Friday Squid Blogging: Bioluminescence as Camouflage


There is one feature of the squid that is not transparent and which could act as a signal to prey ­ the eyes. However, the squid has a developed protection here as well. The large eyes of the squid are camouflaged with bioluminescence.

Underneath the eyes of the squid are silvery patches of cells called photophores. These provide under surface bioluminescence which adds to the camouflage. The cells leak put light in multiple directions that effectively make the squid invisible when viewed from above. The resultant glowing blur makes the eyes of the glass squid less conspicuous to predator approaching from a variety of angles.

Research paper.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on June 24, 2016 at 4:39 PM • 177 Comments


zJune 24, 2016 4:55 PM

Not a news story, but every time I enter my GPG passphrase, I get more and more disillusioned with the idea of encrypted private keys. They generally make any public key cryptosystem a pain in the ass to use on a regular basis, and I am not convinced of their benefit. An attacker who can steal my key off my disk can also steal my plaintext files. And given that 99% of my attack surface is through my web browser, an enormous piece of complicated code designed solely to execute code from strangers, an exploit there means he can sniff that password anyway since he would have access to X11. I'm not dropping to a console every time I need to use GPG, and if I use it frequently, I am unlikely to pick a good password. Full disk encryption already takes care of someone stealing it when my laptop is off and I am away.

This is probably shortsighted.

Tom CJune 24, 2016 5:03 PM

@z I just encrypt my private in case I’m carrying it around on a USB stick or something. I would still re-key if I lost it, but I’d feel better knowing whoever finds it would have a tough time using it. I could only encrypt when copying it to portable media, but I’d rather just keep it always encrypted for simplicity.

JacobJune 24, 2016 6:41 PM

From the WSJ:

"CIOs are concerned about flux in laws governing how companies handle employee and customer data in Europe. If the U.K. is no longer subject to the EU's privacy regulations, CIOs have to comply with another set of regulations and perhaps revamp processes and computer systems that manage sensitive data. The Brexit further complicates the situation, said Thomas Bayer, chief technology officer of S&P Global Inc.

"This is a debate that transcends the Brexit issue as individual countries mandate that data stays in a specific country or the EU," he said.
One unknown is whether the U.K. will still be regarded by the European Commission as a so-called safe third country, allowing data to be transferred to the U.K. from the EU. If not, the U.K. may then cease to recognize the EU's new General Data Protection Regulation, due to go into effect in May 2018.

"In such a case, all businesses operating in the EU would need to revisit personal data flows and export flows for data to be transferred to the UK," said Betsy Atkins, a former IT executive who now sits on the boards of Volvo Car Corp., Schneider Electric SE and HD Supply Holdings Inc., among others. The U.K. and EU may devise an interim policy for handling data, to try to maintain harmony and cost-effective business policies, creating yet another set of rules for companies to follow, she said."

My personal opinion is that since GCHQ has never been constrained by existing rules, none of the new concerns do matter. In a matter of fact, the witch in the home office may see this as a new opportunity to expand on the power of snoops.

Harvest object cacheJune 24, 2016 9:16 PM

Press Release
Gag Order on Lavabit’s Levison Lifted After Three-Year Battle
For Immediate Release: June 24, 2016
Alexandria, VA--Lavabit founder Ladar Levison can finally confirm that Edward Snowden was the target of the 2013 investigation, which led to the shutdown of the Lavabit email service. The original case concerned law enforcement’s authority to compel the disclosure of an SSL/TLS private key, which belonged to Lavabit, and was used to protect the communications of all 410,000 customers, when only one of those customers was the subject of a criminal investigation. After three years, and five separate attempts, the federal judge overseeing the case has granted Mr. Levison permission to speak freely about investigation. The recently delivered court decision unseals the vast majority of the court filings, and releases Mr. Levison from the gag order, which has limited his ability to discuss the proceedings until now.
Mr. Levison has consistently relied on the First Amendment in his court filings, which sought to remove the gag orders entered against him. He argued that such orders are an unconstitutional restraint against speech, and an afront to the democratic process. He plans to use his newfound freedom to discuss the case during a planned presentation on Compelled Decryption at DEF CON 24 in Las Vegas, NV.
“One of the rights guaranteed to Americans, and a cornerstone for a
functional democracy, is the freedom to speak the truth,” stated Mr. Levison in announcing the court decision. “The First Amendment protects opinions, including those unfavorable to government, from injunctions against speech. The gag orders in this case were a violation of that inalienable right. No American should have to live for three years, gagged, with every word carefully weighed, when such opinions are concerned with such a public and controversial issue as state surveillance. I believe the public only grants permission to be governed when it knows the means and methods its government uses to protect the body politic. While I'm pleased that I can finally speak freely about the target of the investigation, I also know the fight to protect our collective freedom is far from over. That is why I will continue to do everything within my power to protect our right to speak freely and privately.We must decide when speech is necessary. Our rights must never be subject to the whims of those officials we seek to criticize.”
In order to continue the fight, Mr. Levison is forming the Lavabit Legal Defense Foundation (or “LavaLegal”), a non-profit organization founded to, among other things, protect service providers from becoming complicit in unconstitutional activities, and fight secret attempts aimed circumventing digital privacy or impinging upon the right of those involved to speak of the experience. The foundation will be funded by donations from people and organizations all over the world that want to help protect digital privacy and bolster our collective defense against government overreach. Donations can be accepted at the foundation’s page or through bitcoin donations at 1Bqqy3SxZ27ZUogEeiKHYqPsmFwuRTErMu.
For more information contact Lavabit founder Ladar Levison
or Lavabit’s counsel, Jesse Binnall.

ScottDJune 25, 2016 2:52 AM

I am beta testing a secure, free, anonymous access Entropy as a Service (random numbers) website. I need feedback and encourage poking at my work. Information and a link to my paper describing the methodology used to generate the numbers is on the About page of the website.

MarkJune 25, 2016 3:43 AM

On the data privacy aspect of the Brexit: It'd be covered by any trade agreement between the UK and the EU.

So... the timeline. Cameron will resign in October, 2016. That means that the UK won't leave the EU until October, 2018. (Apparently the negotiations will take 2 years; I have no idea if they can take less, but I do know that the EU have the power to extend that period.)

The GDPR beings in May, 2018. It's not a "Directive" that needs to be put in place by each of the EU states but rather an EU-wide regulation.

I assume then that the UK would have to abide by the GDPR until they officially leave? Does anyone have an idea?

Even if they continued to use the current DPA, the EU would demand -- as they've done with the USA -- that they meet the EU's requirements. Indeed all companies processing data of EU citizens must abide by the GDPR. It's likely that the ICO would continue to oversee this.

Red BullJune 25, 2016 4:09 AM


The EU are keen for negotiations to commence as soon as possible in order to avoid destabilising the European economy.

As Article 50 has never been invoked there is a lot of legal uncertainty, however, it seems certain that Europe can unilaterally activate its requirements and in so doing that will set the clock ticking.

I believe 2 years is the maximum time allowed for negotiations unless there is unanimous agreement across all member states. If they believe that delaying the U.K.'s exit may destabilise the economy (or just to punish the U.K. for leaving) then that consent won't be forthcoming.

You're correct about the GDPR although the whole point of a Brexit is to leave behind burdensome regulation. Whether Britain transposes the regulations into national law remains to be seen although if the parliament of the day think they're going to lose trade if they don't then that is likely to be a major impetus for voluntary transposition. The ICO are the current body for managing Data Protection so it's unlikely with so much upheaval that this would be delegated to anybody else within the short term.

However being outwith the EU will probably cause technology companies to move overseas. Many have gone to London (instead of the U.S.) because of the ease of hiring EU applicants. Once freedom of movement rules are curtailed the U.K. becomes a less attractive choice.

This is the law as it stands; any of it could be changed at any time.

Clive RobinsonJune 25, 2016 4:14 AM

@ Alan,

The inevitable happened in the UK. More spectacular and insane than I imagined.

Yes Scotlands First Minister Nicola Sturgeon has made it abundantly clear that Devolution was very much back on the table.

But also of interest is what is happening in Northan Ireland with respect to the Republic. Neither side want to leave the EU and neither side want a land border between them. So the numbers in NI applying for a "dual nationality" second Republic EU pasport has started to rise, and various political leaders are talking about getting "re-unification" talks back on the table.

As for the Welsh I realy do not know what has come over them, they have had billions poured into them from the EU, most of their new industries are only there because the UK membership of the EU and the grants (which the Republic of Ireland has started to pick up on). You would have thought they realised what side their bread is buttered. Likwise those in middle and northern England.

The thing I don't get is if you look where the majority of the 3million "EU Citizens" from other EU nations who were not alowed to vote actually live in England. Those English voters actually voted for remain. Interviews in the areas where there are next to no non UK citizens all blaimed "immigration". Go figure... The FUD directed at "The white van man class" obviously worked so "beer fags today and no work due to recesion tomorow", nor for that matter pensions. Most of the EU immigrants work and came hear as singltons with the aim of returning back home to where they came from after a few years. Some do therefore they have been a net benifit to the UK balance of payments. We "steal some hearts" and they raise families but again usually as a net benifit to the UK. Their children are UK citizens and are more than likely --being bilingual from the start-- to get higher education grades and thus better paying jobs, which will be paying the pensions of White Van Man... Or not now White vanny has voted leave.

Oh and the Little Britoner's idea of "Britton will be better and Greater with out the EU" got a cold bath yesterday, due to the "leave vote" markets reacted badly, and the UK has as a result sliped below France in the worlds richest countries list... I wonder if we will slip below Greece soon.

Oh and of course Boris Johnson has effectivly done a U-Turn on the "Leave" almost as his first words in his first speach after Cameron announced his resignation.

I'm guessing the result will be rather than heal the blood rift in the Conservative party it will get worse and the resulting schism will put them out of power for another ten or fifteen years. In the meantime the UK or the bit comprising England and Wales will sink into a long recession as Info-Tech jobs, manufacturing jobs and banking jobs move as they will inevitably do into other EU countries where the grass will definatly be greener. So now might be a good time for those who can to get a second EU passport.

As for getting "Trade Deals" well the first problem the UK has is finding those in the UK who have any experience. We currently have no Civil Servants with such experience, and this ironicaly will have to import them from some other country, so "It does not sound great". Then there is the issue of "no track record", for over fourty years the UK has been in the EU family, now White Vanny has pushed us out of the nest. I expect that just like children getting their first jobs, the UK will have to start at the bottom economicaly and spend twenty to thirty years trying to make up the lost ground.

JeroenJune 25, 2016 4:43 AM

How to Backdoor Diffie-Hellman

David Wong

Abstract: Lately, several backdoors in cryptographic constructions, protocols and implementations have been surfacing in the wild: Dual-EC in RSA's B-Safe product, a modified Dual-EC in Juniper's operating system ScreenOS and a non-prime modulus in the open-source tool socat. Many papers have already discussed the fragility of cryptographic constructions not using nothing-up-my-sleeve numbers, as well as how such numbers can be safely picked. However, the question of how to introduce a backdoor in an already secure, safe and easy to audit implementation has so far rarely been researched (in the public). We present two ways of building a Nobody-But-Us (NOBUS) Diffie-Hellman backdoor: a composite modulus with a hidden subgroup (CMHS) and a composite modulus with a smooth order (CMSO). We then explain how we were able to subtly implement and exploit it in a local copy of an open source library using the TLS protocol.

ThothJune 25, 2016 5:56 AM

The topic was already brought up in the previous Squid blog just a while ago by @Clive Robsinson.

To summarize and over-simplify the entire paper, if you give an arbitrary parameter (i.e. DH public prime parameter field), expect to get bad parameters. ECC have pre-defined constants specified by NIST/NSA and you have to use the pre-defined fields if you want to be NIST compliant.

Generating or using primes that are not properly vetted by the security research community in both RSA and DH can weaken the algorithms. Although Logjam attempts to discourage the use of fixed parameters especially of weaker key sizes due to the fact that people are reluctant to move to bigger key sizes and having fixed parameters means the IC communities would be able to pre-compute algorithms in advanced for weaker key sizes, the fact is generating proper prime numbers that are considered secure is a difficult thing and one you cannot simply use an RNG to do on the fly without vetting it properly thus there for DH algorithm, there are IPSec and Oakley groups which are fixed primes and generators that have been vetted. There are instances where improper generation of primes used in asymmetric keys have caused issues but I would keep it short and not delve into it. Using bigger and safer key sizes with corresponding recommended primes and generators for DH would likely have prevented the arbitrary parameter problem described in the paper.

Removing traditional DH from TLS would not solve the problem fully (i.e. protocols other than TLS using arbitrary DH parameters that may exist). What needs to be solved on is how to agree on a rule for all protocols using traditional DH algorithms to use recommended parameters so that other protocols would not make the same mistake of allowing arbitrary and unvetted parameters that may contain backdoors.

If I am not mistaken, Yung and Young (another pair of authors) have written and pioneered on the field of Kleptography (backdoor cryptography) especially with the Kleptographic application on asymmetric cryptography (RSA Kleptographic backdoor). This paper on DH extends the kleptographic backdoor concept into their own research by the means of using purposefully weakened prime numbers for nefarious purposes.


Who?June 25, 2016 6:10 AM

@ z

What you describe sounds like a classical OPSEC problem. Think on passphrases as another security layer, not the only line of defense.

If you need to forward X11 traffic use trusted X11 forwarding, do not allow users on the remote host bypass X authorization database permissions that will make easy monitoring your local keystrokes.

I am not sure what you mean by "an attacker who can steal my key off my disk can also steal my plaintext files". Store sensitive files encrypted. Ever. If you unencrypt them do not do it on the laptop/desktop/server storage drive but on a memory filesystem because temporary files can be easily recovered by tools like TestDisk and foremost. Do not allow a sensitive unencrypted file touch your drives.

Do not run browsers on your critical systems either. If you need managing secure email on the same computer you run a browser at least run the latter on an hypervisor and do not allow flash or unsecure add-ons on it. Try hardening your browser as much as you can. Ideally, stop javascript too.

FDE is certainly a strong protection against unauthorized access, but consider it is effective only when the computer is turned off (i.e. protecting data in case of your computer is stolen or physically accessed while turned off).

And, of course, choose the right operating system for your needs. If your main concern is security choose one of the few secure operating systems (OpenBSD, Qubes OS). If you care about privacy choose the former operating systems, or Linux, while hardening the tools you use to improve privacy, or go for Tails (not security oriented, but makes easier run privacy hardened tools). I do not really think privacy is possible without security, so my choice would be a secure operating system ever.

It is good to know you are so worried about passphrases; nice to see you do not blindly trust on a single security layer.

My advice? Think inquisitively on how you work and try to improve it. Security is not a tool, it is a [lengthy, painful and difficult] process.

Lot of people here is able to give you much better advice than me. You are in the right forum.

ThothJune 25, 2016 7:05 AM

@z, Who?
The TCB for X11 and general purpose computing stuff were never designed for secure usage and a ton of TCB to trust. In short, security critical functions should be handled separately from general purpose computing functions to have a segregation of domain.

For now, the only viable option for "secure" PGP usage would be to use a smart card or secure element loaded with Open Source OpenPGP compliant codes. The link below are Open Source OpenPGP compliant applet codes for smart cards. It essentially locks your PGP keys inside a tamper resistant hardware and attackers cannot extract your PGP keys. The downside is if the attacker can manipulate (record or intercept) you PIN code to the smart card, they could falsify your identity to cause the smart card to sign arbitrary data whenever you plug it into an infected computer.

