Friday Squid Blogging: Rare Octopus Squid Video from Hawaii

Neat:

While the Dana octopus squid may lack a squid’s trademark trailing tentacles, it makes up for them in spectacular lighting equipment, with two of its muscular arms ending in lidded light organs called “photophores.” About the size of lemons, these photophores are the largest known light-producing organs in the animal kingdom, said Mike Vecchione, a zoologist at the NOAA National Systematics Laboratory at the Smithsonian Institution and a curator of cephalopods at the National Museum of Natural History, both in Washington, D.C.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Tags:

Posted on December 11, 2015 at 4:02 PM213 Comments

Comments

JeffP December 11, 2015 4:46 PM

Just to seed conversations…

Everyone seems to recommend password managers. What’s the chance/risk that the central server, storing “encrypted” username/password AND the URLs to where they are valid would be hacked?

bil December 11, 2015 4:54 PM

Well, you have to store the vault somewhere. Is the risk higher that a vault on the window laptop someone uses to surf the web looking for cute cats would be compromised than if the vault were on a cloud service? And the 1Password folks would suggest that the encryption used is strong enough that it wouldn’t matter if an adversary got the vault. And it is probably safer to use two vaults, one for day to day work and one that is closed except when you are accessing your most secure assets.

I think the more important weakness is that malware may be able to access the password once it’s in ram by dumping memory.

Vatos December 11, 2015 6:12 PM

I wanted to ask about random number generation using AES with a fixed key on blocks where each block is generated from a numbers, each number one greater than the previous one. As I understand it, this may be a way of generating random numbers which cannot be predicted by examining previous numbers. Are there any issues with using AES like this?

argon5 December 11, 2015 7:08 PM

@JeffP

Everyone seems to recommend password managers. What’s the chance/risk that the central server, storing “encrypted” username/password AND the URLs to where they are valid would be hacked?

Sooner or later people who save their passwords onto any central server will end up regretting it.

For one thing who-ever maintains that server will have ability to abuse any trust given to them. And forget background checks – those only look toward the past but no one is ever born a criminal. People start down that path one day and if that day has not arrived yet, no background check will inform anyone about that “career choice”.

Take for example those idi*ts who build LastPass and said according to this article:

“In Joe’s words, ‘We can’t give them what we don’t have.’ So, to answer your question, there is nothing we could do to obtain someone’s passwords. If ordered by the government, we would hand over a blob of encrypted data that they could attempt to brute force. As everyone knows, with a strong master password, brute force would be virtually impossible.”

(source: http://www.techrepublic.com/blog/it-security/how-safe-are-online-password-managers/)

Yet some time later they had a security breach and recommended that everyone changes their password, as explained e.g. here:
http://www.cnet.com/news/lastpass-ceo-reveals-details-on-security-breach/

A better option is to get a standalone password safe application, keep it on a USB stick, and plug it into your PC only when you need it.

paranoia destroys ya December 11, 2015 7:59 PM

Any confirmation to a report that Anonymous has taken down the TrumpTowers NY website?

tyr December 11, 2015 8:28 PM

It didn’t take long for the media to roll over on
the mad scheme to ban encryption. TV news about
San Bernardino proclaimed that terrorists are using
it to avoid being caught.

Now supposedly these folks were planning something
in 2012. That gave the TLA folk 3 years to notice
that there was encrypted traffic from San Bernardino
to the middle east from someone whose name should
have made them a possible.

Spandam Alexander supposedly wanted to collect all of
the data on americans to catch people who already
stuck out like a sore thumb because of travel, surname
and other indicators. The whole story falls apart if
you are supposed to accept that they were also tagging
their traffic by encrypting it.

Binney said they already had a program that would have
caught this, but no, they had to bury it under a mountain
of blanket surveillance so they have a historical record
they can examine after the fact. Nice work. We need to
seriously revise the National Security State before it
opens us up to any more problems. False news stories by
those with an agenda aren’t going to fix anything.

Tor just announced the gal who was with EFF during the
developement of HTTPS is now the head of the Tor project.
Looks like a very good choice to me.

Thoth December 11, 2015 8:51 PM

@@JeffP
Never ever use a Password Management service that is not in your control (using someone’s computers to host your “encrypted” / “secured” credentials). Always use an offline version like our host @Bruce’s PasswordSafe (http://passwordsafe.sourceforge.net). It’s sad that Sourceforge doesn’t do HTTPS web browsing though.

I don’t trust LastPass or any “Server Secured PM” services as they are just too vulnerable. If you are paranoid that your offline encrypted password database might get hacked (software-side hacking attacks), you might consider a hardware secured version called the Mooltipass (http://www.themooltipass.com) which uses a much better approach which is to have a dedicated hardware protected approach. The device is a little bulky though.

@Vatos
Have you looked up the literature on AES-based DBRG especially the NIST SP 800-90A specifications ? There is also mention of AES CTR mode for RNG in the SP800-90A specs. Please take a look. I would recommend flipping to page 49 for the CTR_DBRG specs. I know a good ton of FIPS validated hardware and software crypto modules are leaning to AES-based DBRG.

Links:
http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf

Curious December 11, 2015 11:56 PM

Looking at Windows Update recently, it looks to me as if kb3108371 is the same thing as kb 3108381, but for a different language. I thought that was a little odd because they both reference back to Microsoft Security Bulletin MS15-132.

believing the cloud companies sales pitches will destroy ya December 12, 2015 12:34 AM

Here’s a new alternative to Tor by Dispel (dispel.io)…BTW it’s “proprietary”…

Dispel’s Privacy as a Service Technology Emerges From Stealth
http://www.eweek.com/security/dispels-privacy-as-a-service-technology-emerges-from-stealth.html

A snip from the adverticle…


Privately held startup Dispel (dispel.io) officially launched its privacy-as-a-service offering on Dec. 9, providing what it has branded as invisible connections and invisible computers to privacy-conscious users.

“We have built an engine that allows us to dynamically generate unattributable, encrypted and ephemeral infrastructure using multiple cloud providers,” Ethan Schmertzler, CEO of Dispel, told eWEEK.

That infrastructure is used to deliver Dispel’s invisible connection and invisible computer service. The invisible connection links a user’s device into Dispel’s network in a manner that protects the user’s identity, location and content. Schmertzler noted that the invisible connection does not make use of the Tor network at all. Tor is a popular technology that seeks to enable anonymous network connections for users.

“We are a totally new proprietary technology,” he said. “There are no fixed network targets and nothing is publicly listed, so users don’t need to trust a random stranger.”

rgaff December 12, 2015 1:06 AM

“so users don’t need to trust a random stranger”

Because trusting a less-random stranger like Ethan is so much better?

Wael December 12, 2015 1:31 AM

@rgaff,

Because trusting a less-random stranger like Ethan is so much better?

True. If one were to construct a DFD (Data Flow Diagram) showing the end-to-end data path, it probably would become clear that such solutions have holes, not least of which is the lack of security at the customer’s end point (the device.) Doesn’t matter if data is encrypted in transit if needed crypto keys can be extracted remotely from the device, for example. Then again, how can you trust “their word”; they could be a front for another organization. If they aren’t a front, how can one tell if the “invisible connection” isn’t a “honey pot” masquerading as a ligitimate service? And since the customer needs to go through an ISP there will be other identifiers that can be collected and eventually mapped to the “invisible connection / invisible computer”. Too many unanswered questions…

I looked at the information they provided and couldn’t find a description of the issues listed above, and these issues are only a small “sample” 🙂

Wael December 12, 2015 1:59 AM

@Greg London,

This game is the mechanical equivalent to the Prisoner’s Dilemma scenario in game theory…

Very clever thinking! There is one subtle, but important difference: in the Prisoner’s Dilemma, the two partners know something about each other; they’re not completely random people. Your narrative needs to factor in this “initial condition”. Without the correct initial condition, the choices each player make will be just a “guess”. Player-1 knows nothing about the state of mind or the greed degree of Player-2 and vice-versa. Am I missing something?

ianf December 12, 2015 4:32 AM

For Snowden-watchers: see two Norwegians, one of them a waïfy “true-life Lisbeth Salander” TOR hacker/ developer Runa Sandvik, discuss in English on Swedish TV how Ed once tried to promote the use of TOR among his Hawaii spook colleagues by gifting them the official TOR laptop stickers ;-))

But that’s not the money shot of the show: rather, it was the blanket jingoistic condemnation of Snowden as a traitor uttered in the course of the studio talk by there also present Pia Lindström, a senior journalist from New York (eldest daughter of Ingrid Bergman); and the Brit—but now also U.S. citizen—Rod Stewart. The depth of their ignorance, and what can only be described as ass-kissing the American flag (pardon, Flag), is ASTOUNDING (I expect both to have since then been invited to dinner at gen. Hayden’s fortress-like house.)

Skip the leading Norwegian lingo intro, the two preceding interviews, advance the video tape to 25:50, you won’t be sorry. The 12 or so minute long segment about Snowden and privacy is followed by appearance of Max Mosley, who forsakes no opportunity to whitewash his mother, Diana Mosley’s (née Mitford) life-long unrepentant sympathy for Hitler (and she wasn’t the worst Nazi-lover in the family, that dishonour goes to her younger sister Unity, the sad-sack Hitler idioliser). Listen to that part if only to find out what, acc. to Max channelling Diana, was the chaste—and possibly impotent—Führer’s success with women (Wael take note! ;-))

The talk show “Skavlan,” named after its host Frederik S., seems to be a v. much lightweight version of the Michael Parkinson’s sequential talking heads small-talk show at the BBC, and is recorded live using identical digitally-enhanced studio decors in Stockholm and in London. This interview will stay available online until 10th January 2016.

    One final thought: why is it always me who has to teach the talking TV heads the interviewing ropes? Obviously, Skavlan ought to have begun by demanding of Runa Sandvik to SHOW HIM THE TATTOO!, and she obliging by taking off her pants, and displaying “DRAGON” stenciled onto her inner thigh. People are soooooooo unthinking, letting such unique opportunities of cheap-thrill shocking the audience pass by.

Greg London December 12, 2015 7:26 AM

@Wael: “There is one subtle, but important difference: in the Prisoner’s Dilemma, the two partners know something about each other;”

That is addressed later in the article. I believe that the narrative told in the Prisoner’s Dillema actually creates a backdrop that changes the game from the single iteration game with the given payoff matrix to some other game.

For example, if both players know each other, and if both players are members of the same gang, then there could be repurcussions that adjust the payoff matrix. If Alice and Bob know each other for years because they have been members in the same illicit gang, then it isnt too hard to imagine that if either player betrays the other then the gang itself might punish any member who betrays another member to the police by killing them. At which point, the payoff matrix changes from “minimizing your prison sentence” to “avoiding death”, and the only choice is to cooperate.

The Interlocked Marble Race was written intentionally with a narrative that doesnt have any after-game consequences. Once you make your choice, you walk away with no fear of secondary repurcussions. The other player doesnt know who you are and cannot threaten you and cannot hunt you down when they get out of prison or win no prize at all.

If the payoff matrix only describes the primary payoffs, but the narrative creates a scenario where there are secondary consequences, then many readers will intuitively roll those secondary changes into the payoff matrix. Betray a fellow gang member? The gang might kill you, so the sensible choice then is to cooperate.

The interlock marble race creates a narrative that intuitively matches the payoff matrix of the original prisoners dillema, and doesnt create any narrative details that could drastically alter the payoff matrix of the reader read tok much into them.

In the IMR, you make your selection, you collect your prize, and then you walk away with zero worries about secondary repurcussions, because there arent any in the narrative.

The problem with people trying to understand the Prisoner’s Dillemma is that the narrative creates a story backdrop that many people read into and intuitively add to the payoff matrix and then that reader is actually playing a different game.

Greg London December 12, 2015 8:50 AM

In the IMR, the only things you need to know about the other player is that they are going to try to maximize their prize, they dont care what you get for a prize, and you cant do anything to change any of that. And they are going to think the exact same thing about you.

Tõnis December 12, 2015 9:28 AM

I’m on BlackBerry 10, so I use its native Password Keeper app. My phone is password locked with all its data encrypted. Password Keeper itself is password locked and encrypted. I save encrypted backups of my smartphone data to my ThinkPad which happens to be online, but I could save the backups to offline media instead. To crack one of my backups, an attacker would need the backup and to know my BlackBerry user ID and password; the keys for the backup are generated by and stored on BlackBerry’s servers, so this means BlackBerry itself could decrypt my backup if it were to obtain it.

bobby tables December 12, 2015 9:28 AM

@ianf

But that’s not the money shot of the show: rather, it was the blanket jingoistic condemnation of Snowden as a traitor uttered in the course of the studio talk by there also present Pia Lindström, a senior journalist from New York (eldest daughter of Ingrid Bergman);

funny, why would Norway (and Sweden) care to brand Snowden as a traitor…of course probably because they are so deeply in bed with America.

in fact they likely contribute to the American surveillance.

unfortunately a lot of the documents seem to be never made public, at this rate.

Retardé December 12, 2015 9:39 AM

So, the French have gone full Retardé (following the lead of their yankee blowhard pals):

https://theintercept.com/2015/12/12/terrorist-attacks-spark-crackdown-constitutional-changes-in-france/

“In some instances, the concrete consequences of the state of emergency border on the Kafkaesque. There’s this man, who was challenging the requirement that he report frequently to a police station (one of the other features of the state of emergency law). Because his court hearing to challenge the requirement was late, he showed up 40 minutes past the time he was supposed to be at the police station. He was immediately detained. Then there’s this man, who was placed under house arrest in southwestern France because he was suspected of being a radical Muslim — except he is a devout Catholic. The police also raided a halal restaurant for no apparent reason.

The state of emergency, which was initially supposed to mitigate the threat posed by Islamic terrorism, has been used to target environmental and political activists who have nothing to do with radical Islam, let alone terrorism. Several heavily armed police officers stormed the home of produce farmers in rural France, and Le Monde reported that at least 24 people closely involved with protests around COP21, the Paris climate conference, were placed under house arrest.”

Raiding halal restaurants? Confusing Catholics with Daesh? Under house arrest because you give a shit about the environment and the future of the screwed up human race?

WTF?

Time to change the French national motto from Liberté, égalité, fraternité.

How about:

  • Emprisonnement, détention, incarcération ?
  • Déficiente mentale, crétin, masturber ?
  • Fasciste, état policier, enculé ?
  • Hystérie, paranoïa, fou ?

Decisions, decisions…

Clive Robinson December 12, 2015 10:48 AM

@ Bruce,

This might be of conciderable interest to you and your emoloyers,

https://conspicuouschatter.wordpress.com/2015/11/04/investigatory-powers-bill-the-juicy-bits/

I’ve yet to pluck up the courage to sit down and read the near two hundred pages of dense sometimes mind warping legalese of IPA.

However you only need to be a few pages in to realise it has world wide consequences, not just the UK juresdiction….

It is most definitely worse than a “snipers charter” it borders on sedition.

Who? December 12, 2015 11:50 AM

@believing the cloud companies sales pitches will destroy ya

Sorry, it will never be a Tor alternative.

The terms “propietary” and “secure” live on orthogonal spaces. It has been clear for years.

On the other hand, eWeek notes that “Dispel is using Ubuntu Linux as the operating system for the invisible computer”… Ubuntu is not exactly what I would choose for anything “secure”.

The same history ever… a few buzzwords, some hype and you got the next startup.

Clive Robinson December 12, 2015 12:23 PM

@ Who?, believing the cloud…,

Sorry, it will never be a Tor alternative.

Nope, and my long held view is ToR is no where near secure enough, for reasons I’ve mentioned in the past.

So comercial offerings have a very very long uphill path to climb to just catch up let alone pass, and lots of mistakes to make along the way (which history suggests they will hide untill blackmailed into fixing them by public exposure).

That is not to say that ToR could not be made a lot lot more secure, without to much difficulty. But ultimately I guess many users would not like the increased latency etc, when downloading their “low costume budjet amature hour” etc.

Winter December 12, 2015 12:47 PM

@Clive
“Nope, and my long held view is ToR is no where near secure enough, for reasons I’ve mentioned in the past.”

But then, nothing is. In this case, the choice is between using Tor and not using the internet.

Wael December 12, 2015 12:56 PM

@Greg London,

The problem with people trying to understand the Prisoner’s Dillemma is that the narrative creates a story backdrop…

I’m not referring to story backdrops. Let’s say there is no post game consequences. I’m saying players who know each other can make an informed decision based on their understanding of how their opponent (ex-accomplice) thinks and behaves, and that’s where the dilemma arises. If opponents know nothing about one another, then it’s just a guess or a gamble and there is no “dilemma”.

Another implicit “assumption” is that both opponents are roughly equally rational and intellegent. What if one of them is an idiot… how would that factor in?

I could be wrong… Won’t be the first or last time 😉

de la Boetie December 12, 2015 1:01 PM

Regarding password managers, my feeling is that some commentators are missing the mark with blanket assessments because they are not including the threat landscape or the other controls one might use.

For example, with LastPass, you might well only use it for “standard” website access, where the risk of password compromise at the service end is likely to be higher than a better-thought-out password service (although there’s the all-eggs-in-one-basket problem). Using strong unique passwords is much better than the alternative, and the integration of LastPass makes it easy for naive users to actually use it when browsing. Like with family members, they would not likely use a local password manager because that’s more complex; at least LastPass gets used.

In addition, LastPass supports 2FA with a Yubikey (and I’d personally recommend 2FA with any password manager). You can also enter a pin “decoration” to the password which is not stored in the LastPass database.

Of course, for other things, a local database (e.g. PasswordSafe, including 2FA), is a better alternative.

But, please avoid blanket assessments….

ianf December 12, 2015 1:11 PM

ADMINISTRIVIA @ bobby tables

why would Norway (and Sweden) care to brand Snowden as a traitor?

Why indeed… perhaps because neither did? Had you cared to watch the Skavlan/ Sandvik/ Lindström/ Stewart talk-show video (as 11 others so far did) rather than type away in blindo, you’d have discovered that it was the last two, one a journalist, the other an international artist, both American citizens/ residents, who elected to show their stupidity and ignorance by jumping onto the Snowden equals traitor bandwagon (Nick P. here who also thinks that Ed partly is one, might care to listen to these two emo outbursts).

FTR shortly after the latest regime change in Sweden last year, and Snowden’s getting The Right Livelihood Award, the so-called Alternative Nobel Prize (=an award that’s pretty prestigious for the state of Sweden to be hosting alongside the “ordinary” [though also privately funded] Nobel Prizes), the new Labour-Green coalition government in power undertook a study to offer Ed Snowden asylum there. They even sent 3 parliamentarians to meet Ed in Moscow. It came to nothing, to the disappointment of both the NGOs and the policy makers involved… the pressure from the USA, threats of no longer sharing NSA-derived terror intel with the country, proved too great to overcome.

All the same, it is my conviction that physically Edward Snowden probably is much safer in Moscow, than were he in a democratic, open society such as Sweden (where the CIA would have had much freer reins for an “Eichmann-like” forced exfiltration, snatching him away to throw in a hole in Gitmo until his dying days. In fact, in another TV program recorded in the last few months, I heard Ed for the first time say explicitly that “he doesn’t think it will end up well for him,” and gen. Hayden leeringly stating that “he’ll die of old age in Moscow.” A new twist on the old “better red than dead”)

[@Outspelled, you’re not forgotten in regard to your Snowden regurgitations.]

Justin December 12, 2015 1:15 PM

@Clive Robinson

https://conspicuouschatter.wordpress.com/2015/11/04/investigatory-powers-bill-the-juicy-bits/

That’s astounding. Obviously they feel they have the right to investigate Americans without a warrant, and pass the intelligence on to American law enforcement. How does that compare to a plain reading of the Constitution?

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

And it’s almost unbelievable, but federal judges have actually dared to express the opinion that

“Yet provisions of our Constitution do not lose their force even with the passage of decades.” (p.45 of this pdf.)

Of course that was in reference to the 2nd Amendment, not the 4th, but one can only hope…

@Clive, Winter

… my long held view is ToR is no where near secure enough, for reasons I’ve mentioned in the past.

Maybe not. There is spurious research on traffic analysis and side channels and so on, but the real low-hanging fruit is the lack of any reasonable assurance of security for the (in almost all practical cases) mainstream bug-ridden software, operating systems, and hardware being run at the endpoints. I wouldn’t blame ToR so much, but they actually bundle their software with such mainstream software for which pre-made exploits are known to exist and be in use. Remember FOXACID, anyone? I should have guessed, Bruce already blogged about this. How do people forget so easily?

Clive Robinson December 12, 2015 1:32 PM

@ Winter,

In this case, the choice is between using Tor and not using the internet.

The latter option may be more secure… Which is a thorny conversation along the lines of “Is ToR Secure enough?”. It in turn begets the question “What are you doing, who and where is your enemy and how much do they care about what you are doing?”.

We now know for certain that Tor is vulnerable to various edge effects, even though I and others have banged on about the possibility for long before that. But the real issue was what we found out about the level of person they were chasing after. Out side of the head liners many were small fish gamblers, pot smokers and aficionados of low costum budget movies. Those that have not had their collars felt yet, may never do, but they know dam well it’s hanging over them waiting. Which presumably has had the Chilling Effect the FBI were hopping for.

That is the FBI and outposts of the DoJ know that if they can scare off the masking traffic, it makes getting at the high value traffic considerably easier.

With ToR in it’s current state the less masking traffic the less secure it is by a very long way, as the low latency exposes traffic in a non linear way…

Trying to explain all that to a potential user who often realy does not know who or what their enemy is or why, is almost guaranteed to fail them in some way. And as history shows most people tend to blaim others for their own failings (including myself from time to time 🙁

But there is arising another issue of the crime of “giving security”, this can be seen by the behaviour of the NY prosecutors who go after people with massive charges that have not realy got a hope in hell in court. They do it so they can either turn you or stop you, either way they get at others either through you if turned or if they stopped you due to your product not being available to secure the others.

The behaviour of the FBI and DoJ prosecutors in this way is actually bringing not just themselves and their employers into disrepute but the whole US Government… Oh and driving the business that provide the taxes for their wages out of the country, so not very smart in the longterm.

Winter December 12, 2015 2:06 PM

@Clive
“With ToR in it’s current state the less masking traffic the less secure it is by a very long way, as the low latency exposes traffic in a non linear way…”

And the Tor hidden servers are simply cracked the old-fashioned way, as they crack web-servers everywhere. That is not something Tor can do anything about.

Wael December 12, 2015 2:11 PM

@ianf,

as 11 others so far did) rather than type away in blindo

I’m one of the 11. Good video… Some comments…

Rod Stewart. The depth of their ignorance…

Who wants to hear celebrities giving opinion on security matters?

In a hundred years, he might be on a stamp in the US!

Unlikely, but not far fetched depending how the story pans out.

38:14 passwords…

Pretty impressive, and you can see the shock on the host’s face reflecting what’s on his mind: “Holly crap! My passwords start with a capital letter, end with an exclamation mark or a 1, 2, 3, and the middle is a name of a pet, or a relative. I hope she doesn’t ask me to whip out my wallet, because she is correct; I do carry a post it note with my passwords written there!”

Runa Sandvik… I’m not sure of her nationality, but she pronounces “about” like some Canadians do 🙂

Listen to that part if only to find out what, acc. to Max channelling Diana, was the chaste—and possibly impotent—Führer’s success with women (Wael take note! ;-))

What are you insinuating now?

Clive Robinson December 12, 2015 2:42 PM

@ Winter,

And the Tor hidden servers are simply cracked the old-fashioned way, as they crack web-servers everywhere.

Actually, this is not quite true. There are ways by which servers can be made invisible to traffic analysis and data poisoning / malware methods. It rather depends on how you want to go about it. The downside is the latency involved. Whilst fine for Email and messaging it won’t work as well for serving up web pages and won’t work for interactive activities at the human level (ie sub 1/6th second round trip).

If you are interested I can go through it bit by bit, but it will monopolize this thread, which I don’t want to do to early in the week.

