting, then they cannot do security, period. Reacting indignantly to the suggestion that something might go wrong is even beyond that level of hopelessness, but the base level was hopeless enough already.

琥珀色:GydF4y2Ba看……您能去Topaz先生,试图告诉他他需要做什么以在无人机上添加一些安全性?试试看嘛?因为这非常重要。GydF4y2Ba

珊瑚:GydF4y2Ba我可以尝试,是的。我无法成功,但我可以尝试。GydF4y2Ba

琥珀色:GydF4y2Ba哦,但是请小心不要和他苛刻。不要专注于他做错了什么,并试图清楚地表明这些问题不是GydF4y2Batoo严肃的。他被媒体围绕世界末日场景的媒体震惊,邪恶的无人机装满了天空,我很难说服他说服我,我不仅是另一个充满了幻想的无人机灾难性场景,反抗了他们自己的节目。GydF4y2Ba

珊瑚:GydF4y2Ba

琥珀色:GydF4y2Ba也许尝试使您的开幕对话远离听起来像疯狂的边缘案例,例如有人忘记检查缓冲区的结束和对手投掷的一系列角色,这些角色会用返回地址覆盖堆栈的末端跳到系统中其他地方的代码部分,这些代码可以做对手想要的事情。亚博体育苹果app官方下载我的意思是,您已经说服了我,这些牵强的场景值得担心,因为仅仅是因为它们可能是煤矿中的金丝雀,以获得更现实的故障模式。但是Topaz先生认为这有点愚蠢,我认为您不应该通过试图在元级别向他解释为什么不这样做。他可能会认为您在屈服,告诉他如何思考。尤其是当您只是一个操作系统的家伙,并且没有经验的经验,并且看到了实际上使它们崩溃的亚博体育苹果app官方下载事情。我的意思是,这就是我想他会对你说的。GydF4y2Ba

珊瑚:GydF4y2Ba

琥珀色:GydF4y2Ba另外,从您提供建议时,请从更便宜的干预措施开始。我认为,如果您告诉他他需要以另一种编程语言重新开始,或者为所有代码更改或其他任何内容建立审核委员会,我认为Topaz先生不会做出反应。他担心竞争对手首先进入市场,因此他不想做任何会减慢他的事情的事情。GydF4y2Ba

珊瑚:GydF4y2Ba

琥珀色:GydF4y2BaUh, Coral?

珊瑚:GydF4y2Ba…在他的小说项目中,进入新领域,做事并不完全像以前所做的事情,执行新的关键任务子任务,没有标准化的最佳安全实践,也没有任何使系统强大的了解的了解亚博体育苹果app官方下载-强大的。GydF4y2Ba

琥珀色:GydF4y2BaRight!

珊瑚:GydF4y2Ba托帕兹先生本人似乎对他面前的这项恐怖任务并不感到恐惧。GydF4y2Ba

琥珀色:GydF4y2Ba好吧,他担心其他人首先制造商人无人机,并出于不良目的滥用这一关键的经济基础设施。那是同一回事,对吗?就像,它表明他可以担心事情吗?GydF4y2Ba

珊瑚:GydF4y2Ba它完全不同。可能会害怕其他猴子首先去香蕉的猴子比猴子更普遍,他们担心香蕉是否会在不利优化的情况下表现出奇怪的系统行为。亚博体育苹果app官方下载GydF4y2Ba

琥珀色:GydF4y2Ba哦。GydF4y2Ba

珊瑚:GydF4y2BaI’m afraid it is only slightly more probable that Mr. Topaz will oversee the creation of robust software than that the Moon will spontaneously transform into organically farmed goat cheese.

琥珀色:GydF4y2BaI think you’re being too harsh on him. I’ve met Mr. Topaz, and he seemed pretty bright to me.