The next defense would be to incorporate secure screen and input onto the secure element/smart card which is what the Ledger Blue hardware is now attempting and successfully producing prototypes to handle the secure entering of PIN codes and display authentication messages on the secure screen.

Due to the Ledger Blue hardware not in full production mode yet (Developer editions available), secure transactions and signing would have to be done on traditional secure element/smart cards without secure input/screen until the Ledger Blue hardware is fully in production. I have been in talks with the makers of the Blue and have my own Open Source projects (Groggybox project) queued up for development for the Blue hardware.


hermanJune 25, 2016 7:08 AM

@Alan: For the UK, the EU was but a brief experiment, an anomaly and one that didn't work too well.

Now that the UK is withdrawing, the Pound is down, immigration will slow down, exports will tick up, employment will tick up, house prices in London will tick down, companies will find it more difficult to evade tax, smugglers will find it more difficult to smuggle and life will improve slightly for the simple people.

The only people who are temporarily inconvenienced by this, are the wealthy.

GrauhutJune 25, 2016 8:24 AM

Cavium Octeon Boards are promoted now in open source communities.
(DPI on silicon steroids)

Seems Imagination needs some more patent income.

Imagination Technologies warns of hit to revenues
Financial Times-26.05.2016
Imagination Technologies warned on Thursday that revenues and losses for last year would be “materially below market expectations”

No Man's IsleJune 25, 2016 8:35 AM

@Clive, @Alan

In interpreting UK leave it's important to bear in mind the origin and purpose of Europe.

- CIA control of satellite states. Britain was the most hardline of the US satellites, roughly what the DDR was for the USSR, so this event is comparable to the installation of Egon Krenz - a time of drift and failed chaotic adaptation. It has put CIA on the back foot and will probably derail its attempt to assert control over NSA. NSA will likely exploit the breather by working harder to peddle its surveillance wares to domestic law enforcement agencies, entrenching itself in the domestic-repression business while CIA gets busy whacking every hornet's nest in Europe, politically, financially, culturally.

Clive RobinsonJune 25, 2016 8:38 AM

@ Thoth,

If I am not mistaken, Yung and Young (another pair of authors) have written and pioneered on the field of Kleptography (backdoor cryptography)

Yup Adam Young started it as part of his thesis a decade or so ago, and Moti Yung was his reader/supervisor. They wrote a book together which is vert readable (there are copies of on the Internet if you know where to look).

Arguably --and it's in the book-- there is a paper from the 1980's with just one sentance refering to the significant redundancy in Public Keys. As I don't remember any further papers on it from that researcher, they may not have realised the implications of that one sentance... But Adam young however did and I find the whole area of backdooring crypto in various was "by design" quite fascinating.

When I saw their early papers I was a bit puzzled, then it "clicked" and started my own thinking about how to implement some of it in backdooring a PKcert tool. Which as far as I'm aware the app is still out in the wild, not that I have the key anylonger.

Which is an object lesson why crypto backdoors are very fragile. And protecting against this particular frailty by having lots of copies of the keys around is such a bad idea as they inturn become susceptible to being "got at" by placed insiders or "black bag" jobs. Then of course there is the danger to the "backdoor key holder", as the next line of attack is "wet work"... Hence my other interest "anonymous, unatributable key sharing.

But at the end of the day this attack on DH is another "Standards Attack" which I used to bang on about the likes of the NSA, GCHQ, et al doing but nobody realy listened till some twat in the NSA realy ballsed it up and the dominoes all went over and NIST had to withdraw a standard. Bad news for the IC but it verified what I had banged on about.

Whilst these PK attacks are possible and in some ways trivial, "redundancy" attacks are usually not possible with well designed block or stream ciphers without assumptions on the plaintext and it's redundancy. Which is why the likes of the NSA and GCHQ went for "key strength" tricks on mechanical cipher systems for field use and of course via Crypto AG of Zug Switzerland. On the theory that if someone duplicated them but were not aware of the mathmatics in the design they would randomly select bad keys as well as good. With the bad keys giving "an in" to plaintext and it's format which made "probable plaintext" attacks much easier. The thing is that whilst plain text is nice, it is of very much more use combined with "Traffic Analysis" and "Battle Order Analysis" you get from SigInt and ElInt. Thus you only need single or low double digit percentages of bad key usage to get "an in", from there on in the "Catalog" makes the less bad keys breakable thus more traffic etc.

But it's not just key strength the NSA has deliberatly weakened. If you look back to the Clipper Chip algorithm you will find it is actually quite fragile, even tiny unobvious changes significantly weaken it. I very much doubt that this was "accidental" based on what happened with DES.

Whilst weakening things is nice for attacking big organisations with lots of interceptable traffic like armed forces and Gov agencies, the same is not true for smaller organisations and individuals with not just low traffic but little or no Catalogue information. Thus other tricks with standards have to be pulled. I strongly suspect that the NSA rigged the AES contest and have mentioned it several times in the past. In essence they moved from weakening the crypto to exploiting weaknesses in the hardware the algorithms would run on (ie arranging easy side channel attacks). The NSA's own paperwork on the likes of IME's for hard drives gives this game away if you know what to look for.

This game with standards will continue, one of which is hard coded file formats giving "known plaintext". Bob Morris who was an NSA scientist warned about plaintext when he retired, it realy does not help when the likes of Microsoft put large blocks of known plaintext at known offsets in file formats, it's effectively a gift to the NSA etc.

Gerard van VoorenJune 25, 2016 8:44 AM

@ herman,

Now that the UK is withdrawing, the Pound is down, immigration will slow down, exports will tick up, employment will tick up, house prices in London will tick down, companies will find it more difficult to evade tax, smugglers will find it more difficult to smuggle and life will improve slightly for the simple people.

That is crystal ball "vision". You don't mention time frames, the figures, the political climate, tensions, oil prices etc.

What will happen next depends on negotiations and with negotiations it's always about give and take. I think that The Brits come up with some sort of TTIP, but hey Boris Johnson mentioned today that Britain needs and is part of the EU.

Ianf made the remark that the Brexit is comparable with the Russian 1917 revolution. It isn't. With that revolution the king was killed, together with the entire political elite so real changes, without compromises, could be made. This is nothing like that at all. We (in the EU I mean) also don't live in a world war era where millions of people are starving to death and soldiers are being killed by the millions and after 3 years simply refuse to fight for a flawed ideology. We live in an era where 1 guy who kills one hundred people is headline news for weeks.

What I am saying is that weasel words are easy to spread. As a guy who likes technology I like the real data, not some quack vision. So next time please back your vision up with real data that can be investigated.

HenryJune 25, 2016 10:46 AM

@Bruce Schneier

Hell ya! What's wrong with your country?

Look at this:

Your government wants to know about the social media accounts of all people crossing the US border (so far, on a "non-mandatory" basis). What?

What if somebody doesn't have a social media account, for whatever reasons (not relating to crime or terrorism).

I really like several US cities, your landscape and nature, and even some parts of your way of life (especially the NYC and California feeling).

BUT? How BAD is THIS now?
As if it were not bad enough for visitors to the US already (storing fingerprints, asking dozens of personal and partially ridiculous questions), now it gets to a new level of security theater.

Probably, I will never come back to the US. It's sad. You have so many kind people. But I do no longer want to be treated as a potential criminal or terrorist. Enough is enough.

keinerJune 25, 2016 11:58 AM


I have banned the browser from important machines, also Thunderbird. Internet only via VNC to a Linux machine in a different network/location. Only connection between the two machines/networks the VNC...

Better than nufing, huh?

keinerJune 25, 2016 12:00 PM


Nothing happened yet, except this brain dead guy leading the country stepped down. Wait some weeks, I think they will NEVER actually ask the EU to leave :-D

AlanSJune 25, 2016 12:59 PM


I agree. The writing on the wall for Scottish Independence has been there for a long time. The UK has been coming apart for decades, but England and Wales driving the entire UK off a cliff? It makes me sick to my stomach.

Hopefully the outcome in Northern Ireland is positive. The situation there is very complicated. Whatever happens let's hope Sinn Féin and the "No Surrender" types can keep a lid on their old animosities to the greater economic and social benefit of the whole community. That may be wishful thinking.

The Welsh are a mystery to me. I was expecting them to vote remain for the reasons you provide.

I think the English leave vote has little to do with immigration and EU bureaucrats. Those are just scapegoats (which isn't to say that their aren't significant EU issues--they are just not the fundamental ones in this instance.) As you note those most fearful of immigrants live in the areas that have the fewest. The English vote to me appears to be a vote of rage that should have been properly elected at their own politicians. Years of Thatcherism under the Tories and New Labour have come down to this. There was no outlet in England but to do the whole Johnny Rotten thing. (Lydon's lyrics from the first singles in 1976/1977 were prophetic.) In Scotland, a large portion of the population have already told the mainstream UK political parties and their lackeys in the media establishment where to go. Scots have a devolved parliament, a system of proportional representation, and an alternative/protest political party. They don't need to pick on the EU to vent their rage at the loss of manufacturing, austerity, inequality, financialisation, fat cats, zero hours contracts, etc. If devolution had been done properly and the whole system of UK government reformed we might not have gotten to this point. A party with a seat majority but only 36% of the vote at the last election created this mess.

Nicola Stugeon and the Scottish parliament aren't going to stand round. It will be interesting to see if the polls show a significant increase in Scotland for independence. She may get her 60% support fairly quickly. In the last few days I've notice a number of leading Scottish Unionists wavering. Alex Massie, for example, writing in the Spectator before the vote that Brexit could change his opinion and he might reluctantly vote independence in those circumstances.

meanwhile BoJo, Farage and the rest are already walking back many of the claims they made about immigration, the NHS, and more. They got what they claimed to want but I doubt they will be able to deliver. The other nations in Europe are likely to be diplomatic but hard on the exit negotiations. Obama is also being diplomatic but there will be no special treatment because there is no special relationship. The leaders of the Brexit campaign now look like stupid wee wains with no clue. They broke it but who is going to own it?

It seems likely we will see an even more right-wing Tory Party. The European Human Rights Act is probably toast, especially if Scotland exits the UK. Theresa May will be off her leash. And more austerity. All those people who voted leave will be doubling down on their pain. The future looks ugly.

AlanSJune 25, 2016 1:10 PM


Nothing happened yet, except this brain dead guy leading the country stepped down. Wait some weeks, I think they will NEVER actually ask the EU to leave.

True. They could, if they are allowed, walk back the whole thing. That might be what happens eventually. But this doesn't fix the problem. The UK is run by an undemocratic, corrupt, self-interested bunch of morons that act like bringing the country to the brink of economic destruction is a great lark. Cameron and BoJo should have stuck to smashing up English pubs. That's about the level of their abilities. The Labour Party have a lot to answer for as well. (The dirt and excuses for Blair and company to follow shortly.) Unless there are major reforms (very unlikely) there is an enormous amount of anger that has no where productive to vent.

HaroldJune 25, 2016 1:19 PM

E-Mail Address Harvesting Spree by Swiss Government: Your Opinion

After the illegal and unauthorized use of Hacking Team's "Galileo" surveillance software by the Police of the Canton of Zurich (Kantonspolizei Zürich / KaPo Zurich), the Swiss Government seems to have embarked on a massive e-mail address harvesting spree.

According to reports in newspapers and online (see, the Swiss government's Reporting and Analysis Centre for Information Assurance (aka MELANI) pretended to "have been informed about potentially leaked eMail Accounts that are in danger of being abused".

Shortly afterwards, a website called "MELANI Check Tool" (see went online. According to that government body, "MELANI/GovCERT provides a tool for checking whether your account might be affected."

The Reporting and Analysis Centre for Information Assurance has provided no information about the source of the "leaked eMail Accounts". In addition, the so-called "MELANI Check Tool" lets you enter your e-mail address and hit a "Check" button. The only output you receive after having keyed in your e-mail address is "Email Address NOT in Database".

Strangely enough, the governments has received "information not about 5,823 or 6,627 "leaked" (whatever that means) "eMail Accounts" but about exactly 6,000 ones... (Call that Swiss precision.)

In an FAQ, that "cybercrime unit" responds to the question "Who does have access to the actual eMail addresses?": "No one except us." Great! No even the "hackers" you mean? And who is "us"?

Two other hilarious Q&As:

Q: Why did you do this? Why did you not just pass the information to a site like haveibeenpwned?
A: We were not in the position to pass the raw data to another organization. (Obviously not, since there presumably never was "raw data" at all.)

Q: For how long did you know about this data?
A: We received the dataset yesterday (18th March) evening. (From whom? The Easter Bunny?)

This case again shows the growing involvement / intrusion of the state in privacy issues coupled with an utter lack of transparency and accountability. After all, as with the KaPo Zurich Hacking Team case, one could ask who exactly authorized this e-mail address harvesting spree. It also shows social engineering for beginners as used by clumsy (and possibly bored) state employees.

What is your opinion?

AlanSJune 25, 2016 1:37 PM


I should add, Brexit or no Brexit, the UK is going to come part over the Brexit campaign and the vote anyway. Scottish unionism looks like it is going to crumble rapidly in light of Brexit. People and institutions that were vehemently opposed to Scottish independence two years ago are switching sides. And all those young, highly educated, cosmopolitan English remain voters who flee north will be voting Yes to Scottish independence so they can get a Scottish/EU passport.

ianfJune 25, 2016 2:46 PM

@ Dirk Praet

the idea of upholding that way outdated "right to bear arms" is ANYWHERE BUT STUPID

    It's a matter of perspective. [Most assuredly apocryphal Ronald Reagan story] when first made aware of AIDS primarily affecting gay, black and Puertorican communities, RR allegedly replied "So then are we for or against?".

Old Ronnie wasn't the brightest bulb in the room, but not that dim… at one point in his career he was considered the Red(-ish) Menace due to his engagement in, later leading the Actor's Guild in the holiest of Woods. I can well imagine this a haha-not-PC dinner table joke variously ascribed to present company's baddest adversary BEFORE the social class-omnivorous character of AIDS hit the gathered dinners, too.

@ Gerard van Vooren

... what is bound to happen now, is a kind of Tory Leninist revolution (=a consequence of yesterday's bourgeois / February 1917/ Kerensky's one BY ANALOGY)

    It's not even close to the 1917 revolution, not even in analogy. People have voted, that is the only thing what just happened.

To correct your obvious misunderapprehensimpression (as GWB would have put it) of my tenses and syntactic logic, the terse analogy I used for what happened in the UK yesterday was indeed that of a bourgeois revolution somewhat comparable to (by later Russian "standards" barely bloody) February 1917 Petrograd unrest leading to Kerensky's by-and-large spontaneous parliamentary revolt and abdication of the Russian Tsar (not "King"); NOT THE SUBSEQUENT violent October 1917 Leninist revolution – which you seem to have conflated into one event (bad boy: you've got the Wikipedia, so use it.)

It is that later stage, a Leninist-type[*] call to "speed up the transformation," if sans blood this time, that now awaits the British Powers That Be; not only the upheaval in the conservative leadership, but most of all a coming escalating dissatisfaction of the "Brexiters" that their lot SHOWS NO SIGNS OF IMPROVEMENT. Any Tory leader will now have to deliver on the mendacious promises of Boris Johnson (et al), or be replaced, a situation that the latter is very much aware of. Add to that the in-party movement with Clive Robinson's personal favourite Theresa May's name being put forward as THE anything-but-Boris PM candidate (TM cautiously, or with foresight, having stayed out of the Brexit advocacy), and there's no end to the coming Tory party frolics in sight.