Clive Robinson December 12, 2015 3:48 PM

@ Wael,

With regards ianf’s,

    … and possibly impotent—Führer’s success with women

I think he might be refering to Hitler’s supposed ability to mesmerize teenage girls, much like some pop stars do today, then mentally tourture them by turning faux affection on and off on them. It’s been said that several committed suicide or were institutionalized then at some point “take on a tea party”[1]. I don’t know if it is true or not but it certainly appears that his interest lay in control rather than sex as the basis to his relationships with women. He certainly did not like women to be around him very much as various documents have shown.

[1] One of the first stages to the “final solution” was to get rid of those who had longterm mental disabilities. From what various historians have said and some documents support the method used was to put them in a coach with windows painted to show happy children. The vehical would supposedly be “driven to a tea party or some such”. At some point in the journy the exhaust gas would be pumped into the coach body where the patients would die of monoxide poisoning, and the coach would then go to a sexluded spot where the bodies would be transfered onto other transport to eventualy be disposed of at a crematorium.

Wael December 12, 2015 4:12 PM

@Clive Robinson,

I think he might be refering to Hitler’s supposed ability to mesmerize teenage girls..

Got it.

I wish my sockpuppet were alive 🙁

@Nick P,

Do you have objections?

FM Radio December 12, 2015 5:07 PM

We shouldn’t forget that no matter how the final solution started and ended, USA continued the same tradition with lobotomy and the mobile lobotomy units.

Spreading the Tor December 12, 2015 5:09 PM

Spreading the Tor Browser Bundle (TBB) in the U.S.A

Today the TBB was installed on >1 semi-public windows 7, 8 or 10 PCs in the U.S.A. The installation did not require admin priviledges.

Questions

A) Since the PCs are semi public, does this posting in the vicinity make sense?

1) “For your use the ‘Tor Browser’ is now available on each PCs’ Desktop. To learn more about some users of ‘Tor’ go to https://torproject.org and look for ‘Who Uses Tor’.”

2) “Warning, since the release of Snowden’s Documents it has become well known that the use of ‘Tor’ can invite government scrutiny in the U.S.A.”

B) Is there any known law, regulation, or other, in the U.S.A. that prevents librarians or their IT staff from installing the TBB on their PCs in a U.S.A library?

Thoth December 12, 2015 5:30 PM

@Tõnis
It is better to use an auditabke password manager if you have access to one. As you said it, if Blackberry can break into your password database, it isn’t very assuring and we know RIM has been in bed with ICs for a long time. Evrn if your personal security model excludes ICs, the security the Blackberry Password Manager presents doesn’t sound all too assuring and not to forget a smartphone is a pretty big attack surface but not as wide as a netork attack surface.

@de la Boetie
Any cloud security solution is an inherent risk as you do not know what’s on the other side and the codes involved. Similarly, password security solutions in he cloud are a risk itself. Of course it’s convenient and easy to use and very portable but very risky. You can integrate things like 2FA into your cloud security protocol which does not remove the risk.

You mentioned that PIN decorations are not stored by LastPass database. How are you sure ? You seem to have insight into LastPass. Are you associated with LastPass in some way ?

If a family member wants easy password access, I would rather recommend a portable version of Password Manager in a USB drive of course if we compare threats and risks, each have their own problems.

Network-based Password Managers store mulitple ysers’ password profiles and thus present a lower hanging fruit than a single computer with a password profile stored offline. To add complications, network password management algorithms are done mostly on server resources which makes it uncomfortable for us security folks who have designed and implemented security. Maybe the lay person are OK with the risk but from a threat model, the “unknowns” regarding the code execution, storage of password and derivation and storage of encryption keys makes it a huge risk.

Even if a network password manager sends an observable and editable executable code to allow client side decryption of password database so that it can proof that the server is merely a storage and is “clean” from suspicious algorithms, would anyone feel comfortable to put an encrypted database file on someone else servers ?

2FA or MFA does not really matter when it comes to password database security as long as the design is the 2nd factor secret is independent of the cryptographic key mixture. All it requires is capturing the decryption keep and it is game over. The 2nd or nth factor only serves to further authenticate but the main point is capturing the cryptographic key is the main goal. In the context of a network password manager, it opens a lot more questions and doubts than offline password managers.

I would say network password manager have these hurdles to cross:
– Proof of trustworthinesss and honesty of server
– Proof of correctness of execution
– Proof of network and per profile security and isolation during and after execution
– Proof of correct handling of cryptographic materials
– Proof of secure execution

Whereas an offline password manager only requires lesser hurdles to pass:
– Proof of correctness of execution
– Proof of per profile security and isolation during and after execution
– Proof of correct handling of cryptographic materials
– Proof of secure execution

Offline password managers present lesser threat surfaces for exploitations and from the above hurdles needing to cross.

Ease of use can be improved by GUI designs and user interaction and portability of solutions can be done with portable offline devices in your own control. A less tech savy person carry a portable executable of an offline password manager with good GUI design to ease usage.

Clive Robinson December 12, 2015 6:26 PM

@ Nick P, Thoth, Wael and others,

If you are working on a design with an “unreliable network” at it’s core, you might find the first paper on this list interesting,

http://queue.acm.org/listing.cfm

Either read or scan down to the section titled “Reliable Broadcast” it might provide food for thought.

Wael December 12, 2015 8:40 PM

@Thoth,

Do you mean the paper’s name is “Broadcast Messaging: Messaging to the Masses”

It would so seem.

@Clive Robinson,

it might provide food for thought.

It does! Thanks for the link. It can even be applied to the threads of this blog 🙂

Repeat After Me December 12, 2015 10:43 PM

To the fascists inhabiting the White House, here is your take home message from those who see straight through your propaganda:

“I am not terrified of the terrorists; i.e., I am not, myself, terrorized. Rather, I am terrified of the terrorized; terrified of the bovine masses who are so easily manipulated by terrorists, governments, and the terror-amplifying media into allowing our country to slip toward totalitarianism and total war. – Dan Sanchez”

We will never buy your bullshit. Ever.

We know we are more likely to be killed by fireworks, lightning, falling TVs, cows (yes, cows), elevators, the militarized police (x 312 greater rate of killing), hypothermia, scalding hot water and so on.

So, take the right-wing think tanks beating the drums of war, and the MIC killing machine bleeding tens of billions per annum, and shove it up your ass.

Defund the shadow state, three-letter agency criminals who couldn’t see a terrorist act in advance if the blueprints were emailed to them.

Stop INCREASING the terrorist threat by bombing countries who pose ZERO threat to the homeland.

Redirect this money to health, education, infrastructure and the like, where it belongs.

That is, do your f*&king job in line with the constitution you swear to protect, you A-grade psychopaths.

Andrew December 13, 2015 4:40 AM

Just some thoughts, I’m not sure people are aware about the real stake of backdoors in encryption.

You think WhatsApp will have official backdoors while you will still be able to use Telegram or other open source encrypted communication? Really? They will either ban them (through OS), backdoor them too or make them illegal. The use of some custom encryption may get you to jail.

The next step will be to request official hardware backdoors as they will convince politics that not all choices are covered with software backdoors alone. This one will be much easier to get once the first one is done.

To be honest, I think people are stupid enough to make all these a reality, soon.

Poe December 13, 2015 5:05 AM

EFF launches the cell-site simulator section of Street Level Surveillance today

December 10, 2015

“Digital analyzer. IMSI catcher. Stingray. Triggerfish. Dirt box. Cell-site simulator. The list of aliases used by the devices that masquerade as a cell phone tower, trick your phone into connecting with them, and suck up your data, seems to grow every day. But no matter what name cell-site simulators go by, whether they are in the hands of the government or malicious thieves, there’s no question that they’re a serious threat to privacy[1].” (By Nadia Kayyali – remainder of article @ [2])

That’s why EFF[3] is launching the cell-site simulator section[4] of Street Level Surveillance[5] today.

[1] https://www.eff.org/deeplinks/2012/10/stingrays-biggest-unknown-technological-threat-cell-phone-privacy
[2] https://www.eff.org/deeplinks/2015/12/government-can-you-hear-me-now-cell-site-simulators-arent-secret-anymore
[3] https://www.eff.org/
[4] https://www.eff.org/sls/tech/cell-site-simulators
[5] https://www.eff.org/sls

“EFF’s Street Level Surveillance Project[5] unites our past and future work on domestic surveillance technologies into one easily accessible portal. On this page, you’ll find all the materials we have on each individual technology gathered into one place. Materials include FAQs about specific technologies, infographics and videos explaining how technologies work, and advocacy materials for activists concerned about the adoption of street level surveillance technologies in their own community. In the coming months, we’ll be adding materials on drones, stingrays, and fusion centers.”

Related hits:

https://www.eff.org/sls/about
https://www.eff.org/sls/tech
https://www.eff.org/sls/news
https://www.eff.org/sls/legal
https://www.eff.org/sls/resources
https://www.eff.org/sls/tech/cell-site-simulators
https://www.eff.org/sls/tech/biometrics
https://www.eff.org/sls/tech/automated-license-plate-readers

Thoth December 13, 2015 6:06 AM

@Andrew
The box within the box method that @Clive Robinson and most of us have discussed makes direct message escrow very risky for state actors or otherwise. It is easy to detect escrow and counter it. You can do a box on a box by means of using another encryption engine within your control to send through a known vulnerable path. The pain is in the key negotiation.

They can put a ban on secure messaging apps but that doesn’t mean you can’t run your own crypto engine. The next evolution for secure messaging is a signature reduction protocol over a broadcast mechansim. A signature reduction mechansim is to prevent easy detection and making it look probablistic to passive and active interaction especially removing message headers and over probablistic encryption algorithms. Using a broadcast method, you would effectively dull off traces and further dampen signatures.

Due to the diversity of apps, they can’t hunt down everything. What can be done is to create a simple, easy yet secure standard of secure messaging so engineers can easily implement them. The struggle with getting COTs secure would also make their decisions half effective because most COTs rely on open secure technology and sabotaging these stuff are inherently dangerous and we have seen the InfoSec wing going against the Intel wing of US Govt showing a split in decision in the Govt. The Security side wants everything and everyone to be secure whereas the Intel side wants everyone and everything except themselves to be insecure. If we can play along the Security side and get more people to lean to that direction, it may have an effect on the World. The reason why many Govts are getting away with excuses to weaken Security is due to the citizens being unaware and indecisive.

The more awareness and knowledge given to the public and the wider variety of secure comms would likely allow better decisions to be made on a wider level. Most Govts are doing fear mongering and play shoot the messenger/engineer in public to spread fear because they are desparate to control their citizens’ mindset and they are getting away with it for now…

Andrew December 13, 2015 8:42 AM

Thoth: “They can put a ban on secure messaging apps but that doesn’t mean you can’t run your own crypto engine”
I really believe that you underestimate the dark side of the force :). I don’t think they make all these efforts for a joke.
I agree there will be many custom ways to secure a communication but most likely they will become illegal if not using some official tools.
Also, imagine if they request to AES backdoor, it will lead to hardware backdoors too, since many implementations are hardware.

ianf December 13, 2015 9:05 AM

    I read The Guardian daily newsletter then curate this eclectic selection of its offerings, so you won’t have to

Net neutrality has its day in court – with lawyers, Christians and the Cheshire Cat
      The decision by the Federal Communications Commission to reclassify internet providers as ‘common carriers’ is being tested in a Washington DC courtroom

Comment is free | Erdogan’s dreams of empire are perilous for Turkey
      Ankara is becoming far bolder with its foreign policy. Provoking Russia over Syria may be a step too far, though

In search of a European Google
      California’s Silicon Valley runs the show when it comes to successful tech companies. So why has the old world failed to produce a thriving digital industry to rival the US?

Michele Hanson: I was suspicious of the Zuckerbergs’ $45bn donation – and I was right to be
      The saintly Facebook family have been revered for their generosity, but their gift isn’t a proper gift at all

Mobile phones | Science has spoken: ending a text with a full stop makes you a monster
      A new study suggests that people who finish messages with full stops are perceived as insincere. Let’s not get started on the creeps who put a nose in smiley faces [Wael take note ;-))]

London | Opinion by Zoe Williams | Donald Trump, radicalised London salutes your honesty
      With its barefoot joggers, cereal cafes and Silicon Roundabout, this is the terrifying city of no-go areas the Republican candidate warned us about

How Amazon came to dominate fiction in translation
      At a time when the translation market is shrinking, the internet giant’s publishing arm, AmazonCrossing, has leapt ahead as by far the biggest publisher of English versions of international titles this year.

    The unwillingness of English-speaking readers to engage with fiction in translation has come in for its fair share of criticism over the years, not least from the director of the Edinburgh book festival, Nick Barley, who described the UK’s parochial reading habits as “something of an embarrassment” this summer. Help, however, might be at hand from an unexpected quarter: Amazon published three times more translated fiction in the US this year than its nearest competitor.

2015 Orwell Lecture
What Orwell can teach us about the language of terror and war
      Bureaucratic double-speak, tautology and ambiguous cliche not only dominate the language of public life from the health service to higher education, talking and writing badly also prepares the ground for military and terrorist action, writes Rowan Williams

Work & careers | Watch out, David Brent – the office is a jungle nowadays. Here’s a survival guide
      Unlike Wernham Hogg, the workplace no longer welcomes chilled-out entertainers. As Ricky Gervais’s character is going to need help as he returns to our screens

Open source | Technology |
Bassel Khartabil: fears for man who brought open internet to the Arab world
      The developer’s imprisonment is a sign that technologists are being targeted along with journalists and human rights lawyers

Technology | 90:9:1 – the odd ratio that technology keeps creating
      Mozilla has killed off its Firefox OS, leaving the mobile OS market dominated by Android, iOS and Windows Phone. Will technology always follow the same pattern?

Teenage special | The 10 worst parental crimes on social media
      A guide for adults who don’t want to shame teenage family members in front of their friends, or make themselves look stupid

VIDEO BONUS: found this in Clive James’ late November rumination about Paris: […] “For what real heroism looks like, check out the YouTube clip of the Saudi singer Shams Bandar [a 3m MEMRI recording off Arabic TV—ed.] telling a smoothly coiffed bonehead of a male interviewer exactly why the west is worth fleeing to. If she gets stoned to death for saying so, let’s try not to forget her.

PICTORIAL BONUSES: birds  aplenty.

Clive Robinson December 13, 2015 9:28 AM

@ Andrew,

The next step will be to request official hardware backdoors as they will convince politics that not all choices are covered with software backdoors alone.

It would not be the first time, do you remember Ernest Frederick “Fritz” Hollings (dem) from South Carolina, AKA “Hollywood Hollings” or the “Senator From Disney” because of his “nesting habbits” and his claim to fame for them the “Fritz Chip”? Which according to some “burned him” and now he whiles away his days I’m led to belive writing polemic pieces for the papers around Charlston and the Huffington Post

Well you can read the usual splurb on the “Fritz Chip” more officialy called the “Trusted Platform Module” at,

https://en.m.wikipedia.org/wiki/Fritz_chip

Ross J. Anderson over ate the Cambridge Computing labs wrote an FAQ on it in the early days,

Although some of those involved have allegadly tried to hide some features, such as things that could stop certain types of user activity such as running “untrusted software” (ie not signed by an approved key), and also the loading of “untrusted files” in it’s not that clear what it can do though in it’s current form it can still be disabled.

I belive other regulars that post here know it in quite a bit of depth and hopefully will cgip in their 2Cents.

But even if it can do all that some claim it could in a distopian future, there realy is somethings it can not do.

For instance as long as I’m alowed to type in or edit files I can communicate with others via a mixture of prearanged code and stenography. Likewise digital audio, photographs, video etc.

I’m not saying it would be easy, just that it would be possible.

But that may not be necessary, the last time I checked hardware sold in Russia and China were TPM chip free due to legal requirments in those countries, which represent a very sizable fraction of the user market world wide.

Further the chip is unlikely to be perfect, thus there are almost certainly ways around it via “bubbling up attacks” from lower layers in the computing stack. And other loop holes such as the acidently Turing Compleate engine that exists around the various parts of the Intel chip set.

But there is an obvious attack which is the theft of “signing keys” etc via “black bag jobs” and “angry insiders”. Once a suffociently high priority key is out in the wild it could alow TPM to be bypassed.

As I’ve pointed out in the past “code signing” is not a mark of quality or even reliable code design and implementation. It would not be too hard for someone to slip the equivalent of an interpreter into their code, that could be got past signing authorities, thus out into the wild.

There are other issues with code signing as well. If you just sign code the signiture is effectively only check when the code is loaded and maybe at some future point. If the code can be changed in between then in effect it’s game over. To get around this loophole usually means encrypting memory, but without a lot of care this becomes a masive chokehold on the computer.

So TPM is not going to be at all popular with the market, and unencumbered hardware will be obtainable from many places.

Thus the boat may just have been missed on a “Fritz Chip” type lockdown.

Thoth December 13, 2015 9:30 AM

@Andrew, @Nick P, @Clive Robinson
If you are to dig into the past discussions between me, @Nick P and @Clive Robinson, I think you would notice we have discussed on topics of backdoor and one thing we avoid is to use algorithms that cannot be verified. Use a software algorithm you create and the trade off are slower speed, prone to mistakes for beginners and lack of side channel resilience to a certain extend but thise can all be compensated. I remember the three of us discussed on verfication of correctness of algorithms (@Nick P’s area), EMSEC and Side Channel and collusion resilience (@Clive Robinson’s) and tamper resistance (my area) which put together would enable algorithm execution even if under certain degree of adverse conditions. @Wael also contributed to the Castle design while @Clive Robinson contributed to the Prison design.

I have also been toying around with ideas to enable somewhat secure logic execution under a consistently leaking chip as I too have a suspicion that backdoors are here long time ago and so are many of us in the field who already figured out.

Theoretically, it is nice to know how to detect a backdoored chip and to actually be able to detect in a practical scenario. Fact is most backdoors can be rather subtle and implemented under a few hundred gates and most look like careless engineering making them all the more rather grey in nature.

It is also useful in nature to know how to deal with backdoor and how to prevent collusion. Obsfucation of functions and breaking down, randomising and inclusion of redundancy into logic codes can help to confuse attackers trying to extract the code but also serves to confuse the internal backdoor watching the code. If you break down an AES function and step them through at a seemingly random timing and phase, how would a backdoor logic know when you are going to execute an AES logic in software.

Another method is to share the logic between multiple chips so one does the MixColumn and one does the KeyAdd and so forth. Adding additional chips as Minitor chips (chips that are trusted if exist :)) can be used in the Prison scenario as well to check obsfucated split code executions.

The above assumption is that chips themselves have limited connectivity and resource so to predict trigger functions like cryptographic executions to cause the backdoor trigger to activate, if you randomise and split them, it will be hard for a backdoor to detect software obsfucated algorithms. The assumption also includes no EMSEC attacks although in reality EMSEC attacks are getting more common but the obsfucation technique may also make EMSEC attacks hard to carry out as well.

Maybe @Clive Robinson and @Nick P might chip in on the above. I have also been thinking of suitable functions to tamper protect non-cryptographic trusted chips with Physically Unclonable Functions (PUF) if any of you are familiar with implementing chip PUF functions. This would be useful for wiping Monitor chips under physical attacks.

Wael December 13, 2015 11:23 AM

@ianf,

Net neutrality has its day [..] Mobile phones | Science has spoken: ending a text with a full stop makes you a monster […] the creeps who put a nose in smiley faces [Wael take note 😉

Ok, noted! I also noted the 15 links you posted. I’m not even sure I counted correctly. Too many topics in one post! What are you doing? Dynamite fishing?

Clive Robinson December 13, 2015 11:48 AM

@ Wael,

Too many topics in one post! What are you doing? Dynamite fishing?

Err no I thinnk ianf’s idea is a compressed extract index to the last week of the UK’s Grauniad. A newspaper that was once a weighty tomb but now is just a shadow of it’s former self. Not so much a “feather weight” more the batam the feather came from.

I Guess he gets them all “air freighted” in on Sat morning and spends 24Hours reading them all.

I know this is not an SMS but now for the new obligatory “Socialy Correct” bit to show ianf I’m not a monster 😉

Wael December 13, 2015 11:59 AM

@Clive Robinson, @Andrew,

But that may not be necessary, the last time I checked hardware sold in Russia and China were TPM chip free due to legal requirments in those countries,

The wiki article you linked to is dated! I believe a DuckDuckGo search on this blog will show a few discussions on that subject.

@Thoth, @Clive Robinson, @Nick P,

… even if under certain degree of adverse conditions. @Wael also contributed to the Castle design while @Clive Robinson contributed to the Prison design.

I contributed nothing. I wanted to come up with a more refined methodology for the design of Secure systems. I failed and gave up on discussing the matter in public. I would be interested in discussing the Prison architecture to more details, though.

Clive Robinson December 13, 2015 12:16 PM

@ Wael, ianf, Dirk Praet,

Though I think ianf did miss the real bubbling under story of the week with the Guardian,

http://www.theguardian.com/world/2015/dec/08/david-miranda-in-fresh-challenge-over-heathrow-detention

David Miranda’s slow but steady leagal case against the UK over his very probably illegal detention at Heathrow Airport air side for nine hours. The important bit is from his senior legal representative Matthew Ryder QC,

    The previous court had erred in its decision, Ryder said, because it had misinterpreted the law on proportionality and the detention was incompatible with Miranda’s rights to privacy and freedom of expression under the European convention on human rights.

If the UK courts don’t have the sense to hand down some “naughty naughty” sentance on Therasa May MP and the UK Home Office, this will hit the European Court of Human Rights and in all probability they will blow David Cameron PM and Therasa May MP a career killing “Love Kiss” on the nose of a torpedo with a thousand Kg Torpex load, hopefully at the right time and place to sink HMSS Conservative Party for a goodly while.

Nick P December 13, 2015 1:34 PM

@ Clive Robinson
(@ all)

Interesting article on broadcasts. Let me repay with this great write-up on filesystem issues. It discusses the inconsistencies, measures them per filesystem, shows how to avoid many, and shows many apps you’d think are good about it suck at it. I wonder how many readers with programming background have been going through this much trouble…

creat(/dir/log);
write(/dir/log, “2, 3, [checksum], foo”);
fsync(/dir/log);
fsync(/dir);
pwrite(/dir/orig, 2, “bar”);
fsync(/dir/orig);
unlink(/dir/log);
fsync(/dir);

…to update one file without errors. I didn’t do all that. Probably explains some issues in my prior apps. 😉 It’s why I not only push for clean-slate re-design of filesystems to deal with stuff like this but also commodity knockoffs of things like Stratus and NonStop. And more work in clustered filesystems with cheap nodes as they solve more problems. Using embedded for CFS or Stratus knockoffs can keep the price lower than or around a regular storage server albeit with less performance.

ianf December 13, 2015 2:04 PM

ADMINISTRIVIA @ Wael,
                                         as I stated up front this was culled from items from The Guardian’s DAILY newsletter. Daily as in: it arrives on
        Monday,
        Tuesday,
        Wednesday,
        Thursday,
        Friday,
        Saturday, and
        Sunday
of each week, and in that precise sequential order. I read them, then compile such weekly notices of stuff that I deem of interest to y’all in this forum, WHEN I DO NOT HAVE THE TIME to concentrate on composing proper copy (e.g. today). I have tons of other stuff that I ought to answer first, but, unlike you lot, I have a standard to maintain, and can not simply type away the first thing that comes to my mind, and then post thinking “message delivered—that’ll teach’em!”. So why are you complaining… it’s not like I’ve put a revolver to your head forcing you to become enlightened by following the links (and there were there at least a couple v. engrossing stories).

@ Clive, I read The Guardian because, unlike you, I can not simply go walk the dog and scan the headlines of other dailies at a newsstand (also have no dog to walk). And of all such newsletters (I believe I tried most of them except for the Daily Mail’s one), Grauniad’s is the most accessible on a smartphone. Both via mail, and, occasionally, via automatic background download in the app for later offline perusal. So stop being so bloody geo-snobbish about mail-reading OPTIONS (not choices) of mine.

this is not an SMS but now for the new obligatory “Socialy Correct” bit to show ianf I’m not a monster 😉

It’s a TEXT, so it applies anyway… the bit that Wael OF COURSE missed (alt. he spotted it but then elected not to swallow hook, line and sinker – now I’ve really managed to perplex him, wtf could I be meaning?)

