Clive Robinson • March 8, 2014 2:09 AM

OFF Topic :

There is some “fun” to be seen over at Hacker News over this article,

http://www.2uo.de/myths-about-urandom/

I think many here would have one or two things to say on it. However to save you the effort a little cat fight has turned into a bit of a prize fight.

To see where the “fur fly” have a look at,

https://news.ycombinator.com/item?id=7359992

It helps the hot brown stuff slide down your gullet on a somewhat damp and grey –in London– morning.

Clive Robinson • March 8, 2014 2:20 AM

@ Stephan,

I’m surprised I haven’t heard more outcry regarding the GnuTLS bug

That could be for a couple of reasons,

1, Media fatigue
2, No “evil corp with iritating sicho/nars fanbois to bash”

If you think back the little crypto problem that caused certain Bitcoin apps to be vulnerable and thus lose the users their “wealth” did not make much news. So I’m working on 2 being the reason (but then I’m biased I still think the last good product Apple made was the Apple ][ 😉

Clive Robinson • March 8, 2014 2:31 AM

@ Captain Obvious,

I think Bruce has been lying about his new job

No No no, it’s more important than that, it’s evidence of a secret Russian Plot to back up the NSA by implanting a double at confrences to sow doubt and confusion as to Bruce’s loyalty to “Security Theater and The Great American way”…

Either that or Bruce has found a new “musical” hat to wear 😉

Clive Robinson • March 8, 2014 4:21 AM

@ Nick P,

With regards patents you have the disadvantage of being in the US which has some of the most bizzar patent legislation and processes there are. So much so that it has driven some inovation out of the US to other more accomodating places @RobertT has had some things to say on it in the past, and I know Bruce regards patents as a “touchy subject”.

The four areas to watch out for are,

1, “submarine patents”
2, Secondary or derived “evergreening” patents
3, The “knowing infringment” problem
4, The idiocy of the US IP justice system.

The last point is where even the US judiciary are looking at themselves and in effect saying IP litigation is making a mockery of the US justice system. Hence the recent inquires and reports on changing the system. However I suspect any attempt at reform will be stymid by the usuall “vested interests” lobbying. Not just of the IP holders but the lawyers and patent organisations that do so well out of it.

Whilst using expired patents can be adventageous the disadvantage is the salami slicing derived patents which can keep them effectivly in place for a lot longer which is just one of several “evergreening” tactics to extend income or market control beyond the original expiry date.

Unfortunaly finding and checking these is where the “knowing infringment” problem raises it’s ugly head. It’s difficult to argue that you have not seen a secondary patent when you’ve seen the patent it’s derived from. And the legal brethren will force you to run up huge bills just to put you out of business for their clients. And as you might have seen these clients are busy setting up secondary legal entities/vehicles to stop you getting back at them as well as to stop antitrust legislation and to deny patent misuse defence to those they chose to attack.

Thus there are various hoops of fire you have to jump through in the US to protect yourself, whilst a clever lawyer could set up a system that might make you fire resistant the big boys are going to come after you with flame throwers etc. And the old advice about “The safest way to deal with danger is to be somewhere else” has been taken by many especialy –or so it’s said– in the chip business.

And of course there is outright cheating of the so called “submarine” patents, who ever thought the idea up must have had a perticularly warpped sense of humor. They arose from the fact of using filing date not grant date, the secrecy of filingd prior to granting and the fact that you could keep filing amendments to the original filing. Thankfully these are now receading into the past but there may still be some lurking from pre 1995, but they have been known to surface as long as 40years after first filing. However there is still a hole in the system that can be exploited, which means “being out of juresdiction” is still a good idea.

This does not of course mean you yourself would have to be out of juresdiction but the developing entity/vehical would. Many “tax havens” have suitable secrecy laws and these can be run through other entities in other places.

However whilst it’s not the patent issues that should make you consider being out of the US juresdiction the misuse of legislation by Federal organisations should give you more than pause for thought. Afterall do you realy want a SWAT team pointing their guns etc at you and family etc as has already happened to one US software developer who refused to put in and run backdoors for an LEO that wanted to get at US citizens who gamble on line…

Clive Robinson • March 10, 2014 4:41 PM

@ Knott Whitingly,

Have you posted your comment above to the right page on this blog?