    BTW. while there are other, better/ more apt analogies for that v. referendumb, not many such are widely known, and so one has to use what's at least superficially coherent (you and I, and maybe Dirk Praet, have seen the wonderful 2008 Geert Mak's "In Europe" 24-episode TV documentary series that told of several such historical Euro twists of "fate," but how many more others here?)

Then you say “weasel words are easy to spread. As a guy who likes technology I like the real data, not some quack vision. So next time please back your vision up with real data that can be investigated.

    So you'd like me to opine/ speculate on the future using only verifiable set of data points? GOT IT. Err…, perhaps first supply the investigative validation methodology—I trust those terms aren't unknown to the techie you—to which I can dovetail my otherworldly claims. Also perhaps read up on the meanings of, and differences between, historical analogies, circumstantial metaphors, Oxford comma, and literary similes.

[^*] that's how V.I. Lenin, 20+ years in exile until April 1917, thus with no local party supporters to his name (unlike those comrades who remained in Russia, and built up mutually loyal networks), in mere 6 months wrestled the power from both the bourgeois stakeholders, the party Mensheviks, and other fractions: by forcefully whipping up the masses for speeding up the reforms that would put bread and butter on ordinary citizens' tables TOMORROW. The democratic Russian Republic was too tardy to give the people what they were promised. Hence the analogy. Watch this space ;-))

@ Milo M.

I've yet to digest in full this 35k O'Haganesque profile of perhaps-Satoshi Nakamoto in the LRB, but this quote from the shorter BBC News mag version piqued my… unease:

"[His partners] would complete the work on his inventions and patent applications - he appeared to have hundreds of them - and the whole lot would be sold as the work of Satoshi Nakamoto, who would be unmasked as part of the project."

Having personally met Dr. NakaMats (definitely NOT the inventor of Bitcoin, or he would have claimed it), I am not so little wary of any inventor having "hundreds of patents" to their (if unverified) name.

PS. Wright can't be the Keyser Söze. Everybody and his downstairs neighbour's uncle-in-law knows that Kevin Spacey IS the real Keyser Söze.

No Man's IsleJune 25, 2016 3:03 PM

anent "vote of rage," anger with nowhere productive to vent; that's Guardian propaganda. When you ask people why they chose as they did,

For leavers left and right, the most common reason for their choice was the principle that "decisions about the UK should be taken in the UK." Self-determination. It's not just a principle, it's the law.

The second thoughts are propaganda too: media-hyped anecdote and stunts like that online redo petition. Never heard anything like that after the Scottish independence referendum, Did we? When Scottish people were frightened into giving up their self-determination, no one breathed a word of second thoughts - the question was settled for all time.

Blue BatracianJune 25, 2016 3:20 PM

If the UK has done what it has done in the last few decades whilst pussyfooting around EU legislation (Tempora, deploying a surveillance CCTV camera for every 11 citizens in the country, the Snooper's Chart, RIPA, no voting rights for prisoners, torture flights to North Africa), imagine what will happen now with a neoconservative buffoon heading the new government and no international oversight. Believe it or not, today's letters to the editor in the Telegraph comment on how good it is that the pound has fallen to a 30 year low because the currency was somewhat overvalued anyway and how nice it is that the UK has finally cracked the immigration problem (take notice, developed nations around the world!) by, er... discouraging all high-skilled young workers in Europe from entering the country (?!). No comments so far on how that is actually going to stop the most problematic form of immigrants: the poorest people from all over the world who are so desperate that they will overstay their visa and remain in the country illegally regardless. No more Erasmus programs for students, no more cultural exchanges, no more academic projects with multi-nation EU coordination and funding. The Britain I came to 20 years ago was a prosperous, forward-looking, optimistic nation. The country I'll be leaving soon has become an oppressive, biased, "rainy, fascist island".

Gerard van VoorenJune 25, 2016 3:34 PM

@ ianf,

So you'd like me to opine/ speculate on the future using only verifiable set of data points? GOT IT.

First that wasn't meant for you and second, yes that is exactly what I mean. That is how things (should) work. You investigate, come up with data, then you model and introduce scenarios and then you present these including all the references so they can be verified.

Saying "Now that the UK is withdrawing, the Pound is down, immigration will slow down, exports will tick up, employment will tick up, house prices in London will tick down, companies will find it more difficult to evade tax, smugglers will find it more difficult to smuggle and life will improve slightly for the simple people," isn't any of this.

Leave the storytelling to the politicians.

JoshuaJune 25, 2016 3:46 PM

Re Brexit:

Last Friday morning, Nigel Farage told Good Morning Britain that the claim written on the side of the Vote Leave Battle Bus – that leaving the EU would release £350m a week that could be spent on the NHS – was "a mistake". "It wasn’t one of my adverts," he said

The Conservative MEP Daniel Hannan told Newsnight “Frankly, if people watching think they have voted and there is now going to be zero immigration from the EU, they are going to be disappointed,” he said. “All we are asking for is some control over roughly who comes in and roughly in what numbers.”

In a nutshell, Brexit had nothing to do with immigration and the NHS. Britain has been brought out of the EU by the internal party politics of the people that Cameron once called swivel-eyed loons.

No Man's IsleJune 25, 2016 3:58 PM

@Blue Batracian, What do you mean, no international oversight? The UK is still bound by the ICCPR, the ICESCR, and the CAT, and reviewed for compliance by their treaty bodies and the ICC. They are still subject to the UPR and the UNSC. The ECHR was never the binding constraint on British state overreach. The ECtHR, for all its 'legal force,' is easy for your US imperial masters to push around. And the ECHR is looser and less comprehensive than the covenants and conventions. It's just a pared-down minimal ration of rights based on the obsolete US Bill of Rights. The US stuffed it down Europe's throat soon after WWII to head off genuine human rights.

Your ruling class are still pedophile imbeciles bought and sold by CIA, but look at the bright side. Now, with their Warsaw Pact collapsing, it will be a bit harder for CIA to stampede them into world war with Russia.

rJune 25, 2016 4:16 PM


With the local href at there end of that link I probably just have whoever has access to Forbes a great deal of information about me.


I should get that tattooed. :)

Nick PJune 25, 2016 4:48 PM

@ those who liked "MOV is Turing Complete" paper

I found this Github Project in a thread about One-Instruction Set Computers (OISC). It's a C compiler that converts programs to use just the move instruction to do everything. Inspired by the aforementioned paper. I wonder how small the CPU could be for this thing given it needs a MOV instruction, some fault-handling (I think), and some interfaces.

Note: I also found a multiprocessor based on the SUBLEQ.

TRXJune 25, 2016 5:22 PM

> Internet only via VNC to a Linux machine in a different network/location. Only connection between the two machines/networks the VNC...
I have one client who actually *does* care about security; the employees who actually need internet access have a second computer; their choice of a multifunction switch or a separate monitor, keyboard, and mouse. (about 50/50)

There is no electrical connection between the internal and external networks; the external network is separate wires and switches all the way from the cable modem to the PCs. On the closed network, cron runs a script to ping various outside hosts; if it can see one it screams bloody murder.

Not perfect, but it was sure easy to implement...

Rebecca HaldonJune 25, 2016 6:59 PM

@ Paul F
thanks for the eevblog credit card video you posted recently, waited for Friday Squid to respond
Many of you will know the illustrious and indombitable Samy Kamkar. Samy is my hero.

presumably with the motivation for compelling more effective security performance from banks, he has created the following device, demonstrated in the following 5min clip, including schematics for how to build it. It's ridiculously simple.
How on earth he gets away with this, legally speaking, is an impressive feat all its own - ideas anyone?
His motives, as demonstrated in the past, are entirely altruistic - the only way to force companies to care is if he makes his findings as public as possible. Sad but true

his website has some amazing projects / proof of concept, and info

as an aside, there's a great audio interview with him here about what its like being a hacker. His story of how he accidentally launched the most prolific worm in history is very very funny
He seems like a really genuine, sincere and grounded individual

Clive RobinsonJune 25, 2016 8:14 PM

@ tyr,

Should be burned into every developers hide with a branding iron.

Some developers --facecrook cough cough-- have a hide so thick that even having their butts dipped in molten iron would not get the message through their "need for greed" shield.

Harvest object cacheJune 26, 2016 12:00 AM

@ CallMeLateForSupper

Could be a metaphor, paralarva saying catch me if you can. Why is it so hard to find an off the shelf factory sealed, AMD quad core laptop that meets exacting specs?

@ Harold

"It also shows social engineering for beginners as used by clumsy (and possibly bored) state employees."

Does twitter allow secret followers? Notifications: IC and LE follows you. Interesting logic puzzle, match twitter accounts to email addresses, to forum posts, to blogs etc, based on what clues (timing of posts, cross references, styles)? N objects in an immense graph. Relation on set of N objects ~ Adjacency matrix ~ 2^(N^2) atoms in a boolean algebra with N^2 generators, 2^(2^(N^2)) possible statements in said boolean algebra. Big numbers, long polynomials...

They say scoop up everything, flesh out the network, we'll make sense of it someday.

HermanJune 26, 2016 12:50 AM

@Gerard van Vooren: I'm old enough to remember the UK before it joined the Common Market, nevermind the EU. Doom and gloom preachers are out in full force, but since nothing much happened when the UK joined, it stands to reason that nothing much will happen when the UK leaves.

Life will go on and the banks will still be in the City, since the City has a special mostly tax exempt status, which isn't changing. Note that the City of London and London are not the same thing - they even have different Mayors. The City is a rather secretive high falutin snobbish and totally corrupt affair that seems to operate mostly above the law.

ianfJune 26, 2016 1:05 AM

@ tyr, Clive Robinson

Afraid the various Anti-Slavery Acts still in force explicitly forbid branding people with hot irons for obvious reasons. Voluntary tattooing of short-form messages on the inside of one's eyelids, incl. such of e.g. QR-encoded hyperlinks to longer matter, is still permitted though.

Fourth Amendment DeadJune 26, 2016 1:42 AM

In a dangerously flawed decision unsealed today, a federal district court in Virginia ruled that a criminal defendant has no “reasonable expectation of privacy” in his personal computer, located inside his home. According to the court, the federal government does not need a warrant to hack into an individual's computer.

The implications for the decision, if upheld, are staggering: law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all. To say the least, the decision is bad news for privacy. But it's also incorrect as a matter of law, and we expect there is little chance it would hold up on appeal. (It also was not the central component of the judge's decision, which also diminishes the likelihood that it will become reliable precedent.)

Another reason for the anti-establishment rage being exhibited in places like Britain currently. The Global Police Surveillance State should be banking on a Butlerian Jihad in the medium-term:

In God Emperor of Dune (1981), Leto II Atreides indicates that the Jihad had been a semi-religious social upheaval initiated by humans who felt repulsed by how guided and controlled they had become by machines:

"The target of the Jihad was a machine-attitude as much as the machines," Leto said. "Humans had set those machines to usurp our sense of beauty, our necessary selfdom out of which we make living judgments. Naturally, the machines were destroyed."

Vote 1 Butlerian!

Rebecca HaldonJune 26, 2016 2:55 AM

@ Nick P

sorry excuse my dyslexia! I addressed my previous message to Paul F!
That was meant for you re: Samy Kamkar and his credit card spoofer

@ everyone reading except USG employees who can go sucky sucky long time

RE: a different take on Brexit, author has a few article on the topic all along parallel lines, here are two of them:

note he has a good one about the Orlando blah.

as an aside, maybe this blog could be called Clive Robinson on Security. ( not affiliated with IBM etc )

Clive RobinsonJune 26, 2016 3:47 AM

@ Herman,

The City is a rather secretive high falutin snobbish and totally corrupt affair that seems to operate mostly above the law.

Err it's a little more subtle than being "above the law". Back in the mists of time as various monarchs played with the ideas of a parliment the guilds of London got a concession that is still there today. If you get to see pictures/video of the House of Lords in sesion have a look at the side of the "woolsack" and you will find an advisor from the City looking after their interests. As the woolsack is on the throne, you could say the advisor is "The voice behind the throne".

ianfJune 26, 2016 4:14 AM

               occasionally, yeah, chicks drop by, then drop out soon enough. But we've got plenty of primadonnas of the undef() gender and non-contradictory variety.

PS. Clive Robinson is the Official Sage of this forum, not to be engaged lightly unless capable of wading unscathed through his customary 7kB parables in lieu of straight yes/no answers (some think of this his mannerism as all grown-up, up-market version of the yes-but-no-but syndrome, but I'm not among those).

Clive RobinsonJune 26, 2016 7:00 AM

@ Herman,

Doom and gloom preachers are out in full force, but since nothing much happened when the UK joined, it stands to reason that nothing much will happen when the UK leaves.

Like you I remember the UK prior to joining the EEC, what I most remember was the chronic instability, which totaly discoraged investment in industry.

In the short time prior to the Thatcher Government a lot of that changed, the growing economy and the stability it gave lead to the growth that enabled Thatcher to do the things she did. Where it went wrong was when the UK made the mistake of trying to join the Euro, it gave financial speculators the ability to force one of the worlds major currencies into a political corner out of which they could profit, and some did so rapaciously so.

What is clear is that the UK can not divorce it's self from the EU, at best move to the spare room because of the level of trade and other stability aspects it brings.

It is clear that the US will go on and punish the UK if it does leave as all the "special relationship" is about is being a "backdoor" into Europe. Likewise the Far East will punish the UK, most if not all of it's investment in the UK was predicated on three things.

1) No trade barrier with the EU.
2) Little or no EU labour protection.
3) Major subsidies and grants from EU and UK in "blight" areas such as Wales.

Thus rather than get an improvment in fortune, those areas that voted leave will most likely see the foreign investors who provide the jobs there pull out if uncertainty over trade barriers even remotely becomes likely. We've already seen jobs migration to the eastern side of the EU of lower skilled jobs where labour is not just cheaper, those countries also have weak labour regulation.

But some will misty eyed talk about "the old times" of Empire and the commenwealth that replaced it. But we burnt our boats with the Commonwealth and they have not forgoton, that they were forced to change the way they traded and the major economic slump that followed. Thus they are "signed up with others" and have no incentive to go back to the ways of "the old times".

So no we can not go back in time, it is at best wishfull thinking at worst delusional, and if we did try then it woukd be the worst of "the old days" and none of the good.

This much is clear to the "leave" politicians who are back peddling and U-Turning and talking of the Swiss and Norway options...

rJune 26, 2016 7:28 AM

You guys (and gals) are getting me all worried about block cyphers.

Bruce has recently started that he would like to see block sizes at 4096 (or bigger).

Clive may have just mentioned 'the one that got away.’

When I saw their early papers I was a bit puzzled, then it "clicked" and started my own thinking about how to implement some of it in backdooring a PKcert tool. Which as far as I'm aware the app is still out in the wild, not that I have the key anylonger.

And! Between common document formats including known file headers (signatures) and structure and the whole 'how many ways can you start a sentence?' is almost as if the dice are loaded before we even roll them.

Now I know that block cyphers etc include a certain number of passes for their mixing functionality (rounds), but...

Am I to assume, that encryption is technically just an opacity filter?

rJune 26, 2016 7:31 AM

Edit: "Bruce stated", not started.


Unicode adds a level prediction to plaintext attacks too.

Slime Mold with MustardJune 26, 2016 7:59 AM


I put in a similar setup in our place in 1992. Actually, it was a fight.

The chairman had decided to get his son from California to be the new CFO (I had just shown one the door). One day, I walked in, and everyone had new computers (good) and they were all hooked to the internet (very, very bad). We handle both very large sums and confidential client data. I crawled around unplugging almost everyone before even walking into his office. That did not go well, but after a week I prevailed. I am much indebted to the guy who was viewing porn where everyone could see it.

