Posted by xeonmc 10/27/2025
> If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone
It's like a Mossad agent read this paper and thought hey that's actually not a bad idea.
But the core rant is about dubious assumptions in academic cryptography papers. I was also reading a lot of academic crypto papers in 2014, and the assumptions got old real fast. Mickens mocks these ideas:
• "There are heroes and villains with fantastic (yet oddly constrained) powers". Totally standard way to get a paper published. Especially annoying were the mathematical proofs that sound rigorous to outsiders but quietly assume that the adversary just can't/won't solve a certain kind of equation, because it would be inconvenient to prove the scheme secure if they did. Or the "exploits" that only worked if nobody had upgraded their software stack for five years. Or the systems that assume a perfect implementation with no way to recover if anything goes wrong.
• "you could enlist a well-known technology company to [run a PKI], but this would offend the refined aesthetics of the vaguely Marxist but comfortably bourgeoisie hacker community who wants everything to be decentralized", lol. This got really tiresome when I worked on Bitcoin. Lots of semi-technical people who had never run any large system constantly attacking every plausible design of implementable complexity because it wasn't decentralized enough for their tastes, sometimes not even proposing anything better.
• "These [social networks] are not the best people in the history of people, yet somehow, I am supposed to stitch these clowns into a rich cryptographic tapestry that supports key revocation and verifiable audit trails" - another variant of believing decentralized cryptography and PKI is easy.
He also talks about security labels like in SELinux but I never read those papers. I think Mickens used humor to try and get people talking about some of the bad patterns in academic cryptography, but if you want a more serious paper that makes some similar points there's one here:
And for added fun, that same radical decentralization crowd, finally settling on the extremely centralized Lightning crutch, which is not only centralized but also computationally over complicated and buggy.
That's assuming they can figure out who you are in the first place. My pipe dream for the internet (that I thought we were getting way back in the 90's) is total anonymity. You can say whatever you like about the mossad, or the NSA or the KGB or whatever you like, and they'll never be able to figure out whose cellphone to replace with a piece of uranium.
We have the technology to make it happen (thanks to the paranoid security researchers!) just not the collective will to allow it.
I mean go read 4chan, a place where there is something like total anonymity. Those people are constantly imagining that half the comments on the site are generated by intelligence agencies and, who knows, maybe they are right? I really do wonder if there is any way to reap the rewards of total anonymity without the poison of bad actors.
I'm somewhat moderate on the issue from a practical point of view. I think citizens have a right to some sort of reasonable privacy and I don't think laws which try to regulate the technical mechanisms by which we can have it make sense, no matter how evil the use of the technology is. But I don't think that, in the end, it is beyond the remit of authority to snoop with, for example, a court order, and the means to do so. I expect authority to abuse power, but I don't think that technological solutions can prevent that. Only a vigilant citizenry can do it.
If you have a single company, then that's easy enough for a group like Mossad to infiltrate. Probably easier than a distributed system.
The range of things people do on security is wild. Everything from publicly expose everything and pray the apps login function some random threw together is solid to elaborate intrusion detection systems.
Also, the Southern part of the country (which I am pretty much not related culturally at least on folklore and tons of customs) managed to bribe even the Russian mafias. They were that crazy, it's like a force of nature. OFC don't try backstabbing back these kind of people, some 'folklorical' people are pretty much clan/family based (even more than the Southern Italians) and they will kick your ass back in the most unexpected, random and non-spectacular way ever, pretty much the opposite of the Mexican cartels where they love to do showoff and displays. No, the Southern Iberians are something else, mixed along Atlantics and Mediterranean people since millenia and they know all the tricks, either from the Brits/Germanics to Levantine Semitic foes...
You won't expect it. You are like some Mossad random Levi, roaming around, and you just met some nice middle aged woman on a stereotyped familiar bar where the alleged ties to some clan must be nearly zero, and the day after some crazy Islamic terrorist wacko with ties to drug cartels will try to stab you some Sunday in the morning and he might try to succeed with the dumbest and cheapest way ever.
No, is not an exaggeration. We might not be Italy, but don't try to mess up with some kind of people. My country is not Mafia-bound, but criminal cartels, mafias and OFC some terror groups from the Magreb (and these bound to the Middle East ones) have deals with each other because of, you know, weapons and money. And Marbella it's pretty much a hub.
We are not as divided as Italy, as Spain has powerhouses in the South as Airbus and the like, but, yes, there's a 'climatological gap' between the different 'Spains' across the mountains.
