Friday Squid Blogging: Squid Ring
It’s a nice design, even if you aren’t a squid person.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
It’s a nice design, even if you aren’t a squid person.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Buck • March 14, 2014 4:21 PM
I must have missed this one last Friday, but I think it raises a pretty important point…
Global military spending is now an integral part of capitalism (March 7, 2014)
After all, there is no inherent reason why geo-economic competition should lead to defence spending consuming trillions of dollars of value each year. Part of the answer has to be located in the way that high levels of military spending became such an entrenched part of the global landscape in the aftermath of two world wars.
Hypothetically speaking, let’s imagine a tomorrow where all the world’s citizens have unanimously decided to lay down their arms… They have realized that for the greater benefit to themselves and their children, it is well past time to reject the warmongering ways of a few of their leaders, and instead have agreed to come together and work towards establishing a stable & sustainable future!
Even if this actually happened, how could global communities go about dismantling military institutions without putting so many good men an women out of a job and onto the streets to languish in despair?
Eisenhower’s imperative warning to “guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex” has been largely ignored for so long, I’m starting to fear that it may be too late…
Someone please tell me there’s some way we can restore individual freedoms and defeat capitalistic dreams of highly profitable world-wide wars, without us first having to witness the deaths of millions (or more)! Pretty please..?
Benni • March 14, 2014 4:36 PM
On 14.10.2013, the us troops in germany published that they would start flights of MQ-B5 hunter drones in the german aerospace. They also said that they plan to fly RQ7-Shadow and RQ11-Raven drones over german ground: http://goo.gl/cfIwnz Of course, they said that all these flights are just ment as “excersises”. It is therefore pure accident that now one of these drones got hacked and landed by the russians when they caught it spying over the Crimea http://goo.gl/VNOpK1 where russia currently deploys large quantities of troops. Of course nsa does not do any surveillance with these drones flying over german ground. Neither did NSA collect us phone data, said James Clapper to the Congress http://goo.gl/Rb2aQJ. They are not spying, and never had any intend to do so…
Well it always nice to know that the nsa spooks are flying over your head. I wonder when they will shoot the first “terrorism suspect” by a remotely controlled drone in germany.
Benni • March 14, 2014 4:48 PM
It is also interesting that the russians have the technology to own and hack the drones when they spot one. Would be an interesting hacking contest.
Who can own the highest number of opositely controlled military drones in a given time?
This technique to hack these things certainly is what the usual taliban would pay anything for
Knott Whittingley • March 14, 2014 4:56 PM
I thought it was an interesting coincidence that as soon as Lindsey Graham said that if Feinstein’s claims are true, “heads should roll” and people at CIA should lose their jobs, he was outed as gay by a fellow Republican who happens to be a former law enforcement officer.
Probably a coincidence, but it’s the kind of thing I have to wonder about. Presumably people in the intelligence community know he’s gay, if he is, and can do a parallel construction and an anonymous tip telling his enemies how to find damning evidence.
All other things being equal, I’m not necessarily against outing staunchly hypocritical anti-gay closeted gay politicans.
But massive surveillance and poor oversight makes it easy for people in the intelligence community to target their enemies for selective revelations causing scandals, prosecution, etc.
Given our ridiculous campaign financing system, most politicians of both parties are inevitably at least somewhat corrupt—that’s provable statistically even if you can’t prove which ones, by design—and they more or less have to play the game and try not to get caught.
But that means that anybody with vast surveillance powers can influence most politicians with an huge array of carrots and sticks.
I dunno if Graham is gay, and I don’t know if there’s any connection between his recent “outing” and his recent public statements about CIA. Likely not, because there’ve been rumors about it for years, and he’s up against a cartel of Tea Party dingbats.
But if CIA wants him out of office, I’m guessing he’s out, and most of the parties involved will never even know that CIA had anything to do with it.
Benni • March 14, 2014 5:08 PM
Seems that the first article on the drones over germany does not work anymore. Well a version where only that hunter drone is mentioned and where the plans with the two additional models are omitted, is here http://m.welt.de/article.do?id=politik/deutschland/article120816155/Hunter-Drohnen-der-USA-fliegen-in-der-Oberpfalz
Anura • March 14, 2014 5:38 PM
If you eliminate an industry that doesn’t make consumer goods, then you can simply take the money that would have been spent on that industry and just give it to the workers directly for a set timeframe. The consumption would remain the same, and the workers would not find hardship as they transistion to other industries. As that transition occurs, you implement policies to reduce inequality, allowing production of consumption to rise so the transition can continue.
If you are producing stuff for the sake of jobs, not for the sake of the products being a benefit to society, then you are economying wrong. I would rather see them sitting around, then spending a lot of time doing useless work. I figure bored people have more time to come up with innovative ideas than busy people do.
I question the idea that we can keep everyone employed as we grow more efficient in the first place, in the long term, maybe even within the next 30-50 years. If we have to keep growing the economy with productivity to keep people employed, then at some point our ability to consume will become limited by our time and desire, the environmental cost to manufacture goods will be too hgih, or as AI advances the knowledge and creativity required for remaining positions will exceed the ability of the average human. In this case, just paying people a basic income whether they work or not is probably the only real solution.
Benni • March 14, 2014 6:26 PM
the first link where all these drones over germany are mentioned got overloaded apparently. Well here is the version from the internet archive:
Buck • March 14, 2014 6:51 PM
Thanks for the thoughtful response! I certainly recall the discussion regarding ‘Unconditional basic income’ from https://www.schneier.com/blog/archives/2013/12/friday_squid_bl_406.html
But there still seems to be a bigger problem standing in the way of this solution.
While anyone may ‘figure’ that bored people have more time to come up with innovative ideas than busy people do… The reality of our limited energy/food/water resources for the entirety of an ever increasing global population, means that this postulation is probably only acceptable for the already privileged.
We couldn’t just ‘hope’ that the unemployed would simply figure it out… There would have to be a real plan for converting war machines into systems meant for sustainable agriculture and water purification techniques! (Or maybe take a page out if China’s playbook, and start seriously reducing reproduction rates)-:
Anura • March 14, 2014 7:15 PM
I do think that we could curb military spending itself without significant pitfalls, but we need to plan better for the future regardless. If the US doesn’t change its ways of interfering with other countries internal affairs based entirely on what’s in our own best interest, it’s going to come back to bite us. If we don’t have a plan to allow countries to develop without significant increases in pollution, it’s also going to bite us (well, it will continue to bite us, and bite us harder).
Curbing reproduction is probably a really good idea for the future. As it stands, we are good in terms of food. We also have solutions to increase food production, like vertical farming. I think Reproduction rates in most Western countries are sustainable until we all take off in space ships, but worldwide the best solution is actually education.
I’m a big supporter of the idea that the best way to make the world safer, to make the militaries defunct, to improve education (thus reducing birth rates), to reduce poverty and suffering, and to allow industrialization without the massive pollution, is through direct economic assistance. This is not just a matter of a few billion in loans, this is a long term effort, in which we provide direct subsisdies for things like clean energy, schools, infrastructure development to allow for stronger growth, subsidies for employee and community owned businesses that allow movement of money without exploitation of the workers, assistance with planning, and even direct subsidies for basic income within those countries, to allow them to get above poverty rates (introduced gradually so that their ability to buy foreign goods matches their ability to consume them, otherwise you have massive inflation).
The best way to innovate is to have more people to innovate, the best way to do that is to not just rely on ourselves, but increase the number of developed nations and educated people worldwide. If we change our image from a country that helps others, instead of a country that exploits others, it also means we grow more allies, and as we succeed in improving quality of life, we gain more countries that are willing to accept our help, and reduce the need for a strong military in the first place (although we don’t even need what we have today).
franc • March 14, 2014 7:25 PM
Just a question I’ve been meaning to ask for ages. What is the general opinion of the LastPass browser plugin? It is incredibly useful, but is it safe? It’s mentioned here a few times, but I was wondering if opinions have changed in light of the NSA pantysniffers tampering with products.