It’s just that it reads as though it’s ment for todays main entry.

Clive Robinson • March 15, 2014 2:03 PM

@ Nick P,

The NYT link you give fails on this smart phone due to “to many server redirects” which appears to be the case for many NYT pages (it’s a badly designed site any way 😉

I note however the “mobile” in the link, have you got yourself a smart phone these days and if so keypad or touch screen for entry?

I’ve read other reports of what the Malaysian PM supposadly said and it appears to be ambiguous and could be Hijacking rather than diversion by another state etc (apparently some people think the. Russian Gov beleive the US Gov have diverted it because it contained WMD material…).

From other sources it’s been said that shortly after the last radio message the aircraft climbed above the maximum hight for a 777 then turned and dropped down to a few thousand feet. The climb sugests something went wrong on the flight deck. Others have pointed out that turning of the normal communications systems requires a rotory switch to be turned two positions which would indicate a deliberate act, however I reserve judgment on that as it could be due to electrical fault.

As for the people on the aircraft, well let me put it this way if it did not “land” on an airstrip/runway the chances are it would have broken up and it would be unlikely to expect survivors. If it did land someone was in all likelyhood planing to do a “cover up”, if so they would need the “bodies” to be in the “right condition” to make it beleivable. Either way the probability is unfortunatly “no survivors”, and now may even be “no bodies” either.

Clive Robinson • March 15, 2014 7:47 PM

@ Skeptical,

Another, which I think has been discussed, is a well-planned suicide/mass-murder by one of the pilots, who took steps to conceal events from crash investigators.

Whilst I would not rule it –or many other things– out, there is the issue of the passengers and their mobile phones to be satisfactorialy explained.

If as reported passengers phones were “ringing” as opposed to being “out of range” or “diverted to VM” this tends to suggest the phones may well still have been connected to an International network [1]. If this was the case as with the last of the 9/11 planes –UA Flight 93– how come passengers were not ringing friends and relatives to say goodby etc.

However if the 777 is landed on the water in the right way the airframe would not break up but sink to the bottom slowly. If it has done this then it might as with the Air France aircraft take a couple of years to fid one or more of the black boxes.

Thatsaid as I’ve mentioned earlier, the fligh cargo manifest might prove of interest just as much as the passenger manifest.

The real problem currently is lack of information, and as with all vacuums nature fills it with whatever is close to hand.

[1] I can think of ways that an out of range phone might sound as though it’s ringing even if it’s not but that should only happen once not repeatedly.

Clive Robinson • March 16, 2014 6:42 AM

OFF Topic :

It looks like the mising Malaysian flight is being used by scammers looking to make a few bucks,

http://grahamcluley.com/2014/03/malaysia-airline-flight-mh370-scam/

I know I should expect it but it always causes me to think “how could they” whenever I see it.

Clive Robinson • March 16, 2014 3:20 PM

@ Skeptical, Nick P,

Whilst some assume the US Authorities are responsible for the finding out that the aircraft was still flying, they were not. From what I’ve been told Rolls Royce had been in contact with MAS ground/engineering services about the Trent Engine performance and that this may well have been the cause of MAS not declaring the flight missing. Apparently there were anomolous engine readings that may well corespond to the aircraft being taken above it’s maximum safe operating hight.

This caused further enquires to be made to Inmarsats UK offices adjacent to Old Street Underground station –it’s a nice building inside if you get the chance to visit– they passed the information on to SITA (Aero UK/Geneva not the French owned UK cleaning and waste org) who inturn passed it onto MAS. Whilst this was being kept confidential in the UK because of the criminal implications, apparently somebody in Boeing who became aware of it via the Inmarsat-SITA communications leaked the information to the US Media. And the first the US Authorities got to know of it was via the Boeing leak and hurried communications to the UK companies and authorities where various things had been ruled out, and after Rolls Royce staff were already in progress towards Malaysia.

As usual US Authorities were a little more free with foreign gathered intel than they should have been when talking to the press and thus released the piracy asspect.

Whilst there is much speculation the two most important bits of information we need to see are the Rolls Royce logs of the MH370 aircraft’s Trent Engines and the full cargo manifest.