珊瑚:GydF4y2Ba同样,假设您准确地代表他,Topaz先生似乎缺乏我所说的普通偏执狂。如果他确实具有许多明亮的程序员所具有的认知能力,那么他显然不会对将这种偏执狂的人沿关键维度应用于他的无人机项目充满热情。听起来,Topaz先生没有意识到他缺少某种技能,并且会受到该建议的侮辱。I am put in mind of the story of the farmer who was asked by a passing driver for directions to get to Point B, to which the farmer replied, “If I was trying to get to Point B, I sure wouldn’t start from here.”

琥珀色:GydF4y2BaTopaz先生在无人机技术方面取得了重大进展,所以他不能愚蠢,对吗?GydF4y2Ba

珊瑚:GydF4y2Ba“安全心态”似乎是独特的认知才能GydF4y2BaGGydF4y2Ba因素甚至编程能力。实际上,似乎没有人类的天才能够保证您在普通的偏执狂方面熟练。这确实使一些安全专业人员感觉有些怪异,包括我本人 - 许多程序员都难以理解为什么每个人都不能学习编程。但这似乎是一个观察的事实,即普通的妄想症和安全心态都是可以使人脱离的事物GydF4y2BaGGydF4y2Ba因素和编程能力 - 如果不是这种情况,那么互联网将比现在更安全。GydF4y2Ba

琥珀色:GydF4y2Ba您认为,如果我们与其他VCS资助该项目并让他们要求Topaz先生任命一名有关鲁棒性的特别顾问直接向CTO报告,这将有所帮助?对我来说,这在政治上听起来很困难,但是我们有可能摆动它。Once the press started speculating about drones going rogue and maybe aggregating into larger Voltron-like robots that could acquire laser eyes, Mr. Topaz did tell the VCs that he was very concerned about the ethics of drone safety and that he’d had many long conversations about it over lunch hours.

珊瑚:GydF4y2Ba我在这里略微冒险在自己的专业知识之外,这本身并不是公司政治。但是,在这样一个试图进入新颖领域的项目中,我猜想有安全心态的人至少需要联合创始人身份,并且必须由任何没有技能的共同创始人个人信任。不可能是由VCS带入的局外人,他正在以有限的政治资本运营,每次她想不想让所有服务都方便地开启时,都需要赢得争论。我怀疑您只是负责这家初创公司的错误人,而且这个问题是无法修复的。GydF4y2Ba

琥珀色:GydF4y2BaPlease don’t just give up! Even if things are as bad as you say, just increasing our project’s probability of being secure from 0% to 10% would be very valuable in expectation to all those people in other countries who need merchant drones.

珊瑚:GydF4y2Ba…look, at some point in life we have to try to triage our efforts and give up on what can’t be salvaged. There’s often a logistic curve for success probabilities, you know? The distances are measured in multiplicative odds, not additive percentage points. You can’t take a project like this and assume that by putting in some more hard work, you can increase the absolute chance of success by 10%. More like, the odds of this project’s failure versus success start out as 1,000,000:1, and if we’re very polite and navigate around Mr. Topaz’s sense that he is higher-status than us and manage to explain a few tips to him without ever sounding like we think we know something he doesn’t, we can quintuple his chances of success and send the odds to 200,000:1. Which is to say that in the world of percentage points, the odds go from 0.0% to 0.0%. That’s one way to look at the “持续失败定律GydF4y2Ba”。GydF4y2Ba

如果您有一个基本面暗示成功的项目的项目,那么您将处于后勤曲线的正确部分,并在GydF4y2Ba那GydF4y2Ba案例可能有意义地寻找使它碰到30%或80%的机会。GydF4y2Ba

琥珀色:GydF4y2Ba看,我担心,如果Topaz先生首先使用不安全的无人机到达市场,那真的很糟糕。Like, I think that merchant drones could be very beneficial to countries without much existing market backbone, and if there’s a grand failure—especially if some of the would-be customers have their money or items stolen—then it could poison the potential market for years. It will be terrible! Really, genuinely terrible!

