Comments

Clive Robinson September 16, 2016 6:05 PM

@ jon,

Lauri Love loses appeal against US extradition

From the information currently available I suspect that UK
Judge Nina Tempia is living in either “cloud cuckoo land” or atop an ivory tower so high it makes an eagle’s eyrie look sub basment in comparison.

It has become clear via respected institutions that inspect US prison’s that he is very very unlikely to receive any kind of medical help beyond being “stiched up and stuck in solitary” for “his own protection”.

As for the judges assesment of million’s of dollars damage, she is very obviously just parroting the usual FBI type “damage hyperinflation” used to push for “punative sentencing” or “pley barganing”, neither of which is alowed in the UK legal system.

albert September 16, 2016 6:42 PM

“…For at least the past six months, and perhaps longer, the Federation of American Scientists website has been blocked by U.S. Cyber Command. This week it was unblocked….”

See:
https://fas.org/blogs/secrecy/2016/09/fas-blocked-uscc/

FAS was unavailable to DOD employees. FAS has received no explanation so far. They think it was the publishing of classified documents that were available online.

U.S. Cyber Command. Kinda makes ya wonder, do these guys ‘get it’?

Wonder if schneier.com is or was blocked…

. .. . .. — ….

AlanS September 16, 2016 7:08 PM

Link above should read Britain’s Secret Wars.

In fact, between 1918 and 1939, British forces were fighting in Iraq, Sudan, Ireland, Palestine and Aden. In the years after the second world war, British servicemen were fighting in Eritrea, Palestine, French Indochina, Dutch East Indies, Malaya, Egypt, China and Oman. Between 1949 and 1970, the British initiated 34 foreign military interventions. Later came the Falklands, Iraq – four times – Bosnia, Kosovo, Sierra Leone, Afghanistan, Libya and, of course, Operation Banner, the British army’s 38-year deployment to Northern Ireland. For more than a hundred years, not a single year has passed when Britain’s armed forces have not been engaged in military operations somewhere in the world. The British are unique in this respect: the same could not be said of the Americans, the Russians, the French or any other nation. Only the British are perpetually at war.

The Way #749 1/2 September 16, 2016 7:40 PM

@Jon

Comey clearly borrowed some Obama publicists, who told him their secret: make a cheap gesture for helpless naifs while screwing the public in secret. In this case, pretend you give a rat’s ass about naked lady pictures while putting on the gloves for industrial-scale cavity search. The way Comey sees it, Opus Dei wiped out all his identity boundaries, so that’s the way your FBI authorities are going to be with you.

What is this fanatic doing in a secular state?

Craving for Privacy September 16, 2016 8:39 PM

PALO ALTO — Facebook CEO Mark Zuckerberg’s plans to rebuild four homes around his own will form a “compound” and reduce the city’s housing stock, which violates zoning codes and ideal land use, a city advisory board decided Thursday in a project review.
Guess a piece an FBI sanctioned tape isn’t good enough?
http://www.mercurynews.com/2016/09/15/palo-alto-mark-zuckerberg-compound-raises-red-flags-for-city-board/

Didn’t he also buy an island in Hawaii and put up a wall to block the beautiful ocean view?
http://www.dailymail.co.uk/news/article-3665223/This-amazing-ocean-view-brought-Mark-Zuckerberg-Facebook-founder-s-six-foot-wall-100m-Hawaii-retreat-obscures-spectacular-panorama-locals.html

Please add a Facebook Like and Share buttons in honorarium

Rule 41...... September 16, 2016 9:31 PM

How do you think Comey got to be a numerary? Comey had to think big to top his epic Perviam-Serviam when he put FBI to work distributing motivational posters for the Servants of the Paraclete Daycare Center. In 2 weeks on Playpen Comey caused more new rectal fistulas than NAMBLA and the Presidio put together. Even Ratzinger can’t top that.