As for David Miranda’s legal challenge story, it wasn’t present in any of past weeks’ newsletters, hence I could not have missed what wasn’t there. But even if I saw it, it’s not sure I’d have regurgitated it, as my news valuation engine isn’t of the same make as yours. Besides, if you thought it of essence, there was nothing preventing you from disseminating it further here or elsewhere.

    As an aside, I find it refreshing to read how you go after Theresa May, and not even because of her transgressions in this and other matters, but because she obviously needs sexing up—with verbal spanking to begin with.

Now, can I go back to not doing what I ought to be doing, rather than keep stilling unwarranted worries of you and your sidekick?

Wael December 13, 2015 3:25 PM

@tyr,

Welcome to the club !!

Thank you Sir! I’m both humbled and honored. I’d also like to take this opportunity to nominate @ianf as a platinum member of this exclusive and prestigious club! Give the great “perplexor” a couple of weeks and he’ll be the chairman of the board. Lol

ianf December 13, 2015 4:39 PM

@ Wael, once I started, of course I have to keep going…

one of the 11. Good video…

One of 43 viewers now. Some facts that can be derived from Google Analytics of it: it received more eyeballs from France, than from the USA (unusual to say the least). Do we have that many largely silent French/wo/men here? I think not, so someone must’ve reposted the link to some local list there. 98% sans referrers is odd, too, like these accesses came all from mail, RSS, or referrer-suppressed browsers. Firefox and MSIE dominate, MSIE still in use by the security conscious? Earlier, there was a “BB10” label among platforms, now apparently folded into “Others”… never seen it before, so what could that be? Also I’m glad nobody in Denmark read it, or else the Greenland land mass on the map would have lit up, just as the 3 or so Canadians, most probably clustered in/near Montreal or Toronto, now dominate the upper part of that Mercator-like map projection.

The depth of Pia Lindström’s and Rod Stewart’s ignorance…

    Who wants to hear celebrities giving opinion on security matters?

You’re missing the point… they didn’t opine on “security matters,” but on Snowden’s alleged treachery. Both are intelligent, well read, widely traveled people, who ought to be capable of own thought, rather than simple parroting the imaginary public’s “patriotic” sentiment ex-FoxNews. The talk show host let it be, because his function is to smooth things over, rather than hold guests to account. By analogy, however, some time ago I took part in a another debate where a regionally(?) famous performing diva was offhandedly asked a question of geopolitical nature, and answered it in the expected stupid but politically correct fashion. Whereupon I turned to her on camera asking whether she even reflected half a sec over the platitudes that she was emitting… “what did you think you were saying, merely repeating words as were that a song text written by someone else?” The host quickly changed the subject (and I’m not going to be invited to that live program anymo). I heard later the diva had a fit in her dressing room, and ladies of indeterminate age that happen to recognize me occasionally scold me for being so nasty to an idiol!

Runa Sandvik… was presented as Norwegian, but maybe her first English teacher was a Canadian? (I still carry certain idioms learned in horizontal jogging state from a Bostonian Linda). She’d need to attend a couple of my Art of Soundbite classes, to better communicate what she’s up to. For instance, she let Rod Stewart pooh-pooh privacy matters far too easily (“he doesn’t have any curtains” anyway). She should have spoken up with real-life examples of how intrusive surveillance accumulates and leads to a Big Brother society… while we are pooh-poohing the dangers.

… what was the chaste—and possibly impotent—Führer’s success with women (Wael take note!)

    What are you insinuating now?

My link to the source wasn’t enough? Let me assure you I wasn’t insinuating ANYTHING about your chastity and/or impotence—of which I know nothing, and wouldn’t like to know either way—but merely giving you a leg up on Der Führer’s apparent success with women. His mesmerizing powers over them even though in many respects he looked pretty much like, I dunno, Sayyid Qutb? (Of course, knowing who were the Mitfords and the Mosleys would have helped to understand the context—but don’t you even try, as there’s a cottage industry devoted to their biographies).

@ Clive, you are competent in so many technical matters, so why would you all of a sudden attempt to lower the median by regurgitating apocryphal anecdotes of the Final Solution? Because what you wrote earlier was wrong on so many levels, that it doesn’t rate a rebuttal. Please, history of the Holocaust is convoluted enough, doesn’t need synthetic embellishments to explain it (besides the Nazi Action T4 forced euthanasia killings of the “feebleminded” and the infirm predated and finished before the Holocaust started “in earnest,” and unlike the latter was actually ordered in writing by Hitler—obviously proud of the ensuing “German racial hygiene”).

@ Wael wishes his sockpuppet were alive

You had a sock puppet that you addressed in plural as were it a Royal We, perhaps even on yer bare knees?

(PS. Nick P. is on the record as Snowden being both a whistleblower AND a traitor).

    [I don’t have time to put that to bed now, but this your “Wael: discussion was about the truthfulness of a statement made by ianf” is dissembling at best. Wasn’t about (my) truthfulness, but about (your) allegation of falsehood, which you then were unable to prove with the many inapplicable examples of something entirely different. But we’ll get to that…]

tyr December 13, 2015 5:11 PM

Here’s a new security threat.

http://ieet.org/index.php/IEET/more/maynard20151201

Gives a nice laymans rundown of the process with
cartoons. May turn out to be a lot of gee-whizz.
Biological systems are a lot harder to push past
the tipping point than they look. Having been a
survivor of multiple catastrophic extinction events
has weeded out the easily exterminated groups.

Ther’s some nice Lovecraftian materials in these
ideas for the amateur mad science type though.

Thoth December 13, 2015 6:16 PM

@Interesting
If you are going to implement a hardware backdoor on AES, are you going to implement it in the key generation or round function ? Which one has a higher probability in allowing your backdoor to get away undetected ?

If you backdoor the round function, anyone using a key in their control using the round function would very easily catch the backdoor in the round function.

If you do the backdoor in the key generation, not only do you have the ability to manipulate the key material, you also get to give an excuse of a glitch or some weak RNG function wo a backdoornin a key generation is more likely to be implemented as it allows you to control the keys and get away with poor randomness and such. The worse culprits are the FIPS 140-2 implementations where implementors use the excuse of the FIPS requirement of not allowing plain key materials of leaving a validated hardware boundary and simply tell the user you can have the rights to generate and use the keys but do not have the rights to learn of or plain export the keys and at that moment a backdoor in the key generation becomes very powerful.

For anyone using hardware encryption, it is advisable to do a key import of a key you randomly generate from crypto libraries or linux urandom this way you have control of your keys and use a keywrap to protect the key via PBKDF function to derive a KEK.

VeraCrypt’s usage of only the round function is a smart choice as the kikely backdoor culprit is in the key generation function.

Dirk Praet December 13, 2015 7:02 PM

@ Clive

If the UK courts don’t have the sense to hand down some “naughty naughty” sentence on Theresa May MP and the UK Home Office, this will hit the European Court of Human Rights

And which is exactly why Cameron & Co. want out of the ECHR, or rather have a UK Court have the last say on any such matters.

@ Thoth

VeraCrypt’s usage of only the round function is a smart choice as the likely backdoor culprit is in the key generation function.

Didn’t know that. That’s another +1 for Mounir Idrassi.

Wael December 13, 2015 7:10 PM

@ianf,

You had a sock puppet that you addressed in plural as were it a Royal We

No, it isn’t the “Royal We”, although he was a “Royal pain” in the butt, and I had to regrettably put him to sleep. But ask and you shall receive. You used the same construct “as were it a royal We”! What kind of twisted sense of humor is this? Wait a second! That’s my kind of humor. It’s becoming clear to me you studied my past comments. Now tell me, who do you work for? 😉

which you then were unable to prove with the many inapplicable examples of something entirely different. But we’ll get to that

Please don’t. You win…

Joe K December 13, 2015 7:50 PM

TLDR: Some old news, a joke, and some sympathy for the French.

What with the ever thickening clouds of BS blowing around, about
how “Trrrism changes everything”, I was remembering good times,
and reading about Qwest and Joseph Nacchio on Wikipedia…

…and nearly fell off my chair when I hit this paragraph:

Former Qwest CEO Joseph Nacchio alleged in appeal documents that the
NSA requested that Qwest participate in its wiretapping program more
than six months before September 11, 2001. Nacchio recalls the meeting
as occurring on February 27, 2001.

For this, there can be only one possible explanation: Clearly, Michael
Hayden, our dedicated [:DEL:]panty-sniffer-in-chief[:DEL:] NSA
director at the time, cared so much about public safety that he
travelled back in time in a desperate bid to change the course
of history!

Did he succeed? We can never know. (But if in fact he failed, we have
only one person to blame: Joseph Nacchio. Clearly.)

BTW, notice the emcee’s stutter, at the end of his introduction,
before Hayden’s speech to the National Press Club (US) in 2006:

http://www.dni.gov/files/documents/Newsroom/Speeches%20and%20Interviews/20060123_speech_content.htm

Today, we have General Michael Hayden, principal deputy director of
National Intelligence with the Office of National Intelligence, who
will talk about the recent controversy surrounding the National
Security Agency’s warrantless monitoring of communications of
suspected al Qaeda terrorists.

General Hayden, who’s been in this position since last April, is
currently the highest ranking military intelligence officer in the
armed services, and he also knows a little something about this
controversy because in his previous life he was NSA director when the
NSA monitoring program began in 2000 — 2001, sorry.

But, yeah. Joking aside, the domestic spying/jackboot-state-thuggery
thing, has got nothing at all to do with [insert preposterous BS
excuse of the moment here].

TPTB just really dig tyranny. (How do you say that in French,
anyways?)

Wael December 13, 2015 8:02 PM

@tyr,

Perhaps 30 years from now you’ll buy your electronics online with a small twist. They’ll be delivered in “electronic format”, then you can print them on your printer and use them 😉 That also means it’ll be relatively easy to design “Secure” microprocessors from scratch and “manufacture” them at home. I think that would make some regulars here happy. The constipated ones… Oh, well… [attention: for your eyes only, @ianf] 🙂

http://spectrum.ieee.org/tech-talk/semiconductors/devices/the-simplest-flexible-printed-transistors

http://blogs.parc.com/blog/2013/11/think-3d-printing-is-cool-how-about-printing-your-own-electronics/

http://3dprint.com/23084/3d-printed-quantum-dot-leds/

http://www.extremetech.com/extreme/106599-first-inkjet-printed-graphene-computer-circuit-is-transparent-flexible

Clive Robinson December 13, 2015 8:15 PM

@ ianf, (Wael – as my original comment was to you).

@ianf,

… so why would you all of a sudden attempt to lower the median by regurgitating apocryphal anecdotes of the Final Solution? Because what you wrote earlier was wrong on so many levels, that it doesn’t rate a rebuttal.

From the Wiki link @ianf linked to about T4,

    Historians estimate that twice the official number of T4 victims might have perished before the end of the war, exceeding 200,000. In addition, technology that was developed under Action T4, particularly the use of lethal gas to commit mass murder, was subsequently taken over by the medical division of the Reich Interior Ministry, along with transfer of personnel who had participated in the development of the technology and later served with Operation Reinhard. This technology, the personnel and the techniques developed to deceive victims were used in the implementation of industrial killings in mobile death vans, and in established extermination camps with gas chambers for mass murder during the Holocaust.

Now it you compare it to my brief foot note,

    One of the first stages to the “final solution” was to get rid of those who had longterm mental disabilities. From what various historians have said and some documents support the method used was to put them in a coach with windows painted to show happy children. The vehical would supposedly be “driven to a tea party or some such”. At some point in the journy the exhaust gas would be pumped into the coach body where the patients would die of monoxide poisoning, and the coach would then go to a sexluded spot where the bodies would be transfered onto other transport to eventualy be disposed of at a crematorium.

You will note that the wiki article says that the killing precedes T4 signing and started as the first steps that went on to be included as the Holocaust. But it also says the policy started under T4 did not stop it went on right through to the end of the war (a point ianf apparently disagrees with). I did not call it T4 or time limited it to the T4 times I simply called it ‘”one of the first stages to the “final solution”‘. Which the Wiki article @ianf points to indicates quite clearly as well.

As a general note there is a problem of naming what went on in Germany, German occupied europe and other areas under direct and indirect German influence, with the removal of people for political ends and having them killed. It started long prior to T4 and carried on right to the end of the war and was not limited to German citizens or people of Jewish ancestry. The use of “final solution” which all the killings have been lumped under by some historians has been taken by others to mean only those of Jewish ancestry. I can not help what some historians and deniers of the other deaths say, but I see no reason why I should be forced to ignore the other killings. The fact they happened should not be forgoton, something that @ianf appears so keen to do by his “Holocaust PC”. The danger of that behaviour is it turns Hittler into “just” a “Jew Hating Monster” which he was not, the hate he had was wider and he was a human like any other, who used the tools he had available to carry out what he wanted to do. If we stick to the “Holocaust PC” line we fail to remember the real bureaucratic evil of the regime which can be seen to be starting again in many parts of the globe.

I therefore suggest @ianf that you realy stop this silly “vendetta crusade” you are on, you have several times made claims you have not supported or are contradicted by other sources especialy primary sources, it diminishes everything else you say by rather more than you realise. Why do you insist at tilting at windmills?

Clive Robinson December 13, 2015 8:48 PM

@ tyr,

If the maker types can print their own processors
we might see the bottleneck of single CPU and OS
go down the toilet.

Sadly it won’t work that way.

Firstly the “maker types” are probably not going to “roll their own” CPUs but use Standard Macro CPUs. And the designers of those Standard Macros will keep the proprietary and copyright protected in some way.

After all outside of a few quirky one man “rack mount” projects how many Maker Projects do you see using 8bit processors let alone home built 8bit processors.

We have already seen the FEDs get upset and take action on 3D printer designs for hand guns. How long do you think it would take for them to try to ban “wild CPU macros” via a whole host of techniques including but not limited to “breaching of an EULA”, faux “Patent, Copyright, trademark or DMCA litigation”, faux “exporting of Wasner limited technology”, etc etc etc…

Then there is the “orian constellation yellow spots” issue. That is where the designers of scanners and printers act upon in some way a kind of tag used to prevent forgery of bank notes and other securities or confidential documents.

Whilst the list is not endless there are whole teams of overpaid underemployed legal types just waiting to shuffl and align existing legislation, so you become a notch on their CV…

It’s the new corporate way of life, “Don’t be competative, be legaly agressive!” and why manufacturing is heading to other corners of the globe and taking skilled jobs with it. Just look at it as being “Patent Trolls raised to the power of the DoJ” as a starting point, from which it will only get worse.

spng December 13, 2015 9:26 PM

@Jacob, interesting that kill your TV is on that list. i2p is the killer app for privacy and information freedom, and till now the only signs of state interference were some bots. No demonization, no cyber attacks. Illegal CNE attacks on the developers are what you would expect when a program has passed beyond the proof-of-concept stage to become a useful tool. i2p is technological tradecraft that’s useless if only spies use it. Now that you can torrent over i2p every Tom Dick and Harry is on it. It’s a big noisy crowd to hide in. Naturally NSA feels impelled to wreck it. Even though this is how the internet should have been designed in the first place: inherently resilient, without bottlenecks for sabotage or spying.

Greg December 13, 2015 9:35 PM

Wael: “Let’s say there is no post game consequences.”

if there are no post game consequences, then you should always choose to betray. In the Interlocked Marble Race, you should always choose the 10/30 option versus the 0/20 option.

If there ARE post game consequences, then that changes the weight of the table, and its a different game.

“If opponents know nothing about one another, then it’s just a guess or a gamble and there is no “dilemma”.”

THe dilemma in the prisoner’s dilemma is that 2 selfish people trying to get the best outcome for themselves will end up getting the second worst outcome. In the Interlocked Marble Race, the prizes are 0, 10, 20, and 30. If 2 purely selfish people are trying to get the best, selfish outcome for themselves, they end up with the second worst prize, $10.

The dilemma is that selfishness doesn’t always produce the best outcome for either player.

And if you know nothing about the other player, it is absolutely NOT a guess. You can choose either the $10/$30 prize option or you can choose the $0/$20 prize option. And if you want to maximize your prize, you’ll choose the $10/$30 option.

No one will look at that and choose $0/$20 with the maximum prize being their goal.

When people see the prisoner’s dilemma and choose to remain silent its because they don’t look at it from an economic decision process of what is in their best personal interest, they look at it as a moral decision making process. Or they look at it from the point of view that “betraying” the other person is bad. Or some other approach. Or they’re bad at math.

If you’re looking to maximize your prize, and the choices are $10/$30 or $0/$20, then you have to choose $10/$30.

Thoth December 13, 2015 9:38 PM

@tyr, @Clive Robinson
Not to forget chips and Information Security systems can easily be classified as Controlled Items and Strategic Goods and I am wondering how far would a ban on 3D printing and related activities. Recent Wassenar Arrangement have made steps to clam down on the security field. It won’t take long for the Warhawks to step in and ensure they get what they want.

Clive Robinson December 13, 2015 10:11 PM

@ Wael,

I wanted to come up with a more refined methodology for the design of Secure systems.

A very laudable objective.

I failed and gave up on discussing the matter in public.

I don’t think you did fail, I think you got distracted by taking a to focused view in niche areas without first getting a good 20,000ft perspective on the issue, it’s aims and objectives.

I would be interested in discussing the Prison architecture to more details, though.

I’m happy to oblige, but first get a comfy seat with plenty of leg room the journy is going to be a long one.

The first thing to understand is what I tend to call “The extended ISO OSI computing stack” or just the computing stack or stack, where it’s sort of clear what I’m talking about. By the way I’m by no means the first to extend the original OSI “Seven layer Stack”, and I doubt I’ll be the last 😉

Usualy you see the stack extended upwards,through layers 8 / 9 / 10 / 11 for users / managment / legislation / politics etc. There is no formal agreement on the number of extra layers or their meanings, but “layer 8” is often a euphemism for managment and above, in “water cooler chat”.

Few however go the other way, and just assume everything is “lumped in the physical layer”, which whilst a simple abstraction from a software / API level view is actually quite a bad idea.

As with water columns champagne flutes and hot water, things “bubble up” from the lowest layers and cause major disturbance at many layers above. Thus the human eye drawn to the major movment at the higher level often fails to see the real cause of the problem, way way down.

When attacking anything there are three basic ways to go, from the same level as your target, from above your target and from below. Historically that’s the way they’ve tended to happen as well. That is from early pre-man fisticuffs through early tribalism, and hunting man did not have the tools to do anything other than attack his target on the same level. With the advent of not just tools but directed energy and force multipliers first sticks then spears arrows rocks and boulders could be brought down on a targets head or back. Man also learnt how to make fortifications of various kinds. It was the advent of walled fortifications that negated the limits of the then availavle directed energy and force multipliers that mankind started undermining such fortifications by digging beneath them and attacking upwards. It is upwards attacks that are the real danger to static systems for many reasons and computers are no real exception to this rule.

The trick to defending against upwards or “bubbling up” attacks in fixed defenses is either have an impervious set of foundations or to detect and divert or dissipate such attacks.

The problem points for computers is the notions of “impervious” and “detect” it can be shown that a single instance of a Turing machine can be neither impervious to attack nor can it reliably detect an attack. So on the face of it “game over” a clever attacker will always win and the single instance of the Turing machine will be subverted.

Whilst that is probably true for a single Turing machine, it’s not true for certain types of state machine or for multiple instances of Turing machines. That is one Turing machine can watch another Turing machine to detect anomalies, the only thing you have to ensure is that both machines can not be attacked successfully simultaniously.

Which brings up the question of the types of attacker. Within reason for an attacker to succeed they have to have been an “insider” at some point or use an attack a previous insider has left behind.

The quick answer to why this is, is if you have two or more suitably arranged Turing engines watching for anomalies the only way they can reliably be attacked simultaneously is when they are either off or the alarms they generate are ignored, and on a properly setup system that can only be done by someone who has insider access.

I hope that gives you a starting point to think on and ask questions to gain clarity if required.

Wael December 13, 2015 11:52 PM

@Clive Robinson,

I’m happy to oblige

Sweet!

I hope that gives you a starting point to think on and ask questions to gain clarity if required.

Few 20k foot questions:

1- Can one Turing machine simulate two Turing machines? If that’s true, then I would think two Turing machines will not be any more secure than a single machine.
2- How can one Turing Machine detect an anomaly in another machine?
3- What would an anomaly look like?

One way I see is that two machines running instructions in parallel, and if he output differs then that’s an anomaly. Is there other ways to detect an anomaly in a two-machine formation?

Wael December 14, 2015 12:10 AM

@Greg,

The prisoners dilemma describes why two completely “rational” individuals might not cooperate…

If the sample space where you randomly choose players from isn’t composed of completely rational players, then you are playing a different game. Right?

Nick P December 14, 2015 12:20 AM

@ Wael

Interesting to see comments on Prisoner’s Dilemma as I was rewatching this round of Golden Balls. The other Nick is still my favorite as the others I saw coming. 😉

Wael December 14, 2015 12:44 AM

@Nick P,

Where have you been hiding man? “They” are eating me alive here!

Oh well, I think @Greg got me on a technicality (shh) regarding the “guess”, but I’m trying to wiggle out of it – step by step, and sweating bullets in the process 🙂

I remember reading some of the comments on that thread. I mainly read the “Ibrahim” vs. “Abraham” discussion… Kinda entertaining, I’ll probably revisit it.

The other Nick is still my favorite…

You don’t say! 😉

Gerard van Vooren December 14, 2015 2:43 AM

@ Clive Robinson,

(let’s use blockquote again)

Firstly the “maker types” are probably not going to “roll their own” CPUs but use Standard Macro CPUs. And the designers of those Standard Macros will keep the proprietary and copyright protected in some way.

I am not sure about that, considering the OpenRISC architecture with the RISC-V ISA. People (esp rich ones) don’t like to pay license fees. Besides that, it’s time that after ~40 years, the ISA becomes a commodity. Let’s just wait and see how this turns out.

I don’t know whether it’s said that with printing things it’s much easier to both scale up and down (but it is!). Just look at solar cells. Today you still need a machine park costing roughly a couple of million USD to produce these cells an mass and these cells are still very fragile silicon wafers. There are also printing technologies for printing on plastic sheet but these “wafers” have a much lower efficiency, around ~6% compared to ~20% for multi-crystal silicon (the common ugly blue ones). But the printing technology in this area has been improved and the efficiency is in the near future roughly comparable to the 20% of the silicon wafers but this time with a machine park that has a quarter of the size and that costs tens of thousands USD. This is no science fiction anymore.

That said, printing solar cells is not comparable with printing computer chips. The graph they showed, I don’t know. When you consider the amount of technology inside a wafer stepper, it’s massive. The non-EUV wafer steppers have roughly a price tag of 20M Euro and the EUV ones 70M. The latter are being used for (out of my head) smaller than 14 nm tracks. I don’t see printing go anywhere even near that field, but maybe it’s also not necessary. Todays desktop and laptop CPUs are most of the time idle anyway.

tyr December 14, 2015 3:00 AM

The 3D printing of guns was a classic example of
overkill by propaganda media. You can buy a lathe
and make a lot better guns in your garage without
the hassle of the 3D printer learning curve or its
cost factor.

If you drop electronics into easily printed plastics
instead of a typical fab lab setup it is a real
game changer. If they haven’t figured out how to on
firearms after 850 years I doubt the abilities of
the legal types to suddenly suppress printed comp
in time to be meaningful.

I’m a neophile so the idea of a desktop fab setup
for the average teenager appeals to the William
Gibson fan in me, “The street finds its own use
for things.”. Most Maker stuff is done by those
who aren’t deeply into computers except as tools
but this tech might draw some of those into the
Maker circles.

Im also skeptical (hate to use that phrase here)
about the ability of society to immediately clamp
down on everything when 99% of all the scientists
who ever lived are alive right now and working
away on odd stuff.

Clive Robinson December 14, 2015 3:33 AM

Im also skeptical (hate to use that phrase here) about the ability of society to immediately clamp down on everything when 99% of all the scientists who ever lived are alive right now and working away on odd stuff.

It’s not those that wish to ban things that worry me to much, they have only their “righteous pomposity” to offer their followers. No it’s the “rent seekers” that worry me they have wages and riches and the great American dream to offer in the modern “land grab”. In the US in particular of late we are seeing many legal entities trying to blackmail people with very questionable court cases. It’s got so bad even Judges are making comment “out of office” on it.