Douglas Knight • March 14, 2014 10:18 PM
Knott Whittingley, it was hardly secret that Graham was gay. It has been on his wikipedia talk page since 2006. In 2010 he denied the rumors in the New York Time. Sure, intelligence agencies might be more certain, but journalists in SC are pretty sure already. In fact, the primary challenger refuses to say that Graham is gay, only that everyone thinks he is gay! Does that sound like someone who has been slipped evidence?
Buck • March 14, 2014 10:18 PM
That’s a little more like the kind of thinking I was thinking about! Sorry if I sorta had to tease it out of you 😉
This is not just a matter of a few billion in loans, this is a long term effort, in which we provide direct subsisdies for things like clean energy, schools, infrastructure development to allow for stronger growth, subsidies for employee and community owned businesses that allow movement of money without exploitation of the workers, assistance with planning, and even direct subsidies for basic income within those countries, to allow them to get above poverty rates (introduced gradually so that their ability to buy foreign goods matches their ability to consume them, otherwise you have massive inflation).
I most wholeheartedly agree! Look no further than Roosevelt’s ‘New Deal’ for an example of what mass investment in important infrastructure can really accomplish. While arguably this infrastructure may have paved the way so-to-speak, for the largest scale production of killing machines the world has ever seen… It was clearly a success for job creation, an overall boom to the (global?) economy, and we still now enjoy the benefits of the national highway system! Not to even mention everything we take for granted that never could have been created without that infrastructure…
Really makes me wonder why we’re such loyal servants to the mighty ISPs… Forget about backdoors by default though… Any secure national communication network would have to actually be designed with total security in mind! 😉
Knott Whittingley • March 15, 2014 7:47 AM
Sure, as I acknowledged already, the rumors have been around. And I’m not saying I actually think the CIA is actually behind this interestingly-timed recurrence.
My main point is that if there’s a powerful surveillance system that’s not thoroughly compartmentalized and stringently overseen, you just can’t know if such things are just coincidences, and it’s reasonable to guess that sometimes they’re not.
For example, suppose somebody wanted to take Graham out, politically. The best way to do that would be to stir up just enough shit to get the job done—to make him barely lose an election, or even better, to throw a good scare into him, and leave him in place but compliant. (It’s not like CIA wants Tea Party loons running the show anyhow.)
Still better is to do this by letting Graham know that such things are plausible, and guess that they’re just likely enough that he’s inhibited. Best of all is if he thinks he’s probably not, but is just worried enough about it that it does the job, and he knows that if he even talks about it in public, he’ll sound paranoid.
The general strategy there is to create a chilling fog of fear that shapes public debate in undetectable ways.
If spies are good at their jobs, that’s what they’ll usually do. If they’re great at their jobs, that’s what they won’t even need to actually do very often. Just the knowledge that they can do it, and could be doing it, is profoundly chilling, and can be enough to keep anti-CIA momentum from building.
Everyone in Washington who isn’t stupid knows that it’s a distinct possibility, and that there’s no way of knowing whether it’s happening to them, or will happen if they say something.
If I was in Congress, I’d be watching what I said to anybody, even in person, anywhere. They could be monitoring me, or anybody I talk to, via malware in their iphone or blackberry. The definite potential for surveillance is ubiquitous now, because the very act of avoiding surveillance is itself likely to be attention-drawing.
(If anybody at NSA is looking, they’ll know if you and your conversational partner take the batteries out of your phones, and even talking about whether to do that might be overheard before you actually do it. That inhibits even talking about whether to even talk about the subject. You wouldn’t want to even suggest creating a private space for a private conversation.)
I would be surprised if anybody in Congress isn’t in the Corporate Store. It would be very surprising if they weren’t, given that congresscritters are regularly in contact with a variety of people in contact with people it’s plausible to be suspicious of—political radicals, lobbyists for foreigners, etc.
Two-hop contact chaining is enough to ensure that nobody in Congress escapes surveillance, and can have various data about them collected, richly indexed, and queried at will, without a warrant, even if NSA follows the rules they’ve revealed.
And now they all know it, if they’re not stupid. If there wasn’t a serious chilling effect before, you can be sure there’s one now. I can feel it from here.
NoBitLy • March 15, 2014 8:03 AM
@Benni: “one of these drones got hacked and landed by the russians when they caught it spying over the Crimea http://goo.gl/VNOpK1”
This link is http://www.spiegel.de/politik/ausland/ukraine-us-drohne-angeblich-ueber-der-krim-abgefangen-a-958757.html
Please stop posting url shorteners because they expire.
Douglas Knight • March 15, 2014 8:08 AM
Knott Whittingley, you have a choice in which example you use. Surely Eliot Spitzer is a better one.
Knott Whittingley • March 15, 2014 8:20 AM
Sure, intelligence agencies might be more certain, but journalists in SC are pretty sure already. In fact, the primary challenger refuses to say that Graham is gay, only that everyone thinks he is gay! Does that sound like someone who has been slipped evidence?
No, but it is indistinguishable from somebody being tipped off that it’s worth saying it again, very publicly, right now.
For example, somebody may have told the Tea Party loon that there’s damning evidence that the rumor is true, which they will be provided with if they need it. (E.g., shortly before the election, if and only if looks like Graham is going to win.) Smart spies wouldn’t actually give that kook the evidence if they don’t actually need to—they’d keep it in their back pocket.
And they might behave exactly the same way if Graham wasn’t actually gay. (E.g., if his lack of clearly heterosexual public behavior was because he’s in a long-term relationship with a married woman, or he was basically asexual, or sex-phobic for some reason, or some enthusiastically heterosexual kind of sexual deviate.)
The main trick is to reveal your hand as little as possible while getting the job done, by nudging things here and there and minimizing the chance of blowback.
The best case is not actually having to do anything at all. The knowledge that you have the power is usually enough of a deterrent that you don’t have to exercise it.
Congress and the intelligence community have something like mutual assured destruction, with both sides not knowing who’d win if their cold war broke out into the open, as it may be starting to do now.
Knott Whittingley • March 15, 2014 8:31 AM
Knott Whittingley, you have a choice in which example you use. Surely Eliot Spitzer is a better one.
In some ways, yes, and I thought of bringing him up too but forgot about it.
jacob • March 15, 2014 8:50 AM
Looking at the QUANTUMTHEORY exploit slide at https://firstlook.org/theintercept/document/2014/03/12/nsa-gchqs-quantumtheory-hacking-tactics/ ,
and taking for granted that the NSA colludes with various CA to subvert X.509 certificates so they can use QUANTUMTHEORY on https sites too, I think that it is time (long overdue) to lean on the browser makers to allow self-signed certs without the resulting dire warnings they put up now.
They can paint the URL bar with another color to show it’s self-signed, and pop-up a message saying “the comm is encrypted, but to ascertain that you are connected to the intended site please validate this fingerprint xxx with a third party. If you wish to permanently enable site trust carrying that fingerprint, check this box. To continue to the site, click here. To get out, click here”.
In addition, they can activate the above proposal in the Adv Setup Form of the browser, so people who don’t know what a cert is will continue to get the (default) normal warnings.
OT7.c • March 15, 2014 2:38 PM
I’m working on a one-time pad encryption command line tool.
Perhaps the design might be of interest to others working on similar tools.
The header encrypts the key file ID and file offset using the Skein1024 hash function.
Features a dictionary-based key management system.
Here’s a rough cut that partly works: http://bittext.ch/raw/?ID=B_MX3QJUeD
Updates will be posted to the same address.
Jacob • March 15, 2014 3:56 PM
Have you developed this tool out of purely academic curiousity or as a practical tool? If the latter, why not use standard AES encryption and save on transmitting double the message length?
Also, in case you foresee using this out in the field, if there are no complelling usage benefits, I seriously doubt that anyone would analyze the code and vouch for its crypto robustness.
Skeptical • March 15, 2014 6:03 PM
@Knott: If you want to know what it looks like when intelligence services start aggressively shaping the information environment, take a glance at Crimea. They’ve removed Ukrainian channels from Crimean broadcast centers, cut internet access, provided access to Russian state programming, intimidated political opposition, and manufactured all kinds of fantastic rumors of Western-sponsored fascists.