So now Comey is applying disruptive technology to the extirpanda industry. You used to have to go and confess your every youthful boner to pedo priests but now thanks to Comey there’s an app for that. Now he’ll collect it all with his NITs and sort it out for you and assign you a lap on the beads or 100 years in Supermax or eternal damnation or whatever.

Thoth September 17, 2016 12:37 AM

@Clive Robinson –ONLY–

Chip internal state obfuscation.

There are many methods to ensure security of secret keys stored in a tamper resistant crypto chip. One method is key sharing.

My scenario is I do not want to use paper keys and I need to encrypt the master key be it in key share form or not.

If I use a PBKDF2-SHA-512 to derive a key to encrypt a master key or it’s key share and store them into a smart card, someone who decaps the chip to extract the PBKDF2 key encrypted key could run PBKDF2 for a password to form the KEK to decrypt the master key or key share that the PBKDF2 derived key protects offline.

The use of PBKDF2 is due to smart card hardware being very limited in processing power, speed and resource.

I am thinking if a variety of techniques can be applied to data stored on hardware below to make extracting the wrapped secret harder.

1.) The secret is usually stored on the EEPROM so if I make every sequential 32 byte block of EEPROM data XOR onto each other which would mean if someone decaps uncleanly, it will affect the entire recovery of the wrapped secrets.

2.) The PBKDF2 key derived from password would consult a lookup table of 256 possible 32 byte random data which are created at device setup and the lookup results would be used to driventhe step 1.) De-obfuscation of the entire desired EEPROM data range

The idea is to make it more expensive to dig out the wrapped keys by punishing unclean decaps so that extracting the sensitive encrypted keys or key shares needs a totally clean decap which is known to be a very rare thing as most decaps are not 100% clean. What are your suggestions ?

65535 September 17, 2016 1:41 AM

@ Jon

“Everyone should cover up their laptop webcams right now, says FBI director James Comey”

http://www.independent.co.uk/life-style/gadgets-and-tech/news/everyone-should-cover-up-their-laptop-webcams-right-now-says-fbi-director-james-comey-a7308646.html

Check.

I got it and will advise my small business customers of the issue [black electrical tape over lens].

Now, how about browser finger printing?

I do recommend No Script and Firefox lock-down methods.

What about my legal customers? Do you have any reconditions?

name.withheld.for.obvious.reasons September 17, 2016 3:24 AM

A first run attempt at the EULA for Microsoft Windows, not by way of the agreement (text of the EULA) but to the construct of the agreement entered into (the act of enjoining the agreement, enforcement) using a “good faith” mis-represenation claim.

@Clive Robinson, you might like where I am going with this…

A DRAFT ACTION, MOTION TO PETITION U.S. Federal Court, A CIVIL CLASS ACTION LAWSUIT FOR HARM(S) AND DAMAGE(S) FOR MATERIAL BREACH OF CONTRACT, PRODUCT MIS-REPRESENTATION (possibly criminal fraud), AND FAILURE TO ACT IN “GOOD FAITH” UNDER CONTRACTUAL LAW.

Statement of Claimant
Microsoft violates “Good Faith” efforts respecting customer’s enjoined under existing licensure/product and End User Licensing Agreement(s) via contractual binding(s).

Microsoft’s modifications to the Windows 7 platform, specifically diagnostic and “telemetry” analysis and reporting, represents a material deviation from the original product platform representing a material and tangible delineation from the original product. I cannot in good conscious, as an individual party to the complaint, having purchased Volume Education, Corporate, Small Business, and individually licensed personal editions of Microsoft’s Windows Operating System(s) be subjugated and marginalized by a company that treats customer as a supplicant(s), a muse, a jester, serf, or a subject of Microsoft’s corporate “Royal Court”.

It is understood that Microsoft is “harmonizing” their product offerings and platform which should result in lower operating costs, increased return(s) to shareholder(s), and simplified use of products enabled by Microsoft Operating System platforms. The rejection of the existing customer base by way of “Forcible Upgrades” essentially denies long term customers the projected cost and value of product(s) purchased from Microsoft on multiple levels (personal, SME, and others).