@ Gerard van Vooren,

Let’s just wait and see how this turns out.

I’m guessing it will twist turn and leave an unpleasent mess just like the Hagfish does 😉

As for solar cells, in the UK buying them is expensive, and there are a lot of con artists out there giving a lot of misleading information about “payback times” and even putting them up on the wrong northwards facing roofs…

Hopefully the market will sort it’s self out because it’s ridiculous currently.

But what I want for Xmas is new battery technology to store and release the energy efficiently, without using rare earth or other materials that just won’t scale (NiFe cells nasty and brutish as they are appear the only scalable technology with any maturity currently).

Clive Robinson December 14, 2015 4:12 AM

@ Wael,

1- Can one Turing machine simulate two Turing machines? If that’s true, then I would think two Turing machines will not be any more secure than a single machine.

The answer to the first part is yes one physical Turing machine can simulate two or more virtual engines depending on resources.

The second part is slightly harder to answer. If you have two identical machines in the same time refrence fed identical input then to an external observer they will behave identically. However two identical machines fed different input or non identicle machines fed the same inpit will behave differently. The security trick is how to get leverage from the differences, which was what I was going to come onto with “Greek Tales of Rhymes of life and death”.

2- How can one Turing Machine detect an anomaly in another machine?
3- What would an anomaly look like?

It does not have to be a Turing machine that does the detecting of an anomaly it could be just a simple State Machine, or Logic Ladder. You are looking to generate two or more signals from the same external input, if it changes one of the Turing machines in some way then you can detect the difference at the output of the Turing engines. However only having two engines gives issues.

Lets use a simple idea, you have a chain of serial data that you need to change in some way let’s say the parity or lower case charecters to upper case etc. You take the serial input and split it into two streams one of which you invert. Thus you have two different mapping functions in your two Turing engines one to deal with the normal stream one to deal with the inverse. They both however put out the modified data in the non inverse form. You simply compare the two output streams, and appart from a little high frequency edge noise they should be the same. If however the attacker has previously hidden a backdoor in one of the machines then when triggered the output behaviour of the triggered machine will be noticeably different. Even if the attacker has backdoors in both machines, because you split and invert the data prior to the two machines the attacker can only trigger one machine at a time. Thus for a short window you will have a noticable difference befor the second machine is triggered. Providing you detect this correctly then the attack gets defeated.

There are other tricks you can do but they all work on you having control of the input data and some how modifing it beyond the attackers ability to determin and make corrective control. Thus the advantage in the game moves from the attacker to the defender.

Winter December 14, 2015 6:36 AM

@Wael
“1- Can one Turing machine simulate two Turing machines? If that’s true, then I would think two Turing machines will not be any more secure than a single machine.”

The point here is that the “second” Turing machine is isolated from the first. That is, you cannot attack them both at the same time.

If you run them both on the same master Turing machine, that master will be a common attack vector and both machines are not isolated from each other. Isolation is easier if you can run both Turing machines on separated (air gapped?) physical hardware.

John Galt IV December 14, 2015 7:01 AM

@Clive and Wael

Thanks for the high-level discourse on secure systems. I’ve been meaning to post my powerline filter concept and bill of materials. It’s not rocket science. I really like the idea of a trusted supervisor of other systems. With the appropriate isolation (one local term of art is data diode), it can stay secure and verify the security of the internet-connected system. As noted previously, my threat model is theft of intellectual property via either mass surveillance or directed survelliance. It is clear to me that terrorist action plans are a form of intellectual property, but my intellectual property activities are very benign.

In the past few days, I worked out another concept along the lines of the audio beamforming I described previously for a group cell phones. Any group of cell phones and/or WiFi routers can be repurposed to do a TEMPEST-style attack on any arbitrary computer within range (tens to hundreds of meters). The exploit uses RF beamforming to remotely observe the emissions from the monitor/computer system via a group of reprogrammed receivers. The requirements are that the software defined radios (e.g., in cell phones and WiFi points) can be reprogrammed and synchronized (e.g., via the GPS clock and latency). It would be helpful to know the relative locations of the repurposed receivers, but that falls out of the syncrhonizations. The emissions to be observed have to fall into the useful bandwidth of the receivers.

@ianf

Sorry about the slow reply as to how I figured out that the spook rat bastards reflashed something important (BIOS/hard drive microcontroller/etc) on two machines. They were substantially identical flavors of Dell laptop with COTS windows installs (Win 7). One was routinely connected to the internet, so any scheduled updates were done. The other was never connected to the internet as a Windows machine, so it couldn’t know about any Windows updates, but had been booted into Windows a handful of times previous to the incident. Both were run with TOR 1.4 connected to the internet at the same time. The next time that they were booted into Windows, they both did a mysterious reboot at an unusual point, apparently to install some persistent threat. I’ve never seen that behavior before or since and it made the hair on the back of my neck stand up.

I’m not surprised, in that the Warhawks are diligently pursuing full-spectrum dominance against everyone. More recently they reflashed my cable modem, which is less than a year old. I could tell because performance was degraded, but I don’t know who did it. I’m about to find out how to download the firmware image. That’s why I’d like to see more discussion of how fix and lock down firmware images in things like BIOS, modems, UEFI and hard drive microcontrollers. They are a major vulnerability for commercial hardware.

Gerard van Vooren December 14, 2015 8:51 AM

I’m guessing it will twist turn and leave an unpleasent mess just like the Hagfish does 😉

Luckily today we have x86, a proven and well known platform (that is considered harmful). I don’t know what your objections are but I think RISC-V could be an architecture that is worth investigating.

As for solar cells, in the UK buying them is expensive, and there are a lot of con artists out there giving a lot of misleading information about “payback times” and even putting them up on the wrong northwards facing roofs…

The interesting part of printing the solar cell is that these cells can integrate seamlessly into existing roofs. They could print onto tiles or shingles. The ugly and non-fitting solar panels are then a thing of the past. I think that solar panels, the way they are made and applied today, is too ad hoc to have a long lasting future. Printing makes sense.

Clive Robinson December 14, 2015 10:04 AM

@ Gerard van Vooren,

I don’t know what your objections are but I think RISC-V could be an architecture that is worth investigating.

I don’t have any objections to it as I don’t know enough about it to have any…

And that’s the problem it’s not as well known as the dred IAx86 or ARM or MIPS or PIC or Adurino etc.

It’s not the quality of the platform that counts, it’s what the platform has available that’s easy to get into, and what the designer thinks other makers etc are going to use.

I Might point out that the platform that -only- appears to be getting the headway is the Broadcom SoC including ARM cores used on Raspberry Pi using Python…

And it’s the perception of “what’s hot” that gets the market.

If it was fully open source I would be looking at a particuler IBM multi (Cell) CPU chip…. But that’s for personal reasons. It’s turned up incognito in many places including MS and Sony supported platforms, and the odd top end super computer or three…

Many don’t realise it but just as we slid into OOP we are sliding on again into EOP which has a good chance of being the paradigm that is most likely to best exploit the hardware parallel future, as we are realy getting past the point of single core and imperative languages.

Sadly as has often been noted “you can neither buck the market or predict the long term trend”.

So… I might be right I might be wrong but… Things move fast and often illogical ways, so place your bets and hold onto your hat. Because the journy is going to be fast and as furious as embittered marketing departments on fat bonuses can make it.

Wael December 14, 2015 10:16 AM

@ianf,

as he’s already been there done that—and worse

That was funny. I got a good laugh out of it. I’ll remember that, though.

Henry December 14, 2015 10:25 AM

@ Greg, Wael

“”If opponents know nothing about one another, then it’s just a guess or a gamble and there is no “dilemma”.””

Prisoner’s dilemma falls under the assumption that two prisoners are the only known factors, where the “authority” or “deal broker” should be a third, and possible others in the chain. Distrust should be assumed among all parties. Thus the outcome can vary.

Henry December 14, 2015 10:45 AM

@ Greg

“In the IMR, you make your selection, you collect your prize, and then you walk away with zero worries about secondary repurcussions, because there arent any in the narrative.”
“The problem with people trying to understand the Prisoner’s Dillemma is that the narrative creates a story backdrop that many people read into and intuitively add to the payoff matrix and then that reader is actually playing a different game.”

You just about answered ours, and yours. The Dilemma is presented as a matrix, or narrative, with limiteds and choices with or without complexity, preferably as simpleton as possible so as if we were to pigeonhole. The catch to a well-formed “game” is starting off with a set of off-limits, which in the prisoner’s case is the authority’s integrity, that can not be questioned. As in the case of the good cop vs bad cop, the goodness of the good cop cannot be questioned nor shaken, otherwise the game shake out. Its in studying of how to play a game, that one learns how to create one, and vice versa, so you either play the matrix or be played.

Nick P December 14, 2015 11:34 AM

@ Wael

Been bogged down by the same troubles as before on top of holidays, which swamps my industry with work. More work and stress but not more pay. Capitalists tell me it’s a great deal. 😉 Slowly slogging my way out of it. Far as the question, I couldn’t tell what you were asking me about aside from random comments at the top from other people, esp ianf…

“both American citizens/ residents, who elected to show their stupidity and ignorance by jumping onto the Snowden equals traitor bandwagon (Nick P. here who also thinks that Ed partly is one, might care to listen to these two emo outbursts”

…who was doing the trolling thing again. I haven’t responded to any of ianf’s threads here because I agree with Gerard that they’re largely a distraction away from important issues. I’ve seen improvement from the prior signal-to-noise ratio that was 99+% noise but still mostly noise. I recall Bruce starting some key threads w.r.t. the surveillance state that were totally drowned out by his comments which contained random statements and scores of hyperlinks. Literally 50% of the Last 100 was him to point I couldn’t follow it without links to each individual thread & lots of scrolling. Need I remind you that both spamming and dropping red herrings everywhere are common tactics by trolls aiming to disrupt blog discussions, including GHCQ? I’m leaning toward Internet troll, given lack of sophistication. But I stopped replying to him and the other trolls.

Now, far as whatever topic, you can feel free to ask me here. Seems there’s half a dozen in discussion right now. Just need to know which specific one and context. 🙂

Btw, this…

“Can one Turing machine simulate two Turing machines? If that’s true, then I would think two Turing machines will not be any more secure than a single machine.”

…was called VM/370 in industry form and KVM/370 in more secure form. Fortunately, we’ve come a long ways in both fronts since then. 😉

@ Gerard

re RISC-V vs the world

The main objection is the ecosystem. I don’t have the link onhand but ARM themselves made this objection. If you choose ARM, you get any number of proven SOC’s with good metrics, many good compilers, development/debugging environments, whole software optimized for it, and several OS’s/RTOS’s. If you choose RISC-V, you get some prototyped stuff plus whatever code is ported already and high cost of custom HW. Outside ideology & low legal risk, there’s literally no advantage to RISC-V.

You might say, “But ARM charges $1-15 million for ISA licenses with lawsuits aimed at open implementations. Surely RISC-V has cost savings.” See, there’s the thing. MIPS licenses are $700,000-$900,000 with similar ecosystem benefits to ARM. So, that’s the next logical choice. Those doing full-custom work, not wanting a license, and wanting some ecosystem can go with SPARC. It has licensable implementations and SOC IP plus custom stuff only needs $99 fee. Overall, it means MIPS or SPARC are the best interim choice.

I encourage academics and OSS developers to continue improving RISC-V implementations, toolchain, and OS support. It eventually will get close to SPARC or MIPS in terms of supporting portable, popular software. Performance will also increase. At that point, it can be integrated with key I.P. (eg I/O) into a chip to run workloads in real systems. All this will still cost a ton of money, though, given integrator will have to license that I.P. instead of develop it themselves. That’s true even if we’re talking about microcontrollers since they have to support tons of configurations and it gets harder to do that at higher nodes.

Gerard van Vooren December 14, 2015 1:02 PM

@ Nick P, Clive,

The only thing I can say is that RISC-V is brand new. I haven’t seen a mass produced wafer with it yet but it’s still promising. All the other ISA’s have a history, so they have a life cycle status beyond Rising Star. X86 and ARM are clearly in the Cash Cow phase and the others are probably in the Dog phase. That’s why I said let’s wait and see. Things are going very fast so if RISC-V is not in production within one or two years I don’t think it’s getting there but if it does, then it could be a game changer, and this time for the good.

Gerard van Vooren December 14, 2015 2:12 PM

The OpenBSD guys worked on Pledge, a new mitigation mechanism. Here is the presentation. Pledge is pretty simple, straightforward and can be implemented with a couple of LOC. Pledge itself is ~1400 LOC. Theo de Raadt has implemented Pledge already in a lot of the OpenBSD standard tool set and many other developers are implementing it in theirs. With Pledge you limit the system calls of your application and that’s why Pledge is mostly set before initialization and before the main program loop, this time more restricted. All the questions that I had have been answered in the presentation.

Wael December 14, 2015 2:18 PM

@Nick P,

Now, far as whatever topic, you can feel free to ask me here

Would you object if my sockpuppet came back from the dead?

Dirk Praet December 14, 2015 2:53 PM

@ Nick P, @ Clive, @ Wael, @ Gerard Van Vooren, @ Thoth, @ Anura

I’ve seen improvement from the prior signal-to-noise ratio that was 99+% noise but still mostly noise.

Talking of which: has anyone already taken a look at Vuvuzela, a new MIT PoC for a Tor/Dissent competitor that hides messages in lots of noise and adds the necessary latency?

Nick P December 14, 2015 3:01 PM

@ Gerard

re RISC-V

Good points. The other thing I like about RISC-V is that it was a scientifically designed ISA where they thought hard and experimented about the right tradeoffs. It also benefited from the lessons learned from other products in the marketplace. The combination of a good start with many academics building RISC-V compatible, innovative stuff makes it more promising than most others I’ve seen. Plus, it’s close enough (IIRC) to ARM and MIPS that source-to-source or binary translation should be able to port much of ecosystem from those to it once it hits commercial sector. Not saying that’s easy but it’s been done many times in the past.

re Pledge

Sounds like their old syscall-restriction scheme that they ditched. Basically, an ACL for syscalls for programs. This is an old idea that makes for a straight-forward, last-line defence. The problem is that it’s far from good enough. The key apps often have access to the system calls they need to do the most damage. The damage gets done by flaws on either side of that call or a series of calls. The amount of bypasses and “doesn’t help scenarios” make this a little-researched topic in CompSci where they think it’s not good enough. I still like having syscall reduction in for POLA purposes but the consensus so far is that kind of mechanism is weak. For instance, SELinux, SMACK, or RSBAC can be configured at a more fine-grained level to do this and a whole lot more that reduces real attacks.

@ Wael

“Would you object if my sockpuppet came back from the dead?”

That’s what I mean: I don’t know what your sockpuppet is or what I’d object to. I have a few guesses but it would be easier if you told me the topic so I was sure.

@ Dirk

“Talking of which: has anyone already taken a look at Vuvuzela, a new MIT PoC for a Tor/Dissent competitor that hides messages in lots of noise and adds the necessary latency? ”

What a tie-in to that statement lol. I haven’t seen it. Thanks for the link. Will have to add it to Hornet in my list of anonymity stuff to eventually look at. I prioritize them lower in my reading list because Tor showed me trusting them is damn-near hopeless even with the best minds on the topic. It’s such an open-ended area that I just go with public wifi’s and/or Tor on LiveCD’s on secondary PC’s for anonymous stuff. Even then, I assume someone is connecting dots.

Wael December 14, 2015 3:51 PM

@Dirk Praet,

has anyone already taken a look at Vuvuzela

Haven’t seen it. Thanks for the link. Will get back to you later, seems easy to understand. I had a similar idea (of course) in the past with a different application (key logger resistance.)

Wael December 14, 2015 4:01 PM

@Nick P,

if you told me the topic so I was sure.

Was presented to Indiana Jones for desert 😉 If you don’t remember or don’t answer, then I’ll take that as an okay.

Wael December 14, 2015 4:14 PM

Interesting… Just got IM’d on LinkedIn. Seems they added a new chat functionality 🙂 How much metadata is there?

Nick P December 14, 2015 4:46 PM

@ Wael

My first guess was CvP discussion with recent reference suggesting the outcome is the Holy Grail of INFOSEC development for you. Reason being I know you’re resurrecting the topic a bit. Then I just remembered the third one where monkey brains were for dessert. So, now I have no idea outside pouncing on INFOSEC or posters displaying similar brains lol.

You’re free to discuss whatever you want. I’m just participating only on parts most applicable to the real-world. An example might be how to specify security properties, model HW/SW functionality, and see if those properties hold. Lets one have a framework as you desire for development or verification of INFOSEC. Actually got a few more in that area using ASM’s and B-method. Or using informal attempts to model various parts of the INFOSEC problem.

But, how the trusted insiders map to my Castle that imprison’s programs vs Clive’s prison architecture fabbed via a castle with some workers dodging prison sentences? My mind can only stretch abstract metaphors so far. Had to focus closer to designs and problems themselves. 😉

@ Clive, Wael, all

I just saw on Hacker News yet another claim, in relation to SW quality, that our science sucks or isn’t applicable. I took another round at summarizing key techniques that had empirical evidence in papers I read that they improve quality in some way. Each describes the technique, what it does, and sometimes examples of why it worked. Then, the usual call to arms to use science instead of pretending it doesn’t exist. Trying to avoid Big Methodology or anything that would scare mainstreamers away entirely in this one. Any objections to any technique or category really on the list?

Post here.

Nick P December 14, 2015 6:49 PM

re DIY computers and compilers

Interesting account by Nick Gammon of what went into creating G-Pascal: a 16k Pascal implementation written in assembly for Apple 2 and later Commodore64. I knew it was going to be good when he starts out with a hand-soldered computer and the method he used to enter the hex codes. Just got more interesting. This guy is something else.

Too bad he isn’t working in the demoscene or on tooling for clean-slate CPU’s. I have a feeling he’d kick some ass.

Meanwhile, a mere mortal documents the experience of writing a self-hosting C compiler in 40 days. Note that this was his 2nd time doing it. Might be harder for first-timers. 😉 However, it has value for those wanting a C compiler they can understand because the Github has its history and links to other works in that area.

ianf December 14, 2015 7:35 PM

@ Wael […] “Perhaps 30 years from now […] it’ll be relatively easy to design “Secure” microprocessors from scratch and “manufacture” them at home. I think that would make some regulars here happy. The constipated ones… Oh, well… [attention: for your eyes only, @ianf]

Actually, ever since I’ve seen a proposal for a Tyvek/paper-substrate whole printed mobile phone (i.e. way before 3D-printing), designed to be folded and glued together with silicone (hence flexible even then), I’ve been waiting for one such. At that time, perhaps 12 years ago, mobile calls were still v. expensive, and this was meant to be a branded trade-fair swag item, free to the user, and paid for by automagick audio advertisements injected into the conversations at certain intervals [“…and now this from your benefactor“]. Nothing came out of it, I suppose because mobile use took off like a rocket, the calls got cheaper, and there was no longer a case for ad-supported throwaway mobile without display or keyboard [as I recall a speed-dial number of contacts could be entered and programmed in via voicemail, and the handset “picked up” and “hanged up” by squeezing it in specific fashions]. Too bad it never materialized though.

So, thanks again for these links, for the mo am tech constipated no mo.

flexible printed transistors

3D printed electronics

3D printed dot LEDs

3D printed graphene flexible pcb.

ianf December 14, 2015 7:39 PM

@ Jacob

As you know, FB, Google and Twitter have installed sensors to inform users whan a state-sponsored attack on their account is detected.

Actually, I didn’t know. Where was it announced/ written up in any depth? How would that warning manifest itself in case of Gmail, or is “Google” here synonymous with Google+?

The algorithms used are confidential.

I bet, or else the attack patterns would be changing to avoid detection by repetition far more often than they do now.

Most revealing is a list of users under recent attacks, as published by Twitter. Names include Crypro and EFF activists.

Runa Sandvic?? Public Enemy?? WTF.

    This Runa Sandvik?

    If she’s working on TOR, then acc. to NSA’s logic-defying logick of course she can but be the enemy. (Can’t see the list until day after tomorrow, because Twitter says “Sorry, that page is not supported on mobile at this time.

    Please use a supported desktop browser and open this page on twitter.com.”). How many names/ accounts on it – thousands?

p.s. this post contains 5 hyperlinks to sources, none of them “random statements” despite Nick P.’s vacuously omnidirectional insinuations.

ianf December 14, 2015 7:44 PM

Me to Clive, repeated by him:

… so why would you all of a sudden attempt to lower the median by regurgitating apocryphal anecdotes of the Final Solution? Because what you wrote earlier was wrong on so many levels, that it doesn’t rate a rebuttal.

I stand by my statement no matter how many times you quote it. Where “the Final Solution” and Holocaust are concerned you are but a dilettante, just as I’d be if I spoke up in decisive terms on circuit design, etc. That you then insinuate some “Holocaust-PC” on my part, a classic denier tactic, doesn’t make things better. Trust me, you don’t want to go there.

[…] I therefore suggest that you realy stop this silly “vendetta crusade” you are on

?WHAT? “vendetta crusade?” Against whom or what exactly? What grave transgressions (of… decor?) have transpired here that would have necessitated some “vendettas.” Or are you shooting across the bow in a misguided attempt to stave off my coming (half-written) criticism of your, and fellow Wesley Parish’s apparent “Israel-dislike”? Perhaps you’d prefer me to post half-finished, easy to rebut things, only that’s not my method.

[…] you have several times made claims you have not supported or are contradicted by other sources especialy primary sources

Thank you for that litany of unattributed, undocumented, loose accusations, which speaks more of you than of myself (your own posts being, as we all know, fully cross-referenced, really paragons of bibliographical virtue). Couple of hours ago Nick P. accused me (possibly me—can’t be sure) of posting “random statements and scores of hyperlinks;” and now you directly contradict him. Perhaps if the two of you could first have a pow-wow, agree on some unified line of attack, I wouldn’t have to repeat myself.

[…] it diminishes everything else you say by rather more than you realise. Why do you insist at tilting at windmills?

Another unsubstantiated opinion, which you seem to have convinced yourself to be a unassailable truth. I liked the Don Quijote reference though, given that I’ve used it, and windmills, here quite recently (imitation being the sincerest form of flattery).

moo December 14, 2015 9:39 PM

This is totally awesome:
http://phys.org/news/2015-12-experts-gait-pattern-russian.html

“Experts have discovered a new gait pattern among several well-known top Russian officials, including President Vladimir Putin and Prime Minister Dmitry Medvedev. The authors term this “gunslinger’s gait” because it may be triggered by KGB or other forms of weaponry training.

The gait features a consistently reduced right-sided arm swing, highlighted in rich and compelling video material that accompanies the paper…”

Wael December 14, 2015 9:45 PM

@ianf,

minor point to your grand rebuttal:

I don’t see it as a rebuttal! We’re just sharing information…

for the mo am tech constipated no mo.

Cute! I like it.

Figureitout December 15, 2015 1:37 AM

Wael
Just got IM’d on LinkedIn
–Get a new job? Metadata probably around the same amount as facebook. Probably some boring insecure chat app lol; any crypto in it at least? I have to unleash the floodgates to get the site to load properly.

Nick P
RE: G-Pascal
–Neat but, besides specific applications on M68k, Apple II, or Commodore, can it be applied to other things? He called a big program “200 lines”. Calling basic libraries these days kills this size instantly. How flexible is it (ie: compile on different chips)? These are metrics that are important to me. Apparently he’s working w/ Arduino a bunch now…

–Seen the -2000 line of code article on HN? Lol, this was one of my projects, to modify an existing product, and I was proud to reduce the code by ~3000 lines, keep main functionality, and really clean it up. Still some quirks, and I didn’t get the main feature myself but revised version is much more extendable.

Either do that or spend way more resources on a fresh start, pulling people off other money-making projects. And it’s really different skills being able to hack something up quickly that works, and being able to carefully review and fix that code to be more robust or quicker to read and fix bugs for future programmers.

http://www.folklore.org/StoryView.py?story=Negative_2000_Lines_Of_Code.txt

https://news.ycombinator.com/item?id=10734815

And Rui Ueyama’s journal on 8cc was really good, read it today when I should’ve been studying. Noted he (she?) wanted to use Yacc for next compiler. These are the kinds of projects I may use instead of making my own compiler since I just want one that is barebones but builds across major chip vendors (PIC and AVR for now, Freescale, TI, STM later). Doing this, I need to choose a chip that’s going to be made the same way for a long time, since I don’t want to repeat the effort when they make changes that break it.