Resorting to “CIA manipulation” explanations in the case of Graham is deficient from an analytic vantage in that it requires you to assume a host of very questionable propositions with little evidence. Here for example, we would need to assume that the CIA (a) has an institutional strategy for using blackmail and extortion to shape US politics, (b) maintains surveillance on US politicians for this purpose, and (c) many US politicians know about this, but are afraid to say or do anything.
By contrast, the alternative explanation, “incumbent US Senator faces rumors placed by political opposition in re-election campaign” requires no questionable assumptions at all. Such rumors are a long-standing feature of politics, and are commonly sown by political campaigns or their assorted allies.
In the same vein generally, this highlights the problem I have with theories in general about the Intelligence Community collecting or using blackmail/extortion material on a wide range of US politicians. It requires us to assume a large number of institutional facts that simply seem very dubious to me in light of the lack of any direct evidence for such facts.
They apparently had issues keeping a controversial selection between two program proposals confidential. They couldn’t keep the Presidential Surveillance Program confidential. They couldn’t keep the “enhanced interrogation program” confidential. They couldn’t keep cyber operations against Iran confidential. But we’re supposed to believe that a program which would require lots and lots of surveillance on US politicians to gather blackmail material would somehow escape leaking or official reporting? Congress and the DOJ would eat them for breakfast, lunch, dinner and dessert, and then spend a decade gnawing on the leftovers. And most of the IC would furiously help with the carving.
ioguy • March 15, 2014 7:37 PM
Hey Bruce, isn’t the missing Malaysian plane turning into a giant movie-plot threat generating machine – funny!
Buck • March 15, 2014 8:43 PM
Sorry that your question may have been temporarily overlooked there, but it is a very valid one!
Just a question I’ve been meaning to ask for ages. What is the general opinion of the LastPass browser plugin? It is incredibly useful, but is it safe? It’s mentioned here a few times, but I was wondering if opinions have changed in light of the NSA pantysniffers tampering with products.
If you’re using a browser that you haven’t personally programmed (or at the very least, painstakingly hardened)… odds are, you’re probably already pwned! :-\
What this means is, all passwords you have stored in your browser extension have likely also been compromised. Whereas if you chose to use good ol’ pen & paper, an attacker would only be able to recover passwords as you use them post-infection. (So this may not make a bit of difference if you’re dealing with a persistent presence that remains undetected for as long as it takes you to login to all your accounts 😉
While it’s just as difficult to find a secure physical safe as it is to procure a truly secure PC, it is far easier to place paper records in tamper-evident envelopes than to do the same with any digital analog that I am aware of!
MINITRU • March 15, 2014 10:55 PM
Because as we know, blackmail material never ever makes it into official reporting at very conveeen-ient junctures,
And if CIA ever dared to try it, Congress and the DOJ would of course eat them for breakfast, lunch, dinner and dessert. Right. Right before they die of anthrax from illegal biological weapons under the secure control of the US government,
which patriotic morons would also manage not to notice because there must be a simpler explanation, like my government would never commit a blindingly obvious blatant crime.
Zakharias • March 16, 2014 8:35 AM
The scale of surveillance raises in me the suspicion, wether it is really done using single vulnerabilities, leaks, exploits.
Could it be that surveillance interfaces are built into products? Were all those side-installed google-toolbars, ask-toolbars, safebrowsing-modules checked by security experts? Why does Windows Update offer me Remote Tools 2.0 to be installed?
Even more interesting is that some toolbars that were years ago classified as malware are now on the whitelist of antiviruses and force-installed by them.
Also baffling is that NEBULA
is marked 01/27/09
but wikipedia cites “The world’s first publicly available LTE service was launched by TeliaSonera in Stockholm and Oslo on December 14, 2009.”
So the NSA had a surveillance solution under development almost a year before its first public use!
Lawrence King Jr. • March 16, 2014 9:47 AM
See! It’s like he said! Occam’s razor proves that I’m just an embezzler and not a chomo blackmailer working for the government!
00000000 • March 16, 2014 10:42 AM
Claims to be using mass spying to prevent terrorism … can’t find an airliner that was hijacked 7 days ago.
Benni • March 16, 2014 12:35 PM
new lectures on additional “QUANTUM processes”:
name.withheld.for.obvious.reasons • March 17, 2014 4:21 AM
@ Wael, Buck
For the Metadata = Surveillance code challenge, thanks,
appreciate all the help with the sample code. I put that in the build tree for code review, had no plans having it “work”–but the feedback was really cool.
@ Nick P
I mis-spoke/mis-stated the book reference I made about a month ago, the Chomsky book is “American Power and the New Mandarians”–it describes U.S. largess and arrogance relative to imperialism (moreover the global type) prior to WWII. The greatest generation, wasn’t–if they’d understood what their government was doing internationally–maybe Pearl Harbor and the Pacific War would not have been. Yes, highly speculative, but I’d argue that indifference is the fuel for miscreants and no-gooders. Escalating tensions with Japan with blockades and embargoes lacked any meaningful response from the general U.S. public thus allowing U.S. foreign policy to wander freely without contest.
TIM • March 17, 2014 6:45 AM
What is a more secure alternativ browser to firefox with noscript, without flash and ad-blocking?
I mean this seriously, because I tried a lot of browsers and I am still not satisfied.
If you would say NCSA Mosaic is the best browser, because it supports no actual exploit, then this answer would also be fine for me.
vas pup • March 17, 2014 9:27 AM
@ Skeptical: when somebody breaks the law, making Constitution just a paper, they open the door for others to follow the same pattern (copycat is very contagious). That is why new gov of ukraine came into power by putsch (like you that definition or not) not due process in accordance with its own constitution and impeachment procedure in particular, without referendum or other participation of majority of whole population, not just pro-western west part of that country. When you legitimize such new ‘gov’ by recognizing it unconditionally (that is our sob), you create precedent of NOT respecting law, due process, constitution (which are fundamentals of political system in the US, and same should be respected around the world as well). As result, you have all Crimea situation when force, not law ‘legitimize’ any changes.
@Anura: “If the US doesn’t change its ways of interfering with other countries internal affairs based entirely on what’s in our own best interest, it’s going to come back to bite us.” Good point! I just want to add that is applied to other countries thousand of miles out of the US borders, first. If you still want to be ‘world cop’, then at least be example of following Law and apply it uniformly regardless is it just ‘sob’ or ‘our sob’. All other Anura’s posting resonate with any person thinking with own heads.
@all related to Graham. Hypocrisy is the plague of any political system. It corrupts system from the top to the bottom. The problem (as I see) when you tell the truth, you have no chance for reelection, when you lie you do. Doublespeak is the the twin of hypocrisy. Former PM of Great Britain said ” I want to tell you what you need to know, not what you want to hear”. That is starting point.
name.withheld.for.obvious.reasons • March 17, 2014 11:18 AM
Predictably the whores (what’s the male word–don’t want to pick on people that work for a living) that are the MIC players start to show their hand…Lockheed Martin announces (at Information Week) its purchase of Industrial Defender, a commercial critical infrastructure security company. This is a direct result of the PPD 21/64 Internet security cabal bill that creates “tiered”–or what I would term gentrified–security model. Bruce’s feudal thesis moves one step closer to filling the moat of the corrupt overlord to keep the peasants sequestered/subsumed.
Nick P • March 17, 2014 12:09 PM
Emission Security (EMSEC): One Weakness to Pown Them All
One concern the TAO catalog should bring security community is the attacks using electromagnetic waves. The field concerning these is called EMission SECurity (EMSEC). NSA invested much into their defenses, code-named TEMPEST. TEMPEST products/services are a big industry. Too bad it’s mostly classified and unavailable to general public.
The good news is that TEMPEST is really just electromagnetic shielding. There’s plenty of information on that due to its use in commercial applications. The TEMPEST shielding guidelines primarily deal with signals leaking outward, signals coming inward, signals going into the ground, and signals across wires equipment connects to. There are resources available that give tips on these ranging from theory to practice. I’ve tried to collect links to some of these. Not being an electronic engineer, I can’t vouch for most of these although a few should definitely have good information.
The Complete, Unofficial TEMPEST Information Page
Note: I link this both as a tribute and as an info source. This page used to be the only source for info on the topic that hackers had. An update has links to some govt standards that other books or pages reference.