珊瑚:GydF4y2Ba哇。当然,这听起来确实像是一种不愉快的场景。GydF4y2Ba

琥珀色:GydF4y2Ba但是我们现在该怎么办?GydF4y2Ba

珊瑚:GydF4y2BaDamned if I know. I do suspect you’re screwed so long as you can only win if somebody like Mr. Topaz creates a robust system. I guess you could try to have some other drone project come into existence, headed up by somebody that, say, Bruce Schneier assures everyone is unusually good at security-mindset thinking and hence can hire people like me and listen to all the harsh things we have to say. Though I have to admit, the part where you think it’s drastically important that you beat an insecure system to market with a secure system—well, that sounds positively nightmarish. You’re going to need a lot more resources than Mr. Topaz has, or some other kind of very major advantage. Security takes time.

琥珀色:GydF4y2BaIs it really that hard to add security to the drone system?

珊瑚:GydF4y2Ba您一直在谈论“添加”安全性。亚博体育苹果app官方下载系统鲁棒性不是您可以作为事后想法将软件螺栓固定到软件上的那种属性。GydF4y2Ba

琥珀色:GydF4y2Ba我想我很难看到为什么它要贵得多。就像,如果某人愚蠢地构建了一个只能访问任何人的操作系统,则可以使用巧妙的系统将密码锁定在其上,其中操作系统可以保留密码的哈希而不是密码。亚博体育苹果app官方下载您只花了几天时间重写所有暴露于Internet的服务,以便在授予访问之前索要密码。然后,操作系统有安全性!正确的?GydF4y2Ba

珊瑚:GydF4y2Ba不。系统内部的所有内容可能会受到怪异行为的可能性不亚博体育苹果app官方下载利选择的责任!一切都暴露于攻击者,这些子系统与之互动的一切,以及一切亚博体育苹果app官方下载GydF4y2Ba那些GydF4y2Ba零件与之互动!你必须建造GydF4y2Ba全部GydF4y2Ba它坚固!如果要构建安全的操作系统,则需要一个“建立安全的操作系统,而不是不安全的操作系统”的整个特殊项目。亚博体育苹果app官方下载而且,您还需要限制野心的范围,而不是做您想做的一切,并服从其他诫命,这些诫命对没有完全安全心态的人会感到巨大的牺牲。OpenBSD不能做Ubuntu所做的十分之一。他们负担不起!它的攻击表面太大了!他们无法使用他们用来开发安全软件的特殊过程来查看这么多代码!他们无法在他们的脑海中掌握那么多的假设!GydF4y2Ba

琥珀色:GydF4y2Ba做这项努力GydF4y2Bahave花大量额外的时间?您确定如果我们快点,它不能在几个星期内完成吗?GydF4y2Ba

珊瑚:GydF4y2BaYES. Given that this is a novel project entering new territory, expect it to takeat least两年的时间或更多的开发时间(越来越少)与一个安全性的项目相比,否则具有相同的工具,见解,人员和资源。这是一个非常非常乐观的下限。GydF4y2Ba

琥珀色:GydF4y2Ba这个故事似乎正朝着令人担忧的方向发展。GydF4y2Ba

珊瑚:GydF4y2Ba好吧,很抱歉,但是即使在创建强大的系统所花费的时间比创建非稳定系统的时间更亚博体育苹果app官方下载长的情况下,创建强大的系统也比创建非稳定系统要花费的时间更长。GydF4y2Ba

琥珀色:GydF4y2Ba是否会像实施良好安全惯例的项目一样,可以做得比任何不安全的竞争对手更快地投放市场的事情更能更加清洁和更好?GydF4y2Ba

珊瑚:GydF4y2Ba… I honestly have trouble seeing为什么GydF4y2Ba你是GydF4y2Baprivileging that hypothesisfor consideration. Robustness involves assurance processes that take additional time. OpenBSD does not go through lines of code faster than Ubuntu.

