Yeah, until a man gains easy access to 17-year-old girls' housing, then everyone will flip out. I mean, it's one thing to break stuff to get in, or conspicuously pick a lock, it's another to casually slide a card like everyone else and leave no trail other than maybe video surveillance or access logs showing the same card being used at two ends of campus faster than possible (which nobody will check until something bad happens and they go looking at that data.)
I had a similar experience at my university. I found easy unauthenticated sourcing of most of the data needed to clone the card of anybody by name. The issue number was the only thing to guess, but easy to bruteforce on something low-stakes like vending machines. The card was used for food, a debit-card-like system, automated door locks to semi-public buildings and on-campus housing.
With the permission and cooperation of the university security, I made a card of a high-level security guy (who could have been targeted using the public/semi-public org chart) and swiped into their datacenter where all the university data is hosted, along with that of some partners with sensitive data. Luckily the innermost parts need an RFID or something which I didn't have access to, but potentially I could have tailgated or social-engineered my way into that. They weren't interested in letting me research whether I could crack the RFID. :(
I was told my demo made a big splash, but IIRC I checked a year or two later and my source for the ID data was still wide open. There's having imperfect locks and then there's leaving all your keys out in public.
It's true, I didn't consider this enough. But I had a way to create a key without ever possessing the original. If it could only be copied from the original, as even a semi-competent implementation of a magstripe would be, there would still be the chance that someone notices a theft of a key, and it's just harder to pull off if you have to find and covertly steal a key.
My point is that being able to trivially hijack arbitrary identities without even knowing the person let alone physically finding them, is not "good enough." It'd be like if you could make arbitrary car keys with just a VIN, and the VIN is displayed prominently, it would be silly to say "Well now, it keeps honest people honest, so it's good enough."
> If you're curious about Yale, imagine, for starters, how living in, say, Calhoun hall would feel if you're black
Repackaging a Reddit comment I wrote:
Actually, let's back up a bit and talk about Elihu Yale, the namesake of the university, who was a slave trader[0]. Anyone who is oppressed by living in a Calhoun building, should have first thought about how they'd feel about spending years on a campus named after a slave trader, putting his name on their résumés and personal history for the rest of their lives, giving money to such an institution (either now, or later as alumni donations), building a career on the name of a man who enslaved their people. Yale has also been funded by slavery[1]. To be honest I had no idea this was the case, but I had a feeling if you dig deep enough, pretty much everything has a past that is looked down upon from the modern view.
Bottom line is that if you're looking for offense, you'll find it everywhere. You can decide to either reboot the entire society because it's all irrevocably tainted by people with some negative elements of their legacies, you can choose not to go to Yale because it's named after a slaver, or you can accept that it's just a name after all and doesn't have any actual oppressive effects on your life.
I have similar issues and had that anxiety feedback loop once when questioned by an airline security officer, "How long have you been in Europe?" on a backpacking trip. I was wondering if they meant EU or the continent and whether only since last exit or since I left home (since they were holding my non-European passport), and no exact correct answers were coming to mind for any of the possibilities, I was tired, wondering why didn't they just read the stamps in the passport if they cared so much, I wasn't prepared to get a grilling just to check in for my flight, and OH NO I'M HESITATING I LOOK LIKE SUSPICIOUS WHAT'S GOING TO HAPPEN?!? Well, I muddled through with vague hesitant answers that may have even been contradictory because of my uncertainty. Anyway, despite a really cringey performance from me, I guess they were satisfied that I wasn't knowingly or unknowingly carrying drugs/bombs (seemed to be the main concerns), because they gave me my ticket and I went through the real security and passport control which IIRC was nowhere near as invasive.
I guess they can tell the difference between a socially-anxious perfectionist stressing about giving correct answers and a liar stressing about giving false answers... or the airline is wasting their money by giving this "interview" but ignoring really sketchy answers. Or maybe I did not appear as suspicious as I thought.
Another time I casually broke eye contact with a bus security officer while he was rattling off prohibited items and searching my bag. I've noticed sometimes I subconsciously prefer to focus by looking down and maybe turning an ear toward someone talking about something detailed like this, but this guy seemed to interpret it as a sign that he'd just said something that was in my bag and shouldn't be. He repeated the question once and maybe twice, so this time I stared straight into his eyes as I answered. Maybe it looked like a liar over-compensating, but whatever, he was tossing my bag anyway.
I was tinkering with DNS tunneling for free mobile internet, and found that TCP port 53 was apparently unfettered. (Other traffic I tried was firewalled, and HTTP was captured and redirected to a page prompting to buy a data plan.) I guess the intention was for DNS over TCP, but I was able to ssh over that port and got decent speeds and no apparent tampering of the traffic.
Ugh. I find this idea very distasteful. Admittedly my view is tainted by depression, so it hurts extra to be told my only reason to do work I don't like, is so I can keep experiencing a life I don't like. (But, I am apparently still here because I don't entirely dislike it, and/or have hope it will get better.) I do recognize being upset about this may be seen as childish, naive, or entitled, but...