Parties to the Compliant
A consumer class action or a ad-hoc “Community User Group” such as the “Disenfranchised User Group and Organization Under-served by Tyrant(s)”, or DUG-OUT, formulates a response to the action(s) of Microsoft in an attempt to redress grievances. DUG-OUT as a “User Group”, much like the CCC, is formalized for and by professionals from academia, business, the citizenry, NGO’s, and other professional associations consisting of members representing a wide cross section of the network computing industry for the purpose of effectuating redress for specific damage(s) and violation(s) regarding a misrepresentation of “good faith” under existing licensure agreement(s).

Claimant’s Summary of Complaint
As a legitimate “subject” of Microsoft’s “Royal Kingdom”, my petition to the King of Microsoft is a pleading formed from the following claims:

First claim; material changes to Windows 7 operating system and subsequent information disclosure(s) respecting modifications designed, according to Microsoft’s literature, to assist in the transition to the Windows 10 Operating System. Wherein the method of and the conveyance respecting the “upgrade” of existing product(s) did use deceptive language, practices, and procedures to deny or attempt to deny the rights of party to the contract, the customer, refusal. Customers are to be coerced into agreement(s) unwittingly bound to the licensure’s contractual language irrespective of the expressed rights of the customer at, or before, the time of any obligation under said agreement. The licensure attempted by deceit and mis-repsentation, to deny customers ANY contractual rights to said agreement(s), and specifically prior to entering into any binding obligation to the agreement bound customers to the licensure’s agreement.

Second claim; Microsoft’s deliberate product nullification, revocation of the original product purchase and license(s), of Windows 7 respecting only the Volume License, Enterprise edition of Windows 7 thus rendering the Pro and Ultimate versions of the product and license as inferior.

Third claim; Windows 7 License and Product coverage of the version Windows 7 Pro, Ultimate, and Enterprise were covered by a licensing structure which differed from the Home, and Basic/Stater versions that affect both claims one and two.

Given the totality of claims 1-3, claim 4 consists of harm(s) and damage(s) to parties prescribed in which a product represented as an “Operating System” was/is compromised by material changes to the original product(s) and/or license(s) wherein the nature of the change renders the original product/license “useless”.

Maybe someone could “run” with it…

Drone September 17, 2016 4:44 AM

Giant squid was caught camera valuable figure swim among the sea. 24 days morning in the boat mooring field in the Toyama Prefecture, the person who had been that the living giant squid are swimming and fishing is found. Length of the giant squid is about 4m, girth is about 1m, is that the part of the head was swimming quietly towards the seabed.
… Articles of continuation, other news is here!
[TV Asahi news] http://www.tv-asahi.co.jp/ann/

Yeah Google-San, nice translation job. Now everything is Perfectly clear. (Not.)

Never mind… I just want to BITE that yummy squid! Gimmee!

Clive Robinson September 17, 2016 4:52 AM

@ 65535,

What about my legal customers? Do you have any reconditions

Yes I’ve two, both of which I’ve mentioned oh atleast a couple of times 😉

1, “Energy-Gap all systems” that store or process privileged, non-disclosable, confidential or other information that could lead to legal sanction be it criminal or otherwise.

2, “Paper, paper, never data” for all communications –including voice– that involve privileged, non-disclosable, confidential or other information that could lead to legal sanction be it criminal or otherwise.

As the advert says “Simples”.

Only it’s not, working in the equivalent of an all energy SCIF is to put it bluntly not far off being consigned to a padded cell or subterranean dungeon. It is known to have adverse psychological effects, and an all energy SCIF is a not that dissimilar to environments that have been used for mental torture.

Sending information by “paper” is often looked on as an impediment to “efficient working practice”. Further unless you “personaly courier it” yourself you will not know if the document package has been “intercepted” and copied.