Curious December 15, 2015 2:37 AM

In norway there was a recent online article, iirc about how state security organizations have installed a “box” at various companies for getting a stream copy of their internet data traffic. The majority of the article was behind a paywall (online paper ‘Dagens Næringsliv’).

I am inclined to wonder if the state has boxes around at various ISP’s, to get a copy of their data traffic. If that is/could be the case, then I think any prohibition against having data storage directives (something EU concluded) would be effectively circumvented, not only perhaps getting access to traffic data, but also all content, even if collected selectively.

Thoth December 15, 2015 4:41 AM

@Curious
Do you mean network traffic collection as it happens or a stored copy of the network traffic for after the fact analysis ?

If it is data as it transit (assuming without storage), the agencies need to store the streaming data somewhere to analyse and that still goes against data storage directives. If it is the ISPs who are told to keep a copy of everyone (or a selected few) traffic and the agencies uses the “box” to access the ISP’s copy of stored traffic, it would barely be legal because the agencies’ computers need to have a cache of data somewhere to analyse. Either way it is still illegal as data storage is still inevitable … unless the ISPs are employed to do the filter and analysis on the behalf of the agencies and the agencies uses the ISP’s monitor screens and computers to view at their offices or on ISP devices and premises.

ianf December 15, 2015 6:55 AM

Pretty clever, I agree, but it doesn’t look like an autonomous search-other-drone-and-capure offensive defense weapon that’d be needed for deployment around e.g. airports or air corridors/ landing approaches. Looks more like a piloted proof of concept, too unresponsive to potential evasive tactics of the intruding DFO. I’ve seen another demo of 3 smaller drones with a net in between them capturing a frisbee, if not a ball repeatedly thrown at them, and NOT getting entangled in their own net. They operated in a coordinated autonomous fashion, and so looked like they would be of use beyond the demo stage.

Greg London December 15, 2015 7:21 AM

@Henry, my point of mentioning the narrative is that the Prisoner Dilemma narrative doesnt match the PD payoff matrix.

The PD is supposed to be a single iteration, but the narrative suggests the prisoners know each other, and therefore will know who betrays them, if thats the choice they make. And if a gang member knows who snitched on him to the cops, one can see potential consequences not in the payoff matrix. Revenge might be a tit for snitching tat. At which point it isnt a single iteration prisoners dilemma, its at least two iterations.

One of the purposes of the Interlocked Marble Race narrative was to create a narrative where it is clear the game is only one iteration. The players are chosen randomly and they never know who the other player is.

There is no way to try and influence the other player by implication of after-game consequences, threats, punishments, or rewards, that arent in the payoff matrix.

I believe that is the biggest reason people have problems understanding the Prisoners Dilemma. The payoff matrix is such that a single iteration with no after game consequences is clear you should betray. But the narrative creates a LOT of subplots that might drastically alter the overall payoff after the game is technically finished.

If Alice chooses to betray Bob, and they are both members of a violent gang, it isnt difficult to imagine that Bob might have someone rough up Alice if she snitches on him to the cops. Therefore Alice will take that potential roughing up into account, EVEN THOUGH it isnt in the payoff matrix.

The Prisoners Dilemma doesnt create a narrative scenario that matches the payoff matrix. Thats one of the reasons a lot of people have a hard time understanding it.

Curious December 15, 2015 8:13 AM

@Thoth

“Do you mean network traffic collection as it happens or a stored copy of the network traffic for after the fact analysis?”

I am sorry, I wouldn’t know how to answer this question, because I do not have the knowledge about neither the capacity for anyone to store data, nor anyones capacity for performing an analysis of that stuff. Also, the article was behind a paywall so I never got an idea of what data the national security agency/agencies would get with having a copy of their traffic data.

Heh, I thought you guys knew I wasn’t into the deeper tech side of things. 😐

Nick P December 15, 2015 8:57 AM

@ Figureitout

“Neat but, besides specific applications on M68k, Apple II, or Commodore, can it be applied to other things?”

The site links to the source code and stuff. That’s for you to decide. It’s an assembler port, though.

“Seen the -2000 line of code article on HN? ”

My name should be in the comments somewhere.

“I was proud to reduce the code by ~3000 lines, keep main functionality, and really clean it up. Still some quirks, and I didn’t get the main feature myself but revised version is much more extendable.”

Good job!

“And Rui Ueyama’s journal on 8cc was really good, read it today when I should’ve been studying.”

Knew you’d like it.

“Doing this, I need to choose a chip that’s going to be made the same way for a long time, since I don’t want to repeat the effort when they make changes that break it.”

Any of the legacy ones maintain backward compatibility pretty well. x86, PPC, MIPS, ARM, SPARC, and microcontrollers of course. MIPS and ARM are the simplest of microprocessors that will be around for a while.

Who? December 15, 2015 10:45 AM

@Gerard van Vooren

The OpenBSD guys worked on Pledge, a new mitigation mechanism. Here is the presentation. Pledge is pretty simple, straightforward and can be implemented with a couple of LOC. Pledge itself is ~1400 LOC. Theo de Raadt has implemented Pledge already in a lot of the OpenBSD standard tool set and many other developers are implementing it in theirs. With Pledge you limit the system calls of your application and that’s why Pledge is mostly set before initialization and before the main program loop, this time more restricted. All the questions that I had have been answered in the presentation.

Not to say that pledge(2) itself helped finding bugs and poor design choices that had been fixed in the OpenBSD source code.

Figureitout December 15, 2015 6:18 PM

Nick P
That’s for you to decide.
–Doubtful, mostly emulated chips of the past, like “PiDP” lol. Sad, but market is cut-throat and cold as hell. And I definitely don’t want to invest time in assembly on dead chips (next semester got “the assembly class” that everyone struggles in, if Wael’s got any of that water-based lube you use for your lawn and his juicy pumpkin a$$ :p, I could use it. Does not click, grr…That’s serious skill writing cross-platform and compact asm.), you need the datasheets otherwise the locations won’t make sense at all…bah no. I’ll be over here chilling w/ my modern MCU’s lol.

Gammon’s Arduino work is pretty neat though, especially the hex_uploader (especially good), board_programmer, and board_detector. Really useful.

Another thing I stumbled on, think I posted here before, but this is an amazing project (killed the kickstarter): Hamshield. A more “real” XCVR shield for Arduino (if it was HF, we would be talking worldwide comms, they generally are bulky solid-state component radios though, not some nifty shield), the features are amazing! And remote operation, so much example code too! Very non-trivial features. This makes it trivial to transmit from your computer, at least to some kind of internet repeater…think of the comms paths…very difficult to track all this comms reliably. I wish ham radio would open up some bands for encrypted comms, protocol would have to handle garbage noise really well.

https://hackaday.io/project/6749-hamshield-vhfuhf-transceiver-for-arduino

https://github.com/EnhancedRadioDevices/HamShield

Nick P December 15, 2015 9:39 PM

@ Figureitout

“I’ll be over here chilling w/ my modern MCU’s lol.”

Suit yourself. Given attack surface of both, I just chill with old microprocessors without modern additions. Get more capabilities that way. 🙂

“if Wael’s got any of that water-based lube you use for your lawn and his juicy pumpkin a$$ :p”

Remember, he and I don’t spend a night the way you two do. We do guy things. You two do the freaky, transexual things. Or you fantasize about it after a string of rejections. Might be related to a text from him about “an emergency” and that I should come “armed.”

“Gammon’s Arduino work is pretty neat though, especially the hex_uploader (especially good), board_programmer, and board_detector. Really useful.”

You’re talking about a hex uploader for the new stuff rather than the one in the picture? Do they work the same? I can’t remember if I used one before and certainly know nothing about them now. I did want that feature in clean-slate verified stuff where the first image is hand-entered, checksummed, and burned in. I could automate the entry part. 😉 Got a good link on that shit?

“Another thing I stumbled on, think I posted here before, but this is an amazing project (killed the kickstarter): Hamshield.”

That Hamshield project is nice. Looks like something Q would’ve given Bond before he gave it its casing. And cheap, custom repeaters are always useful. Maybe make it a tracker or [with less power] secondary, authentication device, too.

@ Troll

“The last post wasn’t me. It was an impostor. It appears that my fan is back.”

Maybe I’m now understanding the reference a commenter made earlier. Certainly fits the word and a prior topic on authentication. Or maybe not. Either way, someone’s boredom brings them to troll on the blog once again. The Xbox people was was stomping all night were worse, though. This is like vacation compared to hearing them.

MV December 15, 2015 11:54 PM

First post but longtime lurker.
Some info from Avast! that needs to be considered & digested

In an interview with Vincent Steckler, CEO of Prague-based Avast Software, in an interview published in Deccan Herald, Bangalore, on 14-Dec-2015 on pg 14 (weblink not available), it was claimed that Avast anti-virus enjoys a 30% market in the world. Installed base 180 million Windows (outside of China). They have a cloud backend where threats from all the installed products report to. 3% paid customers.”…Norton, which you would usually think as the most popular, probably has about not even 30% of our installed base. So our installed base is about 3.5 times Norton’s and twice that of AVG”.

Responding to a question “What data do you get from the free users”, he responded

<

blockquote>
What we get is threat data…,,, we have close to 250 million end points. Each of those is a security sensor, and in many cases an active sensor, in that they also run things called honey pots to purposely attract infections. Then it is all running inside a virtual machine that is on the computer, network, and is transparent to the user. They are kind of listening on what is happening on the internet, they are encountering things, and they ship all of that data to our cloud servers…. which are basically a massive machine learning….So everything a user does on a computer, every URL they visit, every programme they execute, every programme that gets executed on their computer without their knowledge..all of that stuff goes to our cloud server….So our products are always talking to our cloud servers.

<

blockquote>

If I was intentionally running a honey-pot, I would be ok.. but 150Million end-user devices unintentionally submitting data, gives me creeps. Or is it how all the AVs (Macaffee, Norton, F-secure etvc) actually work – that is using the installed base as partial key-stroke loggers? Please enlighten me.

BoppingAround December 16, 2015 9:18 AM

Or is it how all the AVs (Macaffee, Norton, F-secure etvc) actually work – that is using
the installed base as partial key-stroke loggers? Please enlighten me.

Something like that. They also may install certificates into your system to MiTM and analyse encrypted traffic.

Kaspersky surely do. Last time I saw it they had something called KSN which seemed to be similar in purpose to Avast’s cloud stuff. Becomes even more sinister if one recalls that the founder of the company is an ex-KGB officer, very probably with ties to contemporary security services.

Clive Robinson December 16, 2015 11:43 AM

@ Figureitout, Nick P,

Next semester got “the assembly class” that everyone struggles in,… Does not click, grr…That’s serious skill writing cross-platform and compact asm. You need the datasheets otherwise the locations won’t make sense at all.

I’m a bit late on replying, I’ve just got home from Hospital today, but have to go back for an “emergancy” Op on Mon which does not bode well 🙁

There are quite a few issues with ASM, and it’s a bit like “Marmite” you either like it or you hate it.

Having had to work my way UP from RTL, through Microcode to ASM, I’m a fan, and actually find C and friends to be a backwards step in many ways (long int addition that is the basis of all computer math is just a pain in the a$$ in C and above, dodgy pointers, then there are compilers that realy are s4it for various reasons).

There is however a little trick you can do these days, which is nick somebody elses work via C type compilers. What many people forget is that when you “link” the compiler it pulls in CPU and environment specific files to “setup” before your work starts at main(). Likewise it links to library files to do a whole bunch of other rather tedious stuff.

Most CPU manufactures do provide rather well commented startup files for their C compilers that you can just filch directly as they are often Open sourced or indirectly as a cheet sheet.

Often you will find they will likewise document the way you link to the STD lib and friends libraries they provide. If you follow that convention you won’t be likely to go to far wrong.

Thus you can “ease” your way into ASM from just writing a “high level framework” to debug the low level code in, from just a couple of instructions upwards. As you get more comfortable then start to stitch stuff together.

Importantly no mater how CISC the CPU start with learning with a RISC mentality with just a few branch instructions and a few logical instructions and basic memory transfer instructions. Remember internaly you have an ALU that with 8-16 instructions plus a bit of RTL magic give a basic subset that the micro code builds on, It’s those core instructions you need to get comfortable with as by and large they are transferable to all CPUs. If it takes you ten RISC style instructions to make one of the CPU CISC instructions so what, you can pull them into your code as you get comfortable with them. Another trick is to use the C compiler to give you guidence, you can cut a bit of C code and get the compiler to show you what ASM instructions it pulls in and how.

The thing is with the likes of the IAx86 CISC, you may never need 90% of those ASM instructions. Don’t “fash” the 90% of code that’s not time critical but “sweat” that 10% of code that is at best time critical.

The thing is that most ASM code that is required these days is for only talking to hardware or for highly time critical code, and that’s what is important to remember.

And for the sake of your sanity don’t get into “high level pointer magic”… use void pointers and byte addressing, or either Pascal or NulTerm strings/arrays to get the data into the high level code.

Infinity People December 16, 2015 12:35 PM

Some interesting stories.

http://arstechnica.com/tech-policy/2015/12/fbi-director-silicon-valleys-encryption-is-a-business-model-problem/

http://www.buzzfeed.com/nicolasmedinamora/did-the-fbi-transform-this-teenager-into-a-terrorist#.rjlgmWgMj

http://it.slashdot.org/story/15/12/11/0416255/obama-administration-to-offer-full-position-on-encryption-by-end-of-year

My take:

  1. Governments can easily hack any smart phone they want. How, why? Aside from their capacity to hire out vulnerability research mills (which, they do do), they can certainly have whatever rootkit they want pushed to the phone from the ISP.

Think about that last bit. It is not something I see anyone saying or even cognizant of. Yes, you have probably had forced updates from your ISP which you can google and confirm are legitimate. But, you can also have invisible updates just as easily.

Not to make users paranoid, but the point is: smart phones are systematic, unlike PC systems. PC and Mac and other systems are just getting centralized like that. But even to use a smart phone, you are “in the cloud” (effectively), and do not even ultimately own the underlining firmware, software enabling you to be on their network.

Are these front facing pundits unaware of these things? I believe they actually are. I would also point out that the reason you see them complaining is because what they are hearing from people “under” them who are not unaware of these factors.

These things said, it is true, the FBI compared to most other major “TLA”‘s, have not been as nearly as sophisticated in getting research mills running.

I am not saying however that this means these pundits are being used as cover for already well working surveillance programs. It is more complicated then that. They are sold on the idea of having everyone’s private data as searchable as google can search the internet with. That is difficult for any leader to ignore, even if they are not really the leader.

  1. Notice the pressure put on the Executive Branch. Obama already dismissed the idea of this program. He had a team of industry experts research it, and he delivered his “final” opinion. Now, he is speaking as if that never happened. Of course, he will turn around and all of those previous statements and actions will be as to the public as if it never happened. They never noticed those details to begin with. They are technical details. Wishy washiness of “leaders” is often covered over by the public’s incapacity to pay attention.

The primary reason I put “leader” in that case in quotes is because their very wishy washiness proves they are not a leader. And furthermore this reveals just how little accomplished they are at planning. Serious organizations and leaders work hard on their plans and carry them through years in advance without such fluctuations.

  1. The reality is that just as such a system is useful for targeted surveillance: that is a system which forces rootkits on smartphones of targets, so too is it just as easily applied en masse. And it is just as easily removed, and with it, evidence. Such a system can be uploaded to most, but not to, say, known researchers with the actual capacity to figure it out (who are very, very few and easily well known, including those who might have the capacity to send their phone for examination to their foreign intel controller).

Legality is a question, right? What large organization wants to not consult with their lawyers? But, what anyone ultimately listens to is the data which is returned. If you can prove your case in private, all else is meaningless. The law will provide a way, and that covertly.

  1. The FBI terrorist story is a good example of what is really going on online. Notice how the FBI was capable of following the kid via forum posts, pausing investigations – running many at once – and the kid would get the impression all of this is random. Who was he? A nobody. So, imagine how many others have such systems of surveillance on them, and how? By sheer numbers? No. By strong and intelligent management of pauses.

Pauses.

An awkward statement I put there for enlightenment. As human beings we have the tendency to “complete the picture”. You meet someone online, and have the illusion they are only talking to you. Or their online statements about their consistent IRL presence build a daunting picture of permanence and reality.

It is not unlike the powerful reason why people find it exceedingly difficult not to listen to other people’s phone calls when they are within earshot. They are not nosy, their mind is so wired they are trying to complete the other side of the conversation, naturally. Like a math problem they are forced to solve.

http://i.crackedcdn.com/phpimages/photoshop/7/5/6/484756_v1.jpg

Halfalogue.

Same thing people do with online personas — or with IRL fake personas.

  1. “Why the big surveillance push”? It is systematic. It is global. It goes against all evidence and reasoning. It is across a wide range of very diverse leaders. It is a multiple front: encryption backdoors, mass surveillance.

In surveillance, telling people you want to surveil them and getting explicit about the means you wish to do so is unprofessional. Usually. Except for crazy, mind bending tactics.

A back door would just mean that anyone who required security assurance, including any foreign nation user or corporation, would simply look elsewhere. As is already being done.

Make no mistake, however much of a “good guy” you may see your own intel or law enforcement, you also see other intel and law enforcement as potentially involved in bad actions against your own country. Just as yours does. In fact, get down to it, and much spying ends up being little more then theft, right?

That is the whole point.

You can steal technology and other critical ideas from other companies. And use national resources to do so. This is exactly why spying is such huge business — because it literally increases the bottom line. Money.

Even apart from direct SCITECH espionage, there are the countless business interests from your own national partners to consider. It would be unpatriotic not to. And besides, everyone does it.

So, these moves are creating a cluster fuck scenario.

No small part of it is because even for foreign intel focused folks, it is usually very difficult for them to actually understand the mindset of their “adversaries” — which I put in quotes only because they do not realize they are the very same people. Because of that blindness, they easily buy into many forms of stories that can be used against them and their own best interests.

sig ——–
‘the infinite is in the heart of every person’, ‘cleanse the doors of perception and perceive things as they really are, infinite’ (just don’t forget we are here stuck in the finite world, the inevitable production of the world of infinite imagination… ask for just a little more from the impossible… cure of death, perhaps, war, famine, disease…all injustice.. doable from the infinite

mario December 16, 2015 12:51 PM

TAILS Linux 1.8 is out (Dec 15, 2015)

https://tails.boum.org/
https://tails.boum.org/news/version_1.8/index.en.html
https://tails.boum.org/security/Numerous_security_holes_in_1.7/index.en.html
https://tails.boum.org/download/index.en.html
https://twitter.com/tails_live
https://git-tails.immerda.ch/tails/plain/debian/changelog

-%%%%%%%%-

Tor Browser 5.0.5 is released (Dec 15, 2015)

https://www.torproject.org/
https://www.torproject.org/download/download-easy.html.en
https://blog.torproject.org/blog/tor-browser-505-released

Nick P December 16, 2015 2:25 PM

@ Clive Robinson

“I’m a bit late on replying, I’ve just got home from Hospital today, but have to go back for an “emergancy” Op on Mon which does not bode well :(”

Sorry to hear that. Hope it goes well for you.

“Having had to work my way UP from RTL, through Microcode to ASM”

Not sure if I’ve seen you say that before so clearly. That explains a lot of things about your SW style. 🙂

” What many people forget is that when you “link” the compiler it pulls in CPU and environment specific files to “setup” before your work starts at main(). Likewise it links to library files to do a whole bunch of other rather tedious stuff.”

Been a long time since I was in assembler but can’t modern one’s do that? I’d think this is such a common operation that macro or high-level assemblers would have it as an include or something. I know Hyde’s HLA is pretty self-contained with libraries for about anything you’d ever need. It’s not bare asm but shows an asm tool should be able to handle it.

“Thus you can “ease” your way into ASM from just writing a “high level framework” to debug the low level code in, from just a couple of instructions upwards. As you get more comfortable then start to stitch stuff together.”

HLA was specifically designed to do that by letting you mix HLL and asm coding style. You gradually eliminate the HLL as you learn assembly following his Art of Assembly book.

“Remember internaly you have an ALU that with 8-16 instructions plus a bit of RTL magic give a basic subset that the micro code builds on, It’s those core instructions you need to get comfortable with as by and large they are transferable to all CPUs.”

That’s a great point. I agree and even advocate this. Makes the code very easy to read and work with when going multi-CPU. ISA-specific instructions for acceleration, if one really wants them, can become macros that convert to accelerator on supported platforms or typical instructions otherwise. Sticking to basics early on also avoids trap of picking CPU-specific stuff that gets you stuck in a specific structure or algorithm like how web frameworks often get people stuck in their way of doing things. I don’t have examples off the top of my head for asm but remember this kind of thing happening.

“And for the sake of your sanity don’t get into “high level pointer magic”… use void pointers and byte addressing, or either Pascal or NulTerm strings/arrays to get the data into the high level code.”

One of best things about asm programming is you can avoid all that crud that’s forced on programmers. It’s why I like high-level or macro assemblers: just the abstractions and issues you want with nothing more.

However, I also like both typed assembler and simulating assembler with HLL’s or provers to get their safety/composability benefits. Both have proven to increase safety and productivity. Just code in that version, extract to real asm, and verify the extraction.

Note: While trying to find a HLL example, I discovered this interesting paper on verifying correctness of assembly via pre/post conditions and simulation in C. Automated aside from the annotations. Used to verify Windows hypervisor. Actually, they use quite a few techniques from formal methods community on it. Microsoft is getting really far ahead on quality of critical stuff with FOSS in the catch-up position now it seems. 😉

Wael December 16, 2015 4:03 PM

@Clive Robinson,

but have to go back for an “emergancy” Op on Mon which does not bode well :

Hope you feel well soon. Just take the smart phone with you, in case you get bored.

Clive Robinson December 16, 2015 5:32 PM

@ Wael,

Just take the smart phone with you, in case you get bored.

I took it in with me but I went in as a significant emergency risk of toxic shock / organ failure due to in bone bacterial infection in several places that decided to erupt out despite being on quite strong antibiotics. And if you are a guest under such circumstances you will find there are some parts of hospitals where the definitely won’t let you use it because of the risks. Any way apparently I’ve had fistulas opened up that won’t heal by themselves any time soon so there is a significant risk of reocurance in which case this budgie will almost certainly drop of his pearch. So an Op before Xmas is what has to happen, till then I’m poping several different anti-biotics by the stop watch, and a few other pills as well supposadly to keep me in a state where I can sleep etc. If you want to know why imagine the worst bone joint and muscle pain you’ve ever had from flu then multiply by ten or so, and because of other medical probs they have to be central nervous system depresants that just happen to give me mild visual and auditory halucinations as just one of the more fun side effects they give me. luckily that side is improving quite quickly so back in the land of sanity for a while. Though after the Op I suspect that the painkillers will be the only bit of “merry” for me through the “winter solstice” festivals right through to Chinese New Year…. It’s at times like this I wish I’d followed the “rock and roll lifestyle” like some of my friends did…

@ Nick P, Figureitout,

With regards HAL yes it offers such a framework but… From what I remember it was only IAx86, not for a lot of microcontrolers education has “traditionaly” used. Plus some educators still think you should be cutting code with your teeth as they did back when IBM still made punch decks, and Pacal was some new fangled nonsance that made you flabby in your thinking 😉

The thing is that I think rightly or wrongly that wrestling with ASM for three years in a comercial environment makes you a more worldly wise “engineer” not “code cutter” (yes I can hear the howls of various vested interests starting up their flame throwers 😉

And some things such as time to market for applications do count more than removing errors, improving stavility etc etc in some markets, but by no means all.