> There seems to be this theory that everyone should be happy, it's pure myth. Life never has worked like that for the majority of the population in any historical system.
I think you're missing the point, or at least something I think about. We're living in an increasingly efficient, automated, bountiful, and wealthy world; why do we have to stick to any "historical system" that sucked for 99.9% of all humans who have ever lived? You "did your time", so every other human after you should have to as well? I don't know what the point of progress as a society is, if it does not result in improving the happiness of the people.
Now, if you want to argue that unpleasant but necessary work actually improves happiness, or that people need to find their own happiness through spiritualism/religion etc., I could see some merit. But I'm reading basically "Life will always be shitty, shut up and get back to work so you can survive another day of your shitty life." Which seems like pointless, soul-crushing, circular logic I'm not willing to accept. Which again, may be naivety/depression on my part.
We're living in an increasingly efficient, automated, bountiful, and wealthy world; why do we have to stick to any "historical system" that sucked for 99.9% of all humans who have ever lived?
There is nothing in the universe that implies life was ever meant to be anything but a struggle to keep surviving. Mainly because the alternative is considered worse (the fact that considering otherwise is often brushed off as mental illness indicates how embedded this attitude is). Your initial assumption seems to be that life is about being happy, and the only things you do should make you happy. I question where that came from?
If reality isn't soul crushing[1], well, you and I see a different reality. Simply wishing it weren't so won't change it. I'm unwilling to accept statements of "the world will magically become a place of fairy tales where no one goes hungry, everyone enjoys their days, and life is fair." I'd be frankly shocked if we could even manage the basics like "No one should die of diseases we cured in the 1800s".
I don't think depression plays a part, I don't even think it's naivety per se. It's an attitude thing really, I'm pretty bleak. However, I believe my position to be consistent with the world as it is, rather than as we might wish it to be. If wishes were wings and all that...
[1] No statements of souls being a real thing was meant.
> There is nothing in the universe that implies life was ever meant to be anything but a struggle to keep surviving.
"Meant to" implies some intelligence other than our own guiding life and the universe, I think. Do you posit such a thing? I happen to believe in one, which may have something to do with assumptions and attitudes I've expressed.
So, are you one of the ones that considers death worse than "struggling to survive"? Why?
> Simply wishing it weren't so won't change it.
True on some levels, and yet I'm arguing we are the most empowered we have ever been, to actually change it. If we achieve the "Star Trek" future of cheap food replicators etc. we will be even more so. Would you argue we shouldn't look forward to such things, because "life is meant to be a struggle where most people barely survive"?
> I'd be frankly shocked if we could even manage the basics like "No one should die of diseases we cured in the 1800s".
That's one of the things we can change. I'm not going to argue about how realistic that is, or how it should be done. I guess the essence of the differences between you and me/others, is that you seem unwilling to even give it much consideration. Why do you refuse to entertain the possibility of aligning "the world as we might wish it to be" with "the world as it is"?
No, I don't believe in a God/Purpose/etc. If you do, and take from that a greater meaning, then it's a good thing! I'd question why such a being would leave humanity to spend thousands of years in suffering before reaching the general happiness part - but I'm glib.
Death is not worse than struggling to survive imo and death can be a perfectly rational choice, I simply choose to go on because of family and a sense of responsibility for their pain.
Why do you refuse to entertain the possibility of aligning "the world as we might wish it to be" with "the world as it is"?
I don't argue against change. I don't impede action. Occasionally I giveto/support both. I think that when your expectations of what life really is are unrealistic then you're doomed to be unhappy. I think that's the reason religion focusses on rewards in another life that is un-knowable, because that does not result in unhappiness in the short term due to being "short changed" (and indeed improves the acceptance of current lot in life).
This is all perspective, it's all my point of view. I'm no great/deep thinker - and I don't claim mine is the only way. I do like discussion though :)
I think it's important to separate making peace with the state of things from accepting it.
On the one hand, I consider it a personal goal to practice the ability of being happy despite my circumstances, accepting things as they are (and perhaps changing those things that I think I can change).
On the other hand, whether 'nature or nurture', I wish to make things better as well, to fight things I think are wrong, and build things that I think are right.
Keeping the latter from affecting the former is difficult sometimes, but fundamentally I see them as two completely separate matters.
I had a similar experience at my university. I found easy unauthenticated sourcing of most of the data needed to clone the card of anybody by name. The issue number was the only thing to guess, but easy to bruteforce on something low-stakes like vending machines. The card was used for food, a debit-card-like system, automated door locks to semi-public buildings and on-campus housing.
With the permission and cooperation of the university security, I made a card of a high-level security guy (who could have been targeted using the public/semi-public org chart) and swiped into their datacenter where all the university data is hosted, along with that of some partners with sensitive data. Luckily the innermost parts need an RFID or something which I didn't have access to, but potentially I could have tailgated or social-engineered my way into that. They weren't interested in letting me research whether I could crack the RFID. :(
I was told my demo made a big splash, but IIRC I checked a year or two later and my source for the ID data was still wide open. There's having imperfect locks and then there's leaving all your keys out in public.