Currently, in an office of about 50, we have 20 machines with internet access, an internal network that everyone but the receptionist and switchboard operator is on, with draconian media controls, and a half-hearted SCIF (because the building would not allow some of the modifications) that has stand alone machines (data goes in, and then in the microwave). Backup is cumbersome. We keep them in a safety deposit box.

Here's the kicker - the CFO had been at the Lockheed Martin Skunk Works. Any wonder the Chinese are flying the latest American planes (J-17 = F-22)?

rJune 26, 2016 8:10 AM

@harvest object cache,

Why is it so hard to find an off the shelf factory sealed, AMD quad core laptop that meets exacting specs?

Because 'they' want you to buy from a small set of distributors?

keinerJune 26, 2016 8:33 AM


You cron job monitors ports HTTP/HTTPS? If I were the hacker, I would use other ports to infiltrate your network ;-)

Clive RobinsonJune 26, 2016 10:27 AM

@ r,

You guys (and gals) are getting me all worried about block cyphers.

Block cipher[1] "algorithms" are not easy to backdoor these days because of the fact that those with the knowledge are continuously looking at the popular algorithms to find ways of making a name for themselves. Likewise the modes that block ciphers are used in, also normaly get close scrutiny.

Though that is not to say that those with sufficiently advanced knowledge could not backdoor the algorithm in some way, in theory they can[2], but the larger the block size the less likely this is to be of use even in ECB mode[3].

In theory you could use PK and other mathmatical algorithms to work in various chain modes where the first block sent is a totaly random number used as the IV. How much extra security this might give you is an unknown quantity and very dependent on the size of the data blocks you use. It might or might not be a moot point depending on if quantum computing ever becomes a reality in the number of bits required.

The half way house is stream ciphers, because they can easily leak information under various plain text attacks. In essence with file formats with large known plaintext headers an enemy gets to see the raw key generator output, thus any weaknesses in it become obvious.

It's one reason I don't use stream ciphers in the normally taught way of using a simple XOR or ADD as the mixer function.

Further as I've discussed with @Nick P in the past, there is no reason to use the Key Expansion logic that produces the round sub keys in a block cipher. You can generate the round sub keys with a stream cipher and have them change for each block you encrypt. However this is not "standard usage" thus only applicable in certain scenarios.

But if you don't want to mess with the internals of a block cipher due to the fact it's difficult for some reason, there is no reason you can not use a stream cipher to "whiten" the data prior to being put through the block cipher in the normal way.

[1] By block ciphers I mean those that generaly use logic functions not those such as PK which use mathmatical functions. The former tend not to have redundancy in them whilst the latter have vast amounts of redundancy.

[2] There have been one or two papers looking into this in the past.

[3] If you think about the way we use PK systems, we tend to use them in the equivalent of ECB mode, which without other protections is rather undesirable. I've actually seen little or no work on putting them in various modes. I suspect because they are to inefficient to use as a replacment for traditional block ciphers, so tend to get used to exchange keys rather than data.

CallMeLateForSupperJune 26, 2016 10:40 AM

@Slime Mold with Mustard
"Any wonder the Chinese are flying the latest American planes (J-17 = F-22)?"

And, lest we forget, J-31 = F-35.
I think U.S. IC oughtta ... er... watch J-31 development and, when China has solved all F-35 design problems, steal those solutions. "What is gravy for the goose..."

ParkerJune 26, 2016 11:30 AM



If you're serving random numbers than why use a pseudo-random number generator? Privacy is far less important. Look at other sites that extract genuine random numbers from quantum sources and also offer free public use.

Mike BarnoJune 26, 2016 11:45 AM

@Clive Robinson and others interested in historical cryptography:

This weekend's issue of The Wall Street Journal has an advertisement for a sale by M.S.Rau Antiques ( ) of a NEMA cipher machine, built in Switzerland based on methods learned from analyzing Nazi Germany's Enigma. The ad says "Circa 1946" so I'm not sure whether this is the same as what was discussed in this blog's 2008 thread on Crypto AG:

One comment on that thread mentioned that Swiss governments used "Swiss firms Gretag and Brown Boveri (BBC)" rather than Crypto AG.

... Poking through Wikipedia, I find NEMA ("Neue Maschine") was designed by the Swiss Army via three University of Bern professors, and manufactured by Zellweger AG with a 1947 release. 640 were built.

Harvest object cacheJune 26, 2016 11:54 AM


Partly since AMD doesn't have the market share of intel, but I would like to avoid Intel Active Management Technology. Is there an AMD equivalent? Also factory sealed off the shelf retail to mitigate against potential interdiction (for being suspicious/cranky anti mass surveillance opinions/designated potential hacker/etc). Would like to be able to customize: add large cap HD and M.2 SSD, and max out ram, remove bluetooth, disconnect/block usb, hdmi ports etc etc. Easy enough to order what I want online, but sacrificing trust. Find a milktoast to make an online straw purchase? Don't like that idea too much. Would like to run a minimal linux with virtual box...

rJune 26, 2016 12:10 PM


Still looking... but here's a 2011 mentioning remote management for Intel, Broadcom and AMD.

AMD was calling it DASH, and I'm pretty sure the SoC's they're producing have that underlaying issue of a secondary execution bloc but as per whether they're listening or not?

Who knows,
Broadcom specifically had exploits for theirs though.

Slime Mold with MustardJune 26, 2016 12:34 PM


Everything I read indicates the F-35 concept is congenitally flawed and will never work close to what was promised.

As mentioned in the linked article:

It cannot dogfight as well as an 1970's era F-16.

Its 20 million lines of code are still very buggy.

It flies far to hot. This is a critical flaw, as a favorite method of overcoming stealth is to use infra-red, which now-a-days can reportedly be used at extraordinary distances.

There is no rear-view, which pilots claim is not overcome by having a rear facing camera.

The five pound helmet, sure to cause pilot fatigue.

The lethargic production.

Additionally, it is an actually carries an incredibly light weapons load.

This program should have been scraped at least five years ago. Every one just says "we're in to deep (money wise)". Instead, we are selling them to our "allies" who fortunately, when they realize what they've got, will lack adequate means of retaliation.

rJune 26, 2016 1:13 PM

@Slime Mould,

Better idea then, sabotage the design like how the NSA got to NIST.

Let the chinese have it with an Achilles Heel, and keep the image up by shadow budgeting the project's income.


Harvest object cacheJune 26, 2016 2:16 PM


all AMD PRO A-Series APUs can enable DASH manageability, at no additional cost to you!


so for instance it's a choice between A10-8700P (AM870PAAY43KA) vs AMD PRO A10-8700B (DASH enabled) (AM870BAAY43KA) etc

DetectoristJune 26, 2016 2:51 PM

I was somewhat surprised by the amount of Brexit discussion in this Squid. I very much enjoyed reading all the candid European perspective. I'm an American. I found the article below provides a broader context in which to understand the pro-Brexit sentiment.

May you live in interesting times, indeed.

Brexit Is Only the Latest Proof of the Insularity and Failure of Western Establishment Institutions

"Corrupt elites always try to persuade people to continue to submit to their dominance in exchange for protection from forces that are even worse. That’s their game. But at some point, they themselves, and their prevailing order, become so destructive, so deceitful, so toxic, that their victims are willing to gamble that the alternatives will not be worse, or at least, they decide to embrace the satisfaction of spitting in the faces of those who have displayed nothing but contempt and condescension for them.

There is no one, unifying explanation for Brexit, or Trumpism, or the growing extremism of various stripes throughout the West, but this sense of angry impotence — an inability to see any option other than smashing those responsible for their plight — is undoubtedly a major factor. As Bevins put it, supporters of Trump, Brexit, and other anti-establishment movements “are motivated not so much by whether they think the projects will actually work, but more by their desire to say F*CK YOU” to those they believe (with very good reason) have failed them."

ScottDJune 26, 2016 4:37 PM


If you're serving random numbers than why use a pseudo-random number generator? Privacy is far less important. Look at other sites that extract genuine random numbers from quantum sources and also offer free public use.

A fair question. My response regarding my deterministic technique versus the non-deterministic quantum technique is a bit lengthy. I need to do some editing on it before posting my full response, but I will give a brief response after I answer your second comment.

Privacy is far less important.

Hmm. I could go in several directions with this response. I personally dislike needing to register on every site I visit. I think my concept of no cookies, no tracking, no advertisements, and secure anonymous access is a good thing, not bad.

My API design is very easy to use with an output that has just enough configuration control so the user needs little or no additional processing to access and use the numbers. Disregard for a moment the quantum versus pseudo argument. Consider a project where you need access to a bunch of random numbers. The actual application is not relevant for this argument, suffice that you need a big block of random numbers for the process/algorithm/analysis whatever it is they are needed for. Assume for now that the various choices of websites give equal quality numbers (that is a different discussion). Compare access. (my site) (uses radio noise)

Some users may not care about all these issues. Fine. But I see a niche where access to high quality very high resolution random numbers is needed.

The resolution (not to be confused with randomness) of quantum random numbers is debatable. For example, consider the digits of Pi. Although the digits of Pi do not seem to repeat any pattern, the resolution of a digit is ten increments. So although the pattern of the digits of Pi seem random, the resolution is very stair-stepped.

I am writing a much more detailed response which I will post soon, but I have a real-life issue that needs attending. This should at least get the ball rolling on the discussion until I post the remainder of my response.

Clive RobinsonJune 26, 2016 5:29 PM

@ ScottD,

The resolution (not to be confused with randomness) of quantum random numbers is debatable.

The resolution of a fair coin is heads or tails, which is the equivalent of a single binary digit per sample.

In True Random Number Generators about the best resolution you can expect is 12bits per sample. However the more bits you try to get per sample the more you rub against linearity and bias issues.

The thing is the world is analog down to the noise floor, and one aspect of that is it is more normaly continuous not discontinuous. Thus if you sample to quickly then your sample to sample resolution will be much smaller than the total sample range.

You do not get this issue with crypto algorithms they are quite happily discontinuous in their output and have a bit resolution as high as the bit width of the crypto algorithm output.

It's one of the reasons that chip designers use hash functions on the output of their on chip noise sources. Without it their TRNG would have little chance of passing the basic Die Hard tests, with it no problem unless the noise source is truely broken. But as I've said befor hashing is a "magic pixie dust" solution, it does not in any way increase the true entropy of the noise source, only make it look like it has --faux-- entropy.

Ich liebe doch alle, alle MenschenJune 26, 2016 6:00 PM

@Detectorist, 1989 came a few years late for our Bizzaro-soviet bloc, but now it's here

CIA's response to their collapsing bloc is to take some of their pet Nazis out of their right-wing extremist terrarium and panic the masses into confusing popular revulsion against the overreaching state with violence.

Sad sack Greg Withrow this time.

Nick PJune 26, 2016 6:22 PM

@ Rebecca Haldon

re women

We get some occasionally. Mz, from Hacker News, wrote a nice post on the topic identifying a few behaviors that happen on tech forums when someone identifies as a women. Unlike most, it's not PC, hopelessly offended, or anything: down to earth as usual. She notes stuff like other commenters putting on kid gloves so as not to scare away sensitive women, speaking less, or childish comeones like a sheltered kid entering a club for the first time in his life lol. Per feedback from that, turns out that many women use names that hide that they're women. I can count on my hands those that identify as women on each forum. Love having yall around like anyone else as I like diverse crowds in discussions. Get more perspectives, good stories, and so on out of it. More *fun* that way. :)

Alright, onto the technical shit that you're actually interested in.

re cards, ACH, banking security

I don't recall posting the card video but I did spec out a high-assurance solution to end forever a related problem: high-dollar ACH fraud. There were many solutions in that conversation from ROM's (LiveCD's) to USB devices offloading authentication. The same mechanisms can be reduced to mobile using smartcard or mobile chips to do trusted part (eg crypto keys) with untrusted, graphical part driving the process but isolated from it. Banks just mostly refuse to use such things because they've paid off Congress to push most liability on us. Shows they're geniuses at *practical*, rather than technical, security. What liability is on them, regular credit cards for *consumers*, they try to push fraud down to a point they find acceptable [to them]. I once had an insider quote me about 6% of transaction volume being fraud is what they're cool with. They achieved that. So they were done until hand forced... don't recall how... with Chip n PIN latest bullshit countermove about liability more than actual security. The rest of the breaches they try to hide by moving them into "operating expenses" or some bullshit. Some slip into the media obviously along with reports indicating their losses actually top what building high-security costs(ex) in the first place. Not to mention medium (ex1, ex2). Dumbasses...

There's a few people finally hacking the previously secure-by-obscure, IBM mainframes now. Helps that they have Express versions one can lease for merely the price of a new car*. Their security often sucks due to integrating, without security, various stuff from UNIX and 3rd parties to be competitive. Only their shitty, arcane interfaces and (as Clive pointed out) all the procedural controls (i.e. booby traps) accumulated over decades of use will slow the inevitable hacks down. What we've seen so far is a few, high-profile attacks leveraging the insider knowledge that will speed this process up. Plus, they hit SWIFT a few times albeit relying on terrible security in some banks to forge commands to it. Highly-assured security... like I describe here, here, and here... is both only solution and only thing almost nobody in security industry does. So, we all fucked while NSA and rich folks keep buying good stuff. Some trickling out of one or two CompSci projects at least...

* Samy might have a hard time hacking his way to the mainframe. It cost too much to charge on his modified AMEX cards that have unspecified limits in practice. He'll need to change the charge limit or convert its status to Black Pearl. To do that, he must first... "Hack Into The Mainframe." Chicken-and-egg. He gonna have to cheat with Paypal, check, or money order. Haha.

Btw, thanks for the video as I didn't have that one. Makes a nice demonstration against Chip and PIN for lay persons when they see how easily it was compromised. I particularly like that they secure against use of magstripe by merely asking magstripe if it wants to use magstripe or not. Magstripe says no then C&P is bypassed. Anyone can also manipulate magstripe with ease as that's the exact, fucking attack C&P was meant to stop. I'd say I'm too old to be surprised by screwups like that but this one takes the cake.

Apple still might have the record, though, as one of their old, MacOS, server apps used to authenticate by asking for a username and password. Trivially hacked. The secret? The developers coded it up to ask for, but not actually check, the password. You got admin so long as you entered *a* password. Just hard to, as former programmer, imagine how the hell they didn't notice that they did nothing with the input they asked for. They also believed Mac's were immune to viral infection despite botnets of several hundred. They've deployed Apple Pay, possibly with grander delusions of being a bank, to leverage smartphone market to get cut of financial transactions. Samy should look at it next as their ability to secure a basic protocol was one of their grandest delusions in the past. Should be some low-hanging fruit there today. ;)

@ ScottD, Parker

Check out BitBabbler. It's still my favorite design given redundant implementations of simple, analog components that trust *basic physics*. Buy/monitor it or clone it.

ScottDJune 26, 2016 6:33 PM

@Clive Robinson

The resolution of a fair coin is heads or tails, which is the equivalent of a single binary digit per sample.


In True Random Number Generators about the best resolution you can expect is 12bits per sample. However the more bits you try to get per sample the more you rub against linearity and bias issues.

Very True. Which is why I use a deterministic technique. My paper explains the process how I generate the numbers.

The thing is the world is analog down to the noise floor, and one aspect of that is it is more normally continuous not discontinuous. Thus if you sample to quickly then your sample to sample resolution will be much smaller than the total sample range.