Thus your “legal customers” have to make a “risk judjment” on how they run their businnes and it boils down to my old meme of “Efficiency -v- Security” where the security is not just of the information but the practice partners and their customers.

If they do decide to Energy-Gap, there is then the questions of,

3, Blackbag job activities, of subverted insiders or other entities.

This involves not just “data at rest” protection, but “data compartmentilizaton”, “resource access control” and non ICT activities involving Human Resources, work contracts and other layer 9&10 activities.

r September 17, 2016 6:21 AM

Makes you wonder why elephants are elephants and not sycophants doesn’t it?

WHAT is the difference? 🙂 Elephants don’t use electronics.

r September 17, 2016 6:30 AM

Got one even better: because security and the proper implementations there-of IS the elephant in the room.

How’s that for OT? Heffalumps and Woozles, Christopher Robin was CIA.

Clive Robinson September 17, 2016 6:33 AM

@ Name.Withheld…,

There is a problem in that of showing “unacceptable enforced loss”, due to misreprestation by Micro$haft at the time and point of original purchase.

Whilst I don’t like it Micro$hafts original End User Licence Agrement gives them a great deal of latitude. However not when considering “conspiracy to defraud”.

Thus you need to show that the enforced downloading of a new OS and non security related telemetry has caused bot a direct and consequential loss.

One such would be a person who whilst abroad using mobile broadband was unaware Micro$haft was downloading gigabytes of OS in the background without express consent of the computer owner or bill payer for the mobile broadband. There has been a case of a person on holiday in the EU hit with around 10,000USD equivalent and disconection of their phone service because of the Micro$haft behavior.

Being a major / premier OS and Application developer they can not claim ignorance of such an eventuality. Therefor they deliberately ignored warning those involved. All you need is to find sufficient people of this very deliberate and thus conspirital behavior to start a class action.

Clive Robinson September 17, 2016 7:33 AM

Once upon a time there was this comment,

    Whatever the question is… The answer is not Microsoft

Well as some know I’ve bee pointing out the problems with Intel’s IAx86 CISC architecture for some time and the fact they have hit a thermal wall etc that ment they had to go multi-core long befor an equivalent RISC system. Well it appears Apple think so as well and their new A10 outperforms the Intel CISC on a single core basis. Thus others have noticed and started making comment,

http://www.theverge.com/2016/9/16/12939310/iphone-7-a10-fusion-processor-apple-intel-future

Which begs the question of when will the saying change to,

    Whatever the question is… The answer is not WIntel.

Nick P September 17, 2016 1:17 PM

@ All

re DB’s

In a DB thread, I recently discovered a non-SQL, ACID DB I didn’t know about before: Lightning Memory-Mapped Database. The Wikipedia page, if accurate, shows it’s pretty badass alternative to SQLlite. Used in a lot of stuff. Most interesting was a combination of strong integrity and claimed 7Kloc source. That’s within the reach of strong verification if anyone chose to rewrite or improve on it. Smaller, source usually easier to rewrite, too.

re software licensing

I just realized ZeroMQ had an unusual license. They modify LGPL for static linking for commercial adoption. Goal was apparently to keep getting improvements to LGPL part without doing dual-licensing model for corporate uptake. Thoughts on this?

re security schemes

Two I’ve reported here previously for OS-level security are on Github now: SVA and ExpressOS.

re random finds

A survey paper on many attempts at functional languages for hardware. Great survey of various tools for automatic verification of software with descriptions of common approaches, how thorough they are, and so on. It’s dated 2008 so some improvements probably happened since then. A nice paper on Build System Rules and Algorithms for anyone wanting to improve or mess with those. This dissertation gets started on verified toolchain for Java with nice section on related work, verification of abstract interpretation for bytecode, and expansion of CompCert to give it SSA with equational, reasoning capability. That last one might be powerful given all the neat things in hardware and software verification that use equational reasoning, esp automated ones. Finally, an old paper from 1997 shows how to verify embedded systems for real-time, etc using multi-way, decision graphs of RTL and assembly. Neat idea that might mix with the abstract, state machine stuff I post here.

