Schneier on Security

Clive Robinson • March 23, 2024 1:55 AM

@ ResearchZero, Bruce, SpaceLifeForm, ALL,

Re : The Xmas gift that keeps giving.

“Side-channel in Apple’s M-series allows for extraction of keys. DMP cannot be disabled on M1 and M2.”

Oh and it’s not just Apple’s chips, it’s the latest 13th Gen Intel chips as well…

Speaking of Intel, how long is it since Meltdown was found? Getting on for seven years[1]…

Back when the news broke I predicted on this blog that this sort of “go faster stripe” logic faults would continue to be found for half a decade or so and named it “The Xmas gift that keeps giving”. Well at now well gone six years that first mile stone has been cleared and it’s still giving…

But the fact that such logic errors are still being made in what are effectively totally post Meltdown chip designs should concern people.

It means, one of only a few things, is true,

1, They have not learned the Meltdown and Spectre lessons.
2, They do not understand the issues behind race conditions and similar that can become visible time based side channels.
3, For reasons of “Spec-manship” they don’t care about customer security.

My money has moved with time down that list to the “Spec-manship” / “don’t care” as the most likely reason[2] (yup have a good think on that implication especially as both Microsoft and Google are moving to the “Force them on-line” OS model so they can effectively “suck your brains out”.

But further consider these high end chips are appearing in “Electric Vehicles”(EV’s) further up than the “base level” in current cars. At a level where Internet and other insecure Communications connectivity happens again “as a requirement”. But the consumer vehicle internal connection bus is one and the same wire and all systems are connected to it.

In the past I’ve explained why the likes of “Data diodes” and “Data sluices” are very definitely not “One Way” due to “Error and exception” handling moving not “Left to Right” as most programmers assume data flow is, but actually “Right to Left” and how systems are very “transparent” to this “back channel” so external systems can “reach back” into the most security sensitive thus supposedly most secure parts of a system.

Thus I suspect issues based around this will happen in the next half to full decade.

Any one want to bet the price of a beer I’m wrong in this prediction?

Also I’m waiting to see academic papers on side channel exploitation of AI LLM and ML systems for various reasons[3] they will be particularly prone to them, even “over the wire” used for user communications.

We’ve had a close one with a form of “Time based Prompt Attack” but not quite where I expect it to get.

So prediction number two I expect to see them starting in the next 12months.

[1] Meltdown was on Intel chips and although made public in early Jan 2018, it was kept secret by Intel’s lawyers and executives for over six months. During which Intel’s peak annual “Xmas prezzie” sales happened and a senior Intel executive sold their shares at a much higher value than they were worth after the announcement (but apparently SEC decided it was not “insider trading”…).

https://en.m.wikipedia.org/wiki/Meltdown_(security_vulnerability)

After Meltdown was made public so were similar problems found on ARM and AMD chips. In the case of AMD it was in a different area of the CPU and thus called “Spectre”,

https://en.m.wikipedia.org/wiki/Spectre_(security_vulnerability)

[2] An interesting thought to consider, Nvidia is now the third most valuable “tech-stock” in the US in part because they have the fastest AI chips there are[3]. As these logic insecurities are all effectively due to “go faster stripes” what are the odds that all Nvidia high end chips have them? Especially the just announced “Upto 30 times faster” BL200 “Blackwell” chips,

https://www.bbc.co.uk/news/business-68603198

But also those chips for “Electric Vehicles” ChatBots, anyone want to predict what would happen with a security busting side channel could do in the EV systems built around them that you are doing 80kph or more towards a freeway bridge in?

[3] As I’ve mentioned befor AI LLM systems and even the AI ML systems are effectively DSP algorithm based systems. As such they would normally be considered “constant time algorithms” thus not suffering from or having very little side channel leakage. Unfortunately they are not true constant time, the timing is dependent mainly on the user query and in part on a stochastic source.