A nice free article on shielding
Grounding and Shielding: Circuits and Interference (Grounding & Shielding Techniques) by Ralph Morrison
Electromagnetic Compatibility Handbook by Kenneth Kaiser
Note: Above two were recommended by readers on book selling sites.
Army’s Engineering Design Handbook for Electromagnetic Compatibility 1977 (free)
Note: Found this accidentally. Haven’t reviewed it. Yet, table of contents looks like it might have plenty of useful stuff in it. Gotta love DTIC as I’ve gotten so many good reports from them. DTIC = tax payers getting ROI. 🙂
A Handbook for EMC Testing and Measurement 1994 Morgan (free)
The Technician’s EMI Handbook 2000 Joseph Carr
Site that’s always claimed to have good tools/resources
Wiley’s Electromagnetic Shielding 2008 Celozzi et al
Advanced Materials and Design for Electromagnetic Interference Shielding 2008 Tong
Outside of using EMSEC companies, the best use of this information is probably an open effort by academics and professionals. Bright, young college students learning about theory and practice of electrical engineering would be backbone of effort. Professionals with years of experience dealing with EMI or EMSEC issues could contribute on pro-bono or sponsored basis. The result would be a framework for amateurs with basic EE knowledge to build enclosures. A room or a rack-sized container would be a nice start as individual products would require more time/skill.
Any approach will need domain experts there for initial development both for their wisdom (i.e. rules of thumb) and spotting rookie mistakes. The majority of it, though, I think smart youth could pull off if the key knowledge and techniques are passed onto them effectively.
Nick P • March 17, 2014 2:03 PM
Dorian Nakamoto Denies Being Bitcoin Founder
Newsweek report was decent and his rebuttal comes off as genuine, too. What to make of it? One thing immediately jumped out at me. His response re Bitcoin to reporter was: “I am no longer involved in that and I cannot discuss it,” he says, dismissing all further queries with a swat of his left hand. “It’s been turned over to other people. They are in charge of it now. I no longer have any connection.” The new statement says he’s never heard of it at all. He also said the first statement to reporter was a misunderstanding due to bad English. Doesn’t look like that, though, as his reply indicates understanding of subject matter and steps he took in dealing with it.
One wild idea I have is that he might have created it, but not controlled it or lost it. He develops it as a contractor for a modest sum of money expecting little to come of it. He contributes to the project. The real owner/beneficiary makes the profit (eg has “his” bitcoins). Might be people he’s afraid to talk about or mess with for legal (NDA) or practical (organized crime) reasons. It could explain why he seems broke and “is no longer involved” despite: fitting the profile with his background; obsessive privacy; cypherpunk style distrust of govt; classified work on “defensive electronics and communications for the military” per L-3’s President; fact that Bitcoin creator and Dorian Nakamoto have have same punctuation quirks in their writings.
Other possibilities include loss or destruction. He might have invented Bitcoin, contributed it it, and mined a nice stash of Bitcoins. Later on, he lost them. Such a loss would mentally wear him out more as his life circumstances worsen. What about “destruction?” We know he’s an eccentric, paranoid, asshole type of person. We also know that the other main Bitcoin guy said the founder cut off all communications with them when a visit to CIA was mentioned. I could imagine, depending on personality & mental state, that a person like Dorian might destroy everything he had connecting himself to Bitcoin. Might be anger, covering his butt, a lack of faith in the future it provides for him, and so on.
I think the majority of the evidence, albeit circumstantial, points to Dorian being Bitcoin inventor. Denials are unsurprising as several members of Dorian’s family said he’d deny it even if he did it. I think, though, that hypotheses where he was Bitcoin founder but not beneficiary should be explored. Truth might range from the simple (lost coins) to scary (powerful people own his coins). I think, though, that my analysis makes it clear that being Bitcoin founder != guy who owns Bitcoin wealth or is “currently involved” in Bitcoin.
a number 1 to portland • March 17, 2014 2:50 PM
Years ago NCSA mosaic was ridiculed (by Ranum IIRC) for including code like this for the CONNECT method
sprintf(shellcmd, “%s %d”, addr, port);
where ” 220.127.116.11 ; rm -rf / # ” gives you a bad day.
I suggest confining your browser with Apparmor (or SELinux or something similar).
KnottWhittingley • March 17, 2014 6:05 PM
New story at The Intercept on national license plate tracking:
Among other things it says that the Washington Post was mostly right when it published its recent front-page article, and got it wrong when it said the project has been canceled.
DHS is apparently happy to let the private company Vigilant do it, and buy the information.
Apparently Vigilant has records of about two billion license plate detections, with 70 million more a month, and I’d guess that’s exponentially growing.
Just in case you thought ditching your cell phones would matter.
I’d really like to see a congressional Intelligence Committee member ask very specific questions of DHS, NSA, et al. about exactly what kinds of “business records” and other mass-surveillance data are being captured by any means, whether they call it “collection” or not, and which ones are queryable.
Credit card transactions? License plate readings? Traffic cams? Other CCTV? Library book checkouts? Political donations? Pings of McDonalds and Starbucks wifis? Miscellaneous items’ RFIDS passing by sensors in stores?
Whatever it all is, I hope there are mentions of it in Snowden docs, and it all comes out.
When are the Judiciary Commitees going to get serious, anyhow, given that the Intelligence Commitees are thoroughly compromised? (If only by rules about eliciting information known from classified briefings in open sessions, but I’d guess worse than that.)
Buck • March 18, 2014 12:49 AM
If proven true, this could possibly help us understand the (thus far) elusive/implausible explanations for expansive operations in non-terrorist surveillance realms (read: WoW, Xbox Kinect, etc.)
Revealed: the MoD’s secret cyberwarfare programme
Programmes ranging from studies into the role of online avatars to research drawing on psychological theories and the impact of live video-sharing are being funded by the MoD in partnership with arms companies, academics, marketing experts and thinktanks.
But it still may be more likely that the analyzers simply enjoy playing games on the clock…. 😛
on the clock • March 18, 2014 5:04 AM
by Sean Gallagher – Mar 17, 2014 7:07 pm UTC
Summary: For some South American users, Google’s free public Domain Name System servers were corrupted for less than a half hour.
name.withheld.for.obvious.reasons • March 18, 2014 5:31 AM
@ Bruce Schneier, et al
With your indulgence I would like to take the opportunity to make fellow Schneier readers familiar with some of Thomas Paine’s “wisdom”.
Thomas Paine was quite insightful when he recognized the cognizant “citizen” and the status of subjects to the crown. The concomitant nature respecting “liberty”, “commerce”, and “expression” as denoted by Paine in his writings must be considered as ground breaking and foundational. Paine’s clarity considers our “enterprise” as a subject area that includes “private” rights, governance, and justice and the aforementioned triad of individualism. It is hard to fathom the breadth and depth, including accessibility, of what Paine described in Common Sense. My understanding is that Paine’s thesis has been relatively ignored in the “artful” sciences (poly sci, social, econ, etc.).
First, let me quote Paine about the power of England it’s exercise of power–think of it as what the defenders of the NSA’s excesses seem not to understand:
Common sense tells us, that the power which hath the endeavored to subdue us, is of all others, the most improper to defend us. Conquest may be effected under the pretense of friendship; and ourselves, after a long and brave resistance, be at least cheated into slavery.
This next quote speaks to the context in which our governance impacts commerce (and in Paine’s view, liberty):
With the increase in commerce, England hath lost its spirit. The city of London, notwithstanding its numbers, submits to continued insults with the patience of a coward. The more men have to lose, the less willing are they to venture. The rich are in general, slaves to fear, and submit to courtly power with the trembling duplicity of a Spaniel
If any interest is expressed here, I’m willing to continue down this vein as I believe this is a direct, indirect, response to the security theatre (of Shakespearean tragedy) and can be instructive when considering the intersection of liberty, privacy, history, justice, law, and governance. I would limit postings to the Friday’s squid blog.
name.withheld.for.obvious.reasons • March 18, 2014 5:42 AM
On/Off topic, you decide…
An article on the Register , Firmware is the Universal Trojan appeared today…it’s a interesting read.