My process addresses the continuity versus discontinuity issue in the conditioning and filtering processes. By using a deterministic process, analog issues such as sampling rates correlated with signal frequencies does not exist as any such issues can be designed out of the algorithm.

This is one of my main issues with the quantum generators. The university based systems talk about how fast they generate numbers. I see the issue analogous to the wagon wheel problem. Watch on old western movie with a horse drawn carriage. The frame rate of the film versus the rotational frequencies of the wheel spokes creates aliasing patterns.

Quantum effects are not infinite. The theory may state so, but the real-world ability to measure and digitize is not. The basis for spectroscopy works on the condition that specific dominant frequencies exist for a given atomic/molecular combination.

Quantum generators work by firing photons at a beam splitter. Whether the photon transmits (a 1 bit) or reflects (a zero bit) is the basis for the randomness. Why a photon chooses one path over the other appears random, and is very difficult to control. Quantum mechanics deals with probabilities of one state versus another, not so much about a specific case (Heisenberg uncertainty). The process can be simply (?) modeled by a finite well process where the Legendre polynomials define the various oscillations within the well. It is actually much more complicated, but my point is that the decision whether the photon reflects or transmits is based on a sum of oscillators defined by a dead mathematician orthonormal series. My technique is doing just that. It is using a dead mathematician orthonormal series, summing a very large number of oscillations, then conditioning the numbers to get a flat uniform distribution. As such the resolution using my technique is 53-bits (64-bit floating point less the exponent and sign bits).

12-bits (usually less) versus 53-bits is a huge difference. For many applications, 12-bits is not adequate. Which is a major argument in favor of my technique.

It's one of the reasons that chip designers use hash functions on the output of their on chip noise sources. Without it their TRNG would have little chance of passing the basic Die Hard tests, with it no problem unless the noise source is truely broken. But as I've said befor hashing is a "magic pixie dust" solution, it does not in any way increase the true entropy of the noise source, only make it look like it has --faux-- entropy.

My technique does not use "magic pixie dust" hashing techniques to make a uniform distribution.

tyrJune 26, 2016 10:11 PM


My favourite story about Armor vehicles is one of
the local reservists was working for Ford when they
took over building armor from Chrysler. He kept up
on his bitching about their corner cuttings on the
vehicle, so instead of fixing it they fired him.
No longer worried about his complaints a bright day
of swindling the troops had dawned.

Unfortunately he found a new job. The nwxt week he
was back at their factory with a clipboard in hand
as the new Inspector from DOD on the contract. He
also had a carefully crafted list of things that
were going to be fixed or they wouldn't get their
money from the job. These looked suspiciously like
all of his bitching about their shortcuts. Like he
said I have to ride one of these into battle so I'm
interested in the workmanship.


I find it quaint that you still believe in nicety
notions about slavery and law and order in the face
of 21st century evidence to the contrary. We have
torture back, debtors prisons back, slavery back,
all pushed by the tools of the oligarchs as the only
possible way to do things. You can bet that Brexit
has every other government in europe trying to find
a way to choke off any foolish notions about democracy
this week.
France is thrilled by the thought of pushing the
Calais mess through the chunnel and then bricking it
shut except for one door where they can pick on
any Albionese foolish enough to wish to visit the EU.

Even better is the road back for England, all they
will have to do is open their borders completely and
give up the pound and start using euros as the first
of many concessions.

Given the long history between the Celts, Picts, and
the invaders, I'm not surprised they tossed a sabot
into the gears of the ruling class. It does seem to
have gotten cousin Daveys attention as he prepares to
decamp with tail between legs.

rJune 26, 2016 10:39 PM

@all the worry warts,


Worry warts are contagious. :)

I found a tandy, and apple][c /w monitor and a 286 /w/ an ISA bnc + 10base2? card tonight. :P

Who has a CGA monitor?

It might even be a 386/486 cuz I see a turbo button on it.

Should I break them down for gold?

WaelJune 26, 2016 10:43 PM


These looked suspiciously like all of his bitching about their shortcuts

Sounds right. There is fairness in this world, after all :)

Wesley ParishJune 27, 2016 5:05 AM

@CallMeLateForSupper, @CallMeLateForSupper, @Wael, @tyr

At the risk of sounding obvious - and thus incurring the wrath and/or jealousy of @ianf - the primary use of air power is glorified artillery.

It looks to me increasingly as if the Military-Industrial-Congressional Complex has forgotten what a contraption like the F-35 is supposed to be used for.

I personally wish the four US forces would grow a pair and do to Lockheed what the US Navy did to Brewster during the mid-forties, and shutter it for complete lack of performance in manufacturing the aircraft they said they would make.

YawningJune 27, 2016 7:05 AM

This Tor dustup is total man bites dog.

CIA weasel trying (or pretending) to go straight finds out he stinks up every place he goes. If a guy with balls did this, he would disclose and denounce some crimes. Instead, this DaveC1 tool lies about his background, then when he gets caught he offers to set up a back-channel with CIA. After threatening a discrimination suit.

This is the kind of dipshit that CIA hires. They recruit manipulative worms. This one has zero integrity, as required, he's just too much of a coward to gain some semblance of bona fides by breaking the rules. He can't talk about anything. Pussy.

Tho possibly relevant to the Jacob-Applebaum-is-a-sexual-predator-and-also-horny-and-mean-too furor:

Clive RobinsonJune 27, 2016 10:27 AM

@ Doc,

Is this really possible?

Simple answer "Yes".

The harder answer is have a look at the way various sound wave imaging systems work.

If you fire off a pulse of acoustic energy it will bounce of hard objects and be absorbed by soft oblects. The resulting complex series of reflections have a time component which can be analysed. If you use a "ranging code" rather than a pulse you can use verious convolving techniques to make a map. If a semi-soft ovbject like a human is in the room and moves the map changes.

Look on it as a variation on the various Wifi "radars". The actual wavelengths involved are within a magnitude of each other.

Nick PJune 27, 2016 10:41 AM

@ Postman

We're discussing it here:

I think it's ridiculous they're mostly CIA/State-funded and claim resistance to subversive, nation states.... but don't wont one CIA person in for image reasons or disruption. What about others on team that dont straight up say they 're CIA? And why they work so hard on donor page to make funding look spread out when it'a mostly US government?

Whole situation is ridiculous with chat logs showing they have zero skill in character assessment or counterintelligence. I bet money they already have a subversive in there given they basically trust who looks and talks like them.

Gerard van VoorenJune 27, 2016 3:05 PM

@ Wesley Parish,

Are you saying you can't handle ianf?

About the JSF/F-35, on there is a lot of detailed information about the plane (costs, development etc). Some is in Dutch but most is in English. That site is my primary source.

You are right when you say "the primary use of air power is glorified artillery."

I noticed that when it comes to the JSF in The Netherlands, it has mostly been dirty politics that brought the plane in. And after all these years the plane still isn't deployed for whatever reason it is this time. The development is a textbook example of how not to design (like the Bradley).

Gerard van VoorenJune 27, 2016 3:12 PM

@ Nick P,

That's the joke of the century. It's like a G.W. Bush campaigner joining the FSF. It doesn't work. What an idiot.

CallMeLateForSupperJune 27, 2016 4:13 PM

@Slime Mold with Mustard

"Everything I read indicates the F-35 concept is congenitally flawed and will never work close to what was promised."

The idea to conceive a single, cutting-edge aircraft and design from it three very different models, was ... er... overly aggressive. But hey, this is America, and history shows that America can do the impossible, given unlimited funds and unlimited time. (Not)

I used to look forward to seeing the extent to which the three models would perform, but recently, when tests were "slid to the right" - i.e. delayed - just to be able to say one or more milestones had been reached, I knew the program was in very serious trouble. I am an old assurance guy, and I've seen the same "put off 'til later" trick tried on a bunch of programs, not one of which did not eventually suffer because of it. A few even failed... as in "cancelled".

Nick PJune 27, 2016 4:29 PM

@ Gerard

No, two jokes. One is as you said. The bigger one is they're mostly funded by the CIA, used by the CIA, have high-bandwidth relays in Washington area, and claim to protect from groups like the CIA. That's all OK. Then, one person wanting to help that self-identifies as CIA, which subversives certainly wouldn't, is declared to be a danger to future and bad for their image. Friggin' hilarious.

As I said on HN, they're failing to deliver on their operational promises if this guy could really do them any damage. Plus, the image thing is hypocritical given the above. Their questioning further shows they're incapable of differentiating friend or foe as well. The guy should've been smarter than to think they'd trust him. Yet, everything about their end of things looks worse to me.

Another reason I don't trust Tor at all to replace old relays, wifi, and cantennas. They're probably already subverted in some way with this level of OPSEC.

JG4June 27, 2016 5:05 PM

Freedom isn't free, but it shouldn't be a giant scam either. I call it the F-35 disaster and I was glad to see someone plug The Pentagon Wars. The root of that is a guy named Boyd and I've posted his biography before.

There was a brilliant spoof article leaking that the Air Force wanted to sell all of the A-10 fleet to buy two F-35's. I don't have the link handy, but it is a gut-splitter if you know any of the history.

The Pentagon's 'Concurrency Myth' Is Now Available In Supercarrier Size
The Concurrency Myth
“Concurrency” is a term in Pentagon parlance that means putting something into production while it’s still in testing, or not even tested really at all. The fruition of this crazy concept is the cumulative result of one of the best sales jobs of all time by defense contractors, an over-eager Department of Defense leadership and a low-information, special-interest obsessed Congress. It has nearly shattered the F-35 Joint Strike Fighter program and now this cancer has migrated to an even more volatile place, aboard America’s $17B next generation supercarrier, the USS Gerald R. Ford.

DetectoristJune 27, 2016 5:54 PM

@JG4 (et al)

"Freedom isn't free, but it shouldn't be a giant scam either."

I thought some of you might be interested in the observations made in the article below. The F-35 along with many other big name systems are discussed.

The Pentagon’s Real Strategy

"These days, lamenting the apparently aimless character of Washington’s military operations in the Greater Middle East has become conventional wisdom among administration critics of every sort. Senator John McCain thunders that “this president has no strategy to successfully reverse the tide of slaughter and mayhem” in that region. Anthony Cordesman of the Center for Strategic and International Studies bemoans the “lack of a viable and public strategy.” Andrew Bacevich suggests that “there is no strategy. None. Zilch.”

After 15 years of grinding war with no obvious end in sight, U.S. military operations certainly deserve such obloquy. But the pundit outrage may be misplaced. Focusing on Washington rather than on distant war zones, it becomes clear that the military establishment does indeed have a strategy, a highly successful one, which is to protect and enhance its own prosperity.

Given this focus, creating and maintaining an effective fighting force becomes a secondary consideration, reflecting a relative disinterest -- remarkable to outsiders -- in the actual business of war, as opposed to the business of raking in dollars for the Pentagon and its industrial and political partners. A key element of the strategy involves seeding the military budget with “development” projects that require little initial outlay but which, down the line, grow irreversibly into massive, immensely profitable production contracts for our weapons-making cartels."

JG4June 27, 2016 6:43 PM

@Doc and Clive

I may have forgotten to mention system identification of rooms in the discussion where I suggested that a network of cellphones can be used to acoustically range to each other to track inter-person distances in a crowd.

Acoustically fingerprinting rooms can achieve a much higher definition if multiple cell phones are used, especially if they move around the rooms.

The topic of one device talking to another also has been discussed, I thought because Bruce posted a recent news article about computer microphones being used to track which TV ads are heard by cell phone users.

I'd like to see some inexpensive systems for spoofing signals to these devices. I haven't been able to locate a good inexpensive microphone with bandwidth beyond 20 KHz. I assume that the transducers on cell phones go well beyond 20 KHz, even if that bandwidth isn't available to the "owner." Monitoring for fugitive probe signals would be a useful exercise.

rJune 27, 2016 9:49 PM

@JG4, Clive and Doc

I believe it is, I seem to recall seeing something about this before but it super escapes me. We already know about the wifi xray techniques but it's not the same thing, anyways...

Think about the various acoustics around your house.

How many of your bathroom's have a slight echo?

Living room's are spacious, I'm sure there's a distinction there between a 'living room' and the 'soft' environment of your bead spread and pillows.

So, yeah I think it's possible but as per it's usefulness?

So I read news while I take a dump, woopee - the only people I'm going to see that helping are the feds waiting for the perfect moment to kick a door in or a robber... BUT in both of those cases the wifi xray/radar and xray radar locale determination techniques render it pretty moot.

Does anyone else have a differing opinion on that assessment?

rJune 27, 2016 9:52 PM


Microphone room fingerprinting may make it easier to pick where to install a video bug.

Clive RobinsonJune 27, 2016 11:18 PM

@ Gerard van Vooren, Nick P,

I would urge people to have "heretical views" on Tor.

After some considerable thought on the matter I've come to the conclusion that Tor's current aims and objectives within their method can in noway be made secure.

Put simply, low latency means a high available bandwidth to required bandwidth, which in turn means high redundancy in both the time and information planes.

This alows an adversary to modulate a traffic signal to make identification detectable.

The fact that the current Tor design has the end points outside the protected network makes this sort of attack almost trivial for an attacker who has upstream control from the endpoints outside of the protected network. This is a fatal fundemental design flaw in the Tor design.

As we know from past "monkey business" with the likes of the Border Gateway Protocol etc by the Chinese amongst others, it is not to difficult for a high level adversary to force endpoint traffic to be rerouted so it goes through their network. Thus they are able to put themselves "upstream" of the end point traffic and modulate it in some way to fingerprint it. This alows other sovereign / state level attackers to get around the US "NOBUS" idea.

As the upstream issue is fundemental to any unprotected network the only real solution is to not have endpoints outside of the protected network. That is what are client and server hosts need to become part of the protected network as active nodes carrying traffic for others as well as for themselves.

However although a necessary first step it alone is insufficient to protect traffic. The actual links between nodes need to be modified as well, and the network also needs store and forward capabilities at each node. These changes bring some extra problems into play which require further modifications.

I won't go through them all but each layer you look at in Tor is wrong from a security asspect in some way. Thus it is always going to remain vulnerable.

But as a general point if your attacker can get to network layers below those you can, they will have an opportunity to perform some kind of attack. As you can not stop these low level attacks you have to mitigate them in some way and it is these foundation level asspects the Tor developers need to be addressing.

It is by the way a point not lost on "The Father of the Web" and the W3C people hence their recent get together on decentralization.

As with the old joke about Microsoft... "If the answer to your security question is Tor then you are asking the wrong question".

ThothJune 28, 2016 12:14 AM

@Clive Robinson
I was labeled a snitch when I recommend not to use TOR recently on the Comparing Messaging Apps comments section :) .

Few seem to think along the lines of how someone spying on a cable or network from a low level point of view would attempt to regulate traffic. What most of the people think is just add encryption and it's magically secure which is false.

One good example of national wide censorship is China's Golden Shield project and there are many articles online on how it works. The center piece being a Deep Packet Inspection engine that attempts to classify connections via pattern matching. The capability to detect different protocols from packet headers to behaviours of packets and payloads are easily tell-tale signs of possible protocols (used by DPI engines).

I will probably save my breathe here. We are essentially repeating the same warnings which few ever pay heed.

Clive RobinsonJune 28, 2016 12:40 AM

@ JG4,

... and now this cancer has migrated to an even more volatile place, aboard America’s $17B next generation supercarrier, the USS Gerald R. Ford.

It's not just a "US Cancer", the UK is suffering from it with it's two next generation carriers... The UK has scrapped it's last aircraft carrier and sold the harrier aircraft and parts to the US for next to nothing. Mean while repeated changes in spec about both the Euro Fighter and the F-35 boondoggles has added years of delay and billions in costs, most of which benifit US MIC interests.