Plus the testing techniques you pick up down that end of the stack migrate in both directions quite well where as other types… Lets just say they work beter on Level 8 and above issues 😉

Oh the other thing is microcontrolers out number the IAx86 and similar PC and above CPUs by quite a long way, it might not be glamorous or sexy work but it does put food on the table. Further when you consider the number of aircraft that don’t fall out of the sky, car engines that don’t blow up, microwaves that don’t turn either you or your food into “crispy rems / charcoal bricketts” and boilers that don’t gas you to death then, those engineers must be doing something right… After all when did your washing machine last give you the “Blue Screen of Death” and turn your smalls into micro organ grinders?

Clive Robinson December 16, 2015 5:43 PM

@ Anura,

… apparently they have stripped out everything from CISA that actually pretends to protect privacy.

Just remember the members of “The Church of Latter day Morons” who have done this likewise think that Donald “the shetland pony” Trump, talks a lot of sense and would be they choice for “inclusion” in their exclusive club… Proving once again that as is so often the case “they have more money than sense”…

Dirk Praet December 16, 2015 7:06 PM

@ mario

Re. TAILS 1.8 is out

It’s a seamless upgrade, but you need to migrate from Claws to IceDove since Claws will be gone in the next release. And they really need to upgrade LibreOffice, which is still on version 3 something with 5.0.3 out since a while. On a related sidenote, there’s a new Whonix (12.0.0.3.2) out too.

@ Clive

It’s at times like this I wish I’d followed the “rock and roll lifestyle” like some of my friends did…

I’m absolutely horrified to hear all of this. Hope they at least give you Vicodin and stuff. Chin up, mate. I’ll be burning a candle for you on X-Mas eve. And rest assured that those following the “rock and roll lifestyle” have their problems too. Believe you me that I know what I’m talking about.

@ Anura

Also, apparently they have stripped out everything from CISA that actually pretends to protect privacy

There never was any doubt in my mind that these miserable lowlives would find some way or another to pass it. In Europe, the new GDPR is in its final stages and combined with CISA it’s going to spell a world of pain for US companies.

tyr December 16, 2015 8:04 PM

@Clive

Our well wishings are with you.

You’re absolutely right about either liking the way assembler
code works or wishing for more useless abstraction to save
you from the machine itself. There’s virtue in both but few
can embrace both sides in a meaningful way.

Here’s a weird gadget that might be useful.

http://windsormagistus.deviantart.com/art/runic-translation-device-277963429

I can see some wag building a Hollerith rotor version to sell
to interested parties.

Luigi December 16, 2015 8:19 PM

@ Dirk Praet:

Re. TAILS 1.8 is out

I really wish the TAILS developers would release a small CDROM 700MB or less .ISO. I’d build it myself but I’m sure I’d fsck up somewhere in the process.

A minimal desktop with openbox, like crunchbang used to offer, with a few privacy apps included would suffice. I don’t need a full office suite, video and audio editing tools, Gnome, Java and related tools, and so on.

I mean, this isn’t KNOPPIX, and it’s not Kali Linux either. I can’t understand why they release such a huge beast of an .ISO every month without offering a smaller version. Many other distros do this all the time.

I know you can update your present LiveUSB somehow (haven’t bothered to read it) but I want a separate minimal install .ISO without the bloat.

Thoth December 16, 2015 10:50 PM

@all
We know that ICs are gettong very powrrful to the point they are the hands running the Govt and selecting the Prime Ministers and Presidents and can overthrow any regime that do not work in their favour. How powerful are they really ?

Here is a tiny fragment.
– They can gag politicos and even put them down if needed by creating events.
– They can control democratic processes.
– They can control funding of politicos via under table means
– They can expose politicians dirty litte secrets to unseat them from power.
– They can push agendas onto politicos and get away from a senate hearing or parliament using the “National Security Secrets” shield.
– Push politicos into a run and have a one to one secret forced down the throat briefing.

For the politicos who think their spy masters and puppets won’t betray them, they are very wrong. They are secretly gathering data to build a profile of the politians in power and play them as chess pieces.

Weakening privacy and personal security means that the spy masters and puppets have more information of the politicians and citizenry and predict them better to tame and reign in the wild democratic process into a highly robotic society with no wild of their own. Ministers, head of Govts, MPs, Senates… are not immune to the “spy and coerce” process carried out by their ICs.

Link:
http://www.theregister.co.uk/2015/12/16/big_brother_born_ntac_gchq_mi5_mass_surveillance_data_slurping/?page=1

Wael December 16, 2015 11:08 PM

@Greg London,

14:25 “You’re making your choice based on the assumption that the other player is going to try to maximize their profit”

Well, that assumption is a guess (that the other player is or isn’t an idiot.) Tell me: if you pick a set of random people, how many of them will know how to “maximize their profit”? All you really have to say is the players are “completely rational”.

I do like the instrument you built! It illustrates the problem well, although I have a comment or two about “the number of switches out of control”, but that’ll get us into semantics…

What I would like to see is an extension of this device to more than two players 😉

By the way, what are you using for a pointer? Is that an electric probe for Voltmeter perhaps?

Wael December 16, 2015 11:31 PM

@Dirk Praet, @Clive Robinson,

I’ll be burning a candle for you on X-Mas eve.

And I’ll light this one too. Hopefully I won’t get arrested for arson.

Clive Robinson December 16, 2015 11:52 PM

@ tyr,

There’s virtue in both but few can embrace both sides in a meaningful way.

How timely, in the back of my head I hear Sir Alec Guinness as ghostly Obi Wan saying “Luke, don’t turn to the darkside”…

My problem with high level languages has almost always not been with the core language or typographical conventions, but with the libraries. Some of the junk in them, twitches the “Why oh Why did they bother” nerve, it’s almost as though the smart people had done their bit, moved on and left squawking second raters, left pecking over scraps on the “standards table”, desperate to leave a beak mark impression they could put on their C.V. Yes I know I’ve probably upset a few people (who might be reading) but occasionaly people need to ask “Why the bloat?” “what was you reasoning?” etc.

The shear mental effort of just trying to read the documentation of the libraries is not happening, with many coders, just “cut-n-pasting” code from somebodies online resource. You see some peoples code and you think to yourself, “This is like Italian converted to German by a person with two dictionaries with the common language being Chinese”. That is the code snipts are right, but they are linked together badly and sometimes have “glue code” that tortures the data to make it fit. There is no fealing of expression or flow to the result, all you can feel is the hammer marks on the now bent out of shape screws sticking out dangerously.

One of the advantages of writing embedded code in the past was you didn’t have to write with library code, you often did not have the available memory to waste, so it had to be bespoke. You wrote your own simple but functional code to do what was required. No cruft of “well they might want to…” just cleanly and simply with the required functionality, nothing more. Often from your own private collection of code patterns you had built up from experience.

But those days are gone, memory is rarely a limiting resource these days with SoCs and the like. Thus random seeming code culled from manufactures data sheets and ill chosen library functions are either hammered in or droped higgledy–piggledy in amongst the glue logic forming the sort of accretion you see on wrecks. With such a cruft laden mess comes all the cracks and crevices big and small for attack code to slip in almost unnoticed. Which on the advent of IoT should scare you bloodless…

With regards the weird gadget, the site you link to has been locked out by the ISP Adult Content filter, so I googled around a bit. The device that appeared on a well known “selfie site” looked like what you discribed.

Many years ago for fun on a “crafts evening class” I made an oak plinth with three indentations to hold three two part code wheels. These consisted of an outer carrier disk of brass into which an inner disk that was plated silver would be placed. They would turn with a friction fit and looked like some of those two metal coins you see in various European countries. The upper surface of each was bisected into ten equal segments into which a number was engraved apparently randomly the outer numbers were infilled with black ink the inner with red. To use it you first set up the wheels with number pairs that gave the disk offsets. You then encoded the message into numbers and read from left wheel to right wheel using the black to red numbers to encode the number to give a simple substitution cipher.

As the outer disk of the wheel had a knurled edge and the inner a raised knurled knob you could adjust the setings by hand easily enough to make it polyalphabetic according to an agreed stepping pattern. It made a nice “talking point” desk art toy. You could use it in anger if you wanted and it would have been about the same security as the early Enigma that did not have a plug board (providing you used a sensible stepping pattern). I can’t remember if it’s in the attic or the garage, but it’s in a box somewhere, along with 5 1/4 inch floppy disk which had a computer animation of it for the Apple ][ and a 2nd prize certificate it won.

tyr December 17, 2015 12:51 AM

@Clive

I hated the horror of OOP when it was first proposed,
explaining that to code peg as round or square and
then do holesize but if holesize was too small you
needed to encode hammer to make them fit was sorta
strange to say the least.
Some people code the way they think, so it’s not the
great boon to see inside their head.

I’m waiting for the post moderns to re-invent the
wheel after discarding science and the enlightenment
it’s time for them to perform the great leap forward
in computer high level language.

Clive Robinson December 17, 2015 1:14 AM

@ Dirk Praet, tyr, Wael,

Thank you for the kind thoughts.

@ Dirk,

And rest assured that those following the “rock and roll lifestyle” have their problems too.

Yup deafness, irritable livers, and hair that won’t make a pony tail any more. Oh and as one of my old friends points out, the Ex’s have the money house etc, and the kids don’t call, and won’t be seen with you because aging rockers are not cool/sick/whatever the latest “Outh speak” is for a fat, bald, Zimmer frame wielding bloke in spandex is 😉

For some reason though thining my hair still does make a pony tail quite well but also has not yet changed colour, though the beard (thats going to have to come off pre Op 🙁 has got a bit of baddger. But I do have the deafness and an occasional irritable liver due to meds not booze. Oh and no Ex’s, I still have the house and I get phone calls and to go places (providing I pay, it was ever thus with teenagers) and I get to meet the friends who oddly like some of their teachers ask me serious questions about technology. Weird but hey it’s better than “down t’pub or club gigging with an old guitar, for your beer money”…

@ Wael,

And I’ll light this one too. Hopefully I won’t get arrested for arson.

I noticed the article said “the factory had burnt down”… Mind you the photo reminds me more of a cartoon drum of dynamite than a candle.

Speaking of explosive candle’s the one under Britain’s first astronaut to the ISS got him and his colleagues up their safely, that’s sparked an interest in some of my son’s friends when he let slip I’d been involved with the design of not just satellites but thrusters as well. So more questions the answer to one of which is ‘No I’m not a “rocket scientist” just an engineer”‘ and another is ‘No I’ve no real idea how the “space loo” is used, or how it works, I don’t speak Russian, yes it helps make drinking water out of wee, but you could try looking up “rotating distilation” and “reverse osmosis” and compare the two methods’… What is it with children and bodily functions.

Figureitout December 17, 2015 1:47 AM

Nick P
We do guy things
–Uh huh, yeah suuuurre, is that what you’re calling it these days? :p

You’re talking about a hex uploader for the new stuff rather than the one in the picture?
–Yeah new stuff. Just a variety of atmel chips. That G-pascal asm was mostly for a compiler eh? Didn’t see loading routines. Doubt it’d support interfacing w/ SD cards too lol. Checking the fuses too is pretty sweet, and making sure not to set the SPI one to “brick” the chip (some “avrfreak” was able to bypass this though apparently, I imagine if there was the demand, they could put real fuses in to fix that).

But yeah, you could erase all flash (no bootloader) and put just your project at $0000 (verifying this beyond all doubt, not sure) on a breadboard (have to use an AVR-ISP programmer, which is generally easiest to use another Arduino), pretty barebones, then put the icing on the paranoid cake, be sure to overwrite all the flash, set the lock bits, get the epoxy out and apply a hefty amount, and trim away any pins you don’t need. Hopefully whatever project doesn’t need much connectivity lol. But yeah, certainly think it’d be pretty easy to trim bootloader down a little (all the #ifdef’s for other chips at the least), and checksum it or not use and just go straight in via ISP.

Board you may like in Arduino world is Zero: https://www.arduino.cc/en/Main/ArduinoBoardZero or mega/due (pretty big chip). Pretty cool they opened up bootloader for SAMD21, it’s a pretty good chip (kinda weird too lol, will have some risky/hacky code in it for sure (then again, where’s a perfectly designed chip?)). https://github.com/arduino/ArduinoCore-samd/tree/master/bootloaders/zero

But yeah, there’s other boards/vendors (TI, SiLabs, Freescale, Microchip, ST; even Intel now lol, all have nice dev boards); if you’ve made substantial time investments elsewhere, probably would stay there. This is a good problem to have (just want more real diversity in the chips, and more open w/ good docs). So happy I can appreciate it now, and use it. Also some of the bigger ARM dev boards from Atmel looking pretty good (on-board crypto chips too).

Clive Robinson
–Get well mate, sure you’ll be fine. Hope you got good insurance, AARP’s trying to kick my granny off hers now and she’s blown thru her “patriot” fund from getting breast cancer from where she worked.

W/ regards assembly, the patterns are harder to see, combine that w/ a lack of understanding PC’s too I guess. And I’m glad some educators believe we should learn things old way (even though I suck at it, something like state machines (or “automatrons” lol, much cooler word) doesn’t start to click until end of course lol). Still get to use pretty recent FPGA tool, that toolchain (vivado) is something else too, being able to display your circuit in schematic fashion even. But I really would prefer going to class and have graded homework etc, but then working solely on real-world projects w/ professors; not doing tests from memory (that’s really pointless these days). Your “tests” would be your projects. The most useful thing for me is when there’s project assignments that are really open-ended. But I can’t wait to get my degree so no more tests! Sick of the tests. Just projects and work…

Wael
What shall I do with you?
–Nothing lol, just laugh at a joke and get on w/ your life eh? :p

Thoth December 17, 2015 2:25 AM

@Clive Robinson
Rest well and get well.

@Figureitout
“Also some of the bigger ARM dev boards from Atmel looking pretty good (on-board crypto chips too).”

If you have time take a look at NXP/FreeScale’s i.MX53 series of ARM processors. Those are said to have crypto and ARM TrustZone with some form of tamper resist. You can get a USB type dev board (like a USB stick) from USB Armory (https://inversepath.com/usbarmory) to try your hands on creating some security programs (probably as a crypto device) with an FPGA or some MCU controlling it.

Gerard van Vooren December 17, 2015 3:05 AM

@ Clive Robinson,

Tough times. I wish you the best. Sometimes I wished I went on the fast life path as well but although I’ve had my share I would probably stink with it. That’s the problem of having asperger, you are doomed in being interested in technology. I think that Newton faced these problems as well. A college of mine took a short cut with having a heart attack, his first, after having an “interesting” life, at the age of 56. Life is one of these things you only have limited control on. Again best wishes in these tough times.

Bong-Smoking Primitive Monkey-Brained Zombie December 17, 2015 6:03 AM

@Clive Robinson,

Ex’s have the money house etc…

if she aint happy you aint happy,
and if she aint happy long enough,
your gonna be unhappy with half your Stuff.
— Jeff Foxworthy

PS: You may address me as: BS-PMBZ

Dirk Praet December 17, 2015 7:33 AM

@ Luigi

I can’t understand why they release such a huge beast of an .ISO every month without offering a smaller version. Many other distros do this all the time.

Perhaps because the demand for a “full” distribution by far exceeds that for a small one and they haven’t got enough resources to do both? Feel free to join the developers team at any time.

Greg London December 17, 2015 10:30 AM

Wael: “if you pick a set of random people, how many of them will know how to “maximize their profit”?”

Well, depending on how you want to look at it, the other person’s strategy doesnt matter, because you dont know and cant know what it is. You could know how the other player choose to play in the previous iteration and adjust your strategy as needed. But then it isnt a single iteration prisoners dilemma game anymore.

If you could communicate beforehand, they could SAY they will cooperate, but even then, it could be a ruse.

All you really have to go on is the choice YOU make in the game. And an analysis of the game says “betray” is your best option.

Yep, it was a voltmeter probe. I had a pen, but had to tape it under the camera to get the right angle. I was making some upgrades to my 3d printer and my dmm was right there, so, that became my pointer.

Infinity People December 17, 2015 12:24 PM

@Thoth

regarding: this post

https://www.schneier.com/blog/archives/2015/12/friday_squid_bl_505.html#c6713335

which linked to this post as a source

http://www.theregister.co.uk/2015/12/16/big_brother_born_ntac_gchq_mi5_mass_surveillance_data_slurping/?page=1

which is what I was talking about in my post, in general

https://www.schneier.com/blog/archives/2015/12/friday_squid_bl_505.html#c6713294

from the register article

David Davis MP told The Register this week that “much of the debate for the last 15 years appears to have been a charade about data that the government very likely already held. It is also clear that the legislation that the government relied upon was being interpreted in ways that Parliament never imagined.”

There are now dozens of intelligence “Bulk Personal Datasets” on millions of people, “the majority of whom are unlikely to be of intelligence interest”, as the government has admitted in documents accompanying the draft Investigatory Powers Bill.

Intelligence agency staff have stated: “These datasets vary in size from hundreds to millions of records. Where possible, Bulk Personal Datasets may be linked together so that analysts can quickly find all the information linked to a selector”, such as a telephone number or search query. The information retrieved “may include, but is not limited to, personal information such as an individual’s religion, racial or ethnic origin, political views, … medical condition, sexual orientation, or any legally privileged, journalistic or otherwise confidential information.”

Some history from the Register author, a true journalist

Ironically, it was the revelation of Britain’s first national telephone tapping centre, known to the police as “Tinkerbell”, that forced the government to acknowledge and then legally regulate phone tapping. Tinkerbell was located in Chelsea, half a mile from where PRESTON now operates. I revealed the Tinkerbell centre in the New Statesman magazine in 1980, forcing the government to announce a white paper, appoint a judge, and finally to create the Interception of Communications Act.

But, let us back up, just a little and point out this very important fact about this vast system:

successive governments have approved the security and intelligence agencies’ access” to [bulk] communications data from communication service providers”, claiming that it helped MI5 “thwart a number of attacks here in the UK”

In the US, a core argument against bulk surveillance systems, including the very conjoined and loud argument about mandated backdoors is that it has not thwarted a single attack.

That is a very important argument which privacy advocates and democracy enthusiasists can make and rely on.

But, could it be that the Obama administration has been lying about this, despite how deeply this failure to acknowledge successes could be undermining their public support?

Of course.

Is it possible the US has such a system, and all the debate going about since Snowden is also a “charade”? Of course. Is it possible there is much more still yet going on in the UK beyond this recent bulk surveillance disclosure? Of course.

Is it likely that these nations elite intel talk and devise, years in advance such programs? Of course.

Is it possible that this manner of operation is common in democratic nations? Again, of course.

Even worse, how can you expect this “wheel to turn” regarding this bulk surveillance system in the UK? Let us short cut that for everyone: it may get put down in the courts. And so it stops existing, right? Just like in the US, or anywhere else this happens.

Of course not.

The name gets changed. Or the system in question was a tip of an iceberg of a real system, where this system was fiction written from details of that real system specifically designed to be disclosed.

(Whys there, are several, but complex. What it boils down to, however, is heading off disclosures. A good “for instance”, with that bulk surveillance system, many in parliament knew about it, which meant it was ‘only a matter of time’ before it would be disclosed anyway.)

The most basic and repeated process for handling blown cover. At the extreme, it is faking one’s death. At the lesser, it is changing towns, jobs, and so on. Changing names, merely, can usually do it.

How can all this go on?

Some important points I never see people talk about in the media, because they do not know:

Over the last century, we saw an explosion of information, the information revolution. Which has lightened up, in many ways, the dark corners of the world. Some of those dark corners saw what was happening and was in a position to stay dark.

For instance, in the 30s and 40s, one can look back and see that it was from the ‘elite’ of societies that the top intelligence officials were culled. Britain was perhaps even more loud and openly ingrained in their mindset about this then the US, where in the US there is this strong sentiment even back then that ‘anyone can make it here’. Conversely, this is ‘as if’, there is not the very strong social concept of ‘new money’ and ‘old money’.

Who did J Edgar Hoover hire? He hired young professionals. Lawyers and accountants. Who did Donovan hire? He hired from the top colleges.

Today, that could be anyone. Then? Not so.

Donovan was from that strata already, Hoover, no. But, Hoover knew who to trust, and who to appease. Likewise, it is true, that some young rocketeers did and do get into that upper strata, not by the traditional business route, but by the intelligence route.

(It might here be noted, contrary to popular misconception, the FBI was always foremost a domestic intelligence agency, but that is another story.)

Put another way: there is a deep bedrock strata in intelligence, just as people suspect, one which is very well hidden and very strong in secrecy. It is generational, for the most part. You do not get into that strata by suddenly entering into it from college with your blue collar background. You are born into it.

And money is a part of it, as well as power.

The money and the power is a large part of the reason it does not get exposed. It is a good feature of human consciousness. Nobility does not betray nobility, nor does nobility have any reason to ‘talk’.

(Unless it is for diabolical reasons to cover matters.)

In the area of intelligence it has reliable function. One can debate the class structure the “old money” have all they want and how foolish and useless it is. They normally do not actually rule anything, so why do they keep such attitudes? But, in intelligence, they do very much rule things. So there are very good reasons to keep such attitudes. It ensures secrecy. And by ensuring secrecy it ensures rule can continue unabated.

If that secrecy were removed, then that rule would be destroyed.

Secrecy, that is, makes a very core component of how their ruling works. And this is inherently understood by every member. You get things done effectively, powerfully, because you have the power to do so. That power can function as it does because the people you are ruling are unaware and in the dark.

This is also why that strata of society is the most powerful and the most resilient.

You can not vote against someone you do not even know exists. You can not argue against decisions made, when you do not even know who made those decisions, nor why.

Being forced to rule by practical powers, as opposed to pretensions, they have long been forced to operate by methods of ruling, of persuasion, which rely on the realities of the human condition.

If you want a group or individual to do something, you get them to do it looking at ‘who they are’, and ‘what they want to believe’. Instead of exposing your true reasons for why you are getting them to do what you want them to do.

It might also be noted that there is another aspect of the bedrock to these strata of societies: they are all sacrificing their lives in service. Despite their immense power, unlike the public facing elected officials or groomed puppet leaders who are not elected, they do not get to let anyone know how much power they have.

Which means they live as nobodies, prestige wise. To outsiders. But, to insiders, this is far from true. That is mutually sacrificial, and it is deeply bonding.

I point out this is the norm in our “open” Democratic societies. One might think, then, that this is some recent aberration related to democracy or freedom? Of course not. The exact same manner of strata exists in every country, and always has. What is new is in Democratic societies they have to be even more secret and rely so more deeply on their capacity to manipulate without being seen. Which only strengthens their strata, rather then reduces it.

Ironically.

But, to the meat of what I am saying, the reason:

The number one reason such strata is not removed is because it is a life of service, and a service most important to the lives of everyone else. Unlike with ‘old money’, this strata is not living for themselves, though their lives certainly have outrageous perks.

They are living for everyone.

They are not living lives without purpose, without meaning. Quite the contrary, their lives have deeply measurable purpose.

They do what everyone else can not do, they get things done.

They thwart, they mislead, they manipulate — they rule. Reality is? People thwart, people mislead, people manipulate. You have to be indirect and implicit in working with people, because people, by nature, are indirect and implicit. You have to operate with people on a level they do not see, because, by nature, people run in exactly that manner.

Knowing who is in your country working secretly on behalf of another country requires this. It requires bulk surveillance. Knowing who in your country is working with terrorists from another country, or funded and trained by another country (which is often, effectively “and”, not “or”) — this, certainly requires bulk surveillance.

Admitted to the successes of thwarting attacks? Absolutely contrary to keeping the whole system running smoothly and effectively.

Usually. Not always. But “always” in terms of ever divulging the true story, the full story.

Think corporations and so money are not tied into any of this? It is a critical part of doing business. From funding to ensuring the ‘telephone company’ complies in utmost secrecy that goes well beyond what everyday technicians and upper level lawyers may ever be privy to.

Planning is central to how such organizations survive. This is why one can look back and see that the ‘cyber manhattan project’ started in the mid 90s. (And even then, that is just another whisper from the darkness, of course. As one might guess by considering the true place of progeny of this modern internet.)

Proof:
https://www.schneier.com/blog/archives/2013/04/narratives_of_s.html#c1256016

http://news.google.com/newspapers?id=hKRSAAAAIBAJ&sjid=m28DAAAAIBAJ&pg=6819,244612&dq=clinton+manhattan-project+computer+cyber&hl=en

http://www.wired.com/2015/02/americas-cyber-espionage-project-isnt-defense-waging-war/

And, for another tidbit, as I pointed out in my initial post here, above: Consider all that talk about phones going dark, encryption breaking everything, and the need for silence.