Clive Robinson • March 18, 2014 7:17 AM
Mark Shuttleworth has kind of stated what was obvious ten years ago, and even back then his proposed solution was known to have been a non starter for various reasons.
The problems with embeded systems are many and varied and no “one size fits all” solutions are possible.
The issue I bang on about most is the lack of upgradability of embedded systems. We know that methods, protocols and standards age faster than the life expectancy of many mbbeded systems (think smartmeters and medical implants being two close to most people). This is not going to change nor is it likely the number of bugs per line of production source code is going to change for the better either (due to to much demand and insufficient skill).
However what does change and in the upwards direction is the number of exploit vectors –both as general classes and as individual instances– per line of production source code. Likewise what also changes in the upwards direction is the number of lines of production source code.
One partial cure for this as I’ve indicated before is the use of very highlevel languages bordering on “scripting”, you get those with sufficient skill to produce the language and tools and you let those of lesser ability supply sufficient scripts to meet the demand.
Whilst it works for more general computing it hits problems with embeded systems. As a general rule embedded systems lie further down the computing stack then general purpose computers and they also have a great number of extra constraints that general computing platforms don’t.
In fact the problem is more insiduous, general computing has moved from the “CPU does all” model to a multi processing system where nearly all of the IO is done by embedded systems and in some cases (hard drives) by multiple embedded processors often in the same chip.
And such Systems On a Chip (SoC) have their own problems and that is “legal liability” and “market adavantage”. Basicaly what we call Patent Trolls and their equivalent try to establish an illegal or at best questionable market monopoly or strangle hold. Because there is no money to be made in a truly open market for SoC’s. Further SoC’s have an extreamly short market life time compared to the time for even simple litigation. Thus out of self defence SoC makers do not reveil the internals of their chips they provide various API’s that talk to code running on one or more processors on the SoC to stop reverse engineering being practicle and thus make litigation less likely.
These SoCs are now appearing in what Mark Shuttleworth considers to be embedded systems due to cost issues. If he thinks the SoC designers are going to come over all “open source” I hope he’s not going to hold his breath waiting.
Whilst the low hanging exploits are to be found in the closed source higher levels of these hybrid computing platforms I can guarentee there are “bugs aplenty” down in the SoC driver code and it can be exploited. If you hunt around on the net you will find individuals who are hacking this stuff, you will also find it fully exploited in flash memory devices where a quick code change quadruples the declaired capacity so multiplying the devices value by two to three times giving a nice quick profit.
When it comes to state level actors who’s going to bet that the teams in the NSA and GCHQ don’t know the Intel code signing keys for the IA32/IA64 CPU micro code, or for that matter the code signing keys –if even required– for the embedded CPU micro code or firmware in GPU’s and other IO devices?
TIM • March 18, 2014 7:33 AM
@ a number 1 to portland
Thank you for this information. Actually I like a combination of this Browser plus this local proxy that blocks anything and only lets the requests pass, that are allowed.
vas pup • March 18, 2014 9:42 AM
@Buck: Thank you for the link!
@KnottWhit…:”When are the Judiciary Commitees going to get serious, anyhow, given that the Intelligence Commitees are thoroughly compromised?” The answer is not soon if ever because they are compromised in the same way by secretly collecting information on each of their members personal/family/financial/etc. life, health you name it. That is not because they are all bad or corrupted, but because that information in the eyes of constituents make them non-electable. Disclose it equal political death for them, and is more dangerous than even physical – by their psychological nature.
You need long psychological detox after being in all those structures in DC. E. Hoover had such negative information on most of the oversight people who could remove him from the office. That let him remain in charge for many years regardless of administration – my educated guess. Our LEA/Intel Agency learn that lesson from him.
name.withheld.for.obvious.reasons • March 18, 2014 10:37 AM
Yes, your observations are accurate. I know, as an old-school engineer with R&D and design engineering as a background, I understand all too well what the issues are–fourteen years ago I published a paper “Trouble in Sleepy Hollow — A Risk Analysis of Cyber Threats” that is still relevant.
KnottWhittingley • March 18, 2014 1:48 PM
New Washington Post article with new Snowden revelations:
They’re not telling us what country it is, but NSA can capture all the phone audio content for an entire country and keep it for a month, so that they can go “back in time” to find earlier conversations, etc.
Way back when they reassured us that they only “touch” 1.6 percent of internet traffic, I did some back-of-the-envelope calculations that suggest that’s enough to capture everything everyone actually does on the internet—everything we type or do—plus a couple of hours of telephone-quality audio for every person on the planet. Once you eliminate Netflix and Youtube streams, redundant copies of web pages, easily eliminable redundancies in emails, etc., we are the 1.6 percent.
I would guess that with text-to-speech software they can store it all in free-text-searchable form forever, too—maybe not right now, but soon, because after all they need the whole haystack.
Nick P • March 18, 2014 2:50 PM
“I published a paper…”
Narrowing your identity to three names. Nice paper, though.
Scared • March 18, 2014 2:55 PM
US intelligence oversight group from 1975 says things are way worse now
Church Committee members and staff say modern NSA
snooping “dwarfs” what they examined.
Still…, they were fighting some pretty scary terrorists back then: Rev. Dr. Martin Luther King, Jr, Muhammad Ali, Jane Fonda, and Sen. Frank Church himself.
Figureitout • March 18, 2014 5:40 PM
Narrowing your identity to three names
–Well well well, look who’s creeping here now… :p Thanks for the EMSEC post, it’s irritating b/c my 1st computer is not going to EMSEC secure at all (at least under the shield[s]). I don’t just want defense too, I want active noise inbetween the layers; I’ll stop before I get carried away.
Anyway was at Fry’s today just looking around…recalled you like Parallax and spotted 1 (out of the entire store, just 1) microcontroller chip that looked pretty handy, almost like an entire computer in the chip. It was the Propeller P8X32A. Figure you already have your mind set on something different but remembered the chip name for you. Not much but it’s the thought I guess. Now if only you could spell my name right, ass. :p
name.withheld.for.obvious.reasons • March 18, 2014 6:28 PM
@ Nick P
Okay, for the uninitiated that’s fine…I’m more likely than most to have an IR target constantly painted on my 900nm reflective clothing. I live in a Faraday cage, and my laboratory is located in a Faraday cage within a Faraday cage–I even have EMF test vessels (smaller Faraday cages for instrument test) within the laboratory. Biggest problem is internal reflection–especially the philosophical type.
Nick P • March 18, 2014 6:57 PM
“Well well well, look who’s creeping here now”
I think his human need to be recognized for his work is undermining his desire to be anonymous. Entirely understandable. Or it’s misdirection. Or he doesn’t care if NSA ID’s him. I’m not sure yet.
“Thanks for the EMSEC post, it’s irritating b/c my 1st computer is not going to EMSEC secure at all (at least under the shield[s]).”
You’re welcome and I know. 😛
“recalled you like Parallax”
I think it was actually the Parallella board I mentioned. It was one for playing around with. Who could pass up those specs in a tiny $99 board? And crowdfunded through Kickstarter on top of that? The Propeller is interesting, though, because it’s the decendent of the BASIC Stamp.
Come to think of it, I might have mentioned that too. Parallax and Parallella sound similar enough that my broken memory might fail me. (Shrugs) Good news is that Parallella is done to the point that they already have a vid of a customer running DOOM on it.
“Figure you already have your mind set on something different ”
For the safe-by-design, embedded processors yes I do. The trick to getting something done is that it needs to have the potential to work, people need to be interested in it, and it needs talent/tools. This is why I avoided Forth as there’s too little of each out there. I’ve mentioned Java processors repeatedly because they support a safe, popular and well-tooled language. Well, a subset of it. That leaves choices such as which Java processor, what modifications, how to integrate IO/firmware, what security kernels/middleware to use on it, what if any info flow enforcement at app layer, and so on.
Some cutting-edge tech in this area has patents (eg jHISC) on it so I’m trying to avoid them. I’m also in parallel working on integrating tech for running legacy Windows applications, running legacy NIX applications, my radical designs ranging from mainframe to MPP style stuff, cross-jurisdiction secure organizations, and application layer stuff. You could say I’m stretching my mental resources too thin to accomplish anything but truth is my personal circumstances would have that effect anyway.