The French have however as is often the case made a decision stuck with it and delivered reasonable results in a reasonable time at a very reasonable price.

The upshot is the UK have come to a deal with the French to share one of their carriers...

All of which might get "541t canned" due to the Brexit vote.

Which might not actually be a bad thing. The Second World War saw the death of naval power by "Battleship". As a result "carrier power" became a "stop gap", which would have ended should the cold war gone hot. The problem is two fold, the first is maned fighter aircraft are a thing of the past in super power level conflict they have been replaced with other technology. Secondly carriers can nolonger be protected, not that they realy could during WWII.

There are anti-ship weapons that are the equivalent of cruise missiles, these have a range that significantly exceeds that of the fighter aircraft on the carriers. But as demonstrated in the First and Second World Wars submarines were the future before the aircraft carrier. The only reason that carriers did not succumb to submarines during WWII was that the Japanese did not have any that were effective. The point was brought home for those who had their eyes open on 2nd May 1982, with the sinking of what was once the USS Phoenix by the UK submarine HMS Conqueror during the Falklands War. Sold to the Argentineans in 1951 the Phoenix was renamed the General Belgrano in 56, and it was sunk by two of a salvo of three conventional Mk8 torpedos that tore off the bow and blew a hole through the stern with the loss of 325 of the 1095 men on board. The third torpedo is believed to have hit the Bouchard --one of two escort vessels-- without exploding.

Submarines can easily get inside a carrier group and get well within conventional torpedo range undetected. Not that they need to these days due to combined concept stand off weapons (torpedo / missile). Should there be another major war with Super Powers taking an active as opposed to proxy part then aircraft carriers will be either on the bottom or compleatly crippled within days of hostilities starting. It is from this knowledge that China knows why it can throw it's weight around in the South China seas with little fear.

tyrJune 28, 2016 1:46 AM

These are not boondoggles they have been renamed
doggleboons to stop the recurrent cries of Insanrty
is doing the same thing over when it didn't work the
first time.

The F111 was supposed to overcome redundancy in buying
aircraft by designing one for all forces. The naval
version was too heavy (without fuel,ordnance, and
avionics) to even sit on a carrier flight deck, it
would punch through because of the wheel loading.

Everybody tools up with the last winners weapons
systems which turn out to be a waste of time and
effort in the next conflict. SF fans already know
what KEW from space can do to any mad claimant to
planetary supremacy. We sold off the F111s to the
third worlders like Australia, sucked the NATO folk
into the F35s and are cleverly building supercarriers.
All in hoping the Japanese will attack Pearl Harbor
again. Meanwhile the loon bands are flooding the ME
with guns money and pissed off people. None of whom
can be threatened with an aircraft carrier. The
only real challengers possible are quietly building
space capability.

You have to make a sub look like seawater to hide it.
nobody has that capability but they still feel safe.
That's when you are most vulnerable when you feel
that you have plugged all of your holes.

@Nick P.

How about developing a message that encrypts itself
upon delivery and throws away the key making it an
ephemeral item unless someone wants to use massive
resources to decrypt the idle chatter in it?

Clive RobinsonJune 28, 2016 3:42 AM

@ r, Doc, JG4,

Does anyone else have a differing opinion on that assessment?

I suspect the answer is yes... the reason being the old one of "New ideas have new uses even the inventors did not think of".

One area you did not mention is evidentiary. In that audio and video recordings would be "location tagged" by the actual characteristics of the audio in the recording not by any hidden but modifiable meta data in the case of digital files etc.

Thus think of it as a potential forensic tool, additional to the use of "background mains hum" in audio recordings to directly place the time the recordings were made and if any editing had been done.

Wesley ParishJune 28, 2016 4:00 AM

@Gerard van Vooren

Ah, @ianf! at times he hits the nail right on the head, at other times it's his thumb!

The F-35 is looking increasingly like a Potemkin Village.

MichaelJune 28, 2016 4:18 AM

@ Nick P, "Another reason I don't trust Tor at all to replace old relays, wifi, and cantennas. They're probably already subverted in some way with this level of OPSEC."

What would you use? the same could be said about GSM and electronic switches. You need to be connected to something.

Clive RobinsonJune 28, 2016 4:28 AM

@ Thoth,

I will probably save my breathe here. We are essentially repeating the same warnings which few ever pay heed.

Not only do they rarely listen, they will later either deny you told them, or say you got it wrong, or did not express it clearly, or in some other way blaim you.

I have to abiding rules when somebody tells me something new,

1) Is it self consistant.
2) Do the laws of physics alow it.

Even if the first answer is "no" but the second to parts of it are "yes" I go to rule number three,

3) Can I make it consistant and practical.

The answer is usually "yes" if there is even a nugget of truth in it. Oh and often I can do it better as well ;-)

I don't know if you remember back to the time of the first news about the building of that NSA place in Utah? But Bruce was having difficulty getting his mind to accept the idea of "collect it all" and in effect asked if it was technicaly possible. That thread makes interesting reading even today.

And as I've said before I suspect that some in the likes of the NSA TAO, GCHQ etc read this blog. Because ideas that get discussed here have a habit later of being found to have been used by them but not befor the timeline of this blog...

MichaelJune 28, 2016 4:49 AM

@ Clive Robinson, " Because ideas that get discussed here have a habit later of being found to have been used by them but not befor the timeline of this blog... "

But how would you know that unless they declass'd those bits of information, for the public?

rJune 28, 2016 5:50 AM


Assuming Clive is right: the answer is ... Metadata. :)


Maybe I should've read the paper in the case of location fingerprinting. I was dismissive apparently so thanks for the warning about alabi problems it may present.

JG4June 28, 2016 6:25 AM

@Clive - you have achieved an impressive level of insight into systems. As always, appreciate the high level of discourse. There should be some profitable business models in offering simple countermeasures. The honest guy is stuck between the private-sector criminals and the public-sector criminals.

I think that I said before that it is exceedingly difficult to build a robust system that has sufficient checks and balances to be safely operated by liars, thieves and murderers. The public are a quagmire of cognitive limitations that are easily exploited by charlatans like Clapper, Clinton, Rahm Emmanuel and so many others. You'd hope that your country could do better than an entertaining blowhard mopping the floor with a crusty grafter.

I have a feeling that I posted substantially the same comments on the F-35 disaster previously, but my memory isn't as sharp as it used to be.

from the usual daily compendium at NakedCapitalism

the interesting thing about this is that the NSA have a very large amount of information about the corrupt Chinese officials. For sake of brevity, we can assume that half of them are more dishonest than average. Many of them can be blackmailed by the US.

Clive RobinsonJune 28, 2016 7:23 AM

@ Michael,

But how would you know that unless they declass'd those bits of information, for the public?

You are making the mistake of thinking that their security is so good that it's only by declassification these things become known. If that were the case then we would be living in some kind of suspended animation, where only the IC were making scientific breakthroughs (which they mainly don't).

Think instead, of the IC like serious organised crime, and you are a police officer tasked with finding out about them and their crimes. How do you go about it?

There is a basic principle in forensics called "Locard’s exchange principle",

    A concept that was developed by Dr. Edmond Locard (1877-1966). Locard speculated that every time you make contact with another person, place, or thing, it results in an exchange of physical materials. He believed that no matter where a criminal goes or what a criminal does, by coming into contact with things, a criminal can leave all sorts of evidence, including DNA, fingerprints, footprints, hair, skin cells, blood, bodily fluids, pieces of clothing, fibers and more. At the same time, they will also take something away from the scene with them.

Whilst the above describes tangible physical objects, the principle easily extends to intangible information objects. The reason for this is that to store, communicate or use intangible information, it has to be impressed --or modulated-- onto tangible physical objects or their equivalent energy.

There is however something missing from Dr. Locard's idea and that is the effects of aging on contact / trace evidence and by extension those tangible physical objects that information is impressed or modulated on.

That is the most fundamental of our physical laws "The second law of thermodynamics" applies to all evidence,

    It states that the total entropy of an isolated system always increases over time, or remains constant in ideal cases where the system is in a steady state or undergoing a reversible process.

In this case the meaning of entropy is to go from an organised to disorganised state. With physical evidence this means it degrades, rots or disperses usually randomly untill at some point it is indistinguishable in a meaningfull way. Obviously the same applies to information and is commonly called "Bit Rot".

Further there is the generalised uncertainty principle derived from,

    Heisenberg's uncertainty principle, is any of a variety of mathematical inequalities asserting a fundamental limit to the precision with which certain pairs of physical properties of a particle, known as complementary variables, such as position x and momentum p, can be known.

Mixed in with "the observer effect",

    The observer effect refers to changes that the act of observation will make on a phenomenon being observed. This is often the result of instruments that, which by necessity, alter the state of what they measure in some manner, giving rise to a limit on what is measurable.

Frequently we incorectly lump all of this together and talk about "being in the grass" or "below the noise floor" when it comes to signals and measurment. This can give rise to a false notion that things do not degrade with time and distance, or that we could know everthing to know about something if "we could just get rid of the random noise".

Thus within the limits above and sufficient resources any human activity can become known with it's accuracy dependent on time and distance.

So when the TAO or equivalent access a system two things happen,

1) Their access activities leave observable traces.
2) The targets of their activities leave traces on the TAO etc that likewise can be observable.

As we found with certain sophisticated malware, it does get observed and it often does get recorded and made available to others. Think about the AV upload sites where suspicious code gets deposited and may at some point be analysed.

We can tell from the upload timestamps etc approximately when such malware was used by the IC and from other metadata draw conclusions about the IC's "methods and sorces".

As was once observed "Information longs to be free" and the likes of the TAO were starting to wake upto that a while prior to the releases of information by Ed Snowden and others.

Like it was a shock to the NSA just how quickly civil / academic crypto caught up and in some cases surpassed their abilities after DES. It's a shock to the TAO that academic and civil abilities surpasses their abilities and research speed, thus they lag behind and have to play catch up.

However for long term observers of the IC it's fairly well known that they "steal" the IP and efforts of others. The early days of US crypto show that they were happy to do that, likewise the UK GCHQ and MI5 were known to steal the efforts of others.

Outside of the only real research (combinatorics etc) the likes of the NSA, GCHQ do, much if not all there abilities have been vampired from others.

Thus another shock for them is the ability for others to analyse the traces they leave behind.

I hope that answers your question.

Clive RobinsonJune 28, 2016 8:08 AM

@ JG4,

I have a feeling that I posted substantially the same comments on the F-35 disaster previously, but my memory isn't as sharp as it used to be.

You may well have done, you fairly frequently dig out links that have good and thought provoking information in them.

I look on my mind as being a "fertile spot" but for a fertile space to be of use it needs to be seeded appropriately and what grows there needs to be tended, nurtured, occasionally pruned before a crop can be harvested.

Even if I had all my time to hunt out links etc, the chances are they would be from searches about things I'm already thinking about. Whilst this can give depth, it rarely gives bredth.

Thus just like Bruce or an investagative journalist my world view is broadened by what others find interesting for various reasons.

As I occasionaly joke "I'm an engineer to curious to be a scientist". There is though a fundemental difference between engineers and scientists. Engineers solve problems that are in front of them, Scientist however look for problems to ask questions about and come up with hypothesisies to test.

The results of the scientific enquiry goes back for the engineers to use and put in their toolbox, thus the relationship is symbiotic.Thus both proffesions have a commonality, perhaps the most important of which is the continuous need for new information to use.

Thus like the cook is dependent on the farmer, and he in turn is dependent on the seed merchant, there is a chain that starts with a seed.

Thus as Newton --supposadly-- said about "standing on the shoulders of giants" I am likewise dependent on those who provide me "with food for thought". So please keep digging out interesting links.

Clive RobinsonJune 28, 2016 8:34 AM

Fake finger prints to overcome bio-metric revocation issues.

I'm realy surprised this idea has taken so long to come forward, it's kind of obvious if you've ever made fake fingerprints (as I did well over a third of a century ago).

I guess the reason is we tend to think of fake fingerprints as weapons of attack not defense.

Any way a Chinese student
Mian Wei, from the Rhode Island School of Design, has created a series of fake fingertips as an end of year project. These fake fingerprints work with the likes of Apple and Android systems. Although generated randomly the fakes are quite happily accepted by the fingerprint authentication schemes. Mian Wei is reported as having contacted a number of manufactures about producing them as a product,

Nick PJune 28, 2016 8:49 AM

@ Michael

"What would you use? the same could be said about GSM and electronic switches. You need to be connected to something."

I didn't say GSM... I said old relays, wifi, and cantennas. The WiFI represents anywhere that has it accessible in some way. The cantennas are homemade, long-range antennas that let you connect to them while being off camera. You pick spots where you won't be disturbed or suspicious but you can see other people who are suspicious (i.e. tracking you). You randomize the spots. Relays are either Internet-connected devices or WiFi nodes that create an extra step required to trace you.

Note: You can also, if low bandwidth, use unlocked GSM phones with hotspot enabled. I recommend WiFi, though.

ThothJune 28, 2016 9:42 AM

@Clive Robinson

"I don't know if you remember back to the time of the first news about the building of that NSA place in Utah? But Bruce was having difficulty getting his mind to accept the idea of "collect it all" and in effect asked if it was technicaly possible. That thread makes interesting reading even today."

I do have a vague memory of it. Turns out that's exactly what the NSA et. al. have been doing. They simply need more space to take in all those social media data.

I guess people learns best when they bump their toe nails against concrete walls. Most people were once skeptical of the idea of privacy and after so many news reports of NSA et. al. involvements and massive leaks about IC activities, people are starting to scratch their heads and sluggishly look around for some convenient and easy privacy solutions for now (although not "fully awake of the reality" yet.

Nick PJune 28, 2016 10:07 AM

@ Clive Robinson

Yeah, a cheap capture card for HD is pretty nice. I was slightly disappointed when I looked at it on HN given I was hoping to see a FPGA project with I.P. for HDMI capture. Another time. Meanwhile, after establishing 0.35 as smallest for inspection, I decided looking around at what FPGA's and RAM could be put on there instead of just processors. The CPU's w/ 4 layers were about 200Mhz for x86, the FPGA's had around 50,000 gates, and DRAM's were 64Mbits. One could do quite a bit with those numbers if sticking to console apps or using it for the TCB subset. Not to mention CPU + FPGA or CPU + HW offload combos. So, a bit more hope.

Nick PJune 28, 2016 11:15 AM

@ All

re VPN's

Someone posted WireGuard to Hacker News with an interesting discussion going on. It's a flexible IPsec alternative that focuses on simplicity, speed, and better crypto. The author is responding to questions. One response indicated the author already mapped out all the states the protocol could be in. I told them I was impressed as that's the step in high-assurance security that protocol implementers rarely due despite its necessity. Plans to write a user-mode version in Rust with possible port back into kernel mode where IPsec and it already are.

Anyone have thoughts on the project?

Gerard van VoorenJune 28, 2016 2:16 PM

The Global Commission on Internet Governance published recently a report named One Internet.

The Future of the Internet Hangs in the Balance

The world is embracing a digital future. The Internet is an intrinsic part of our daily lives. It transcends borders, cultural boundaries, and connects almost half of Earth’s population, yet many of us take it for granted. Within the next five years, an additional one billion new users will join us online—they’ll expect the same digital freedom, security, trustworthiness and accessibility we’re accustomed to. To protect these things, we need to develop effective rules for Internet governance that allow for innovation and economic opportunities without compromising our privacy. By having governments, businesses, the tech community and regular Internet users work together, we can ensure this happens.