The stochastic source however does not really effect the “constant time” but the user query very definitely does both on the input and the output of the query and it will be “visible on the wire”. This makes both much much easier to sperate and pull out in analysis of both LLM and ML systems because the otherwise constant time makes synchronisation way way easier.

I’ve yet to see any academic papers on this security aspect of LLM and ML systems, if anyone knows of one I’d be interested in seeing a link.

Clive Robinson • March 23, 2024 1:28 PM

@ fib, ALL

Re : Solar storm on it’s way.

“AR3615 did unleash a solar flare, as we commented earlier in the week. A possible CME is being investigated.”

Two questions,

1, Will there be a geomagnetic storm on earth?

2, If so is it going to be a problem for electronics?

The answer to the first is very probably yes in about two days time. Which is sufficient time to take precautions should they be necessary…

Which brings us onto the second question. To which the answer is yes, but to which the answer needs to be qualified.

The problems can range from GPS signals not getting down to places with sufficient strength to be reliable, disturbance to the Earths magnetic field causing compasses to point off in direction, and radio systems above around 2Mhz suffering from decreased signal reception. To full-on blow out of the control inputs of active semiconductor devices and destruction of chips both electronically and physically (yup if enough energy gets in before the bond wires melt the chip casing can have a hole blown in it by rapid thermal expansion).

So on the principle of,

“Two is one, and one is none”

Protecting two sets of devices and backups might well be a wise precaution for a few days.

The question is what level of protection.

I have some EMP proof equipment that simply requires connections be disconnected and the conductive “dust caps” fitted over the connectors. Other equipment is already inside an “RF Cage” that is good for all CME induced storms that humans can reasonably tolerate.

As for the rest, of the equipment, time to get the shielded shipping crates out of the loft and do a little packing.

Is it necessary, almost certainly not, the probability of a harmful event is on balance very low.

But as some of the equipment and data is irreplaceable it makes sense to take precautions.

However this is a “twin event” of two sunspots and more recent analysis of historic events suggests the probability of a large storm is very much increased with these “twin events”…

The last time this happened the Canadian power grid got more than a bit of a wake up call…

So putting backups in conductive bags inside, insulated bags, inside a “biscuit tin” with the seams taped with conductive foil sitting ontop of an insulated surface might be precautionary move that will protect your memories etc.

Clive Robinson • March 23, 2024 11:53 PM

@ SpaceLifeForm, ALL,

Nice to hear from you, I hope you are well?

With regards,

“”

I had to smile when I read,

“The UK’s NCSC has a more understated list of challenges in the so-called Cybersecurity Research Problem Book.”

They are certainly way more foundational, that is for sure, and if you don’t get all of them right all you build on them will fail.

But all these programs still suffer from a problem I’ve mentioned before and it’s such a critical failing that you can almost guarantee that all work is going to fail.

The “top down authoritarian view” which is so prevalent is exemplified by the “Single Sign On” failure.

We have very old sayings that warn against such stupidity like,

“Putting all your eggs in one basket”

Authoritarians see people as faceless just numerical identities, and that is not how humans work at almost every level. Humans have “roles” and they are many, varied, and for good reason mostly segregated.

Unless systems are designed to support this properly they will fail and often as not fail hard.

But a couple of things stand out,

1, Repeated mention of AI.
2, At the end it’s just “more of the same” thinking.

As these are both easily recognisable “industry traits” currently, it should cause people to stop and think.

AI is not a security solving tool.

Because current AI does not think, it does not reason, and it can not test it’s self. As a result it most certainly does not create new or original work. So like old Generals all it can do is fight wars the “old way” by rote, and thus be at the very best “second best”.

What AI does is take “second best” and “soften the edges” by a little randomisation. Which means that as like as not it won’t even be “second best” but worse potentially a lot worse. It’s kind of “inverse fuzzing” like,

“Throwing darts blind fold at a map of the world to decide where you are going to spend two months or more income on a two week holiday.”

