I second this, one of the links to a site selling the HackRF also sells a USB dongle. He explains in the first video that you will be able to do some of the lessons with this cheaper hardware. The welcome lesson about FM can definitely be done with a cheapo dongle.
A Black Hat spokeswoman told Reuters that the talk had been canceled at the request of lawyers for Carnegie-Mellon University, where the speakers work as researchers. A CMU spokesman had no immediate comment.
Interesting, they did a talk at Education City in Qatar and I had no idea about it? Very disappointed, and surprised they had talks with these kinds of experts on this talk (censorship avoidance is not looked kindly upon there).
I have to imagine that this is for some sort of internal bureaucratic reason. I don't see who is in a position to even want to stop this talk - almost certainly not the Tor project itself.
The mundane (and thus most likely) answer is that the CMU lawyers wanted to pull it either because they want to sort out some sort of intellectual property first, or they're worried about some sort of liability.
I would imagine the researchers broke quite a few laws verifying this attack on the public Tor network, if they indeed did so. And since Tor is incredibly hard to simulate at that level, it's likely that they did. Even if they developed the attack on a simulated network they may have run the tool for verification against the live network. Maybe they did it to de-anonymize a drug marketplace or something else they thought they could get "ethical hacker points" for. Maybe they sent the information to the feds and thought they were doing the right thing.
This is something that has always been legally murky, enough so that I feel like some technical people could decide that they didn't care and just go with it. More people under them might have as well, pulled along by sheer groupthink if not genuine agreement.
This attack was unique not in that it made strong claims, but that it had unusually specific strong claims that indicated some amount of empiricism. I feel like you could only reasonably claim that number if you actually tested it against a very strong network simulation (which doesn't exist for Tor) or the real network.
It's not like other researchers haven't done similar things to get results about Tor. There are a few workshop and academic conference papers that talk about results obtained by analyzing Tor traffic; this is technically wiretapping according to the Tor project, but previously it's always been mundane enough that nobody has gotten involved. This experiment might have compromised some people's very personal information, and it's incredibly public.
This is all really just an expansion of "they're worried about some sort of liability." In any case that's by far the likelier of the two; I can't imagine you could sell IP related to this.
>This is all really just an expansion of "they're worried about some sort of liability." In any case that's by far the likelier of the two; I can't imagine you could sell IP related to this.
I more or less agree that liability seems more likely, but I have no idea what the nature of the attack is, so it's always possible it's an offshoot of some other research they are doing which can be patentable. Alternatively, it could be that CMU procedure is to require approval for all talks for brand and IP protection reasons and he just hasn't gone through the proper procedure, so in the meantime they pulled it (rather than pulling it in response to an actual analysis of the talk). This last one seems unlikely, though, as you'd imagine there was no rush to pull the abstract (which contained no details).
At a school like CMU it's hard for me to believe they'd cancel a researcher's talk because it wasn't properly disclosed. It'd create a headache for the IP team, but they wouldn't cancel the talk. That just makes them look awful.
It's possible, but I think that's the paranoid / Hollywood spy version of this. Not saying that this sort of thing doesn't happen - the spy agencies take themselves very seriously but aren't big on effective policies anyway, but unless there's a specific operation that is relying on this specific exploit, and someone in the government got advance details of the nature of the exploit, it doesn't seem to have a particularly high prior probability. Anyone with a significant budget can probably pay for any number of zero days so they don't have a single weak point like "if anyone fixes this bug in the software our operation / malware will stop working".
Generally when you see some outside force trying to suppress security research and the presentation thereof, it comes from the companies who will actually have to fix the problems and deal with support calls (or companies who feel that security through obscurity is sufficient and are hoping to somehow suppress the information from ever getting out). In this case, that would be maybe the Tor Project, but they generally are very receptive to this kind of thing.
Legality aside, I'm surprised this wasn't pulled on ethical grounds. Does Black Hat not require "researchers" to follow responsible/coordinated disclosure?
What about the political dissidents who use Tor? They could be at risk of certain death if caught by the authoritarian regimes they live under. Without coordinated disclosure, the "researchers" might as well have been signing death warrants.
Black Hat is a venue for presenting research. They don't influence the procedures used by researchers at all. And the Black Hat review board is not stuffed full of people who buy into "responsible disclosure".
In fact: I'm not aware of a vulnerability research conference that does get nosy about this stuff. I even reviewed for Usenix WOOT one year, and we didn't vet research for "coordinated disclosure". Not even Usenix works the way you want BH to.
That said, isn't timeless physics a thing? I know that at some point Eliezer Yudkowsky favored that interpretation. Now, I also know he is not strictly speaking a physicist, but he seems to be quite knowledgeable about physics.
Congrats. Continue in the fine tradition of traditional science dismissing everything that falls outside of known worldview without thinking about or discussing it.
Physicists are generally quite busy people, and the fact it was published it in crackpot journal is a pretty good indicator that reading it will be a waste of time. If the authors are physicists, they know what the reception of an article in crackpot journal will be. If they care, they will publish it in a journal with good reputation. If they cannot, it means that it's not worth reading.
Dr. Amrit Sorli is a researcher with the Osho Miasto, Institute for Meditation and Spiritual Growth, Siena, Italy. His research subjects are Unknown Vacuum Energies in Living Organisms and Direct Scientific Experience. Dr. Sorli is the author of several books and articles and currently gives courses on this theme.
More ad Hominem. You can have batshit beliefs and do proper math/science on the side. Prejudice due to the former may prevent a rational evaluation of the latter, as it happens here, and may also happen during peer review or editorial decisions.
I can't read the full text, but the abstract claims that their views are based on the interpretation of experimental data.
If you can read it, could you tell us if is it a mere thought experiment, or if they performed it? In the latter case, what's the flaw in their experimental setup or reasoning?
Edit: I've done a quick google scholar survey of the second author, and he's also used to delve far into the "not even wrong" territory... That being said, neither the abstract nor the phys.org summary ring any objective crackpot sign to my untrained eye. The claim that they proved Einstein wrong, their track record, and the journal the paper was published in are of course big red warnings. But that doesn't mean that the core of their argument has to be dismissed out of hand.
The problem with engaging with everybody that has an idea is that we don't have the resources to do so.
This was actually discussed in an episode of the Scientific American podcast. I can't find the episode, but they mentioned that they would need a member of staff working full time to reply to and debunk all the crack pot theories.
What's more important, staff doing research and teaching or answering crack pots that cannot be persuaded?
I know that. You don't need to engage with the authors, but assessing some of the papers once in a while may not hurt either.
In the abstract of this paper, they claim that they have experimental support for their theory. This is enough to lower my guard, and make me want to know if 1) they indeed do and 2) they bring something novel on the table.
The explanation given by phys.org sounds like it could make some sense (even though they are most probably beating an old misconception like a dead horse).
That's why I wouldn't mind if a physicist was kind enough to skim and debunk or validate the paper beyond simply bashing the authors.
That's why I wouldn't mind if a physicist was kind enough to skim and debunk or validate the paper beyond simply bashing the authors.
So hire one and pay him to do it. What do you think a physicist will rather do, read a paper published in a reputable journal that is highly likely to teach him something new, or paper that is enormously unlikely to be something else than crackpot theories?
Have there ever been any actual progress in physics coming from someone without academic credentials and/or published in crackpot journal, hm?