I wonder… if anyone here actually uses their phone for anything they might not want that strata of government to know about… if they have ever considered that the ever persistent message of “we can’t get through encryption” effects them? If it does not ever make them a little less loose in their secrecy? If they may not say and do things on their phones they would not want ‘government’ to know? Just a little more. Because, so loudly, and so persistently, is government flailing about?

Maybe they are technically saavy and use end to end encryption on their phones.

Do you think that would make them feel at ease enough to talk?

They keep up on the debates. They are smarter then your average citizen in this way. Because they need to be. They have real secrets. It is a job, a life, a career. Not some game to them.

And can they answer this question, “How effective is end to end encryption on your phone, when your phone has a rootkit on it exposing everything as it is typed in”?

I wonder.

Maybe they shut off bluetooth and wifi. Maybe they take out the battery. Maybe they shut off gps. Heck, maybe they do not even use stock operating systems, but use open source, dependable systems.

Do you really think any of that helps when the government was part of the planning and evolution of the entire system from the beginning?

When your phone can be used as a walking bug on you at anytime, do you really think this was something no one understood as the technology started to come about in the first place?

Or, on a level more can more technically comprehend: for the vast majority, assuming ‘hardware compromised from the beginning’, is it not easy to understand that their phones can receive stealth updates without the user ever knowing about it?

Of course they can.

So, why all the argument about encryption and ‘going dark’? Or the flailing about with the need to find security vulnerabilities, when you own and control the manufacturing process?

How many could dig into the hardware of phones to ascertain compromise? How many could dig into the firmware? And even if they could, how hard is it to put in backdoors that are extremely difficult to detect? Ones that, even if found, can not even be proven to be backdoors, but simply a complicated security mistake?

For that reason, why ever put in a backdoor ever that looks like a backdoor, when you can always and easily enough make it look like it is simply an unintentional vulnerability?

As for “why”? Because data is critical for finding the bad apples. The more data, the better those bad apples can be found.

“Why”? Because those phones are running on the very same networks the government infrastructure runs on.

“How can this be done”. I say such things as “they own it”, but such activity only requires particular placement of singular engineers, does it not? It is not difficult to fake a resume and get someone in place to do the needful.

Further, how can you get your plans and operations going and keep them going, but by the powers of secret surveillance? What can be more core to such an organization’s very lifeblood but exactly such knowledge? Beyond terrorists and spies, anyone might end up needing to be known. How easy to get people in place when you know everything there is to know about the hiring managers? How trivial to keep things going, when any advocates or potential adversaries are so very well known?

Why are people so cautious about telling their deepest desires and fears? Because knowledge of their most core details is knowledge of how to manipulate them. And you can only get those ‘golden keys’ to people by being privy to their ‘lowest level code’.

Anybody can parrot to you your known political or religious or other public facing beliefs. And you can react suspiciously to them doing so. But, when they know what really makes you tick, resistance, as they say? Is futile.

Food for thought. Maybe true, maybe false. But don’t let the sig line and nick throw you off. Intentionally designed to make the post a golden nugget wrapped in an implausible wrapper. Amazing how such a simple trick can allow one to say important, true things, but to a very select audience. Secrets that are non-exportable, except in one’s own words. And by one’s own non-validated sources.

sig ——–
‘the infinite is in the heart of every person’, ‘cleanse the doors of perception and perceive things as they really are, infinite’ (just don’t forget we are here stuck in the finite world, the inevitable production of the world of infinite imagination… ask for just a little more from the impossible… cure of death, perhaps, war, famine, disease…all injustice.. doable from the infinite

Nick P December 17, 2015 3:30 PM

How to hack Linux: hit backspace key 28 times

Story here. Linux boxes finally have one worse than old Windows hack using DOS to remove password file. Even easier because you only remember one thing: backspace. Just hit it until screen changes.

And to think there’s still people building “secure desktops” on Linux. >:)

Wael December 17, 2015 3:56 PM

@Nick P,

How to hack Linux: hit backspace key 28 times

It seems to be a Grub2 bug. If your drive is encrypted (the answer to all security problems :)) then it should be ok. If you have a TPM, oh well…

This “bug” reminds (true story) me of a pen tester a few years back who found a similar bug on a smart phone. He came and told me if you hit this key 384 times, you can “get in”! I was amazed that someone manually tried that! I asked him when were you going to stop trying if it didn’t fail? Most testers (not a true story) stop at 27 🙂

The researchers also found an ASLR bug affecting Linux but not Windows or MacOS 🙂

By the way, do understand now? 😉

Nick P December 17, 2015 5:50 PM

@ Wael

“It seems to be a Grub2 bug. If your drive is encrypted (the answer to all security problems :)) then it should be ok. If you have a TPM, oh well…”

Vanilla, unencrypted Linux can be bypassed via this dependency. Hence, hack Linux. Like the old one in Win95, etc where the actual attack was on DOS shell in boot.

“He came and told me if you hit this key 384 times, you can “get in”! I was amazed that someone manually tried that! I asked him when were you going to stop trying if it didn’t fail? Most testers (not a true story) stop at 27 :)”

Yeah it is ridiculous to think someone was doing such attacks. Wonder what else they tried. Stress & fuzz testing do, like here, often find flaws. Might suggest creating toolkits to automatically test consoles or whatever with regexp or image processing to detect unusual response.

My suspicion is that the reason many try this technique manually is an utter lack of pentesting skill. I mean, they’d have to know a bit of C and common defects then spen a lot of time applying that knowledge to find a defect.

“The researchers also found an ASLR bug affecting Linux but not Windows or MacOS :)”

Ok. Well they don’t seem to fall in talentless category. Maybe one figured it out while high or drunk inbetween fun things to do. Just staring at grub with sleepy head on desk, hitting backspace lazily, telling the screen to go away. And it did.

“By the way do you understand now?”

I’m pretty sure I do. Only thing surprising was no PII in the website field or something. “Talented” OPSEC practitioners do that at times.

Clive Robinson December 17, 2015 7:05 PM

@ Nick P, Wael,

My suspicion is that the reason many try this technique manually is *an utter lack of pentesting skill*.

Err no, I’ve found the same class of bug on three different *nixs over the years. It’s also a test that is very very easy to automate, whilst you go off and have a coffee and read of the manufactures manuals. I’ve also found “stay behind” bugs with virtual terminals on several *nix as well.

The first time I found the type to many keys problem was with a Perq system in the early 80’s I reported it to the local sys admin (a guy called Steve Crook) and he fixed the problem on the local machines. However Perq never sent out a patch , nor did Steve buy the promised pint, he said he had informed Perq but… So guess what lesson I learn’t there.

The first AT&T Sys V I purchased for myself running on i486 was from a company called Consensys, who had a UK sales rep near Reading in the UK. It had a virtual terminal system written by the company president (just like Sun, which I found similar bugs on). The trick was to login switch to a virtual screen and type in a shell script but not hit the final enter key, then switch back to the original login terminal and log out. About half the time when the next user logged in it silently ran the shell script under the new users acount ID… Ops a one line SuSh attack would give you a nice root shell all of your own if it was the admin… As I liked the UK rep I reported the bug and showed him how to do it. He was very supprised and reported it directly to the boss man who almost immediatly came out with a fix.

But there are other similar tricks with other *nix… One was with Solaris, and I had already found it and kept it to my self. A year or so later somebody else found it and made noise about it and it was “shock horror time” for the admin at a place I was working. I remember the look of profound horror on his face when I told him I already knew about it and had used it quite a few times to get work done when he was busy… He did not belive me at first, till I showed him a few “admin” changes I’d made some time before to install some patches, he then went a funny colour and asked if I’d told anyone else to which I told him “Don’t be daft, would you?”.

Often this sort of *nix problem can be traced to the buffering in the device and kernal areas (ie fundemental architectural issues). Another is to free memory and then a little while later malloc up another identical sized block, suprise suprise you get the original block back along with it’s contents unchanged… ALLWAYS ALLways allways, these bugs can be traced to the “Efficiency -v- Security” issue or “Putting the cart before the horse” design issues. Thus they are not going to go away any time soon, which is why it’s the first set of tests you should do with *nix systems. Oh similar issues exist in NT, because Dave Cuttler did not “Design a better Unix than Unix” with NT and the same issues exist in MS OSs today, you just have to find then…

And then you have a dilemma to face

    To tell or not to tell? Whether ’tis nobler in the mind to enjoy the secrets and benifits of outrageous fortune, Or to take arms against a sea of troublesome lawyers, and by opposing end them? To die in bankruptcy”[1]

Personaly I prefere not to trouble their lawyers, after all why but your head in a sharks mouth? It’s only asking them to put the bite on you as many bug researchers have found.

[1] With appologies to William Shakespeare 😉

Wael December 17, 2015 7:41 PM

@Greg London,

Now I’m convinced I was wrong saying that it makes no difference to switch the door when one is offered the chance. I believe it’s because I didn’t really understand the rules of the game (we thought we did.) The initial conditions are important to understand.

Always switch the doorshould have read this before I made my comment back then…

Given that you have a 3D printer which you may have used to “print” the illustration device, I’ll suggest that you build another one for the Monty Hall problem.

By the way, I still don’t agree with your reasoning… Maybe in a couple of years one of us will change his mind 🙂 Like I say: I’m always right. Thought I was wrong once… But I was wrong 😉

But thanks for giving me the chance to correct a mistake I made two years ago.

Dirk Praet December 17, 2015 7:54 PM

@ Nick P

Re. How to hack Linux: hit backspace key 28 times

Weird. None of my systems seem to be affected. Has anyone been able to reproduce this yet?

@ Clive

One was with Solaris, and I had already found it and kept it to my self

chuckle

You really have no idea what really cool tricks us SE’s at Sun sometimes used to get access. There were some amazingly smart folks working there and quite some of them occasionally hit stuff like you described and decided to just keep it to themselves and some fellow SE’s.

Nick P December 17, 2015 8:00 PM

@ Clive

Nice haha. Good explanations, too. So, I guess my recommendation of developing inexpensive, automated tooling for this sort of thing is the best route. I know many shops already do user interface testing. Could integrate it with whatever tooling already exists to smooth over the transition. Or black box testing that works on the command-line level.

@ Dirk

“Weird. None of my systems seem to be affected. Has anyone been able to reproduce this yet?”

They said they issued patches. I’d guess, if it’s responsible disclosure, the patches are already in your system. It might also be version- or distro-specific. Might also be bullshit. These things vary. 🙂

@ Wael

You’re not talking about this problem are you? In that case, we might be on the same boat as I still don’t get why they switched doors. They started out with it being any of the three doors. He chooses one getting a 1/3 chance. One is opened to show it’s not the right one. That leaves two, one of which is his. Now it could go 50/50: either door. Host showing him the wrong answer that doesn’t apply to his choice hasn’t changed his odds at all. He’s at 50% if he stays and 50% if he switches.

Unless I’m misunderstanding the rules, some part of the problem, or the nature of the universe. Never made sense to me. It’s why I avoid probabilistic security where possible as I’ll probably be defeated by some math undergrad without any INFOSEC knowledge. All because I didn’t change doors or something somewhere in the code.

Note: I might brute force the combinations and run the numbers sometime to see if one comes out better in practice for reasons that escape me. That seems like it could work. Easily automated with only 3 doors, too.

Wael December 17, 2015 8:12 PM

@Clive Robinson,

reported it to the local sys admin (a guy called Steve Crook)

Who hires a guy named “Crook” for a sysadmin job? Is he the BOFH? 🙂

from a company called Consensys

I’m starting to see a pattern here 😉

Oh similar issues exist in NT, because Dave Cuttler did not “Design a better Unix than Unix” with NT

I believe Mr. Cuttler architected the NT kernel similar to VAX/VMS. And no, this isn’t a shameless copy from Wikipeadea, I just “happen” to know that.

And then you have a dilemma to face

Dilemma, eh? Why don’t you say something to @Greg London? You have a higher IQ than Marilyn Vos Savant!

Wael December 17, 2015 8:55 PM

@Nick P,

I might brute force the combinations and run the numbers sometime to see if one comes out better in practice for reasons that escape me…

It’s been done. Simulation is listed in the Wiki link. Don’t feel bad. Well known Math Ph.D.’s got it wrong too, including my friend Andrew who’s gonna hear from me soon.

This one is amusing. Someone sent a letter to Marilyn Vos Savant saying:

You made a mistake, but look at the positive side. If all those Ph.D.’s were wrong, the country would be in some very serious trouble.
Everett Harman, Ph.D.
U.S. Army Research Institute

Hopefully these aren’t the same ones working on security and cryptography 😉

Wael December 17, 2015 8:58 PM

@Dirk Praet,

Weird. None of my systems seem to be affected. Has anyone been able to reproduce this yet?

Are you using grub2? I didn’t try it.

Nick P December 17, 2015 9:32 PM

@ Wael

“Pigeons repeatedly exposed to the problem show that they rapidly learn always to switch, unlike humans (Herbranson and Schroeder, 2010).”

I was outsmarted by random, focus groups of f***ing pigeons!? No. No! NOOO!

“”… no other statistical puzzle comes so close to fooling all the people all the time” and “that even Nobel physicists systematically give the wrong answer, and that they insist on it, and they are ready to berate in print those who propose the right answer”. ”

Ok. Maybe the pigeons were just genetically lucky and even the smartest are easily fooled. That’s what I’ll tell myself.

“This shows that the chance that the car is behind door 1 given that the player initially chose this door and given that the host opened door 3 is 1/3, and it follows that the chance that the car is behind door 2 given the player initially chose door 1 and the host opened door 3 is 2/3. ”

Alright, it’s not sinking in. I’m going to run the numbers myself. My key assumption here, which might not be true, is that the presenter will only tell you what door is not the winner and will tell one. I’m also assuming… this is probably key… that your choice may be the goat or car with host not telling you to prevent cheats (see Monty Hall solution) from developing. Goat/car can be in any door but the one he names (always a goat). Assuming you didn’t pick the goat at outset, here’s what the game actually is:

Door 1: goat or car.

Door 2: goat or car.

If you picked Door 1 and stay, you will either receive the goat or the car (50/50). If you switched to Door 2, you will either receive the goat or car (50/50). The host in my model doesn’t give you information about which is which. Your odds of achieving either result are still at 50/50 whether you stay or switch. How is this an error?

Playing math on three options might somehow produce 2/3. The actual game, again with my assumptions, reduces down to two results randomly distributed among two choices at 50/50. That’s even when brute forced as above. Unless it’s an episode of Punk’d and then they hide [a] bull behind either door.

Wael December 17, 2015 9:51 PM

@Nick P,

Now it could go 50/50: either door. Host showing him the wrong answer that doesn’t apply to his choice hasn’t changed his odds at all. He’s at 50% if he stays and 50% if he switches.

If you read the two links you’ll see why — I wasn’t going to repeat it. I will now that I saw your latest reply.

You have three doors; 1, 2, 3

You chose one of them, say door 1 (and you still don’t know what’s behind door 1.) You had a 1/3 chance picking the correct door.

This means that door 2 has a 1/3 chance of being the correct door, and door 3 has a 1/3 chance of being the correct door. There is 2/3 chance the correct door is door 2 or door 3 because 1/3 + 1/3 = 2/3.

Now the host opens either door 2 or 3, and the host always opens a “wrong” door for you.

Basically if you switch then you are betting that the car is behind door 2 or 3, because you win either way if the car is behind door 2 or if the car is behind door 3. This is how the 2/3 switch vs. 1/3 stay works out.

Reminds me of another “puzzle” that took me four years (on and off) to solve; it’s called The impossible puzzle. This one relates to security. One of lessons learned is even if you think you’re not saying much, you’re leaking information. That’s why spooks often say: “We cannot confirm or deny xyz”. Saying “I don’t know” is saying too much 😉

Nick P December 17, 2015 11:00 PM

@ Wael

“Now the host opens either door 2 or 3, and the host always opens a “wrong” door for you.

Basically if you switch then you are betting that the car is behind door 2 or 3, because you win either way if the car is behind door 2 or if the car is behind door 3. This is how the 2/3 switch vs. 1/3 stay works out.”

See this is where I think the problem is. The host is free to let the player think No 1 is a wrong door. Let me illustrate:

Door 1: Car
Door 2: Wrong
Door 3: Wrong

Host must open a single Wrong door. Can choose No 2 or No 3. Choosing No 3 doesn’t make No 2 any less Wrong when you switch. So, by your math, there’s still 1/3 chance Door 1 is the car and 1/3 door 2 is car = 2/3 correct it’s one of the two. So, 2/3 for Doors 1 & 2 and 2/3 it’s one of Door 2 and 3. Sounds equal odds to me. 50/50

Figureitout December 17, 2015 11:27 PM

Thoth
If you have time
–Phew, we’ll see…took a peek. Nice board lol, always welcome. :p Probably use what I have first (frdm k64f board, it’s on NXP website now lol). Did see some tamper resistance and just “security” mentioned on one of those chips (k63_120?), whereas the one I have…nope. Of course lol. Anywho thx.

In terms of USB, like what USBarmory is doing, but I want another dev board for the USB chip itself. Then if possible build a firmware for it, save and inspect file as much as I can, then zip/encrypt it and keep it stored multiple places. Ideally vendor could support fusing in that firmware (and have a way for me to see it) otherwise using jumpers for programming pins (if that’d even work, I’m not sure, may not be that easy) on a USB stick. Thus, as it should be already, the main risk is virus getting in typical storage (which should be encrypted, but it’s annoying entering passwords transferring files…).

After that I want a “USB cleanser” program that just wipes immediately when plugging in (on some small single-board pc or mcu, if on raspi, then on every cleanse I’d need to reflash the SD card…). Combining that w/ some of the sandboxing for USB ports, should be nice. Zipping and encrypting files should armor the files nicely for transfer; which is the whole purpose of doing this charade, getting files cleanly from infected point A to safe zone B w/o infecting B in the process.

Lots of implement details left out but that’s a seemingly doable project I mull over sometimes, may or may not do it.

Clive Robinson December 17, 2015 11:34 PM

@ Nick P, Wael,

I’m no genius, but as they say “Yes Sir the Lady is correct”.

The way I checked it was to draw a width graph where the widths corespond to the starting odds. As you hatch in your choice odds you find out that yup 2/3 is the swap odds…

But even when you see it all hatched out your brain still does not want to belive it. It’s like the inverse of an M.C.Escher drawing.

Nick P December 17, 2015 11:50 PM

@ Clive Robinson

“I’m no genius”

Yeah, yeah, that’s got a probability of zero. Back to the puzzle, it’s annoying me enough that I’m probably going to dust off programming skills by writing a simulation to confirm or reject it soon.

“The way I checked it was to draw a width graph where the widths corespond to the starting odds. As you hatch in your choice odds you find out that yup 2/3 is the swap odds…”

Interesting method. For mine, a simulation, it will have a group that doesn’t swap and one that does. I’m thinking at least 1,000 runs with either a TRNG or CRNG. What’s a nice stopping point for these kinds of things with limited HW in terms of no of simulation trials?

Wael December 17, 2015 11:51 PM

@Nick P, @ Clive Robinson,

There are three possibilities which door is correct, you only looked at one of them.

   A          B         C
D1 = C     D1 = W    D1 = W
D2 = W     D2 = C    D2 = W
D3 = W     D3 = W    D3 = C

For each column (A, B, C) here are the outcomes:

A: If player initially chose D1, then switches, he looses
B: If player initially chose D1, then switches, he wins
C: If player initially chose D1, then switches, he wins

If player switches player wins two out of three times (B & C)
If player stays, player wins one out of three times (A)

If that doesn’t convince you, imagine there are a million doors. If that doesn’t still, then you need to read both links 🙂

@Clive Robinson,

I’m no genius

Must be the medication 😉

star wars sucks December 18, 2015 12:14 AM

EFF: Panopticlick 2.0 Launches, Featuring New Tracker Protection and Fingerprinting Tests

(December 17, 2015 | By Bill Budington)

https://www.eff.org/deeplinks/2015/12/panopticlick-20-launches-featuring-new-tracker-protection-and-fingerprinting-tests

“Today we’re launching version 2.0 of our tracking and fingerprinting detection tool, Panopticlick. This version brings new tests to our existing tool, such as canvas and touch-capability fingerprinting, updating its ability to uniquely identify browsers with current techniques. In addition, we’re adding a brand new suite of tests that detect how well your browser and extensions are protecting you from (1) tracking by ads; (2) from tracking by invisible beacons; and also (3) whether they encourage compliance with the Do Not Track policy, which EFF and a coalition of allies launched earlier this year. We’ve also redesigned the site look and feel, including friendlier layout on mobile devices. If your browser lacks protections, Panopticlick 2.0 will recommend installing tools that are available on your platform, such as Privacy Badger, Disconnect or AdBlock, in order to get better protections as you navigate the Web.”

****** TRY PANOPTICLICK 2.0: https://panopticlick.eff.org/

“Nearly six years ago, EFF launched the original Panopticlick, a website that allowed users to gather information on how unique – and trackable – their browsers are. By using web headers, JavaScript and plugins, to measure visitors’ settings, we were able to confirm that millions of browsers across the globe had unique fingerprints which could be used by tracking companies to follow them around the Web, even if they blocked cookies or hid their IP addresses. Panopticlick continues to be used by hundreds of thousands of people every month to determine just how much identifiable information their settings and configuration exposes. Shortly after the initial launch, we were able to determine that 84% of users were uniquely identifiable by their browsers alone, without ever logging in to a user account. In the last six years, novel techniques such as canvas fingerprinting have allowed trackers to spy on users more effectively than ever before. The use of anonymity software such as Tor Browser mitigates the effectiveness of fingerprinting by delivering the same headers for every browser, removing plugins, and limiting de-anonymizing JavaScript techniques. In version 2.0, we’ve included simplified the results from the fingerprinting tests to make them more understandable (you can still click through to the comprehensive results).”

“Our new tracker- and ad-blocker detection tool gives results for how well your browser is protecting you in three categories. Firstly, it lets you know if you’re protected from invisible trackers that are included on many sites without users being aware of them. Secondly, whether you’re protected from ads that track you across different domains. And thirdly, it tests if ad companies that promise not to track users by complying with our Do Not Track policy are unblocked by the browser, which gives these companies the incentive to do the right thing. We test the effectiveness of your protection by creating a number of domains that mimic real trackers, observing if resources on these domains are loaded or not. When the test is finishes, we present the users with a simple, informative table indicating their level of protection, with helpful suggestions when their protection isn’t adequate.

Finally, we’ve completely rewritten the back-end code in Python and open sourced the project so that you can see how it works yourself!”

Visit panopticlick.eff.org to test how well your own browser is protecting you!

  • In article:

https://panopticlick.eff.org/
https://www.eff.org/dnt-policy
https://www.eff.org/press/releases/coalition-announces-new-do-not-track-standard-web-browsing
https://www.eff.org/press/releases/online-ad-company-adopts-new-do-not-track-standard-web-browsing
https://privacybadger.eff.org/
https://disconnect.me/
https://getadblock.com/
https://www.eff.org/press/archives/2010/05/13
https://en.wikipedia.org/wiki/Canvas_fingerprinting
https://www.torproject.org/download/download-easy.html.en
https://www.github.com/efforg/panopticlick-python
https://www.eff.org/issues/do-not-track
https://www.eff.org/issues/online-behavioral-tracking
https://www.eff.org/about/staff/william-budington
https://www.eff.org/deeplinks
https://www.eff.org/copyright
http://creativecommons.org/licenses/by/3.0/us/

Wael December 18, 2015 12:48 AM

Three noteworthy comments, I’ll end with that so @Nick P and I don’t feel stupid 🙂

You are indeed correct. My colleagues at work had a ball with this problem, and I dare say that most of them, including me at first, thought you were wrong!

— Seth Kalson, Ph.D.
Massachusetts Institute of Technology
Marilyn Vos Savant: Thanks, M.I.T. I needed that!