Speaking of speculation Rupert Murdoc of News International is tweeting about an international jihadist movement targeting China and that this is an oportunity… The reality is the Chinese Government have found themselves impotent under quite serious questioning by their own people and have thus been throwing the toys out of the pram at the Malaysian Authorities. In turn the Malaysian PM is currently embroiled in a quite serious political shananigans in Malaysia having jailed his ex deputy who had split away from him over various issues including coruption. This is being used by Malaysian political affiliates to imply that one or both pilots have taken “political action”, bearing in mind neither pilot requested to fly with the other and it was a quick rosta that put them together on MH370 this appears unlikely. If you are wondering why Rupert “the bear faced liar” Murdoch is all a twitter think back to how he got his wife… It just so happens that he has significant interests in China Media currently which means he has to be nice to the Chinesse Government one way or another. The question is thouh is which political side is he stroking and what it has to do with other pollitical events (ie Russia).

Getting back to MH370 it appears that there is now a question mark over who’s voice was on the final radio messages as it’s been sugested it was not either of the pilots. Apparently this has arisen because the messages were sent after the various automatic systems had started to be shut off. If these sugestions are true then “suicide by pilot” is unlikely.

However there is a problem with that which is all to do with the passengers and their smart phones etc. It needs to be noted that this flight was schedualed to fly North West at a time it is unlikely the passengers would have been asleep. The question arises that if they were awake and aware of the aircraft being taken over did they try to communicate via their phones etc to give warning. If at the supposed turning point to fly South West they were out of range if the SW course was maintained they would have come back into range within 45mins… Thus the phone operators would likely to have seen some of the phones re-register with the networks.

There is a lot of information that has yet to be brought forward which I suspect will throw more twists and turns in the enquires, but at the moment it’s the Trent Engine TotalCare logs and cargo manifest that are of most interest. Whilst the engine logs I would expect to remain under wraps for as a minimum comercial confidentiality reasons ans likewise the SITA logs the cargo mainifest is a “documennt of public record” for international flights thus it’s odd it has not been released like the passenger manifest.

What I would also like to know is if the aircraft had SITA’s “OnAir” service or not because that could answer quite a few questions via Monaco Telecom about the passenger phones.

Clive Robinson • March 17, 2014 5:00 AM

@ Nick P,

I figure we should just put the thread to rest, though, until we get more solid information.

Yes we’ve gone about as far as we can without certain information. Though on the analysis side we appear to have been ahead and better informed than most newspapers and other media outlets.

But there have been other side effects of this tragadie that are going to have potentialy very long lasting effects.

Firstly is China, the Chinese Gov has maintained it’s position by appearing to be omnipresent and omnipotent to the Chinese population. In just a handfull of days this image has come crashing down in China in a way the government could not stage manage. Much of Arab Spring started with a lot less and it’s becoming clear to many both inside and outside China that the Chinese Gov have been reduced to impotent rhetoric and that the “Specter of Chinese Control” of it’s. Sphere of Influance nations is in effect gone. Malaysia has “slipped the leash” as have others and it’s “economic development” that has loosened the collar, and it’s escaped from their Pandora’s Box. It’s a problem Russia has with the Ukrain, the people have got rid of the puppets in charge who ran the country as a criminal enterprise. The problem for Russia is it was maintaining and extending it’s sphear of influance via the “gas tap”, it could simply bring a nation to heel by turning it off at inoportune times such as winter. When Crimea was signed over to the Ukrain it was considered to be not of significant mineral wealth to be worth keeping, the ports the Russian’s used were considered enough of a hold to extend influance. However science changed things with fracking. Crimea sits on a lot of what was formaly considered inaccessable shale gas which represents a significant political threat to Russia’s Gas Tap politics. Whilst the criminals were runing Ukrain the problem was managable, now it’s not and Putin is starting the same tactics that gave rise to WWII. The Chinese Government it no doubt watching and thinking as to if it’s a viable way to re-excert influance.

And the potential for military action has been highlited through the loss of MH370, every one has turned to asking for the military to look at what their radars saw. But the problem is it’s revealed just how ineffective they are and thus like The Emporer’s New Cloths…

Some journalists are waking up to this “Defence Pretence”,

http://www.bbc.co.uk/news/world-asia-26603830

But as some know “Defence Pretence” is not just radar it’s pretty much everything and the implication is the old “Might is Right” doctorin dressed up as “Defence through offence” or “First Strike”.