Extra random ones outside verification follow. I just found the TRAC programming language on the esoteric language wiki. It’s text-base, functional, uses macros, reminiscent of LISP, and ran on a paltry PDP-10. People liking minimal software, esp Figureitout, might like BytePusher: cross-platform, fixed size/speed, sandboxed VM for demoscene that requires 100 lines of C to implement. If its dependencies are manageable, might be a candidate for implementation in the visually-inspectable nodes in a HDL or HLS tool. Finally, end with a nice parody startup that mocks Silicon Valley’s increasing ridiculousness. 🙂

ab praeceptis September 17, 2016 1:45 PM

Clive Robinson

Ad “intel and apple cpus”

I’m bewildered to read that from you, as you, Nick P, and a few others here are the ones who usually think and evaluate properly and on solid intellectual foundations (rather than the usual worthless “me think …” or “me has read …” blabla.

While I’m certainly not a fan of intel nor of the x86 arch., I can’t but note that the “article” you linked to is of very poor quality and is about as much to do with research as a cow is with dancing tango.

WTF is “geekbench”? Its name suggests that it’s a biased “test” by retards for retards. What does it measure? What does “apple phone vs. 5 android phones” tell us about desktop or let alone server performance? Even an undergraduate would immediately have looked for reasons that might explain the “whoooaaa” iphone single core performance; but then, undergraduates, unlike geekbenchers it seems, have been introduced to at least some basics of proper research…

Let’s also not forget the itanium, which, btw. was a very interesting thing in some regards (and, I feel, undeservedly frowned upon). It was from intel themselves and it had mighty hp behind it … and died.
I certainly don’t need to remind you of DECs alpha.

While I wouldn’t call many of todays “risc” cores true risc but rather “a bunch of risc cores plus a load of diverse engines” I do agree with you that risc is the future whereas cisc is an iron ball chained to our feet.

Look, for instance, at the atomicity problem, which still is a very ugly and cost incurring troublespot. We have good solutions, in theory; some riscs even have quite nice building block implementations in hardware that allow for interesting constructions of fences and the like. intel, of course, offers but a glued on hodge podge but I have yet to see a major hardware corp leaving intel and going risc – except for arm, but then arm offers what they’re looking for, probably most importantly a broad and large manufacturing base, 2nd sources, board support packages, etc.

What “frightens” me most, btw, is not intel but evil corps (microsofts) decisively stumbling and walking toward safe programms. Because this threatens to mean that the dreaded wintel monopoly game is bound to stay. After all it wasn’t intel but evil corp that created the monopoly and kept it alive. democracy at its worst, so to say.

ab praeceptis September 17, 2016 2:34 PM

Nick P

First: Welcome back.

“LMDB” – I know that one since a while and liked it a lot. Until I looked at the source. My take, short version: I you want a really fast small DB (not sql!) lib and safety (in terms of code quality) isn’t your priority, stop looking any further and use LMDB.

Adding verification to it? You must be joking *g

“survey paper” – mixed feelings. On the one hand it’s all but worthless simply because it’s way too old. A lot has happend in the 8 years since then. On the other hand I liked the paper a lot but as an introductory and overview paper for yet unexperienced people. Very nice overview and an attractive first look into the field.

To be constructive (and at the same time demonstrate what I mean by “a lot has happened since then”) I’d like to suggest two tools that are certainly worth the while for people who want to enter the field and wish to get a practically usable take away:

  • Predator. From a group of czech researchers. SMG based (so losely speaking in the group of shape based tools). Big advantage: “automagic verfication”. No math needed. It’s usage is basically the same as compiling (in fact, it is a gcc plugin). Disadvantages: Misses some problems, particularly in mem. safety (pointers etc). Plus a little icky practically as it doesn’t coexist well with current gcc (I occasionally use it for quick first looks and have it in an old ubuntu VM w/gcc 4.8).
    All in all definitely worth a closer look and probably pretty exactly what many people look for. “Click and shoot”
  • VCC (warning: that’s an evilcorp tool). About the best tool I would recommend today for “advanced users”, i.e. people who are not afraid of Hoare triples and some other rather basic math like some predicate logic.
    I myself use it only very rarely due to one of its disadvantages (it runs only on windows) and because, while their approach is very reasonable and sound and particularly considering how simple it’s to use, I don’t trust it for real hardcore verif. (particularly the uglier cases of memory, modularity and boundary related problems).