Lets hope such people can swim…

But “more of the same” thinking is equivalent to that definition of “madness” by “doing the same repeatedly and expecting different outcomes” wrapped up in a faux-management meme of “nerding harder”. Which most definitely is not behaving smarter.

Doing things “smarter” requires insight and rationality few humans actually posses and current AI systems do not.

Evolution has been said by some to be,

“Random selected by fitness functions”

But it’s fairly useless as a definition without saying how those “fitness functions” come about in the first place. Which all to often devolves into,

1, A “You Know” appeal to vacuity.
2, A “Turtles all the way down” appeal to infinity.
3, Or both.

Clive Robinson • March 24, 2024 8:12 AM

@ ResearcherZero,

Re : Reaching out.

“I just fixed an internet connection for somebody. As it was a single wire, twisted once and making barely one point of contact. It was a single point of failure. The cable was hanging free and blowing about in the wind…”

Sounds like it was an

“Easy job not but must required”

as Yoda might say 😉

I was once told a moral about old cables and such like,

“The weakest link is oft the one that can not be reached.”

Implying that the amount of “love and maintenance things get” depends on how easy they are to get to or do.

Something I’m sure California’s PG&E customers, who had their property burnt down, by PG&E’s “love for share holders and seniors bonuses, not service maintenance” understand all to well.

It is the reason I suspect,

“The professionals from National Broadband Network apparently visited the site last week. It does not appear that they did a whole lot of work. Last few feet rules. Do FA.”

The “Quick and easy” get fixed, whilst the “long and hard” get “No fault found” and a quick coffee stop on the way back. It’s what management want with their “less time on site” initiatives…

The first time it hit home to me must be four decades ago now back in the time of 1200/75 baud modems. I had “line noise” issues and the idiot they sent wandered around humming and harrumphing and took the handset off hook. Then got out an analogue meter pluged and unpluged the “line jack” and claimed it showed “line noise” was in my equipment[1]…

He was I assume not amused when I wrote a letter of complaint about his lack of competence and sent it in.

[1] It’s an old “wireman’s trick” that works because the telephone circuit from the “exchange battery” to the consumer instrument is effectively a partial “DC bridge” circuit. The off hook instrument looks like 300-1200 ohms and the line to and relays at the exchange look like 3000 or more so putting a volt meter across the line and unplugging the instrument will make the voltage reading jump up. If however you put the headset back on hook and thus open the line switch in the instrument then plugging and unplugging it won’t make the voltage jump across the line.

Clive Robinson • March 24, 2024 2:56 PM

@ Bruce,

Re : Is it you?

I’ve been sent a link,

https://m.youtube.com/watch?v=Wr8qY3yJr5I

That sure looks like you, talking about Tik Tok and it’s supposed danger to US National security…

So “fess up” 🙂

The answer to the question is of course,

“It’s just as bad as all the other ‘Social Media Corps’ in Silicon Valley that have all sold their souls etc to the US Gov, and other Gov’s around the World.”

So as an individual you are probably currently fractionally safer with Tik Tok than you are X, YouTube, et al.

And people still wonder why I don’t do any of them…

But… Let’s assume Donald Trump gets his “Hissy fit” way, All the major US Social Media corps have already sold their souls to China anyway, and they are dependent on China in fairly major ways. As are a great deal of their employees and those dependent on them economically…

So if the Chinese Government did a “tit for tat” I suspect US National Security would be harmed rather more due to the loss in “economic benefit”…

So folks in the US should consider which side of their bread has butter on it… And which side up they want it to land if the Numpty US Politicians banging the war drum have their “Propaganda Way” and the bread heads for the floor…

Clive Robinson • March 24, 2024 6:45 PM

@ vas pup,

It might have been due to the “sounds completely false” claims coming out of the media/government in that area.

Or the fact that the US –based on EU intel– had been waving a small red flag about large entertainment events were being targeted in that region for over two weeks prior.

Either would attract unwanted attention by the metric crap-ton.

