On Thu, Nov 5, 2020 at 5:59 AM Tom Beecher <beecher@beecher.cc> wrote:
Let's say roughly half of the science says the hypothesis is false, and half says it is true. It is absolutely fair in this case to state "We don't know enough."
Hi Tom, Strictly speaking, if a hypothesis is disproven by even one repeatable experiment then the hypothesis is disproven. It doesn't rule out that a similar hypothesis could be true but that particular one is false. Suresh's case can also be dismissed with Security 101: never spend more protecting an asset than the value of the asset. Practically speaking this means you assign a risk cost to a particular kind of attack and then consider whether there are any protections from the attack which cost less than the risk. That's Vulnerability * Threat * Incident Cost. The vulnerability to someone tunnelling under your data center to set up an RF generator is not high. The logistics of such an effort are very complicated and the inverse square law dictates that the power in an RF signal deteriorates quickly with distance even in free air, let alone with ground between you and the recipient. It is, in a nutshell, impractical. The threat for someone tunnelling under your data center to set up an RF generator is basically zero. There are examples of tunnelling in crime and war but both involve clandestinely overcoming a superior force, such as breaking someone out of prison, evading detection by authorities when smuggling or destroying a fortified military position with explosives. There is no superior force guarding a data center. Following staff home and picking them off with a rifle is so much cheaper and carries a better probability of success. Nearly zero times zero times some possibly high incident cost still equals zero. The risk-cost from Suresh's scenario is zero. Hence the security efforts it justifies are zero. Regards, Bill Herrin -- Hire me! https://bill.herrin.us/resume/