I know a lot of considerably weaker tools that demand much more from the user. I profoundly dislike evil corp but I recognize and commend: VCC is clear evidence and a very strong argument for them being damn serious about finding ways to create safe, reliable software. I consider VCC to be the almost perfect sweet spot of ease of use and result quality. It also shows that they worked really hard on creating a tool that can actually be used by mortals (which is not the case for virtually all others).

After all, as I preach so often: Our problem is not that software isn’t 100% perfect but that it’s lamentably lousy and poor. VCC is an almost comfortable way for at least somewhat senior developers to create not perfect but quite good and reliable software.

For those who want to know which tool I use I have but an answer most will find ugly: There is none; there is not “the” tool to use. There is only a procedure to follow that requires a set of tools. It starts with proper specification and modelling (no, uml is not spec nor modelling. uml is a disease) and then basically carrying that over into i.a. verif. Concerning the latter I would like to (and am still hoping for) get something from the shape based familiy (which simply looks quite promising) but for the time being I’m sticking to separation logic; lots of work but the only way to nail it down properly and completely.

Again: If you are a sw developer, go and look at VCC right now! I posit that C plus VCC can well reach (and in knowledgeable hands even surpass) Ada with Spark. Now, if that doesn’t wake up the people and gets them interested pretty nothing will.

Slime Mold with Mustard September 17, 2016 2:42 PM

@ Clive Robinson

RE: “Damage Hyperinflation” (Lauri Love case)

In nearly every criminal case reported in the press. I understand the police and prosecutors doing it. They shouldn’t, but the motive is clear. I cannot abide journalists publishing these claims unquestioned.

  1. “seized $3.2 million dollars worth of drugs…” If it were sold one gram at a time: Wholesale value – $600,000.
  2. “enough explosives to level the entire block…” Three pounds of C-4 will bring down an average house if carefully placed.
  3. This list does not end. Anything to burnish that badge and boost that budget.

Nick P September 17, 2016 3:09 PM

@ ab praeceptis

“Adding verification to it? You must be joking *g”

Yeah, the code had mixed reviews even in the wikipedia page. There’s two ways to add verification, though. One is to try to do it directly with some refactoring on top of it. The other, which I’d prefer, is to use the code to understand the algorithms and methods by which it functions as you clean-slate each one in verifiable source. This is how a lot of compiler and OS developers learn where they have some theory plus various projects’ source to get an idea of how to do it themselves. Works in verification space, too, so long as one can make specifications for the specific algorithm(s) in use. Replace what you can’t so long as you’ll still get benefits of project. If you can’t replace and also get benefits, then that project is FUBAR all the way down. Move on.

“On the other hand I liked the paper a lot but as an introductory and overview paper for yet unexperienced people.”

That is exactly what I linked it for. Many of the methods I see in newer papers are variations on the old ones. Learning about them is a useful pre-requisite that either helps directly or just filters out people eager to improve software that had no idea how hard these tools were to build. 😉 Also, it was the only survey paper I found in quick Google. Nothing newer than 2008 that’s this thorough and free. (shrugs) Maybe an opportunity for someone’s Bachelors or Masters thesis there given how important good surveys are. I think they should be done every 2-3 years in this field at the rate of improvements & how essential it is to robust software. In contrast, the hardware people seem to do one or more every year.