Three Possible Futures of the Internet

1. A Dangerous & Broken Cyberspace
2. Uneven & Unequal Gains Stunted Growth
3. Broad, Unprecedented Progress

This report is meant to wake people up like the recent writing and lecture from Cory Doctorow (and the Snowden revelations).

Gerard van VoorenJune 28, 2016 3:00 PM

@ Clive Robinson,

As with the old joke about Microsoft... "If the answer to your security question is Tor then you are asking the wrong question".

At the risk of questioning the obvious: What question should we ask?

Clive RobinsonJune 28, 2016 4:59 PM

@ Gerard van Vooren,

At the risk of questioning the obvious: What question should we ask?

That is the first question, almost any enquiry asks, and the answer depends very much on the outcome you want to achive.

That almost immediatly coughs up the "Why is this enquiry necessary?" and out of site "Who is going to lose by it?"

From an engineering point of view one question that has to be asked is "Why was so much done the wrong way, especially when it has been known to be wrong for a long time?"

Compiling a list would atleast be a start in determining which way to head is the right direction.

Of the mistakes made, the one that sticks out as a real fundemental mistake was the notion that you could somehow have a "covert system" based on some misunderstanding of how Low Probability of Intercept (LPI) works.

So the first real question I would ask is, "On the given that covert activity is not possible in a switched or routed digital network what should be our primary objective?"

I have my own views on this but it would be interesting to hear what other people think it should be and why.

ThothJune 28, 2016 6:16 PM

@Nick P
It would be nice if WireGuard includes something like a DHT P2P IP lookup capability since considering from a user standpoint, most IP addresses issued by ISPs maybe renewed or changed as needed (although there are DynDNS tools) but the better idea is out of the box network discovery via DHT. The DHT table can bind the server public key to a dynamic IP address so that in an even the IP changes, the server would attempt to update the DHT tables of known peers. On a censorship resistant point of view, you can host contents and be very agile when an ISP decides to shut an IP down, you can be on another. A complementary use case would be hosting a web server on a portable RaspberryPi and carrying it along with you while accessing public WiFi network which on one hand you can host it as a personal File Server and on another hand you can host it as a portable personal portal for friends to access securely shared contents even when you are on the move without needing you to republish your IPs.

Nick PJune 28, 2016 7:27 PM

@ Thoth

Funny you mention that because that's what guy at ZeroTier is doing. He chimed in here on that thread. He has VPN + virtual SDR.

ThothJune 28, 2016 7:34 PM

The new robotic Terminator that will terminate all of Humanity if we don't control our desires and thirst for blood, war and other's possessions !!!

The $35 RaspberryPi have once again proofed that something cheap and small should not be looked down upon. An AI system called the ALPHA was loaded onto a $35 RaspberryPi (not sure which version) and managed to defeat it's human opponent (a retired US Air Force pilot) in an air combat dogfight simulator despite the fact the AI system was deliberately nerfed and handicapped during the test aerial combat simulation by deliberately arming the ALPHA system with lesser missiles and missiles that have their ranged shortened while arming the ex-US Air Force pilot with additional intelligence information.

The RaspberryPi is only a small ARM-based CPU not capable of the likes of Intel Xeons and Server/Main Frame grade CPUs right ? But from this report, it proves even a tiny ARM CPU is powerful enough to take out experienced human operators.


ThothJune 28, 2016 7:39 PM

@Nick P
I tried to run OpenVPN on my RPi + FreeBSD setup during a recent holiday trip to allow TLS/VPN but I found that I have to cross hurdles from my router's firewalls and ISPs with dynamic IP address. It's just too much work so I decided to give it up.

Since then I have been trying to find an TLS/VPN that allows dynamic IP and Peer-to-Peer capabilities for re-connecting me to my RPi/FreeBSD/TLS/VPN setup on my DMZ network as I foresee a need to have such an access when I go out for business trips to handle my customers or for holidays.

rJune 28, 2016 9:59 PM


The dht comment you made makes me wonder about maybe passing encrypted data in the blocks. As for your trouble with pass through issues I use Tor specifically for that esp. with the Google/Amazon/Microsoft bridges, while i understand your aversion and reluctance it does have a distinct advantage very similar to hosted bridges like gotomypc. You might be able to control the number of hops manually on both sides too in order to avoid the latency of the traditional 6(total) for accessing a hidden service. It's definitely possible if you enable "early exits" with the .exit option and may avoid considerablely wasted CPU time in doing so. Also, aside from the cloud cache collision attack we recently saw vs cloud providers it lowers the risk from cooperation attacks reminiscent of location lavabit.

@JG4, Clive and Doc

Here's another thought on location fingerprinting via acoustics.
Could it be used to enable a greater depth of voice access/security by adding greater depth to the 'challenge' aspect?

rJune 28, 2016 10:46 PM


Edit: I meant coercion attacks, but it obviously covers cooperation, collusion and coercion. So the meaning and intent may not have been lost, as per Clive's comments about not trusting Tor - 'misusing' kind've de-escalates any trust issues registering their current dilemma especially where reducing hops is concerned. While you may still receive attention due to the whole "potential terrorist" angle the lack of signaling and modulation potential should show through your traffic making it pretty obvious you're just trying to avoid firewalls specifically.

I've been considering donating to them specifically because of the hosted bridges, I've found them amazingly useful for what I use them for.

But again, as per Clive's comment regarding Tor... It's should be considered a sort've redundant observation even if stressing it is required: if you keep all of your eggs in one basket... yadda yadda yadda.


ThothJune 29, 2016 1:33 AM

Another reason for not using Tor if you noticed in my post is I have to "travel and deal with customers". That means I need to access corporate network as well and IDS on corporate network would trip of I use Tor to fetch company documents. Tor is not going to work when I need something I can use for home DMZ and office network since it is a chore managing and setting them up.

ThothJune 29, 2016 3:18 AM

@Nick P, Clive Robinson, Wael
A Pretty Verifiable Boot via External Secure Element with Secure Input and Display

I need your advises on this one as i am finding some difficulties getting TPM enabled laptop on open hardware Librem laptops. Librem laptops attempts to use hardware that have open source BIOS and drivers while building their laptops and tablets. I find the specificationw good and initially the Librem laptops promise to ship with TPM v2.0 installed for secure boot. Recently, the v2.0 TPM mysteriously disappear from their specifications and I find it strange and tried to contact them but to no avail.

Accepting the fact that some systems would not have TPM available, here is a verifiable boot scheme I came up with for the following constraints listed:
- no TPM
- editable GRUB or bootmanager
- malicious actors may exist at anytime
- installed OS image uses open source OSes

- Use a very strong crypto hash (SHA512)
- Secure Elememt device uses a smart card chip with an integrated secure display and buttons
- Modified Verifiable GRUB

This scheme called the Pretty Verifiable Boot (PVB) would use a combination of techniques to try and verify the boot. High anti-assurance techniques like hardware backdoor are not taken into consideration. What is needed is commonly available materials and tecjniques with low entry levels and comvenience.

How PVB works is it hashes the drivers, OS image, user workspace, PVB config file and other user defined files in a fix sequence and a general Merkle Tree hash is generated over the branch hashes in a fix sequence. For convenience the sequence are recorded into the PVB config file. The hash final hash is stored into the external secure device for comparison later on.

During setup phase, the user would use a modified GRUB at boot phase of the OS to setup the Merkle Tree and PVB variables. The Merkle Tree result would be sent to the secure device and the secure device would display a session authentication code on it's own screen. The laptop screen will also have a corresponding code to authenticate the encrypted session channel. The user validates both sides of the codes visually and then enters his device PIN code to store the Merkle Tree hash and an integer value regarding the amount on how many files require hashing and confirm the setup.

During bootup of the OS, the PVB config would be read into the GRUB and the sequence of which files to hash first would proceed. Every file being hashed would be submitted to the secure device. The secure device would expect a fix amount of file hashes to be submitted as per specified during the setup. The final Merkle Tree hash would be derived within the secure device and matched against the stored Merkle Tree hash. If the amount of files or the Merkle Tree hash doesn't match up, the booting would be refused.

To ensure that the GRUB executes the PVB boot portion, portions of the OS files that are critical should be encrypted by a key stored in the secure device and the critical files are decrypted only of the boot is verified. The user would on the OPSEC side need to ensure the PVB boot takes place during booting of the OS by the fact that during PVB verificstion, the secure device would request for user PIN and comparing of session authentication code for PVB session. If the user notices the OS boots without PVB session, they have to manually reject the boot.

Clive RobinsonJune 29, 2016 3:19 AM

Ataturk Airport Security point Bombing

Yesterday there was a terrorist attack at Turkey's Ataturk International airport in Istanbul (over 60million passengers a year).

From the news it appears the attack initially focused on the departure security checkpoint, with a bomb exploding inside or close to an X-Ray machine.

The numbers of casualties has not yet been confirmed but are around 40 dead and 150 injured.

Apparently three suicide attackers came to the airport departure side by taxis and attacked passengers and police effectively corralled by the departure security checkpoint choke point.

Clive RobinsonJune 29, 2016 4:25 AM

Technology and the CIA

Some readers will find this makes interesting reading, others can spot the bits that are shall we say part of a historical "Image Touch Up".

Historically the CIA was fairly bad at both science and technology having no analysts, researchers or advisors. They had a "Wild Bill" image and purchased what was made for the consumer market by US and European Industry (later Far East) untill into the 1980s. This started to change mainly in response to falling behind their Cold War adversaries and allies, who did have researchers and analysts and drove development for what they needed. Primarily for a number of their allies this was in house then only when demand increased putting stuff out to "trusted partners" in Industry. The CIA went with a much more industry focused approach. Whilst this gave them improved products it did not give them innovation products. It was this that gave the CIA the push for "Venture Capitalism" a model they still use.

Dirk PraetJune 29, 2016 5:28 AM

@ Thoth

Since then I have been trying to find an TLS/VPN that allows dynamic IP and Peer-to-Peer capabilities for re-connecting me to my RPi/FreeBSD/TLS/VPN setup on my DMZ network ...

Perhaps you could contact the Wireguard author about such features ? Looks like a really neat project that could benefit from some additional input.

@ Clive

Re. Ataturk Airport Security point Bombing

From the first looks of it, it would seem that this is an exact copy of the March attack on Brussels airport.

rJune 29, 2016 5:51 AM

@Thoth, Dirk

If you're being blocked by firewalls you're going to either need an adjustable connection technique for both sides of your pipe for the mobility you're after. Direct NAT hole punching won't give you a 100℅ success rate and it's not very polite, I'll admit creating bridges from inside a corporate network to Tor probably isn't kosher either.

If you spin up something in the cloud to act as an HTTPS or SSH tunnel/bridge you still beat the complexity and configuration issues without increasing any issues during your time of need.

There's a reason APT's have been creating pipes over shared instances like Gmail and gdocs, I'd like to believe this is it.

Also, I keep my encrypted /boot and MBR on a micro sdhc.

Take it or leave it, they're just ideas from a lowbie, goodluck.

JG4June 29, 2016 6:06 AM

can't recall if I posted this before

Secret History of Silicon Valley

the term of art is full spectrum dominance. as long as it isn't in the hands of idiots, psychotics, criminals and psychopaths, the world might be safe. the crusty grifter fails 3 out of 4 criteria

WaelJune 29, 2016 6:09 AM


I need your advises on this one...

Start with a sequence diagram that shows which areas are hashed. TPMs are available (on PC Clients) at the very early stages of the boot process. This won't be the case with Smart Catds unless you put the hashing code in the BIOS (however it's implemented.) Then define your state machine and binding between the SC and he system. You'll also need to be able to cryptographically report the state of the system that Na challenger, remote or local. BTW, TPMs don't just "hash"! They measure and "extend" among other primitives that are described in the specifications.

ThothJune 29, 2016 6:31 AM

It's not worth the time for the effort and also not wanting to trigger the IDS system in the corporate network and alerting the boss on Tor usage.

ianfJune 29, 2016 6:57 AM

@ Dirk Praet “From the first looks of it, it would seem that this Atatürk Airport shootout/ bombing is an exact copy of the March attack on Brussels airport.”

The details are scarce yet but it appears to have been inspired by that… the attackers pinpointed the security choke holds intended to prevent smuggling of explosives by suicide bombers.

So what's next? All terminals of major airports that I ever briefly exposed to me delicate scent were always teeming with throngs of passengers departing, arriving, and milling about… thus equally vulnerable to similar type of attacks. We'll see if the Turks (and others) swallow their Islamic (and other) pride, and turn to the Israelis for the know-how of the how to know, when and who.

BTW. Istanbul—as many other metropoles (13M here)—has 3 airports, the other two being used for cheapo lines and secondary regional flights respectively. Whatever security arrangements may have been in place at the signature place, more extensive than at the other two, still proved insufficient to prevent yesterday's mayhem. There's a lesson in it there somewhere, though I suspect that it is easier to make the departure life even more insufferable for passengers, who then will get discouraged from ever flying again, by which the problem eventually will solve itself.

rJune 29, 2016 10:43 AM


Do you have any more resources on properly setting up such an architecture?

I've seen Nick P recommend high assurance subsystems but putting this all together would a nice set of resources for the (cough) average user.


WaelJune 29, 2016 2:42 PM


Do you have any more resources on properly setting up such an architecture?

I wouldn't waste much time on it.

GrauhutJune 29, 2016 8:02 PM

@r,Thoth: Oldschool fart says... nstx/icmptx.

The best things in cybaaa are simple, but do not forget to apply some modding for 27700 compliance :)

And there aint no real p2p in ip address resolution, hen and egg. But there are real stun servers.

ThothJune 29, 2016 11:14 PM

@Wael, Nick P, Clive Robinson
re: Pretty Verifiable Boot

I have created a flow chat linked below while I am using my free time to write a paper on the theoretical side of PVBoot. More flow charts and stuff would be included into my upcoming paper which I will upload onto my website.

The PVBoot flow chart is a little big though :D .


ThothJune 29, 2016 11:21 PM

Yup, there is no real P2P on the IP stack but there is logical P2P (users have to do it on application stack manually) as in the OSI layers.

What I am referring to P2P over TLS/VPN is to have some sort of DHT list of VPN access points and everytime a VPN access point (using the word server does not best describe this approach) changes IP address, it updates the DHT list of other VPN access points close to it and the DHT list propagates just like how Bittorrent nodes work. This will continuously allow rather persistent access even if one IP address is unavailable due to firewalls or whatever that's in between (unless it's a network choke point like ISPs playing the game of whack-a-mole of sorts).

GrauhutJune 30, 2016 3:23 AM

@Thoth: BT is the wrong analogy, think of emule / kademlia.

kadnode --peerfile peers.txt

is the answer, but such networks are bad opsec, to easy to track.

ThothJune 30, 2016 4:55 AM

TLS/VPN is not a good way to hid identity since it is assumed state actors already have the ability to listen on the Internet backbone.

It is more for generic use (not trusting the WiFi provider in the hotel when overseas type of use case) and work use when accessing personal and work stuff when I am overseas meeting clients.

If I want to hide my tracks, I wouldn't be using TLS/VPN as well as these stuff leak too much metadata.