Clive Robinson • March 25, 2024 12:57 AM

@ ResearcherZero, ALL,

Re : The Xmas gift that keeps giving.

“… the go faster model is certainly going to help your data go faster to another destination than intended.”

Yup, and it does not matter at what level of the computing stack it happens at…

A data leaking side channel requires just two things to exist and harm you,

1, A mechanism that changes energy/matter in a data dependent manner.
2, A Shannon Channel that your adversary can observe the energy/matter changes.

After a moment or two’s thought you will remember what you got taught in School Physics,

1, All work requires the movement of energy from a coherent state to a less coherent state.
2, All work is inefficient therefore energy has to be released into the environment.

So you know that any and all parts of “information processing” results in “energy released to the environment”.

Further that this “released energy” is “modulated by the level of work”.

So if the Shannon information channel has enough bandwidth then the work done thus in effect the data value gets released into the environment.

Is there anything that can be done to stop this?

Two obvious things can be done,

1, Stop down the Shannon Channel bandwidth several orders of magnitude below the processing rate.
2, Use certain types of data obfuscation techniques.

Less obvious is identify how the amplitude of the modulating signal drops with distance, and what the “natural noise” in the information channel is. Because,

1, The “natural noise” is evenly generated for any unit of distance along the channel.
2, The information signal gets antennuated by the same percentage for any unit of distance along the channel (exponential decay).
3, Therefore at some point –from the source of the information signal generation– along the channel the information signal will be less than the natural noise.

At which point the signal starts to become obfuscated.

These are the basic physical laws of the Universe by which the human TEMPEST and EmSec rules are created.

Clive Robinson • March 25, 2024 8:15 AM

@ Eriadilos, morganism, ALL,

Re : vehicle to vehicle worm of APT payload.

“Because putting wireless capability on CAN is such a good idea as has been proven in the past. The automotive industry truly never learns.”

It’s not just the automotive industry…

As discussed on this blog in the past they already do such “one data bus to rule them all” stupidity on aircraft and to a lesser extent ships.

The argument is “Data Diodes” and “Data sluices” will stop bad data getting to sensitive components.

It won’t…

Most “data diodes” are not true “one way” devices they have the likes of “error detection” and “exception reporting” built into the system as a necessary part of correct functioning.

Thus whilst the “data path” channel appears at the upper protocol layer to be “left to right” only. The reality is at a lower layer there is error/exception and the channel for that is very definitely “right to left” at a lower layer.

With the way many OS’s etc are written, this error&exception right to left channel gets effectively “reported through backwards” and travels further in the right to left direction.

That is the systems by design are transparent to errors so they get reported back right into the heart of any part of the system.

I won’t go into details of how to exploit these “error&exception” channels again, but just remember any and all “reliable” shared data channels not just the CAN bus are susceptable to these “reverse channel” issues.

So the question arises as to,

“Why are there shared data buses?”

The answer is in two parts,

1, Simple mathematics
2, Simple economics

Simple mathematics will tell you that the number of data channels goes up as N^2 of the number of communicating entities N.

Simple economics will tell you that the cost in resources not just money goes up with each additional physical channel.

Thus the simplest implementation is,

“A single physical ‘data buss’ that is shared for N^2 virtual channels.”

Hidden under that is that for each “virtual channel” to work reliably in a shared environment there needs to be another data channel in the reverse direction for “errors&exceptions”… So now there is 2(N^2) channels.

But… Some systems play “error and exception ping pong”… That is each and every channel has a corresponding “back channel”.

Thus you can see how such systems might be vulnerable to what is an “amplification attack” as seen in “Distributed Denial of Service”(DDoS) attacks…

Such is the fun in the design of “fault tolerant systems” built upon “shared data busses”. At the very least the designers have to stop such “cascades” and that is actually one of those “Open Research Problems”…

So to put it crudely,

“The designers ‘wing it’ untill the ‘wings come off’ then their system no matter how cleverly designed just ‘crashes and burns’ in a ‘smoking pit of the designers failings’.”