“Predator. From a group of czech researchers. ”

“inspired by works on separation logic with higher-order list predicates, but they are now purely graph-based and significantly extended to support various forms of low-level memory manipulation used in system-level code. ” (Predator site)

The excerpt uses terms in the better verification papers I have. Already tells me it’s worth looking at. I appreciate you linking it as these push-button tools are those I evangelize the most. Highest chance of uptake. Also brought SV-COMP to my attention. The results pages were interesting. Maybe more research needed on float verification given nobody got Gold in 2015. Improved in 2016 but was almost nothing for several years.

“VCC (warning: that’s an evilcorp tool)”

I’m well aware of this one: saw it in Verisoft project. I was actually mad that SLAM, VCC, Dafny, etc were made by EvilCorp. They have patents on much of their verified tooling that they might use against a commercial user or competitor. I still regularly give them credit for these where Microsoft Research is doing amazing work on practical, formal verification. They already applied VCC and other stuff to Hyper-V hypervisor. They also extended it to x86 with Vx86 tool. Most recent work combines the VCC stuff with Dafny on specific algorithms for extra verification. ExpressOS I linked to is done like that.

“but for the time being I’m sticking to separation logic; lots of work but the only way to nail it down properly and completely.”

I plan to learn formal logic and verification in hands-on way some time in the future. I know almost all the great work on C-level stuff is using separation logic. I see various users’ opinions in their writings but I’m interested in your take. What resources have you found for bringing beginners into separation logic and with what tools? And, for experienced, what tools are batteries included enough to significantly boost productivity using separation logic with real code?

“Again: If you are a sw developer, go and look at VCC right now! I posit that C plus VCC can well reach (and in knowledgeable hands even surpass) Ada with Spark.”

Maybe on that last part. 😉 I did look VCC up again with great pleasure to find that it’s on Github here. Even better that it’s MIT-licensed. I’m not sure if that avoids patent suit risk if I used it commercially. FOSS should be fine, though. Especially that doesn’t compete with them.

ab praeceptis September 17, 2016 4:11 PM

Nick P

Careful there! I had my reasons to explicitely call them evil corp. Because, you see, no matter what friendly license they offer for VCC, in the end they did it the evil corp way. Let me explain: They basically have 3 layers, namely the front (like VCC), the middle (typically boogey) and the lower one – and that’s where the ugly beast rears its head -> z3. While being among the best solvers/provers it’s license tainted.

Let me quickly jump to the end, first: Ad “Ada/Spark”. Nope, no maybe. Sounds astonishing, I know. But, you see, that’s one of the classical cases of being biased by dogmatized history. We have learned so long that Ada/Spark is the peak that we stopped verifying that. But we should. Spark in the end is glorified and somewhat pimped up H triples. Actually, I more and more tend to think that Ada (-> its strong basis in the Wirth school) is the really solid basis. Simple reason: domain and codomain spec is like breathing. Breathing isn’t the meaning of life but whatever the meaning of life may be, it’s pretty worthless without breathing. If I had to summarize Ada somewhat brutally down I’d say it’s strength is domain spec.
Shape based, diverse extensions to H3, no matter what, it lives or dies with proper domain spec.

I know it’s shocking and it took me a while, too, to grasp that (even more so as I had to jump the evil corp barrier), but in the end it some down to “Ada/Spark has excellent domain spec and something like nice middle class analysis and verif – C, on the other hand, has lamentably lousy domain spec but that can be ironed out by ‘late spec’ in VCC constructs but then it (with VCC, of course) offers considerably better analysis and verif.”. All in all, one can create code in C+VCC that is as solid or even better than Ada/Spark code.
The differentiator is, haha, somewhere entirely else: object orientation (which can contribute to reliability if applied and used properly). That’s why Ada will easily keep its position. C++ is next to not verifiable; it’s too abominable and pervert a beast.

Predator…support various forms of low-level memory manipulation used in system-level code.”