But more importantly, if everyone has access to the same tools and insights and resources, then an unusually fast method of doing something cautiously can always be degenerated into an even faster method of doing the thing incautiously. There is not now, nor will there ever be, a programming language in which it is the least bit difficult to write bad programs. There is not now, nor will there ever be, a methodology that makes writing insecure software inherently slower than writing secure software. Any security professional who heard about your bright hopes would just laugh. Ask them too if you don’t believe me.

琥珀色:GydF4y2Ba但是,由于普通的错误,不谨慎的工程师是否根本无法制造软件?GydF4y2Ba

珊瑚:GydF4y2Ba我怕它不仅是可能的,GydF4y2Baextremelycommon in practice, for people to fix all the bugs that are crashing their systems in ordinary testing today, using methodologies that are indeed adequate to fixing ordinary bugs that show up often enough to afflict a significant fraction of users, and then ship the product. They get everything working today, and they don’t feel like they have the slack to delay any longer than that before shipping because the product is already behind schedule. They don’t hire exceptional people to do ten times as much work in order to prevent the product from having holes that only show up under adverse optimization pressure, that somebody else finds first and that they learn about after it’s too late.

It’s not even the wrong decision, for products that aren’t connected to the Internet, don’t have enough users for one to go rogue, don’t handle money, don’t contain any valuable data, and don’t do anything that could injure people if something goes wrong. If your software doesn’t destroy anything important when it explodes, it’s probably a better use of limited resources to plan on fixing bugs as they show up.

…当然,您需要一些安全心态才能意识到哪个软件GydF4y2Ba能够GydF4y2Ba实际上,如果公司默默破坏了数据,并且直到一个月后没有人注意到这一点。I don’t suppose it’s the case that your drones only carry a limited amount of the full corporate budget in cash over the course of a day, and you always have more than enough money to reimburse all the customers if all items in transit over a day were lost, taking into account that the drones might make many more purchases or sales than usual? And that the systems are generating internal paper receipts that are clearly shown to the customer and non-electronically reconciled once per day, thereby enabling you to notice a problem before it’s too late?

琥珀色:GydF4y2BaNope!

珊瑚:GydF4y2Ba然后,正如您所说,如果您的公司不存在,并且不想向这个新领域充电并用壮观的搞砸毒药,那对世界会更好。GydF4y2Ba

琥珀色:GydF4y2BaIf I believed that… well, Mr. Topaz certainly isn’t going to stop his project or let somebody else take over. It seems the logical implication of what you say you believe is that I should try to persuade the venture capitalists I know to launch a safer drone project with even more funding.

珊瑚:GydF4y2Ba嗯,很抱歉对此感到直率,但我不确定GydF4y2Bayou拥有足够高的安全性思维方式,可以识别出比您更好的高管。试图获得足够的资源优势来击败不安全的产品上市,只是您启动竞争项目的一半问题。您问题的另一半是超越了具有真正深厚安全心态的人的先前稀有性,并让像这样的人完全坚定地承诺。或者至少将他们作为一个备受信任的,完全忠诚的联合创始人,他们没有短暂的政治资本预算。我会再说一遍:VCS任命的顾问对于像您这样的项目还不够。即使顾问是一位真正良好的安全专业人员 -GydF4y2Ba

琥珀色:GydF4y2Ba这似乎是一个不合理的困难要求!你不能稍微退缩吗?GydF4y2Ba

珊瑚:GydF4y2Ba—the person in charge will probably try to bargain down reality, as represented by the unwelcome voice of the security professional, who won’t have enough social capital to badger them into “unreasonable” measures. Which means you fail on full automatic.