Clive Robinson • March 25, 2024 1:41 PM

@ Winter, ALL,

Re : Just a couple if words to the wise.

“The Donald has never been a very successful man of business.”

You could leave the last two words off and be more accurate in your character assessment of the “Doh-gnarled”.

Smart he ain’t, venal and narcissistic he most definitely is.

As you note,

“Whom of his allies of 2016 on are still standing?”

It’s not just 2016, it’s fairly much most of his adult life if you take just a fraction deeper look than just the glow of the gloss on the faux-guilt-tan.

Depth is something he ain’t got, and never did.

Anyone taken in by him today is either incapable of learning, or has been under a rock playing house with a scorpion far out in the Nevada salt flats.

Any one daft enough to think they can go one over on the “Doh-gnarled” is forgetting that there is a long queue of such idiots and they all get in each others way like “Clowns in the Ring”… So all the Doh-gnarled has to do is stand out of the way and keep waving them on like some three year old with a 50cent stars and stripes living life on the belchers.

Clive Robinson • March 25, 2024 11:43 PM

@ ResearcherZero, ALL,

Re : Fire needs fuel to burn.

“Don’t use a car battery to charge your phones…”

Whilst a real “Doh-gnarled Move” of the highest order of stupidity. It’s not the reason the fire mentioned in the article has been so devastating.

The actual reason is the twenty years or more of “fuel load” that bad land management had allowed to build up.

For various reasons sensible and required land management practices from within living memory have been stopped.

One of which is the use of fire.

Fire is a natural event and happens not just as part of an ecology but the life cycle of actual species. For instance some conifers can not release their seeds from the cones without the assistance of fire.

So stopping fire can be as devastating as strip mining is to some ecologies and wipe out entire species.

But also fire gets rid of disease and other pests upto and including mammals introduced into an ecology by mankind.

Most “invasive” non indigenous species are actually not a deliberate introduction into an ecology (though some are).

As such fire is one of the ways such invasive species are removed from the ecology. Because indigenous species have evolved with seasonal fires where as most invasive species brought into the ecology by mankind have not.

What the article is describing is the non linear nature of fire. With a sufficient fuel load the fire turns into a “fire storm” at which point it usually only stops for one of two reasons, it runs out of fuel to burn, or the weather changes significantly. With all his technology mankind still can not fight “fire storms”.

Thus sensible land management says you don’t allow the “fuel load” to build up as the result can only be seen as a disaster.

The least costly way to stop fuel load build up is to regularly burn it out with controlled fires that don’t approach the nonlinear change into fire storms.

This is especially important with certain ecologies where the plants contain certain highly flammable hydrocarbons such as most conifers and some other species like eucalyptus.

It’s known that as long as the fires are small then in a lot of cases the trees like the indigenous wildlife will “live through it” with limited harm.

[1] Fire as an essential symbiotic event in stable ecologies,

https://www.nature.com/scitable/knowledge/library/the-ecology-of-fire-13259892/

[2] Even as little as a decade ago the place of fire in maintaining stable ecologies was very much a scarcely researched knowledge domain,

https://fireecology.springeropen.com/articles/10.1007/BF03400628

Clive Robinson • March 26, 2024 12:13 AM

@ emily’s post, ALL,

Re : “Hey Presto” Might sound magic but really…

What could possibly go wrong ?

Where would you like me to start?

How about “Fire Hazzard?”

Whilst I can see why somebody would see it as a “neat idea” it’s realy not.

Once the technology is out there, others will grab it and use it.

The point of boxes with “tamper evident seals” is a low cost way to prevent tampering in the delivery or other supply chain etc.

You can see “Implant happy NSA” agents being over the moon with this idea.

But why leave others out?

How about “Evil Maids” etc slipping into your hotel room and “updating” your phone whilst you sleep or take a shower etc.

Then how about US DHS agents doing similar with an attachment to the airport scanner/X-Ray machine?