Nick PJune 30, 2016 2:51 PM

@ Thoth

re OpenVPN

Check out ZeroTier. Developer said the core code is actually around 18-20Kloc of C++ with rest depending on what features you use. It's about a virtual, secure switch for the globe that deals with all that crap. Might be worth betaing to see if it fits your use as many parts of it are small enough for stronger analysis and implementation.

re PVB

It's a nice flowchart but the problem is in your threat model. If it's a regular PC, then your root of trust is really starting at the BIOS level. As in, they can try to bug the system to collect the info (hashes) that get passed to the secure device. Once they know them, they can create and send in a new BIOS that just sends those to the secure device. The newer ones are starting to have enough memory to sneak in this kind of code & data, too. So, your scheme if depending on a BIOS they can monitor and inject on is equivalent to just BIOS itself giving the OK.

Worth thinking about. BIOS still needs to be immune to injection or nothing else in system can see the trusted boot phase. Host and peripheral chip firmware are the main risks at software level.

@ Grauhut

Get them to add Fabric to the list as a building block. The related work will show you how good the team is on concept and tech level. I don't know about implementation quality as it's academics making it. Yet, it's one of the older approaches that builds on things that worked to varying degrees. A robust, re-implementation or extension of that might help in many use cases.

Note: Also worth consideration are secure Spread and security-enhanced ZeroMQ. Boeing used byzantine-tolerant variant of secure spread in a higher-security, pub-sub scheme that was badass.

@ All

In case you missed previous comment, I recently found evidence that clean-slate, compatible designs at 0.35 micron node will still be usable day-to-day. They will be compatible with lightweight distro's or alt OS's like Haiku that I can tell. Higher-end shit can still be isolated, diversified, and results mediated to benefit from performance per dollar and watt. Mostly untrusted workloads. Example might be running a full build of a secure toolchain... compilers/linkers to OS to middleware... through an OpenPOWER cluster to run all assurance activities on there. Only if it passes will core analysis run on 0.35u cluster with specific things always tested with rest sampled against OpenPOWER results. Odds of subversion will be low since detection risk is high & main TCB will be checked anyway. Plus, reliable as their shit is, they can't start blaming it on gamma rays and shit. ;)

Note: The linked CPU is probably a custom design which also uses things like out-of-order execution that are risky for real-time or crypto applications. A barely-optimized, standard cell might be quite a bit slower. Yet, my old Pentium 2 w/ 200Mhz and 64MB of RAM kept me programming, gaming, and hacking for quite a while. I'm just hoping an open, six-metal, standard-cell RISC will hit at least that performance.

rJune 30, 2016 5:25 PM


You guys are going to kick my butt for this as it's not directly security related, there's a study (and thread) at slashdot currently about women masquerading vocally as men for tech interviews doing worse than they would have unadulterated.

It hit me, that if this study was done right it may come down to broadcast confidence and language usage characteristics: sort've like how coders show through compiler output comparison.

rJune 30, 2016 5:58 PM

also, that study may imply that's it's possible to identify speakers even through voice changers and other forms of flattening.

ianfJune 30, 2016 6:20 PM

@ rrrrrrrrrr […] “women masquerading vocally as men for tech interviews did worse than had they voices been genuine (un-man-adulterated).”

All it says is that it takes more than timbre of voice to sound like a man, so probably the impression they gave off was subtly confusing as to who they were – the character of the person, not the gender.

ThothJune 30, 2016 6:37 PM

@Nick P
The main problem is BIOS size is very small and squeezing in secure device driver and all that would be a problem unless there is a way for BIOS to sideload a bigger software like the secure device driver stack later on as needed.

BIOS injection is also headache besides the tiny size which is why secure chips keep their ROM or boot codes in the tamper resistant memory to prevent logical or physical tamper whereas normal CPUs don't have such luxury.

I have been reading up in the ZeroTier. Would be going to load my RPi/FreeBSD with one of those soon for experiments.

ThothJune 30, 2016 8:48 PM

Hopefully people (and also nations hoping for UN protection) would realize how fragmented and utterly unreliable the processes of the UN.

China and Russia intends to veto UN resolution for enshrining human rights online (freedom of speech and Internet censorship) as per their usual habits.

Strong and verifiable computational processes should be the key to personal cyber security instead of relying of rules and regulations. The world of the Internet and computers relies on proven physics and not rules and regulations as it's core.


rJuly 1, 2016 8:07 AM


You're using fbsd on a pi?
What's the reasoning behind that, bsd licensed so it's closed source???
My apologies, but I don't see any other advantage in that usage case could you explain please?

@Anyone, Clive, Nick P

With the link Clive posted about Qualcomm trustzone, does that extend to say freescale's impl in something like the 'usb armory' ?

eg. is it relatively vendor agnostic or no?

rrrrrrJuly 1, 2016 8:34 AM


While I realize there's a description of it being a Qualcomm exploit and problem the link to the widevine deployments list Android AND iOS as mobile platforms. It was my understanding that Apple designs their own chips, perhaps showing these trustzone infiltration techniques may have wider exploitable implementations due to cross manufacturer code reuse.

ThothJuly 1, 2016 9:09 AM

FreeBSD/RPi because there is no OpenBSD variants. Take a look at the chart on how much Linux kernel vs. FreeBSD kernel has vulnerabilities and you should know why I went for FreeBSD.

Granted, FreeBSD is not a common go-to OS for most people and thus does not represent a huge market share which means lesser attackers are bothered to attack it but looking at the trend of FreeBSD and Linux, there is a bar graph in both of the webpages and interestingly, the overall gradient for FreeBSD's bar graph is a descending (means lesser exploits and problems overall) whereas Linux has an interesting hump shape (sometimes less and sometimes more exploits).

If you are to sit down and look at the statistics to choose the most suitable OS for your missions, there is a look of things to consider including exploits, usability and many more. I settled on FreeBSD from a bunch of OSes that RPi supports because this OS has an overall low amount of exploits/problems and is more trustworthy than it's Linux and Windows counterparts for deployment on RPi devices.

Also, the availability of familiar GNU tools allows for easier adaptation to FreeBSD from Linux.

P.S. One of the old Computer Science lessons semester project I had when I was much much younger when I was taking my CS diploma, it happens coincidentally that my team (me and another person) was assigned the topic to research on FreeBSD (should be version 6 or 7).


Nick PJuly 1, 2016 12:28 PM

@ Thoth

According to this...

...I think you may not be giving enough credit to how market share might factor in. Numbers are LinuxFreeBSD either 35.9%/0.95% or 96.6%/1.7%. I mean, almost nobody is using, hacking, or filing bug reports for FreeBSD vs Linux. Another factor, which is important, is the amount of features going into Linux vs FreeBSD. A subset of Linux that meets your needs might have similar count if we ignore everything you're not using. What constitutes Linux is pretty huge. Another is that many vendors like Coverity are scanning it for bugs. In a similar vein, I noticed in past year or two is that academics developing bughunting tools usually scan Linux since it's the most popular. Example is Saturn. That one tool, in one run, found 82 leaks in the Linux kernel. What would FreeBSD's numbers look like if academics were focusing on it instead? Probably higher?

So, I don't put too much weight into it. What I do say is FreeBSD team has more conservative approach to developing their OS. They take less chances, take on less cruft, and put stability before features. So, I expect it to have fewer, security issues for that reason. How many fewer are actually there is still an open question. I don't have an unbiased write-up on its code quality.

I did have one on leaked Windows 2000 code showing it was mostly excellent. That went offline with Wayback blocked by robots.txt. Assholes. More interesting, someone pushing Illumos and OpenSolaris pointed out its quality was really high. Sent me this post by a Linux kernel developer saying this:

"The summary of my impression was that I was... surprised. Now I don't claim to be any kind of expert on code per-se. I most certainly have ideas, but I just hack together my ideas however I can dream up that they work, and I have basically zero traditional teaching, so you should really take whatever I say about someone else's code with a grain of salt. Well, anyway, the code, as I saw it, was neat. Real neat. Extremely neat. In fact, I found it painful to read after a while. It was so neatly laid out that I found myself admiring it. It seems to have been built like an aircraft. It has everything that opens and shuts, has code for just about everything I've ever seen considered on a scheduler, and it's all neatly laid out in clean code and even comments. It also appears to have been coded with an awful lot of effort to ensure it's robust and measurable, with checking and tracing elements at every corner. I started to feel a little embarrassed by what we have as our own kernel. The more I looked at the code, the more it felt like it pretty much did everything the Linux kernel has been trying to do for ages. Not only that, but it's built like an aircraft, whereas ours looks like a garage job with duct tape by comparison."

I think that settles any suspicions about Linux's code quality at least. ;)

ThothJuly 1, 2016 7:07 PM

@Nick P
I did give considerations to market shares as I predicted this will happen. I previously mentioned in my post:

"Granted, FreeBSD is not a common go-to OS for most people and thus does not represent a huge market share which means lesser attackers are bothered to attack it..."

There you go. I did weigh on on the fact the numbers maybe due to lesser popularity for FreeBSD as one of the factors previously.

FreeBSD and OpenBSD being more conservative in design is a plus point but overall, the recent amounts of Linux exploits, would you rather pick a Linux kernel on RPi to host your personal VPN server or would you prefer to go FreeBSD with RPi to do the hosting ?

How I wish the other microkernels would have been show ready and those stuff would win hands down (esp. seL4 on ARM-based RPi if it ever existed).

rJuly 1, 2016 7:58 PM

@Thoth, Nick P

There's two other ways comparisons can be made.

The first bring how many holes are introduced by me features vs how many after found within a more stable core.

And second being the comparison of hardening between the two...

I've seen ASLR, W^X and various other isolation strategies compared but, they admittedly were ia64 based. Speaking of W^X, how's that Qualcomm trustzone lookin from your position? Abusing Qualcomm trustzone log strings for fun and profit. YUM.

Wasn't it fbsd that first successfully compiled under clang?

There's been major missteps by both groups within the window he's shown, one was the absolute glorified trust in a single source of raw entropy. I guess I asked in relation to that specifically as it scared the living daylights out of me.
Another issue and I'm foggier on this one was the AMD/Intel system call discrepancy. Scary shit when you're only reading a single system's programming manual but Linux to me seems to have more resources available.

Arch impressed me with their time to patch vs everybody else on something last year. Additionally hardened Gentoo seems (to me) to be the only Linux generally available to the public with every possible protection and the drive to release for slim subsystems like MUSL.

I distinctly remember the days when Google was running fbsd in-house, these days my take is they're no longer involved?

But please, I'm here to listen and learn and you guys seem pretty smart. So if I'm wrong correct me, it means alot.

ThothJuly 1, 2016 7:58 PM

The ARM TrustZone is a design concept and IP sold by ARM and it depends on the implementor.

FreeScale likely uses a different TEE-OS. The exploit depends heavily on whoever wrote the TEE-OS and how much they comply to the TrustZone architecture and how carefully they code cut.

Qualcomm is like the Windows of the ARM family of chip manufacturers and thus also explains why Qualcomm's QSEE gets more study time by general public and also have more vulnerabilities discovered.

rJuly 1, 2016 8:00 PM

@Thoth, Nick P

There's two other ways comparisons can be made.

The first bring how many holes are introduced by me features vs how many are found within a more stable core.

And second being the comparison of hardening between the two...

I've seen ASLR, W^X and various other isolation strategies compared but, they admittedly were ia64 based. Speaking of W^X, how's that Qualcomm trustzone lookin from your position? Abusing Qualcomm trustzone log strings for fun and profit. YUM.

Wasn't it fbsd that first successfully compiled under clang?

There's been major missteps by both groups within the window he's shown, one was the absolute glorified trust in a single source of raw entropy. I guess I asked in relation to that specifically as it scared the living daylights out of me.
Another issue and I'm foggier on this one was the AMD/Intel system call discrepancy. Scary shit when you're only reading a single system's programming manual but Linux to me seems to have more resources available.

Arch impressed me with their time to patch vs everybody else on something last year. Additionally hardened Gentoo seems (to me) to be the only Linux generally available to the public with every possible protection and the drive to release for slim subsystems like MUSL.

I distinctly remember the days when Google was running fbsd in-house, these days my take is they're no longer involved?

But please, I'm here to listen and learn and you guys seem pretty smart. So if I'm wrong correct me, it means alot.

name.withheld.for.obvious.reasonsJuly 1, 2016 11:06 PM

Have had issues with terms in the modern literature when talking of machine systems that demonstrate cognition, which is mistakenly termed Artificial Intelligence (AI) or Machine Learning (ML).

Initial thoughts suggest some replacement terms; one that is most appropriate for what is consider classic AI (seems Turing is no longer relevant), the term "Machine Cognition" or MC. The problem though is that Turing does not infer cognition, it is too simplistic as to properly quantify or characterize anything I could consider cognition or intelligence.

When the vaunted academics and their crony pundits step far enough away from the Kool-Aid and realize that the hat their describing as AI is owned by the emperor (sans clothes of course), maybe some progress can be made in machine learning systems. Until then, a new thesis is called for when it comes to the hyperbolic use of AI and machine learning.

My preference is to rethink (pun intended) the science of cognition and computing, to more closely resemble what the phrases AI or machine learning infer and define in real terms the described systems. This is important, as autonomous systems will be extended further into the meat-space, both the decision processes and kinetic interfaces of these systems will produce "tangible" affects. We still have no formal definition as to the use of "Drone" systems under the "Law of War" or by statue or international law...yet innocent people are "repeatedly" killed by semi-autonomous systems nearly every day (drone deaths, lawful and "unlawful", has yet to be published by DoD).

If the United States has a "Gun Cultural/Violence" issue, this is truly the first order priority that must be addressed by congress and the courts.

We have automated kills ordered by the government without witness, control, verification, moral piety, or rational about needing gun control, we need drone control.

tyrJuly 2, 2016 7:24 AM


I'd like to see the justification for the drone weapon
of choice. just because there was a big inventory of
tank armor killers, Hellfire doesn't make any sense as
an anti personnel precision weapon for drones unless
you are the defense contractors. Without any debates
on such things it is highly unlikely that the tech
clueless who are in charge are going to suddenly see
rational behaviors as a good idea.


Off Topic

I saw a bit about the northern jet stream crossing the
equator being considered quite anomalous. It struck me
as odd but I haven't dug into circulation patterns for
many years and that mostly stellar stuff. Does anyone
know where to get more information about this ?

ianfJuly 2, 2016 8:17 AM

@ The coquette Wesley Parish makes a splash:

At the risk of sounding obvious - and thus incurring the wrath and/or jealousy of @ianf - the primary use of air power is glorified artillery.

Remind me, when did I ever/ last written of air power or said something in that context… pretend I'm demented.

But since you make such a assertive, surefire statement, I'll have no option but to convey it up the chain to my handlers, so that such as you say displays of overt, crowd-pleasing glorified artillery as, e.g. the Osiraq raid of 1981, or earlier still, equally air-borne, freeing of hostages at Entebbe, won't be attempted [via air power] again.

@ Wael: It'd be interesting how it folds out!

Can you foresee other outcome than KO?

@ Gerard van Vooren “Are you saying you can't handle ianf?

Are you suggesting I'd be ready to/ willing to be handled? If there is any handling to be done here, I'll be the one doing it, am doing it. Also hardcore hetero (Wael: append to ianf_id_array()).

rrrJuly 3, 2016 12:12 PM

@Thoth, (CC: Nick P, all...)

from ycombinator earlier

on the topic of hardening fbsd and hbsd and alternative dependency substitution/compatibility

P. s.
I'm going to have to source alternative trustzone impls, I really feel that Thoth's response didn't comfort me any.

Qualcomm can be sourced from cheap phones, I'm not sure Texas instruments released any tz compatible arm plus I believe they're out of the game. Samsung should be sourceable through used phones as should apple... infineon will require an SBC? what's a cheap one for comparison. who else fabs mods and reprints arm ip?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.