琥珀色:GydF4y2Ba…那我该怎么办?GydF4y2Ba

珊瑚:GydF4y2Ba我实际上不知道。但是,如果另一个最终是由另一个托帕斯先生负责的,那么推出另一个带有更多资金的无人机项目就没有意义了。默认情况下,这正是您的风险资本家朋友将要做的事情。然后,您只是为任何试图用安全的解决方案首次推销的人设定了更高的竞争性酒吧,愿上帝怜悯他们的灵魂。GydF4y2Ba

此外,如果Topaz先生认为他有一个竞争对手呼吸着自己的脖子并将产品赶到市场,那么他创建安全系统的机会可能会下降十倍,并从0.0%到0.0%。亚博体育苹果app官方下载GydF4y2Ba

琥珀色:GydF4y2Ba当然,我的风险投资人以前曾面临过这种问题,并且知道如何识别和雇用可以做好安全安全的高管?GydF4y2Ba

珊瑚:GydF4y2Ba…如果您的VC朋友之一是保罗·格雷厄姆(Paul Graham),那也许是。但是在平均情况下,GydF4y2Ba不GydF4y2Ba。GydF4y2Ba

If average VCs always made sure that projects which needed security had a founder or cofounder with strong security mindset—if they had theability要做到这一点GydF4y2Ba即使在他们决定要去的情况下GydF4y2Ba- 互联网再次看起来像是一个截然不同的地方。默认情况下,您的风险投资朋友将被一个看起来非常清醒的人所欺骗,并谈论他对网络安全的关注程度以及该系统将如何超安全并拒绝9000个普通密码,包括30--亚博体育苹果app官方下载此幻灯片上列出的六个密码,VCS将在其上方和AH上,尤其是当其中一个意识到自己的密码在幻灯片上。GydF4y2Ba那GydF4y2Baproject leader is absolutely not going to want to hear from me—even less so than Mr. Topaz. To him, I’m a political threat who might damage his line of patter to the VCs.

琥珀色:GydF4y2BaI have trouble believing all these smart people are really that stupid.

珊瑚:GydF4y2Ba您正在压缩天生的社会地位感以及估计的特定群体在这个特定能力中的良好程度。那不是一个好主意。GydF4y2Ba

琥珀色:GydF4y2Ba我并不是说我认为每个人身份高的每个人都已经知道深厚的安全技能。我只是很难相信他们一旦被告知就无法快速学习,或者可能无法确定拥有它的好顾问。那将意味着他们不知道您知道的事,看起来很重要,只是……感觉到GydF4y2Baoff对我来说,不知何故。就像,那里有所有这些成功和重要的人,你是说GydF4y2Ba你是GydF4y2Ba更好的GydF4y2Ba比他们GydF4y2Ba,即使具有所有的影响力,他们的技能和资源 -GydF4y2Ba

珊瑚:GydF4y2BaLook, you don’t have to take my word for it. Think of all the websites you’ve been on, with snazzy-looking design, maybe with millions of dollars in sales passing through them, that want your password to be a mixture of uppercase and lowercase letters and numbers. In other words, they want you to enter “Password1!” instead of “correct horse battery staple”. Every one of those websites is doing a thing that looks humorously silly to someone with a full security mindset or even just somebody who regularly readsXKCDGydF4y2Ba。它说,安全系统是由不知道自己在做什么的人建立的,并且亚博体育苹果app官方下载盲目模仿了他们在其他地方看到的令人印象深刻的错误。GydF4y2Ba

你认为可以对他们留下一个好印象呢customers? That’s right, it does! Because the customers don’t know any better. Do you think that login system makes a good impression on the company’s investors, including professional VCs and probably some angels with their own startup experience? That’s right, it does! Because the VCs don’t know any better, and even the angel doesn’t know any better, and they don’t realize they’re missing a vital skill, and they aren’t consulting anyone who knows more. An innocent is印象深刻GydF4y2Ba如果网站需要大写和小写字母和数字的混合GydF4y2Ba和GydF4y2Ba标点。他们认为,运行该网站的人员必须真正介意采取一种不寻常和不便的安全措施。运行该网站的人认为这也是他们正在做的事情。GydF4y2Ba