It’s a subject we skate around because we don’t want to think about it as people or nations of citizen’s as was once said “You don’t want toknow the truth, because you can’t handle the truth”.

The truth is “competative edge” if you are a small nation seen as backwards and harmless you don’t represent a threat to the entrenched “power politics” of the so called “Super Powers”. Thus “Defence spending” is a waste of resources. Thus if you devote your nations GDP profit to reinvestment it can have a major effect quite quickly (look at South Korea for example). Suddenly you are nolonger a backwards nation but an “economic power house” and you are a threat because you have in effect destroyed the Super Powers home economy, you have as some see it “stolen their birthright”.

If however you take a step back you realise that the “enemy at the gate” is not bearing arms but gifts that work better than any weapon, because they destroy you from within. For David to beat Goliath he did not need a sling shot and a chink in the armour, just wine laced with opium and a little time for Goliath to become fat, lazy and dependant thus an easy push over.

Thus a country is vulnerable because it can not defend it’s self from the enemy without and the enemy within, it can not afford to and it’s this fact that brings empires down. So the game is to fake it, that is have “cardboard tanks” which make you enemy without think you are strongly defended you spend your money on the enemy within with “bread and circuses” and leave defences to rot because it won’t show untill tomorow and you live for today.

There is another trick which is to realise it’s not possible to defend aas the perimiter is to big and the exploitable weaknesses to many, so it’s a waste to spend on deffence as you will never cover it all. Instead spend not just on reinvestment but also on offense only and attack others before they become to strong.

Essentialy this is what the MIC is about you reinvest to make better weapons and eat up the defence budget, in the process you sell on your last generation developments to other nations to ensure their is always sufficient threat to look credible and thus keep the tax dollars rolling in. If there is not a credibal threat you invent one. As long as there is sufficient inertia and cost in the system then it remains a viable business.

But what happens when their is a game changer? What if the cost of offence becomes close to or in effect zero?

This is the worlds of terrorism and cyber-warefare, you can not spend sufficient money to buy defense against them the DHS has proved that, and it’s costs have crippled the US economy to the point it won’t recover in our life times if ever.

In this “brave new world” you have three choices, firstly put up with the attacks, secondly strike first and thirdly work out a way to stop people wanting to attack you in the first place.

In Europe we learnt that the first option was the least costly, the occasional terrorist attack actually had little direct economic impact, certainly less than disease and accidents and even lightning strikes. The secondary economic impact was higher and it was seen that the second option was not viable so eventualy the third option was used. It’s still a rocky road, for instance N.I. has had a couple of bombs directed at security forces just the other day but the attitude of the citizans has changed they’ve made it clear they don’t want terrorism they want to travel the road of peaceful economic growth and they will remove the rocks from that road one way or another.

However there is a problem, there will always be those who see a short cut to success through not following societal rules, in the physical world they are limited by the resources available to them and distance, which usually equates to cost as the limiting factor.

However in the non physical cyber world resources are there for the taking at near zero cost and distance has a near zero cost metric. Thus cyber-weapons are cheap and defence to costly to contemplate which is why the “defence by ofense” “strike first” doctorin is being persued with such determination by various organisations. Also it accounts for the “enemy within” monitoring to find those who potentialy will be a threat long before they are and cut them down in one way or another.

The disapearance of MAS flight 370 may not have much of a direct economic impact but the potential secondary effect could be quite devistating as it could act as a catalyst for change in China, which might be peaceful or it might not. Either way it’s lifted a veil on “Defence by Pretence” that many in power did not want known, because it leads to questions that can not be truthful answered.

After all how long before citizens in the US start asking “why are we spending on the NRO etc when they can’t find a hugh slow pasenger aircraft?” Or similar questions which rips away the omnipresent omnipotent illusion by which political power is maintained…

Clive Robinson • March 17, 2014 6:21 PM

@ Skeptical,

The original idea that the message was by neither pilot came up when the Malaysian authorities started talking about the plane being diverted and questions arose over “hijacking”.