I said before that building any of these projects to a real measure of security costs $$$ and involves many specialists for support. So, I might as well keep brainstorming all the areas at once until something comes out of it or a wealthy donor sponsors a particular deliverable [forcing me to focus].
“Now if only you could spell my name right, ass. :p”
I’m pretty sure I am: toLower(Figureitout). The result is printed in the @ name field.
Nick P • March 18, 2014 7:02 PM
“Okay, for the uninitiated that’s fine…I’m more likely than most to have an IR target constantly painted on my 900nm reflective clothing. I live in a Faraday cage, and my laboratory is located in a Faraday cage within a Faraday cage–I even have EMF test vessels (smaller Faraday cages for instrument test) within the laboratory. Biggest problem is internal reflection–especially the philosophical type.”
Was that a response to my EMSEC post or the one showing you ID’d yourself to the govt? Looks like a mix. Anyway, I’m sure you’ve done plenty of interesting work and would make a nice collaborator on next-gen secure computing approaches. Far as references to your published works, I was just concerned about your safety as you made your opponents’ mission so much easier.
Figureitout • March 19, 2014 9:31 AM
Nick P RE: Human urges
–Yeah, I think it’s more people don’t want to be alone…People crack under pressure and no one is capable of perfect OPSEC by themselves and legal authority to break it. You won’t have any friends w/ good OPSEC 24/7.
Bah, got the name wrong, shoot. Google found a thread where parallax and your name popped up but no relation.
I don’t really like to program in Forth that much, at least original Forth, so I’d just redefine a lot of it to a syntax I like; and probably switch all the RPN b/c I think I would make an error w/ longer calculations. Still learning ASM (not easy of course) where that’s less an option, but I really need to so I can fill the holes in my understanding of computing. But at the same time, that’s where I find the security, there aren’t a lot of Forth programmers out there. Compared to how many people know Java? And how many times have we heard about security issues w/ the word “Java”? That’s what gets me w/ JOP and jHISC. Maybe w/ a RF shield and no internet. I know my Arduino uses Java for the serial monitor and it’s a lot easier to do projects using Java.
forcing me to focus
–Yeah, left to my devices I like to really enjoy my projects and quadruple check everything. It’d be nice not to think about the agents nearby intent on making my life a hell, but hey guess too much to ask. If this is a school project I’d be stressing like normal and working my usual 9am-9pm, sometimes 10:30pm; get 5 hours sleep and go again. But it’d get done.
Figureitout • March 19, 2014 9:46 AM
–Bah couple more things, I think we need to watch out w/ Kickstarter, there’s been some possible scams w/ specs too good to be true. But I like how the board comes w/ Ubuntu.
yesme • March 19, 2014 11:01 AM
The problem is that they get away with it.
I wonder how criminal you need to be when you want to work as a president of the USA or in the administration.
And that’s also a remarkable resemblance with Snowden today. It looks like everyone, except the messenger, gets away with it.
Why is Bush still a free man? The guy is a mass murderer. He did so much harm.
Nick P • March 19, 2014 11:18 AM
“Yeah, I think it’s more people don’t want to be alone…People crack under pressure and no one is capable of perfect OPSEC by themselves and legal authority to break it. You won’t have any friends w/ good OPSEC 24/7.”
Very well said.
“watch out with kickstarter”
We need to watch out with anything asking for money and having no product immediately ready. 😉 This project is already shipping. Might mean we can lower risk by using kickstarter products, but not actually funding them. Another aspect of Kickstarter that reduces risk is each person only gives a small amount of money. It reminds me of penny stocks, but with real success stories.
“And how many times have we heard about security issues w/ the word “Java”?”
Almost all were issues in runtime or libraries written in unsafe code. Removing both of those should greatly improve Java. The Java processors run bytecode at hardware level. All system software is type and memory safe unless it’s a trusted component that bypasses safety. A kernel, part of a driver, etc.
“I know my Arduino uses Java for the serial monitor and it’s a lot easier to do projects using Java.”
Exactly my point. That’s also why many embedded developers switched over to Java. They’re using a variant designed for their work. Many of same benefits, though.
“It’d be nice not to think about the agents nearby intent on making my life a hell, but hey guess too much to ask. If this is a school project I’d be stressing like normal and working my usual 9am-9pm, sometimes 10:30pm; get 5 hours sleep and go again. But it’d get done.”
Best to ignore it all and focus on your work. When it comes down to it, you will be destroyed if such an opponent chooses. If you worry, you stressed a lot before horrible stuff happens. If you don’t worry, you had fun and got stuff done before stuff happens. Best solution is to just shake it off. And if nothing truly horrible happens you’ll be glad you didn’t worry.
That said, a person operating in an untrustworthy environment should have certain procedures in place. Basic security physical and digital goes without saying. I’d assume everything was subverted and unreliable, then focus on recovery instead. Make backups onto write-once media (CD/DVD-R) of everything you create. Ensure you have a plan to restore your system quickly if it get’s too bad. Do a regular backup & restore test first. Then, do one where you toast your system first by deleting many critical files, verifying it crashes, and do the restore. Simulating the real thing will let you know it will work when the real thing happens.
My previous advice to you on a new hardware, eg netbook, still is your best option. I’ll amend that though. Your claim is that your stuff is under physical attack by unknowns. You’d probably like at least one thing to be kind of trustworthy. I recommend you get a Palm Pilot type computer that’s tiny, old, and has no wireless. You can put passwords, critical information, hashes of backups, etc on that by hand. Get a waterproof case for it so you can even shower with it. You never leave it out of your sight. That way, at least one device isn’t subverted (esp if you buy it in person). Combined with netbook strategy I gave you, this should help your situation a lot.
Note: I used to use a TI graphing calculator as my root of trust. Keeping a book and handwritten engineering notes, it had the benefit of deniability as well. Over time, as it was less justified, I changed my excuse to inquisitive types to “I paid over $100 for this sucker! If it has the tools & still works, why throw it away?” They tend to agree.
Note about note: Oh yeah, I also used to it for math, too. Many possible uses there. Waitress once smirked seeing it till I loaded “tip calculator.” She thought the shit was brilliant then.
Back to the point. Consider everything else subverted. And just stop worrying about it as it only f***s your mind up. Cool thing is if it’s NSA then they’ll let you get work done on machines if only to retain stealth collection on you. It’s how they do me & America in general. If malware is breaking machines, it’s probably not NSA. They’ve got better ways for dealing with state-side threats. 😉
name.withheld.for.obvious.reasons • March 19, 2014 1:32 PM
@ nICK p (that’s for Figureout)
In response to your first, last question, yes. Glad you liked the paper.
OPSec, there is little point–not that I’ve shed all my clothes and am walking the streets naked but–we, as a community (and I speak from a position of moral ambivalence), remain in the shadows whilst our compatriots exploit the deafing silence from the intelligensia, press, and civic leaders. The telecomunications reform act of 1996 did more to rise the socio-political temperature than anything that has happened since we learned those wearing brown shirts have a nice little “Made in the U.S.A.” label on the collar.
We didn’t get the CLIPPER chip, we got the CLIPPER ship…welcome aboard matey.
And, you’re correct–many interesting moments in my travels. And, am keen to make a statement from the prespective of a concerned scientist. I have challenged others to lead, my task is that of the canary in the computational coal mine so to speak.
Nick P • March 19, 2014 2:39 PM
I appreciate your response. I understand your position now.
“we got the CLIPPER ship”
Lol. Shakespeare said “what’s in a name?” figureitout says “you desecrated my name!!!”
Clive Robinson • March 19, 2014 3:08 PM
@ Name.Withheld…, Nick P,
Hmm that does not quite roll of the tounge correctly… I’m sure the last IP should be pronounced more like @
But then as the song has it “You say tomato and I say tomarto…”
Oh and please Figure-IT-out correctly some people like their nom de plume correctly used otherwise how do the rest of us know who it is?