具有深度安全心态的人既罕见又很少GydF4y2Baappreciated。您可以从登录系统中看到,该初创公司的VC和C级高管都没有任何人认亚博体育苹果app官方下载为他们需要咨询真正的专业人员,或者设法找到了真正的专业人员,而不是在咨询的情况下而不是空无一人的西装。显然,在附近系统中没有人拥有合并的知识和地位,可以走到首席执行官,并说:“您的登录系统令人尴亚博体育苹果app官方下载尬,您需要聘请真正的安全专业人员。”或者,如果有人对首席执行官说这句话,首席执行官被冒犯并开枪射击了使信使不够透露措施,或者首席技术官将局外人视为政治威胁,并使他们脱颖而出。GydF4y2Ba

您应一厢情愿的假设,即可以触摸全部安全心态的人们比风险投资和天使投资生态系统更普遍。亚博体育苹果app官方下载针对广为众所周知的对抗病例的普通偏执狂在更大的生态系统中足够密集,以发挥广泛的社会影响力,尽管在许多个人和地区仍然没有可笑的情况。亚博体育苹果app官方下载拥有全部安全心态的人太罕见了,无法拥有相同的存在。就是这样GydF4y2Ba容易看到GydF4y2Ba真相。你可以GydF4y2Ba看GydF4y2Ba想要在密码中标点符号亚博体育苹果app官方下载的登录系统。您不是在幻觉。GydF4y2Ba

琥珀色:GydF4y2BaIf that’s all true, then I just don’t see how I can win. Maybe I should just condition on everything you say being false, since, if it’s true, my winning seems unlikely—in which case all victories on my part would come in worlds with other background assumptions.

珊瑚:GydF4y2Ba…这是您经常说的吗?GydF4y2Ba

琥珀色:GydF4y2Ba好吧,我说,每当我的胜利开始似乎不太可能。GydF4y2Ba

珊瑚:GydF4y2BaGoodness. I could maybe,maybe看到有人说,一旦在their entire lifetime, for a single unlikely conditional, but doing it more than once is sheer madness. I’d expect the unlikely conditionals to build up very fast and drop the probability of your mental world to effectively zero. It’s tempting, but it’s usually a bad idea to slip sideways into your own private幻觉宇宙GydF4y2Ba当您感到自己受到情感压力时。我倾向于相信,无论遇到什么困难,当我们在精神上生活在现实而不是其他地方时,我们最有可能提出良好的计划。如果事情看起来很困难,我们必须面对成功的困难,以提出一些解决情况的解决方案,而不是决定不困难的情况下的情况,因为那太难了。GydF4y2Ba

琥珀色:GydF4y2Ba你至少可以吗GydF4y2Ba尝试GydF4y2Ba与Topaz先生交谈并建议他如何使事情变得安全?GydF4y2Ba

珊瑚:GydF4y2Ba当然。尝试事情很容易,我是对话中的角色,所以我的机会成本很低。我敢肯定,Topaz先生也试图建造安全的商人无人机。它在很难的地方取得了成功。GydF4y2Ba

琥珀色:GydF4y2Ba太好了,我会看看我是否可以让Topaz先生与您交谈。但是请有礼貌!如果您认为他做错了什么,请尝试比与我交谈的方式更温柔地指出这一点。我认为我有足够的政治资本让您进入门口,但是如果您粗鲁的话,那将不会持续。GydF4y2Ba

珊瑚:GydF4y2Ba您知道,回到主流的计算机安全性,当您提出一种新的保护系统的方法时,它被认为是传统的,并且明智的选择,每个人都可以聚集在一起,并试图提出为什么您的想法可能不起作用的原因。亚博体育苹果app官方下载众所周知,无论您多么聪明,似乎有缺陷的想法,最明智的想法是有缺陷的,并且您不应该对试图将它们击落的人们感到敏感。Topaz先生对计算机安全方面的做法是否完全不相同?很多程序员都这样做。GydF4y2Ba