The next one reminds me of a joke [1]:
You are utterly incorrect about the game show question, and I hope this controversy will call some public attention to the serious national crisis in mathematical education. If you can admit your error, you will have contributed constructively towards the solution of a deplorable situation. How many irate mathematicians are needed to get you to change your mind?
— E. Ray Bobo, Ph.D.
Georgetown University
Me: lol

For the ladies on this blog 🙂
I still think you’re wrong. There is such a thing as female logic.

— Don Edwards
Sunriver, Oregon
Marilyn Vos Savant: Oh hush, now

I’ll need to really think why so many, including me, got it wrong, and I knew it was provable using conditional probability.

[1] Two male mathematicians are in a bar. The first one says to the second that the average person knows very little about basic mathematics. The second one disagrees, and claims that most people can cope with a reasonable amount of math.
The first mathematician goes off to the washroom, and in his absence the second calls over the waitress. He tells her that in a few minutes, after his friend has returned, he will call her over and ask her a question. All she has to do is answer “one third x cubed”.
 She repeats “one thir — dex cue”? 
He repeats “one third x cubed”. 
Her: `one thir dex cuebd’? Yes, that’s right, he says. So she agrees, and goes off mumbling to herself, “one thir dex cuebd…”.

The first guy returns and the second proposes a bet to prove his point, that most people do know something about basic math. He says he will ask the blonde waitress an integral, and the first laughingly agrees. The second man calls over the waitress and asks “what is the integral of x squared?”. 
The waitress says “one third x cubed” and while walking away, turns back and says over her shoulder “plus a constant!”

I thought I told that joke sometime ago, but I couldn’t find it… 
  
 


Thoth December 18, 2015 1:27 AM

@Nick P, all
Blackberry hastening it’s own grave digging and behold it dug a really deep abyss as it’s grave that it can never crawl out anymore. No more turning back…

Blackberry’s John Chen attacks the “privacy” stance of Apple saying that not providing LEAs with assistance (I guess he meant BACKDOORS AND GOLDEN KEYS) is bad.

This is not surprising and we all know Blackberry supports 5Eyes and friends IC activities with it’s privileged position.

Blackberry does not seem to serious care about privacy and security (look at the Blackberry Priv). Of course there are those who say smartphones are not trusted devices and I absolutely agree hands down no smartphone should be trusted.

But looking at John Chen continously hastening to death of Blackberry/RIM, it’s a pity all the good technology it has is now down the infinite abyss due to his chain of bad decisions.

I sometimes wonder if John Chen was given the CEO position in an attempt to put down the curtains for Blackberry/RIM in a bid to exit ?

I think if we compare all the other smartphones that are insecure and ridden with loopholes, they are much better than an outright traitorous Blackberry that is deliberately engineered to leak everything about you to the ICs and Govts at their whims.

Or maybe the other quietly leaking insecure smartphones are just as traitorous…

Link:
http://arstechnica.com/tech-policy/2015/12/blackberry-ceo-says-apple-has-gone-to-dark-place-with-pro-privacy-stance/

Anura December 18, 2015 1:37 AM

@Wael, Nick P

Now let’s say you pick a door, Monty goes to show you one of the doors you didn’t pick, but trips on his microphone cord and falls into a door, opening it and revealing a goat. Should you switch or not?

This is known as the “Monty Fall” problem.

@Nick P

A simulation of 1000 should take a split second on a modern computer, and be more than adequate to show the distribution. Just make sure that you don’t have issues with modulo bias in your RNG – for example, if you take a number between 0 and 2^32-1 inclusive, and you do modulo 3 to pick the door, then 0 will be slightly more likely than every other number since 2^32-1 is divisible by 3. So you can do this:

while ((r = get_random_integer()) != 0xFFFFFFFF);

1/2^32 times it will have to try again, but it will guarantee even distribution. Depending on what your modulo is, you want to find the largest number x such that x < n and x mod m = m-1 where m is your modulo and n is the maximum value from your RNG.

Also, totally not that big of a deal for this kind of simulation, but if you are going to do it, you might as well do it right!

thevoid December 18, 2015 7:37 AM

has anyone else been having problems with duckduckgo.com? it’s been serving me up a blank page for a couple of days now. i’m wondering if it’s my browser (w3m) or not.

Clive Robinson December 18, 2015 8:31 AM

@ Nick P,

An earlier comment about Dave Cuttler and his now infamous “beter unix than unix” failure (Win NT)

And low and behold up pops another “better unix than unix” post over on ycomb. This time it’s the AT&T version called Plan9,

http://homepage.cs.uri.edu/~thenry/resources/unix_art/plan9.html

It’s an interesting read especialy the bit about although it was better in oh so many ways it did not knock Unix of it’s perch… There is a lesson in there for all.

BoppingAround December 18, 2015 9:41 AM

re: panopticlick 2.0
Sent me through a chain of websites with dodgy domain names, only to tell that allegedly I have ‘strong protection from tracking’. I think I’m going to celebrate.

Clive,
I don’t know if I fully comprehend the amount of trouble you have with your health. But if there is a chance of getting through that… please stick to it.

Best luck.

Wael December 18, 2015 9:59 AM

@Anura, Nick P,

Now let’s say you pick a door, Monty goes to show you one of the doors you didn’t pick, but trips on his microphone cord and falls into a door, opening it and revealing a goat. Should you switch or not?

I’ve stuck my finger in that Monty Hall problem before, and I got bitten by a snake. I’m too scared to say “it doesn’t matter if Monty intentionally or unintentionally shows the goat”. But here goes… That doesn’t change the problem, I’ll still switch (Famous Last Words.) Anura, you sneaky…

Now watch @Nick P getting bitten ten times, once in each phinger before he learns 🙂 [1]

[1] That’s for the “manly thing crack” you shared with the pumpkin butt about me! I keep score, mate. Don’t forget that 🙂

Nick P December 18, 2015 4:54 PM

@ Wael

“Now watch @Nick P getting bitten ten times, once in each phinger before he learns 🙂 [1]

[1] That’s for the “manly thing crack” you shared with the pumpkin butt about me! I keep score, mate. Don’t forget that :)”

I had a devious comeback to the comment about how you like keeping score. I’ll spare you, though, since we’re buddies and all. 😛

Enjoy watching the fun, though. Bonus for you: imagining the difficulty of my testing it with kludgy code I learn as I go in whatever lang supports my version of Linux and battling the RNG issues. Should be fun when I get to it.

Wael December 18, 2015 5:06 PM

@Nick P,

I had a devious comeback

Yup, I saw two coming. The one about keeping score wasn’t among them. I didn’t choose my words carefully. Your other buddy may not be as nice. As for the coding, you don’t need to start from scratch. I’m sure you’ll find a place to “cut” it from 🙂

Anura December 18, 2015 5:50 PM

I had a few simulations of Monty Hall before, but I can’t find them anymore 🙁

I think I did it entirely from within the python interface, and so I didn’t save it.

Joe K December 18, 2015 6:37 PM

@ Clive Robinson

Forgive an internet stranger for saying so, but I am very sad to hear
how ill you are. May you have the best (of the best)* of luck with
your treatment.

(And I hope the food situation in hospitals there is way better than
it is here.)

@ Nick P

If you aren’t already too engrossed with your Monty Hall coding fest
to read yet another attempt at plain-language analysis…

I find the Monty Hall solution a little easier to intuit by imagining
that the contestant (perhaps unbeknownst to the host, though it
doesn’t really matter) is trying to win one of the goats,
instead of the car.

Your first choice of door has a two-thirds chance of being correct
(ie, of concealing a goat).

The host then opens one of the two remaining doors, intentionally
revealing a tantalising goat, which is now forever beyond your reach.

Note well: the host was unable to reveal what was behind your
chosen door. So, although some new information has come to light, this
new information does not pertain to the door you’ve initially chosen.

Rather, this new information pertains only to the two doors you
elected not to select initially: one of them (namely the one the host
did not open) is now more likely to not conceal a goat (ie, it is
less likely to conceal a goat than initially.)

But your initial door still has the initial 2/3 odds of being the only
thing standing between you and the goat of your dreams.

  • That was a kleene star, not a footnote pointer. And this is not a
    footnote.

Wael December 18, 2015 8:58 PM

@Anura,

Pretty good! I ran it on my iPad. So how is Monty Fall different? The host chooses a door at random?

Anura December 18, 2015 9:11 PM

Yeah, that’s the scenario I mentioned yesterday where he falls and opens one of the two remaining doors at random, even if it contains a car (in which case, you automatically lose without a chance to switch).

thevoid December 18, 2015 9:44 PM

@ianf

thanks for the feedback. and yes, checking the source was the first thing i did (just have to hit ‘v’). the page itself had 0 bytes. i also brought up the header information (the ‘=’ key for me), which seemed fine, making me suspect my browser, either that it’s not handling something right (though i’ve never had problems before a few days ago, and no other page was giving me issues), or it’s on the server end (there are some pages that won’t serve the pages if you have the ‘wrong’ browser.)

it now seems to have started working again for me in the last few hours, with the same browser i’ve had running, so i guess the issue is moot now for the time being.

Buck December 18, 2015 10:01 PM

Re: Monty Hall

Think of it this way:

Can we all agree that you have 1:3 odds of initially guessing the door with the car behind it?
In that case, the host reveals one of the goat doors, and then you switch and lose… 🙁

On the other hand, you have a 2/3 chance of picking a door with a goat on the first try.
Then, the host reveals the other goat, you switch, and win the car! Good choice, right?

Thinking further though, plenty of other unstated assumptions have been made in determining the best outcome…
What kind of car are we talking about? How about the effective tax-rate owed on prize-winnings? Of what age, gender, and pedigree are the goats?

If it’s a really good milking doe, and we assume:
6lbs/day of milk at a 300 day/year lactation cycle over 9 years of productive milking equals roughly 8 tons of goat milk per lifetime.

At $9/gallon of milk, we could hope for at least $18,000 of income.

Or, if we figure 10lbs milk/1lb goat cheese, we could come out with about 1,620lbs of goat cheese.
If we can ignore the initial costs of equipment and cheese cultures culture, and assume a retail price of only $1 per ounce, this cheese could net us a profit of more than $45,000!

Of course there are plenty more considerations to be made in this situation… For example:

  • In some places, people will actually pay you to let your goat eat their grass!
  • Goat turds can be sold as fertilizer
  • If you already have or know someone with a buck, your prize doe could bear plenty of kids to sell back to Monty
  • Having pets is known to increase your lifespan, while owning a car can potentially lead to an earlier death
  • Fresh goat meat is considered pretty tasty in plenty of places…

Unless the car we’re talking about here is a Maserati or something, I’d bet plenty of potential players would be much better off choosing the goat as a prize!

That then leads us to another series of questions… Can the contestant choose the revealed door- in which case, a goat can be won with a 100% assurance.
Are both goats behind each door of similar status? Can their individual pedigrees be ascertained via visual cues?

This is a great thought puzzle, but as can easily be seen, the payoff matrix becomes much more complicated very quickly once real-world scenarios are applied! 😉

Nick P December 18, 2015 10:32 PM

@ Buck

LMAO! Your out-of-the-box thinking made my long night. Helps that our family owned a goat for some of those benefits. They shit all over the place but are kind enough to eat the grass that conceals it. 😉

Gotta get some sleep (hopefully) before the more serious replies. Tempted to read Anura’s results but I’d rather take a stab at it myself. Plus, Wael already predicted a cut-and-paste solution. I can’t be that obvious…

Clive Robinson December 19, 2015 2:03 AM

@ Nick P, Buck,

Also remeber billy goats are quiye territorial, bl**dy minded, and a discoraging disposition to strangers.

Thus like geese they can and do make quite good burglar deterants.

But because they generaly have few problems with children you can take them for a walk etc much to the anoyance of proffessional mut walkers, who are the bane of many peoples recreation.

As for the meat, yup I like it rather more than lamb, like good mutton it has plenty of flavour and repays a long slow cook with great meals. I have a favourite dish where it’s cooked with dates and currents and a dash or to of various curry spices.

Clive Robinson December 19, 2015 3:34 AM

@ Nick P, Figureitout,

SPeaking of goats… Have either of you heard from Mike the Goat recently?

Figureitout December 19, 2015 11:09 AM

Clive Robinson
RE: making a high-res die photo is an interesting project if you have the right kind of microscope
–There’s the kicker for me…IF I have some funds there’s a bunch more PC’s and dev boards and other parts I’d want first, then a good digital scope; microscope’s down the line.

Best camera I have is smartphone.

I am saving opamp IC’s (in particular, one I blew up…whoopsies :p) to practice w/ though…

RE: MTG
–You can email him you know? Just put your pubkey in a .txt file attachment (I did the .asc crap from enigmail (which I hate, it sucks, not using anymore) and I guess he couldn’t open it). Takes me a few minutes to get to my “secure” accounts and get my keys/pw’s, and I always had something to do besides check that account. Buncha sh*t going on I guess…I notice he typically posts to his blog, then here or vice versa, so maybe he’ll pop up…

Nick P December 19, 2015 6:44 PM

@ All
re Monty Hall: Putting it to the test

So, it’s rock and roll time. Seeing as I forgot almost everything about programming… had to write a spec, pick a language/toolchain, make sure it was one Wael could follow, get it working, learn the smallest subset I can, spend a little on the Wiki, spend lots of time looking at compiler errors (no cheating w/ copy/paste), get to nearly zero compiler errors per iteration (yay!), avoid any complexity in procedures/datatypes, and have high spec to code correspondence so people can see exactly how I confirmed 50/50. 🙂

So, let’s begin. Spec here. Code here. Cheat away command parsing and unbiased fitting of random numbers by making three copies of that code each with a hard-coded reference to one of three, text files containing 10,000 integers from random.org. (Oh yeah, I remembered the free-est, easiest TRNG.) Run three in succession to get these results.

And… “NOOOOOOOO! THAAAATS IMPOOOOOSIBLE!!!” NOW I… GOTTA…. RE-LEARN… PROBABILITY…!!! Lmao…

Greg December 19, 2015 7:25 PM

Wael, I’ve updated the document with a graph I made for you. See page 4 of this pdf:

http://www.greglondon.com/imr/interlocked_marble_race.pdf

It’s a graph that has various strategies for the other player on the X axis, and the Y axis is the payoff you get for cooperating or betraying. normalized for a single iteration. No matter what the other player does, you get $10 more if you always betray.

So, knowing nothing about the other player’s identity is irrelevant. They could be an angel (always cooperate) or a devil (always betray) or somewhere in between, and you will still always get a better payoff if you betray.

Nick P December 19, 2015 7:25 PM

@ Clive Robinson

Re die images

That’s pretty cool. I bookmarked it. Still limited to over 250nm like others I’d imagine with how that holds back capabilities.

re Plan 9

Yeah, I’ve seen this one. It’s popular on HN for people to try to reference it. So, someone started posting that and a few other links busting it out. 😉 Whereas vezzy-fnord’s post of Hansen’s survey of prior computing innovations has me posting more of Hansen’s own work, esp him solving concurrency at language & OS level in 4K. Then doing a C minimalism language and OS better than C on PDP-11 that gave birth to it. Dude was something else.

Another commenter on HN or Slashdot mentioned Plan 9 pushers should’ve learned from Apollo while implying Apollo lost despite technical superiority because they were too expensive compared to UNIX. Easier it is to acquire, more it will prevail in the market. That’s always been a problem for success of quality computing environments.

@ Anura

Your code ran with similar results on mine. Just 5-10x slower despite being coded more cleanly. 😛 Mostly in RNG strategy differences I imagine. Plus yours was interactive while I batched mine mainframe-style. Coding like it’s 1963 baby!

@ Wael

“Now watch @Nick P getting bitten ten times, once in each phinger before he learns 🙂 [1]

Nah, it’s not an appropriate comparison. I was so elated to get my first language working again, incrementing, refactoring, almost no compile errors, full trial ready to go, correct-by-construction via coding style, and… clear 33%/66% split rejecting my hypothesis. Was more like getting a surprise hit to the nose during a coding high at the desk. Well, I was mostly expecting it but still totally sucked lol.

@ Wael, Joe K

Both provided good explanations that I just couldn’t wrap intuitive part of my mind around. Appreciate it. Still had to run it scientifically to see if it would work or fail. Unless error in my spec or code, the results over basically 30,000 samples show the swap claim is clearly correct. Now at some point I must begin the closing the gap between what the math/science side of my brain knows to be true but the other part doesn’t quite believe. Meanwhile, I’ll just add it to my list of heuristics and maybe brush up on probability to shortcut similar problems. A cop out I know haha…

Anura December 19, 2015 8:06 PM

@Nick P

Your code ran with similar results on mine. Just 5-10x slower despite being coded more cleanly. 😛

Could be a few different reasons for the differences; interpreted vs compiled, /dev/urandom vs static file, a million iterations vs ten thousand iterations, etc.

Clive Rovinson December 19, 2015 8:30 PM

@ Nick P,

NOW I… GOTTA…. RE-LEARN… PROBABILITY

So does this mean from now on you are going to change your mind two thirds of the time 🙂

I did warn you the lady was right, and for a small consideration I can also tell you where the problem in your thinking probably occurs.

It’s inportant to know gow to spot a “Monty Trick” because there are a number like it around that cause issues when random numbers are being used.

Look at it this way if you were the NSA and came up with a “Monty Trick” for a TRNG de-bias algorithm, that got through the normal “code review” process as it looks 50:50 but in reality makes the bias worse prior to then doing the usual trick of hiding it behind a crypto algorithm would you not be interested?

As I’ve said a number of times before what are now the NSA and GCHQ used similar tricks in mechanical cipher systems where the strength of the key was biased. If you knew how, then you would only use the strong keys. However if you just cooied the device –because it must be secure– then you end up using the keys randonly, some of which might be weak enough to be cracked quickly. The information thus gained then gets used to help break stronger keys via probable plaintext attacks etc.

We know that this sort of trick was what Crypto AG were upto under NSA guidence… So why would they stop using such ideas when they are winning?

Which is one of the things people should start thinking about with the “insider / implant attack” that was one of the backdoors on the Juniper Network systems…

John the Odd One December 19, 2015 10:45 PM

@ Buck

Can we all agree that you have 1:3 odds of initially guessing the door with the car behind it?

Yes we would. As all things go in life, there are doors that must be opened and doors to be closed. A 1:3 odd is good and bad depending on circumstance, but as all things are. Sometimes we wish could go back and open that door we left behind, but the greater game is life that keeps moving on. As all things are ephemeral, which door, or what stands behind it, may seem rather inconsequential in the long run… let us all cherish the moment as we see the door open, be it a car or a goat standing behind it. Thanks for the post.

Wael December 20, 2015 1:41 AM

@Greg London,

I revisited the assumptions of the game. One of them is “they have no loyalty to each other”. In this case your narrative is online with the PD proper, I think. Consequently, it doesn’t matter whether the prisoners know each other or are chosen at random because of the “no loyalty” clause. I was t questioning PD itself, I was only questioning if your “random players” introduces a change in the game.

Wael December 20, 2015 2:47 PM

@Dirk Praet,

Re: Vuvuzelaa…

Will get back to you later

I think Vuvuzelaa is a decent starting effort that’s built on four tenets:

1- Dead drops: Users don’t communicate directly
2- Noise injection from idle machines
3- Encrypt as much metadata “as possible”
4- Mixnets to hide the origins of the message

Some, if not most, of these “tenets” were discussed here in the past. If I were to attack this problem, I would use some of these tenets and perhaps more. I haven’t thought much about obscuring metadata.

There are assumptions that users know each other’s (PKI) keys. I think an ECC Blinded Diffie-Helmann or something like Opacity may help there.

Opacity, A Cryptographic Analysis of Opacity, Opacity in EMV

I have a ton of stuff in my queue! I’m going to stop saying “I’ll get back to you later”!

Greg December 20, 2015 5:20 PM

Wael: “One of them is “they have no loyalty to each other”. In this case your narrative is online with the PD proper, I think.”

wikipedia says it is implied that the prisoner’s can’t punish the other for betrayal after the game and implied that their decision wont affect their decision, but it is not explicit in the game. I can’t actually find the original text for the original prisoner’s dilemma right now. But most incarnations that I find do not explicitly state that there is no secondary effects, and most create a backdrop agaisnt which secondary effects are possible. i.e. many versions I’ve read state the prisoner’s know each other, and many versions state that they are in fact criminals, therefore vengeance isn’t an unreasonable assumption to add into the payoff matrix.

The only reason I created the Interlocked Marble Race was (1) to replace the police punishment description with something purely mechanical and (2) make it explicitly clear that the players cannot affect each other after the game.

I believe that one of the big reasons that people misunderstand the Prisoner’s Dilemma is that they intuitively see secondary repercussions to their decisions and roll those costs into the payoff matrix and then, correctly, choose to cooperate. The description of the PD creates several things which intuitively would affect the payoff matrix. The narrative of the Interlocked Marble Race was designed to make it explicit that there is no possibility for secondary effects and make that intuitively obvious as well.

So, the IMR may be online with PD, but IMR is explicit about a lot of things that PD only implies and intuitively contradicts.

Wael December 20, 2015 10:44 PM

@Greg,

wikipedia says it is *implied* that the prisoner’s can’t punish the other for betrayal after the game and *implied* that their decision wont affect their decision, but it is not explicit in the game.

So we agreed at the beginning of this discussion that post-game consequences are to be ignored. We don’t consider retaliation, reputation or any other repercussions after a choice of cooperation or betrayal has been made.

I can’t actually find the original text for the original prisoner’s dilemma right now. But most incarnations that I find do not explicitly state that there is no secondary effects, and most create a backdrop agaisnt which secondary effects are possible. i.e. many versions I’ve read state the prisoner’s know each other, and many versions state that they are in fact criminals, therefore vengeance isn’t an unreasonable assumption to add into the payoff matrix.

I understand! It’s a single iteration game without any considerations after the choice is made.

The only reason I created the Interlocked Marble Race was (1) to replace the police punishment description with something purely mechanical and (2) make it explicitly clear that the players cannot affect each other after the game.

Yes, I got that!

I believe that one of the big reasons that people misunderstand the Prisoner’s Dilemma is that they intuitively see secondary repercussions to their decisions and roll those costs into the payoff matrix and then, correctly, choose to cooperate. The description of the PD creates several things which intuitively would affect the payoff matrix. The narrative of the Interlocked Marble Race was designed to make it explicit that there is no possibility for secondary effects and make that intuitively obvious as well.

I would replace “misunderstand” with “see a different application of the PD”.

So, the IMR may be online with PD, but IMR is explicit about a lot of things that PD only implies and intuitively contradicts.

I’ll give you an example: Suppose the prisoners are a husband and a wife. Neither wants to make the other suffer unnecessarily for a reward of a reduced sentence or to achieve a pure “optimal” strategy. This has nothing to do with post-game consequences. It has nothing to do with the dilemma between “collective good” and “individual good”. This is the reason the wiki article explicitly, and not implicitly, states the prisoners have no loyalty. In your narrative there is no loyalty between total strangers and the optimum strategy is to always betray because the “no loyalty” is implicit in your narrative.

Another subtle difference between your description of the game and the wiki article regarding “rationality” is the following question: Why does the Wiki article say the players are assumed to be completely rational, while you say they are completely random? How does that affect the game. I know the answer, I think. It has to do with semantics that I am trying to avoid. At any rate, your instrument and paper look good.

Greg London December 21, 2015 2:50 PM

Wael: “Suppose the prisoners are a husband and a wife. ..It has nothing to do with the dilemma between “collective good” and “individual good”.””

That would be the collective good, since the game defines the collective as just the two prisoners.

And there is no real dilemma there, is there? If both want the minimum jail for both, then both prisoners will choose the action where the sum total of prison is the smallest. Same with the IMR, if both want the max prize for both players total, then they both choose the action that gives the maximum sum.

The dilemma comes when people want what is best for them and dont care about the other player. Their choice then becomes to betray and then both end up with the second worst possible outcome.

the implied point of PD and the EXPLICIT point of the IMR is that when people are completely selfish, they can generate a lousy outcome for themselves.

If you are a completely selfish player, if you only care about maximizing your prize, you choose betray. And if the other player is completely selfish, they choose betray, and you both get the second worst possible outcome.

The whole point of the prisoners dilemma seems to be a direct example where laizsez faire (where unregulated selfish people are supposed to always find the best outcome for everyone involved) is entirely proven wrong.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.