The list just goes on and on…

Clive Robinson • March 26, 2024 5:39 AM

@ ALL,

News just in.

Francis Scott Key Bridge in Baltimore struck and collapsed into water

From what is said a large vessel struck one of the supports at 1:30 Eastern Time (5:30GMT) and the whole main span just dropped into the water.

https://www.bbc.co.uk/news/live/world-us-canada-68663071

The numbers of people and vehicles involved is unknown at this time and a major emergency event is underway.

Clive Robinson • March 26, 2024 7:17 AM

@ MarkH, ALL

Re : Key bridge collapse

First thing to note is that according to reports the Container ship Dali that reportedly struck a “support” was significantly off course but… Had two “Harbour Pilots” on board at the time.

Other later reports suggest that yes it was a truss from the support rather than the vertical members that were struck.

On survivability, apparently the water temperature was down to below freezing point, which takes survivability down to a matter of minutes.

Clive Robinson • March 26, 2024 10:53 AM

@ JG5, MarkH, ALL

Re : Potential loss of control.

With regards CNN article etc, we still lack information and the little we know is scant.

“Lights on the ship flickered and a dark plume of smoke could be seen billowing from it before it veered towards a bridge pillar shortly before impact”

Appears to have been in part confirmed by,

“Maryland Gov. Wes Moore said the warning from the ship’s crew likely saved lives.”

That is a “Mayday” distress call was put out by the ship in time for much of the Key Bridge to be cleared of traffic, but sadly not all people.

I suspect that in many minds the operation has now gone from “rescue” into “recovery”.

Clive Robinson • March 26, 2024 10:21 PM

@ UnLurkered,

Re : Key Bridge.

“… less easy to understand why bridge piers had insufficient layers of protection nearby to make this possible.”

Untill relatively recently bridge pilings were left,

“Elegant in their look and simplicity”

For a whole host of reasons but “cost” has been ever present.

But also consider most bridges struck by vessels don’t get damaged supports. All to often it’s the bridge deck getting struck by vessel superstructure, thus the vessel has in effect it’s own “crumple zones” to absorb a lot of the impact.

I’ve no idea how much mass the vessel had in total, but it was travelling relatively slowly (I’ve seen 8mph reported by some journos). Needless to say though that is still a lot of kinetic energy.

As a rough rule of thumb bridge designers tend to aim to put bridge supports in as shallow a depth of water as possible thus rely on “grounding out” of larger vessels. But akso because the pressure goes up by an atmosphere at 30ft depth if water and so on. So working at more than that depth quickly becomes problematic and very expensive.

Building “artificial islands” is even more expensive especially as they “wash away” way to easily, so that is avoided as well…

Some bridges are built on what is a concrete pontoon that is floated out then sunk into place, but that also creates a hazard.

But none of these systems protect against collisions. Interestingly in the UK a pleasure boat crashed into a bridge on the River Thames just a few months ago,

https://www.bbc.co.uk/news/av/uk-67680559

It’s not the first and won’t be the last.

Some years back now a larger vessel did cause some damage and rules were put in place about adding protection (surprisingly the river is legally a “highway” attesting to it’s main use since Roman times). However if you look at the “latest bridge” seen in this article,

https://theconversation.com/straw-bale-hung-from-londons-millennium-bridge-to-comply-with-ancient-law-just-part-of-the-river-thames-long-legal-history-216110

You will see there is no protection…

Clive Robinson • March 27, 2024 11:19 AM

@ Bruce, ALL,

Re : Key Bridge and supply chain security.

As predicted the elephant in the room of the unfortunate collapse of the Key Bridge of “supply chain” security has arisen.

At the moment it’s about economic down turn in Baltimore of 15,000 waged jobs and another 100-20o thousand jobs elsewhere.

Some will very soon ask if it could lead to a recession of some kind in the US well the answer is unfortunately,

“We do not have enough data to say not.”