琥珀色:GydF4y2Ba我认为他会说他尊重计算机安全为自己的领域,但他不认为构建安全的操作系统与建造商人无人机是相同的问题。亚博体育苹果app官方下载GydF4y2Ba

珊瑚:GydF4y2Ba而且,如果我建议这种情况可能类似于建立安全操作系统的问题,并且这种情况会产生类似的需求,以更加努力和谨慎,则需要(a)(a)额外的开发时间和(b)特殊需求亚博体育苹果app官方下载为了谨慎行事,除了普通偏执狂之外,具有异常思维方式的人提供了不寻常的思维方式,他们的技能不寻常,在一个普通偏执狂会判断火力判断出足够紧急需要提出的情况下,在安全故事中识别出摇摇欲坠的假设,他们可以使用他们的问题来解决问题与普通的偏执狂相比,在反对想象的攻击时会产生更深的解决方案?GydF4y2Ba

If I suggested, indeed, that this scenario might hold generally wherever we demand robustness of a complex system that is being subjected to strong external or internal optimization pressures? Pressures that strongly promote the probabilities of particular states of affairs via optimization that searches across a large and complex state space? Pressures which therefore in turn subject other subparts of the system to selection for weird states and previously unenvisioned execution paths? Especially if some of these pressures may be in some sense creative and find states of the system or environment that surprise us or violate our surface generalizations?

琥珀色:GydF4y2BaI think he’d probably think you were trying to look smart by using overly abstract language at him. Or he’d reply that he didn’t see why this took any more caution than he was already using just by testing the drones to make sure they didn’t crash or give out too much money.

珊瑚:GydF4y2BaI see.

琥珀色:GydF4y2Ba那么,我们会离开吗?GydF4y2Ba

珊瑚:GydF4y2Ba当然!没问题!我只会与Topaz先生见面,并使用口头说服力将他变成Bruce Schneier。GydF4y2Ba

琥珀色:GydF4y2Ba就是那种精神!GydF4y2Ba

珊瑚:GydF4y2Ba上帝,我希望我生活在与您的地图相对应的领土上。GydF4y2Ba

琥珀色:GydF4y2Ba嘿,快点。是认真的吗?GydF4y2Ba那GydF4y2Bahard to bestow exceptionally rare mental skills on people by talking at them? I agree it’s a bad sign that Mr. Topaz shows no sign of wanting to acquire those skills, and doesn’t think we have enough relative status to continue listening if we say something he doesn’t want to hear. But that just means we have to phrase our advice cleverly so that he将要GydF4y2Ba想听!GydF4y2Ba

珊瑚:GydF4y2Ba我想您可以将您的信息修改为Topaz先生没有那么令人不愉快的声音。听起来与无人机安全有关的话题相关的事情,但并不花很多钱,当然也不会导致他的无人机最终安全,因为那将是不愉快和昂贵的。您可以在现实中向侧面滑动一点,并说服自己,您已经让Topaz先生与您盟友,因为他现在听起来很愉快。您对高地位猴子在您政治方面的本能渴望会感觉到它的问题已经解决。您可以代替解决该问题的感觉,因为没有确保实际无人机的不愉快意义。您可以告诉自己,较大的猴子将在他似乎处于愉快的政治方面,现在就会照顾一切。因此,您会很高兴。当然,直到商人无人机上市之前,那不愉快的经验应该是简短的。GydF4y2Ba

琥珀色:GydF4y2Ba来吧,我们可以做到这一点!您只需要积极思考!GydF4y2Ba

珊瑚:GydF4y2Ba…好吧,如果没有别的,这应该是一个有趣的经历。我从来没有尝试过这样的事情。GydF4y2Ba