For the authorities to correctly identify it as the co-pilot they must have a recording from some where which they have played to someone who knows the co-pilots “work voice” very well, because if you’ve ever listened to the pilots voices when they us HF it sounds like they are using throat mics.

I am still hoping to see the cargo manifest, because if a fire started in certain parts of the aircraft aand burnt through or fused some cables then you would lose some of the equipment at different times. And smoke “over coming” passengers would account for lack of mobile phone use. Likewise the turn to the west could be an attempt to head for another close airport. And if the pilots had adjusted the auto pilot befor becoming overwhelmed them selves then it is quite possible for the aircraft to carry on flying till it ran out of fuel.

However the reporting of the aircraft rising above it’s maximum safe operating hight and then odd steping down in hight sounds more like someone was still in control. And the last clear message tends to sujest there was neither alarm or panic. However some people are questioning even this information all of which makes the incident odd at best.

Clive Robinson • March 18, 2014 6:07 AM

@ Buck,

You’re so close to connecting these two dots

Yes and no…

Firstly you need to consider that just under three quaters of air accidents are atributed to problems with the plane or the ubiquitous “pilot error” [1]. So it’s more probable this is the cause than any other. However the main problem is reconciling some form of failure with the known facts, otherwise you have to go for the Sherlock Homes argument of “after you have eliminated…

So you have to consider many posabilities, we know that basicaly a commercial jet can be brought down by,

1, A failure of the plane and/or the crew.
2, Hostile activities of those on the plane.
3, Or an external influance on the plane.

We know aircraft have been downed by the aivionics giving the pilots information that is misleading at best [1]. One occurance was due to a cleaning procedure that involved blocking up an air preasure sensor tube to stop the cleaning process causing problems. Nobody considered what would happen if the cleaners forgot to fully remove what they had used to block the tube…

We also know that commercial pilots are not as well trained as military pilots in things like recognising the effects of oxygen starvation due to slow cabin preasure leak or other causes. But whilst this might account for why the passengers did not try and contact people by phone it does not account for the turning off of various asspects of radio serveces like ADS-B and ACARS but not others. Whilst this may look like the actions of a person it need not be, it’s known that fire in the nose section where some of the avionics systems are located can produce this result. Fire has in the past been caused by electrical sources, cargo (oxygen generators) and even the tyre on the nose wheel.

Fire can also produce fumes and smoke that could cause the overwhelming of pasengers and crew, but it would usually cause some kind of alarm or panic in them first. This does not sit well with the last message clearly received from the aircraft which as reported sounded routien, untroubled and calm.

Then there was the change of course, this could easily have been an experianced pilot on recognising a major emergancy seting the plane on a course to the most suitable landing place by the auto pilot to free up them and the copilot to take other action. However you would expect them to also make a mayday call to the control network stating the emergancy and their intentions.

But there have been reports of other course changes with time including the loss of hight, this suggests there was somebody still in control of the aircraft.

Whilst not impossible it does appear unlikely and thus options 2&3 appear more likely. Much of this appears to “track back” to “off record” comments made in the US. Specificaly the suggestion it was a new form of sophisticated piracy done by the use of cyber-warfare like an enhanced version of “planesploit”. However to hold water the argument needs to supply a reason for the piracy which has not been realisticaly presented. Whilst it is known that China does ship in very valuable cargoes by air this is not of necesity proof of piracy. It has also been sugested that a high level political briefing sugested the plane was carrying WMD materials and that the US tried to capture or down the aircraft…

All of which might be reconciled with further information such as the engine logs Rolls Royce has and the cargo manifest.

So untill further credible evidence turns up –and it may never– I’m going with the likes of fire causing failure of systems and crew with the autopilot flying the aircraft untill it ran out of fuel. I’m not ruling out piracy or hacking just going with the historical probabilities.

[1] Pilot error can historicaly decoded as meaning : As the pilot’s dead and can not defend themself we’ll blaim them because we don’t want to admit we don’t know the real reason or don’t want to or can’t find the real cause for various reasons… One thing that has become more noticable with “zero hours” training is “information overload”. Basicaly the modern flight systems are so complex and designed in particular ways that whilst they make a pilots life easier in normal conditions they cause confussion in abnormal situations.

