Monday, February 2, 2009

Comic 538: Insecurity

security

Hello it is Rob again, just stone cold guest blogging for the week.

In the interests of full disclosure: this one was not bad. I didn't laugh but I read it and was like "okay, kudos, Randall, this isn't horrible."

But then I started thinking about it, because that is kind of a boring post, right? And this comic just lacks verisimilitude. I'm not really sure what he's trying to say here. Is he suggesting that cyber encryption is useless because nobody will ever care about your secrets? Or that it's useless because you can still just beat those secrets out of somebody? Or that that's the modus operandi of people who want to break into computers? Or that people who encrypt their data are deluded?

But okay, there's lots of scenarios in which cybercrime happens. Obviously some are simpler than others--the dude who broke into Sarah Palin's emails just guessed her password question. But some people try harder. I mean, if you really want someone's data, and you know how to break in. I can't envision a scenario in which you would just drug and beat someone for their data, though. That's something random criminals do. Usually data theft is something you don't want them to be aware of ahead of time.

Maybe he's trying to say people go to unnecessary lengths for good encryption? But none of the crypto-geeks I know go very far. And the point, as far as they're concerned, is that it's easier to encrypt than decrypt.

And the more I think about it the more I end up thinking 'uh, Randall, this just isn't funny.' But it's not saying anything either.

21 comments:

  1. Is 'drug him and hit him with this $5 wrench' a reference to something? Because I honestly can't think of a reason why Thug A would feel the need to mention the price of the wrench.

    UNLESS HE WAS CRAFTILY SETTING UP AN ALT-TEXT JOKE HMMM

    ReplyDelete
  2. OH MY GOD THAT IS SO META <3 RANDALL

    ReplyDelete
  3. I think he was just comparing the price of the wrench to the hypothetical "million-dollar cluster" referenced in the first panel.

    ReplyDelete
  4. That certainly makes sense. But the joke in the alt-text is about how the price is wrong, so I still think Thug A is aware that he is in a comic. He knows that by saying an incorrect price he can set up a cracking alt-text gag that will, like the wrench, knock 'em dead.

    We need to see more of Thug A.

    ReplyDelete
  5. I have a couple of friends who love the heck out of high-grade computer security, and the punchline at the end of every encryption description they give me is, "What's so important on your laptop that you feel the need to go this far?" Protect your information, certainly, but if you're not trafficking CIA documents between secret agents, your laptop generally isn't a target. Especially when it doesn't even leave the house.

    THAT WAS THEN, THIS IS NOW. And Randall's joke works now. Could do without the alt-text wrench joke, but that's peanuts.

    That makes two consecutive xkcd's that don't suck! Place your bets: is Randall due for a pop culture or gender joke?

    ReplyDelete
  6. Thomas: I actually don't feel that super high-grade encryption is too ridiculous. But I have a stalker. I do not want her anywhere near my data.

    ReplyDelete
  7. Thomas:
    I like this one, too. Third's gonna be 4chan humor. I'm sure of that.

    DoubleBlackbird:
    A bit of chloroform and a five USD wrench is cheaper than an NSA computer cluster, that's all.
    Saying the price of that wrench out loud makes us think "Oh, Randal! a five USD wrench *is* cheaper than NSA's computer farms."
    That's the nature of fictional characters - they say the obvious for the maximisation of our enjoyment. Take James Bond villains - they explain to us dumb viewers their plans through the speech they make to the strapped James Bond.

    I like this comic, but... you just have to remember who's your adversary. The regular "nerd" has nothing to worry about the KGB or the Mafia. If a nerd wants to hide stuff from the police, which abides the law and does not torture people, then they can hide their stuff with truecrypt's plausible deniability features or whatever.

    Guys, I just wonder if Randal has business with the mafia. If not, then I guess This how he should have made it <- A PICTURE OF AN EDITED XKCD#538 STRIP!

    ReplyDelete
  8. Instead of just labeling two panels, "A Crypto Nerd's Imagination" and "What Would Actually Happen" Randall could have actually used the the disparity as his joke.

    But then he would have to get off his lazy ass and draw more than two panels. Heaven forfend!

    ReplyDelete
  9. Subculture has the right idea. One long panel would have worked, with stickman's imagined scenario in a thought bubble to the left, stickman in the center, and the actual crooks around the corner to the right.

    No punchline explanation required!

    Also, kudos to Rob for the timely update.

    ReplyDelete
  10. So this one was actually good. That makes 3 in a row that doesn't suck.

    ReplyDelete
  11. Exactly what I was thinking, thomas. This "new" comic requires no changes to dialogue, no change to alt text, etc. just one more panel's worth of "art", if you can call a thought bubble and stickman art.

    ReplyDelete
  12. So, I talked to my roommate about this one. He believes it is a reference to something. That 'something' is a common thing in the encryption subculture: a scenario in which the government has your computer, and wants to break into the data in order to find incriminating evidence. The idea is to make it impossible to do so without you giving them your keys.

    Unfortunately, if this is indeed a reference, it is very badly done, for many reasons--not least of which that if you don't give them your password you're just as liable as you would be if you did and they found incriminating files.

    Now, if you really want good protection against this sort of thing, set up a password that deletes or otherwise hides all of your bad files.

    ReplyDelete
  13. This one reminds me of a security course I took in which the speaker stated that despite everything that you can do to protect yourself, if somebody wants something bad enough they'll try to find a way to avoid it altogether.

    2 enjoyable comics in a row, both have felt like way back when XKCD was still a solid strip.

    ReplyDelete
  14. What information are they trying to get from Randall's laptop?

    Shitty comic ideas? Every episode of Firefly? Pictures of a girl he took in Spanish class without her knowing?

    ReplyDelete
  15. I didn't like this one, actually, but it did feel more like early-day xkcd, like the last one. I think if this were during the golden age, I could have just skipped past it and not thought anything of it. Yay Randall are you making a comeback? Dare we hope?

    lol Vlad

    ReplyDelete
  16. Yeah, this is a pretty well worn infosec in-joke more commonly referred to as a "rubber hose attack," meaning that no matter how super uncrackable your shit is, if someone REALLY wants it they're just going to torture it out of you. Used in casual conversation to refer to beating the crap out of a colleague to get him to do something, e.g.:

    "Man, Rod's cousin is fucking FINE but he's being a real dick about giving me her phone number"
    "Rubber hose attack, dude"

    So overall, kind of a cute comic, I guess, but not particularly innovative or clever.

    ReplyDelete
  17. I read this more as a sort of a governmental criticism and enjoyed it as such. "The government will beat you with a wrench."

    Of course, I think I read the governmental thing into it because it's not implied in the comic.

    ReplyDelete
  18. Yawn, the *real* reason why this sucks is because of this:
    http://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography

    Any idiot who deals with encryption knows of this, and that's why this comic sucks because it doesn't consider this plausible deniability at all.

    ReplyDelete
  19. I thought it was making fun of movies?

    ReplyDelete
  20. A very belated explanation:

    Rob, it's a commentary on the different cultures existing at the two organizations.

    ReplyDelete