Which on it’s own could be sufficient to act as a tipping point.

However I suspect in the next few days there will be IS and ICT stories not just about the supply chain supply issues but also about the actual security of data etc.

This is not a “pebble in the pond” issue sending out a few ripples, this is more like a mountain dropping into the ocean, with significant waves on both sides of the Atlantic bouncing back and forth.

At the very least it has happened at a time where the likes of Russia and similar will see it as an opportune time to run attacks against the US and other Western Nations.

We’ve already seen a lot of “fake-News” from Putin trying to make hay out of the Crocus City Hall concert stadium massacre,

https://slate.com/news-and-politics/2024/03/russia-shooting-concert-hall-isis-attack-putin.html

So as it’s his M.O. at a very minimum expect Putin to try and take advantage of the Key Bridge collapse any way he and his cronies can think up.

Clive Robinson • March 27, 2024 2:31 PM

@ JonKnowsNothing,

Re : Burrito Economics

I blame the US Government and Fed printing presses…

Whilst it was a while ago since I was last in Downtown Redmond doing a few things for AT&T Mobile I remember being a little miffed that the price of a stake dinner had gone up by fifty cents from my previous visit a month before… That is with soft drink it was $12.50.

Back then I think a Burrito was less than the $2 mark depending on how far you were prepared to walk. It was only a little more than the “bus fare” from Seattle Airport to Downtown Redmond which was an interesting ride for anyone else that’s tried it[1] (and way less travel sick making than a “town car”).

[1] The Hotel was surprised to see me turn up as a guest as I was dressed in my usual “travel clothes” and looked like a cross between a Canadian hiker and Boston construction worker and my Scottish accent was broadly on display (for some reason I don’t have any probs and people are friendly, might be because being 6’6″ and around a third of that broad back then… I kind of filled doorways 😉

Clive Robinson • March 27, 2024 10:16 PM

@ lurker,

Re : Laws of fluid dynamics…

“Asking for a friend, which would be easier, to run a ship into an important bridge, or fly an airliner into a tower block?”

Well first off lets insert the word “accidently” in there…

The ship can not “fly over the bridge” so it will be at “strike hight” all the time.

Now there is the strange issue of why,

“Ships don’t pass in the night the kiss unless stopped”

Put simply and without a bunch of maths such as Bernoulli’s equation, two vessels sailing side by side will be “drawn together” due to the fact that if close enough they push the water out of the way for each other thus there is more pressure on the outer side of the vessel hulls pushing in together than the inner side of the hulls pushing out apart.

It’s a similar reason birds like geese fly in a V formation and racing cyclists bunch up. They are in effect on the flat but travelling down hill with a wind behind their back.

However the faster you go the less distance the effect works over. Unless an aircraft is flying in another aircrafts direct slipstream the effect will be negligible at best.

Where water flows a ship will get pulled toward the bridge if it gets within a certain distance in part described by the Venturi effect. With small vessels it’s not often noticed with large long vessels it is noticed when coming alongside to docks etc.

So you actively have to “steer away” on a new course heading. That is if you maintain the same compass course you will find the ship moves sideways without changing it’s heading.

Then there is the fun of how a river or other body of moving water behaves in a channel. I won’t attempt to describe why as it’s a nonlinear process, but as far as a ship is concerned in some water ways the banks are like they are “down hill” of the central stream thus they will head in that direction[1].

So “on points” the ship gets it even before you do the “kinetic energy calculation”.

Large vessels even with engines in full reverse just don’t stop moving forward we discussed it on this blog some months back. In open water you throw the wheel over so the vessels hull becomes broadside on to the inertial direction. Which is something you just can not do in a waterway.

Dropping anchor is a risky thing to do as it can tear a ship apart if done incorrectly. Thus is seen as a desperate measure, so why might it be done?