[2] One article going on about “Planesploit” and other remote hacking attacks is http://www.huffingtonpost.co.uk/2014/03/17/malaysia-mh370-hacked_n_4977688.htm as I said in my original post I did not want to start a conspiracy theory about people attacking the airplane systems via satalite etc systems.

Clive Robinson • March 18, 2014 9:00 AM

@ Skeptical,

With regards the voice over the radio it might be recognisable to some but not to others who know the person well. For instance most people talk considerably differently when on the phone to a friend or family member than they would their boss or potential business client. Likewise I talk very differently on long haul HF and SatComms than I do over NBFM comms especialy if the mode is ISB/SSB/AM or other analogue modes or I’m using a thoat/whisper mic. Not just what I say but how I pronounce words th emeter, pitch and intonation. It can be just as bad when using digital voice systems using low rate / bandwidth CoDecs.

As for the reports of flying above fourty thousand feet these –supposadly– came from direct radar systems reletative to the previous thirty thousand foot readings as did further reports of course changes and height.

However Rolls Royce do offere extensive monitoring of performance quite capable of detecting very small changes in performance so that fuel consumption / efficiency can be optomised. Thus I would expect them to cross reffrence the engine performance with itms previous performance known weather data and the performance of other Trent engines they monitor in the area.

The problem I have with Mad Pilot / suicide terrorist is the lack of ground target, these sorts of people usually want their deth to make a statment of some form, which is currently absent. Whilst “suicide pilot” can not be ruled out ususally a motive can be found which so far has not come to public light.

The supposed upset over politics currently going on in Malaysia is a non starter and more likely a politico puting spin on it for their own political advantage than reality, because of the lack of “statment” of some form.

As for the home built flight simulator, this is not an unknown hobby, some people actually spend large sums of money actually buying genuine levers, buttons, pannels, chairs etc. There’s several magazines dedicated to the subject just like there are for model railway enthusiats. Some reports indicated he had a proffessional interest in simulator training and inspection, however the details are not altogether clear. It’s also quite common for pilots to use simulators to get the feel of routes and aproaches before or even if they might do such a route for real, I suspect much will be mase of it but little relevance in reality, we’ll just have to wait and see what real evidence if any comes out.

Yes there is a problem with the transponder information as reported in the press it leaves people with the impression it’s a single box in the cockpit with an on/off switch, which is very far from the reality. Basicaly it’s more like a LAN with a couple of gateways to one or more WANs with extensive EOW and Keep Alive systems. More importantly the likes of ACARS uses multiple frequencies in the VHF band (around 130MHz) and SatComs via Inmarsat and it automaticaly switches btween the two. As such bits are distributed all over the airframe and the likes of a fire could take various bits off line in an order that might indicate where it started and how far it spread etc. Without extensive, accurate and highly detailed information known only to the likes of Boeing, MAS , SITA and Inmarsat it’s only possible to make generalised assumptions.

What you can be sure of is whilst the press and politicos are having their “bun fight” in public the legal teams and PR teams of all the companies involved are hunkered down inprivate in litigation protection mode. And this will almost certainly result in people sitting on documentation and other information and only releasing that which they are obliged to do to assist the air accident investigation board in Malasyia, who in turn will be spied upon by other vested national interests (China, UK and US to name but three).

Another thing we can reasonably be certain of is that the engineering teams of these companies are going to have significant thoughts about “planesploit” and the posabilities Ed Snowdens revelations have opened up. You can already see journalists picking up on this and various independent industry people are “fluffing answersn” in ways that are going to make some journalists “smell blood in the water”. And I know from experiance what happens when people start digging. All of the coms systems and the systems that sit on top of them have not been designed for security, partly because the base designs are over thirty years old, partly because security of this sort has never been realy considered let alone specified and paid for, but mainly because they have been designed for reliability which in engineers minds means lots of test hookups etc and as I keep saying test harnesses get in deep because they are designed to do so and thus give access and thus exploitability at all levels.

The only question in my mind is when –not if– Bruce is going to get asked for his views either by journalists or at a conference pannel.

One thing that will come up at some point soon is “Mad Pilot -v- Cockpit Doors” and other War On Terror thingd such as “Passenger screening” and other “Security Theater” subjects. Which is why I gave the “heads up” originaly.