Not Ethnics, but kinda like what would happen in Italy if the North wasn't as developed (the North of Spain isn't bad but you can't compare it against the Franco-German-Austrian-Italian industrial hub) and the South had their Mafias shut down in the 19th century and if they were more developed than they are compared to the Southern Spain.
The South here isn't a shithole as Napoli and the like but some Andalusian coastal places can be far more dangerous than the Basque Country/Navarre in the 80's (terror attacks) for a policeman.
OTOH, Belgium it's far closer to be a Narcostate than some microrregions in Spain such as Algeciras in Cádiz (Andalusia) were you can read about the Militarized Police fighting drug boats almost as a daily chore.
On Argentina, except for a die hard Ghetto like the '3000 viviendas' and Cañada Real, every Argentinian would love to stay in Spain even at the worst neighbourhood at their town. Iberia it's far more secure than Latin America by a huge margin. The most dangerous issue on any bad town would be either a pickpocket/non-violent rob of watching some low tier drug dealers doing their stuff and maybe some very late night rape issue over months if not years. Far less than anything you would get in Buenos Aires.
Unless, as I said, you really want to mess up your like with some sketchy people, the ones you would spot from meters away, especially in remote/nearly hidden taverns/pubs where drug dealing it's widely known. For example, if some pub it's accesed by walking down some stairs into a basement, (where you can't see anything from the outside without going down); even if it looks good, clean, modern, maintained... run away.
https://en.wikipedia.org/wiki/List_of_countries_by_intention... lists Argentina at 4.31 murders per 100k population per year, a bit lower than the US's 5.76, while Spain is way down at 0.69, so I think that's sort of true. 6× is sort of "a huge margin". I'm pretty sure there are neighborhoods in Argentina that are lower than 0.69, though, and neighborhoods in Spain that are over 4.31.
On the other hand, 4.31 is already low enough that I don't know anybody who's gotten murdered, although when I volunteered in the die-hard ghettos I met people whose children had been murdered before I met them. In https://en.wikipedia.org/wiki/List_of_countries_by_mortality... we can see that Argentina's crude death rate is 728 deaths per 100k population per year, so 99.4% of deaths are from non-murder causes. If you somehow acquired immunity to all causes of deaths other than murder, and you lived in 02025 Argentina until someone murdered you (through some kind of time-travel Groundhog Day thing, I guess) your life expectancy would be 23000 years. Real-life people who get heart disease and cancer don't really need to worry about getting murdered in Argentina unless they start dating a machista.
Consequently, murder is not a major reason that people leave Argentina. (Contrast Honduras at 31.4 murders; Belize with 27.8; South Africa with 45.5; Memphis, Tennessee, with 48.0; or St. Louis, Missouri, with 87.8.)
No, the reason every Argentinian would love to stay in Spain is that Spain has an economy.
Americans are just very scared of Mossad. Tons of money goes into Holywood to make them appear invincible to the world. Fun fact, they aren't.
Intelligence agencies have great capabilities no doubt they get billions of $$$ and have utter immunity to do whatever they want in the name of national security. Why is only Mossad scary? I'd be more scared of the CIA and KGB than of Mossad.
US has never been in existential threat like Israel has been, if it were I wouldn't want to stand in their way.
I don't believe I've ever seen Mossad depicted in a Hollywood movie? I guess there was Munich. Are there specific movies/TV shows that you're thinking of?
Americans, by and large, don't even think about Mossad. Certainly not the way they're aware of the CIA and KGB - which no one should be scared of at the moment since it hasn't existed since 1991, though obviously there are modern successors.
Not GP, but NCIS is the big one offhand. Of course that show has simply gotten more and more ridiculous on general over the years
Expect to lose in highly surprising ways.
most have big heavy barriers and multiple bollards and fences. some of the reston va data centers have big glorious planters out front and weird angles to walk up to the mantrap -- to prevent trucks from driving through. the generators usually have some sort of fence or bollards, and most are on multiple power sources from the local and airport grids.
source: used to manage nova data centers and did plenty of attack surface mapping. the truck-through-front-door approach is consistently considered.
However given AWS is so complex (which is required because they want to be a gatekeeping platform) leading the uptime to struggle to match a decent home setup, I'm not sure. I'm sure there's no 6 figure bonus for checking the generators are working, but a rounded corner on a button on an admin page?