Clive Robinson • March 19, 2014 3:10 PM
I don’t know if you guys have been over to the Cambridge Labs site recently but this might be worth a quick read,
Nick P • March 19, 2014 4:11 PM
MITRE on measuring BIOS’s
They link to tools, ways of stopping SMM-based attacks, and even use the Flicker technology I posted here with other papers.
@ Clive Robinson
I like that link. The reason I do is that it takes the very approach I recommended: using a dedicated, secure device for managing authentication details. It does more than my initial design specified, is smaller, and has proven performance. Good work at Cambridge as usual. 🙂
Nick P • March 19, 2014 4:14 PM
@ Clive Robinson
EDIT TO ADD: I spoke too soon. Comment #2 by Roger has some good criticisms. In the abstract, though, it’s a good idea and the specifics can be improved.
Figureitout • March 19, 2014 6:03 PM
Exactly my point
Nick P [AKA Dick P]
So I’m not saying throw it all out, it just makes me nervous.
–I do operate like pretty much everything is toast, and it really sucks; fairly recently the agents actually broke an old CRT monitor in my garage that I was going to take apart (they did some work for me w/ the cover) for the CRT. They’ve kicked my dog, waited for me in the parking lot at school (they didn’t hide at all), cut clothing in my house. They knocked over some of my sensors (but not all of them). They like to turn on the frickin bluetooth transceiver in my pc b/c they know I hate it. It’s been exhausting b/c I keep all of this from a lot of people and I’m not 100% sure how deep it gets but I purged pretty much my entire network and that caused me a lot of harm; I don’t know if they’re subverting my friends against me. I know where a few of them live, but I’m not sure how many total there are and I don’t want to risk my methods finding where some “lucky” ones live.
This is where I’m stuck, I can make more backups, but I know this computer sneaks in some file everytime I burn a disk. I’m just spreading and saving the infection, I want to know what it is. My school acct is infected and the agents have told my teachers at school so they look at me funny; then expect something from me. That makes it really awkward w/ all my teachers.
RE: Netbook/graphing calc.
–I use a TI calc too, it’s my last little vessel of sanity. It can do some nasty integrals in a snap. Back when I was a kid I always just used them for games and crap, never knew just how much you can do w/ a graph calc. I’ve left a few around in the hopes that they attack them too and try to see what they’re doing. I want a netbook or 2 after I get my setup. Any RF chip in the calc would run thru batteries and I would find it. I just have to use in mobile places. You should’ve spelled out “80085” for the waitress lol.
Shakespeare said “what’s in a name?”
–Identity. What if all posts, everyone’s name was “Anonymous”. That’d be freaky. So just spell my damn name right, it’s not that hard! We’ve (Clive & NWFOR) got 3 v 1 vote on that.
Nick P • March 19, 2014 9:49 PM
” I just feel like a monoculture isn’t always best”
It’s not. I’m opposed to it, if you recall. However, right now we have zero trustworthy platforms to build on. A monoculture of 1 trustworthy platform would be a good thing. Then, we build some more from there.
“And re-coding the libraries is no trivial task, there’s a lot of muck for the functionality.”
That is true. There’s short cuts to that which vary by language and platform. It remains a problem. It’s actually similar to why few OS projects get anywhere. There’s so much stuff the lone wolf has to code before it even begins to be functional. Most just give up & their projects die off. That’s why I keep using the word “sponsored.”
“Identity. What if all posts, everyone’s name was “Anonymous”. That’d be freaky. So just spell my damn name right, it’s not that hard! We’ve (Clive & NWFOR) got 3 v 1 vote on that.”
Three of you vs Me, Shakespeare, and Anonymous? You’d draw at best. 😛 Anyways, I figure I’ll be nice and spell it right.
Clive Robinson • March 20, 2014 1:27 AM
@ Nick P,
The Mitre link shows the problem with establishing trust, and from a brief read through it still might be vulnerable (think CPU microcode re-write or backdoor in TPM).
Ultimatly you have to “go to the rainbow” books to see how basic physical protection etc was considered way back and ask if that is even possible these days (to which I’d say probably not).
And that’s the problem one tiny chink in the protective armour and an adversary could slip in unnoticed. It’s why I started my thinking with “You start with a platgorm you assume is untrustworthy, how do you mitigate it?”
Whilst both are exponentialy expensive to implement there is a “sweet spot” crossover by using both methods which makes it economicaly the more acceptable aproach.
However it’s a “Red Queens Race” because we have in many respects hit the buffers on “One CPU systems” a long time ago and almost every where you look there is another “engine” sitting there with Flash memory just waiting to be exploited with an implant in some way.
It’s why I commented to you some time befor the Ed Snowden revelations when taking computers across boarders was being discussed on this blog that I said I did not think I could protect a computer against state level actors.
Clive Robinson • March 20, 2014 2:45 AM
@ Nick P, Figureitout,
ul>That is true. There’s short cuts to that which vary by language and platform. It remains a problem. It’s actually similar to why few OS projects get anywhere. There’s so much stuff the lone wolf has to code before it even begins to be functional. Most just give up & their projects die off. That’s why I keep using the word “sponsored.””
Even when “sponsored” in some way they often fail to make it. One such reason is the sponsor puts on restrictions, as an example Minix  was in part as a result of teaching an OS course in a Dutch University but also in part by a book deal. The publisher insisted that the “source code” should be licenced “to protect their investment” with the result it had a licence fee that stoped it being taken up by hobbiests and small businesses. Linus used it to develop the first few iterations of what became Linux which because it was not “licence fee” encumbered took off to become the unrully monstor it is today.
Even though Minux later became “livence fee” free it was by and large to late.
Howeer for those developing “embedded systems” Minix still has advantages over Linux and BSD, and it’s micro kernal architecture has other advantages –other than size–over monolithic kernels like Linux.
As a rough rule of thumb, monolithic kernels offer some advantages on single CPU systems, but they lose out on multicore and multi CPU systems especialy when there is a lack of uniformity in the CPUs/Cores. Also from a security and performance issue the more that can be kept in user “flat” land not the heady hights of kernel “mountain” land accessed by labarynthine paths the better.
Clive Robinson • March 20, 2014 4:22 AM
It looks like I forgot to include the closing UL and I tags after the first parra in my above post (moral don’t post whilst “transport hopping” in the morning crush hour).
name.withheld.for.obvious.reasons • March 20, 2014 5:03 AM
@ Nick P and Figureitout
Don’t know about that PicNick , I think I could take Shakespeare…especially in an arm wrestling contest–but seriously–my sonnets rock. The honorable craft of play writing runs in my family (no, where not ALL cowards).
I be seeing you at high noon–bring your floppies and Macdraw Toolbox.
yesme • March 20, 2014 2:03 PM
Minix3 is a real killer. Now they are working on 3.3 (finished in roughly one month) and that has LLVM/Clang as default compiler and the NetBSD userland (and the ports collection). It’s also POSIX compliant and BSD licensed. The really nice feature is the Reincarnation Server (RS) which detects dead servers and restarts them on the fly. And it works with POLA and true modularity. On youtube are some nice presentations about Minix3, also about the RS.
Of course, I am a Dutchman so I have to promote this Dutch FOSS project that has no obvious connections with the NSA 😉
But in all honesty, I think this is a really good FOSS OS. They even have it working on a Raspberry Pi, the Beaglebone Black and the OLINUXINO A10 board.
Why is it good? Not because it’s a microkernel, but because they took the time to solve all the quirks of the microkernel. Microkernels do work. Just look at QNX / BlackBerry 10.
Nick P • March 20, 2014 2:22 PM
It’s basically NetBSD ported to a microkernel with plenty refactoring going on. Too buggy to use for security- or mission-critical. However, a great option for hobbyists or people looking for a project to contribute to. That Tannenbaum was behind it is probably why it’s so good. Guy’s worked on all kinds of OS and distributed system projects.
yesme • March 20, 2014 2:48 PM
Yes, there is a lot of refactoring going on. Hey, they made some significant changes here. But mission critical, and also embedded systems, that’s what I thought was the goal. And that’s why they also got the grant from the EU.
Nick P • March 20, 2014 7:01 PM
@ Clive Robinson re MINIX
“One such reason is the sponsor puts on restrictions, as an example Minix  was in part as a result of teaching an OS course in a Dutch University but also in part by a book deal. ”
That’s actually a good point. I have a few ways to structure a sponsored development that get around this problem. Suffice to say, my effort wouldn’t go the way of MINIX 1.