Consider a ships ability to steer is based on it’s relative velocity to the water it is in[2]. Thus it might be moving towards a fixed point such as a bridge at say 8mph but as it has no relative velocity difference to the water it is in, it has no steerage way, thus is to all intents and purposes “just drifting” and uncontrollable by the ships crew in any way.

[1] You can actually experience this for fun when things go in the other direction by “running a tidal bore wave” of which one of the largest is in Bristol up the Seven Estuary which I’ve mentioned in the past with respect to both subsea xables abd wace power (if you want the fun of the mathematics of bore races, https://www.coastalwiki.org/wiki/Tidal_bore_dynamics ). Similar can be done with “stopper waves” at river sluices which often attract canoeists (yup I wasted a lot of weekends in my life from 14 to 18 and nearly killed myself a few times in the process as I’ve mentioned before).

[2] In between the channel islands and France there is a tidal phenomenon called the “Alderney Race”,

https://royalsocietypublishing.org/doi/10.1098/rsta.2019.0492

Amongst such strange effects as a gyre that can make your boat go backwards and forwards every few minutes you can sit on the shore and watch boats apparently sail backwards even with full steerage way as the water can move at 5m/sec or 18kph. I actually got a small boat to “plane” but from the shore it looked backwards like a strange film clip in reverse. You really do not want to be on the French side of it because the bed is very rocky and whilst charted it’s to difficult to navigate.

Clive Robinson • March 28, 2024 4:36 PM

@ JonKnowsNothing, ALL,

Re : Impossible but happened

An update on Horizon, that would shock a person not familiar with what has already happened,

“Secret papers reveal Post Office knew its court defence was false”

https://www.bbc.co.uk/news/uk-68663750

And a hundred million in UK tax payer money used in keeping it covered up.

Clive Robinson • March 29, 2024 5:26 AM

@ JonKnowsNothing, lurker, ALL

Re : Far distant Horizons

That’s how it is supposed to work.

But neither can it or does it in an asynchronous system.

When people “dig in” if they are ever allowed to it will very provably be found that an asynchronous process is involved.

I can give an example that has been found in other accounting systems, but “for NAD reasons” I can not say who’s systems, when, and other details. As they say,

“One distant horizon looks like any other.”

Look at a “cash register” it holds a float of cash so sales transactions can happen. Management want to know “what the float on the floor” is for all sorts of reasons at all sorts of times it is by definition an asynchronous process to that of sales transactions. The thing is it can not be exactly determined except by stopping all transactions and all movements of cash not just in sales transactions but also to or from the security of the “cash office” or the “Till excess vault” used to minimise loss if somebody does a “stick up” or equivalent.

Management used to manually graph the floor float to make forward predictions such that sales transactions would not get interrupted, but nor would stick ups be likely to happen or be costly.

Then computers came along and “manual” went out and as you’ve noted “speed” came in, and with it the desire by management for “more floor data” like employee performance etc etc etc. You name it somebody would want it… But computers are also allegedly “magic” they “don’t make errors”… only they do, they are actually unavoidable in active systems using sequential processing where parallel activities happen. They occur because of “asynchronous” amongst other things, and provided you both know and understand this the errors that arise can just be ignored without harm. Thus understanding that the “floor float graph” is about “relative change” not “absolute value” is kind of important to stop further consequential errors arising…

The thing is that those writing software mostly do not have a clue about what they are actually doing. Coding maybe but business logic rarely or not at all (something the RAD threw up almost every time).

Nor do most writing software understand the dangers of “state” and “asynchronous” (heck there was a very very good reason why HTML had “no state” and was designed to be fully “asynchronous” at the outset, and why I was telling people this back in the early 1990’s and why it was going to cause nasty issues if people tried “bolting state on” or “have client and server be synchronised”).

Then there is the failings of “moving validation to the left” out of “business logic” and not handling errors and exceptions as “expected thus recoverable events” (and why we have so many “Blue Screen of Death” fails).

Oh and don’t get me started on moving to the left out of the server and onto the client, that has caused more security vulnerabilities than can be catalogued…