“Howeer for those developing “embedded systems” Minix still has advantages over Linux and BSD, and it’s micro kernal architecture has other advantages –other than size–over monolithic kernels like Linux.”
Yes, but we know design != implementation. I’m particularly concerned about problems arising from integrating NetBSD & other code. QNX, which did same thing, suffered from vulnerabilities arising from the change of assumptions built into NetBSD code. Those were professional developers working with a field-proven kernel and toolchain. Integration hell did them in anyway. MINIX 3 team is pulling in BSD code designed for monolithic system, doing custom privileged code, custom user mode code, doing an unusual architecture (for UNIX), and porting applications. All these different types of code integrating by people of mixed skill means there’s going to be plenty of problems. Already has been, actually.
That’s why I’m saying not to use it for anything important. Hobbyist or non-critical embedded systems could certainly use MINIX 3. The more use it gets, the more problems will be found and removed so I’m all for that. I also think there’s two potentially great apps for it: network services (already plenty), open source routers, and Cambrige CHERI project.
All NSA (and black hat) attacks on routers have people concerned. There’s also a number of active projects for open source firmwares and OS’s on routers. That stuff goes way back. Certain distros were created for and ported to cheap commercial routers. I think putting MINIX 3 on a router would be very easy. Securing MINIX 3 on a router might be easier than securing a monolithic system. If they create an eCos-style build system, then it would make it easy for users to choose which features & deploy a custom image. Combined with other tech I’ve posted, the rest of the software could be hardened. Most important, MINIX 3 already has most or all of the code needed here with the use cases also being narrow enough to exhaustively test it.
Note: It would be funny if I’m writing up this great idea and someone already has a MINIX 3 router out.
The other possibility is CHERI. If you recall, CHERI modifies a MIPS processor to support capabilities/segments for efficient POLA throughout system. Their model was integrated into FreeBSD with Capsicum. They plan to port FreeBSD & toolchain to CHERI processor. If no legal difficulties, it might be an even better idea to port MINIX 3 over to it as decomposition is more natural & the result is [eventually] more reliable. MIPS is also a simple processor that’s inherently easier to get right. My memory is fuzzy but I think the register window technique might even improve IPC performance, allowing finer decomposition of system components. Unlike with FreeBSD, such an effort won’t be fighting the nature of the system or how it’s built if it reuses MINIX 3 efforts.
Note: The router could also use MINIX 3 on CHERI, as well.
“But mission critical, and also embedded systems, that’s what I thought was the goal. And that’s why they also got the grant from the EU.”
It’s always been the goal. Just far from being a reality yet for mission critical at least. One of the commercial RTOS’s or Linux/BSD’s are a better option for such stuff until it matures. Genode and Dresden’s TUD:OS are other interesting projects in this space. All three use microkernel approaches. MINIX 3 will probably hit production grade first as it’s the least radical of the architectures.
Btw, Tanenbaum’s paper list has a bunch of other nice work. A few I independently developed (always nice) and plenty others I’m going to read to see if I might put them to use. List below:
Figureitout • March 20, 2014 10:56 PM
However, right now we have zero trustworthy platforms to build on.
–I wouldn’t necessarily say that, well ok…it’s interesting to see what’s possible when designers don’t consider a police state and non-stop malicious hacking.
Most just give up & their projects die off.
–People can’t give up. If you bring money into it, and publicize you’re doing a project then comes massive pressure to have a product that can’t get hacked (pfft..). That may attract outside subversion, state side (retards preventing secure tech development w/in their own country)… So I guess secure VPN and completely separate physically guarded intranet w/ guards and then private security guards in the inner perimeter.
You’d draw at best.
–Ah so you got a dead guy on your team? And who’s to say I’m not “Anonymous”? Ok lol, I’m fine w/ a draw so long as you don’t win. :p
–There’s always a failure in your mind, right? As in fundamentally it’s a failure from the start. I’m not smart enough to come up w/ a new way of computing, so I accept flipping gates w/ voltages, still can’t see how that eventually gets to modern computer; still a massive hole in my mind…
Hobbyists don’t get to charge other citizens to build secure facilities either, so they have to rely on morality of a human being not to break in their lab/home and compromise everything. In some cases defending yourself is a crime so you have to allow yourself to be run over to not be locked up in a cage; which will only weaken humanity further.
qwert • March 21, 2014 3:01 AM
removing lid from jar
yesme • March 21, 2014 3:14 AM
Have you seen this newsitem?
This is what Rajesh De, the NSA general counsel, said wednesday on a hearing of the US government’s institutional privacy watchdog:
Collection under this program was a compulsory legal process, that any recipient company would receive.
So now the NSA admits to have legally blackmailed (that’s how I see it anyway) the giant tech firms.
This is maffia territory.
I have little doubt they did that with the hardware manufacturers too.
Figureitout • March 21, 2014 11:12 AM
This is maffia territory.
–They operate exactly like a mafia. Exact same tactics. It’s police state tactics.
Nick P • March 21, 2014 12:27 PM
re MINIX 3
MINIX 3 – A highly reliable, self-repairing operating system 2006
The recent MINIX conversation was fun enough that I looked at their site. This paper, although dated, is a good read. It provides historical perspective on various approaches for decomposing systems. It gives the architectural choices of MINIX 3. It also shows that they perform well. I particularly liked how they handled interrupts and that they included kernel call restrictions per process.
yesme • March 21, 2014 1:43 PM
I would recommend this video. It’s a good presentation by Andy Tanenbaum on Fosdem 2010 about Minix3. (the guy if funny too)
Nick P • March 21, 2014 3:55 PM
Thanks for the link as it was a great presentation! The guy sure is funny, too. I figured that when I read his debate with Linus on microkernels. I usually skip the long videos and read the papers instead. This is one of the few I made it through.
I also agree with him that they desperately need a full ARM port to get MINIX 3 used by embedded developers and hobbyists (eg Raspberry PI). It should be as easy as possible to get it on such systems, with an eCos-like build system for slim images. That would get it deployed more widely and then code contributions might flow in faster.
The modularity also gives it potential to integrate better with POLA-enhancing technologies like I’ve often posted here.
yesme • March 22, 2014 1:47 AM
This video is from 2010. They have it working on a Raspberry Pi, the Beaglebone Black and the OLINUXINO A10 board.
Last year I downloaded 3.2.1 and compiled it. There were really tons of compiler warnings. That didn’t feel any good. Now they are working on the 3.3 version and when you download the latest git version you see that the warnings are mostly gone. It’s only the GNU stuff (GCC) that generates warnings. 3.3 will come out in roughly one month. I think that in a year or so the warnings are gone and the refractoring is a thing of the past.
And having the NetBSD usersland looks quite good to me. The GNU userland is way worse. Just think about the GNU autotools ./configure crap and compare that with BSD makefiles.
Talking about what you want to do with your ideas about a secure OS, in the paper that you embedded, it’s clear that Andy Tanenbaum didn’t really choose for a secure OS, but for a reliable one (which is roughly the same, but not exactly). They DO however both rely on a small codebase.
Petrobras • March 23, 2014 4:21 PM
Minix3 needs 64 MiB minimum of RAM, with 1GB recommended. 🙁
Figureitout • March 23, 2014 6:02 PM
Petrobras / yesme / Nick P
–Never seen uClinux mentioned on schneier.com. I know Nick P won’t like b/c its intended use is uC’s w/ no beloved MMU lol. You have to manage it yourself (and not f*ck up).
It’s a possibility in Brian Benchoff’s 68K homebrew pc b/c the distro was originally designed for the Motorola 68K chip.
ttylinux is another one. Very small, may be nice to experiment w/ terminals and networking (hopefully more secure).
And a big list of minimalist Linux distros, there’s quite a few and I imagine they are all fairly similar:
I personally like this one, Andy’s Ham Radio Linux. Basically just includes software you can download and puts into a Ubuntu remix. You can probably turn an older pc into a digital radio station and then we can talk outside the internet. 🙂
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Leave a comment