Don’t be mislead! This does not mean that Predator can do what full and extended sep. logic can do. What it means is that graph/shape based approaches were not doing well regarding any memory problems. What the Predator team achieved was to create a tool in that group that could at least spot some mem. related problems. That is noteworthy and a major achievement and that’s why they mention it.
The major point of Predator, however, is about “click and shoot” automagic.

To put it into perspective, one might say that Predator achieves a quite substantial part of what VCC achieves (and way more than all those “cool” hyped after the fact tools like coverity and whatnot) but with an extremely simple interface (basically “predator [gcc options] foo.c”).

In yet other and rather pragmatic words: Predator can quite well – and extremely simple to use – hint you at what source code regions would profit from (quite more work intense) VCC harness. That in itself is very attractive because with all those large code bases one will more often than not hardly afford to harness all code.

Ad “sep. logic tools”: Hard to answer. For one sep. logic has become a somewhat floating term like H triples; it’s continually extended. Moreover the problem is not so much the tool. The problem is a) quite some math (plus new notations) and b) that documentation is all but absent. Take Verifast (the tool I use) for an example. There are tutorials and quite some papers but there is no manual and most of the papers are closer to math papers than to cs papers. Moreover it’s not exactly helpful that every group, of course, strongly focusses on their fields of interest. With sep. logic that’s typically diverse, often indefinitely linked structures, which is quite far away from a normal developers perspective (like “how to make sure that a char array is a) properly allocated accounted and b) used within its boundaries?”).
That’s why I refrained from recommending a tool that is very dear and indispensile to me. It’s hard, it has a very steep learning curve quite few will survive (i.e. not turn away) etc. basically it comes down to being actually used only by its creators, some colleagues in science and some safety obsessed weirdos like myself.

Let me mention a strikingly clear hint: There are 4 “industrial applications” mentioned in the major papers. All of which were actually done by the academic teams themselves. And then there are some (rather rare) papers by actual and real users in the wild (industry, usual airspace and similar sensitive) who boild down to “amazing but way too complicated and demanding”.

Et voilà, there you have why I lauded VCC so much. It’s usable almost for Joe and Marry. Not automagic, one must learn a little and one must think somewhat, but it’s feasible; VCC’s learning curve is a village hill and not a major mountain. I’d say after a weekend of reading and toying around and then some two weeks or so of practice one is good to got in everyday work.

Another thing that I consider very, very important is that VCC offers ways to spec doamin/codomain properties in a rather simple way (through pre/post cond). Of course, those aren’t really proper specs; they don’t replace proper spec and modelling. But in this world where little is spec’d at all and most developers think development begins with hacking away, that’s a valuable thing to have.

Nick P September 17, 2016 4:48 PM

@ ab praeceptis

“They basically have 3 layers…”

Sons of bitches! Extra obvious why they didn’t build on the generic stuff others are using. That would avoid lock-in & aid the competition too much.

“All in all, one can create code in C+VCC that is as solid or even better than Ada/Spark code.”

It’s possible. Enough work above, below, and all around a poor-quality tool can often improve its attributes. It was Astree that clued me in that C safety might reach SPARK’s. It remains to be seen what (a) future C work vs current SPARK will do or (b) future C work vs similar work in SPARK. Remember that SPARK is designed specifically to make verification easy. A specific amount of effort put into C should, in theory, accomplish even more if put into SPARK. Theory is supported a little bit by fact that SPARK had almost no labor behind it versus what goes into C verification but still got more done for quite a while.

So, I’m sure C developments can catch up to or exceed where SPARK is right this moment. I just think they’d get more done had they improved SPARK. Sadly, I also think it’s better for most of them to try to do it in C since Worse is Better effect got it deployed everywhere. It’s vital for C instead of useful like SPARK that’s already in good shape for its domain.

“Major point of Predator…”

Thanks for the explanation. That makes sense. I agree that it might have value as a heuristic for what to focus on. That’s a pattern that shows up in a number of QA tools.

“The problem is a) quite some math (plus new notations) and b) that documentation is all but absent. ”

Shared with a number of things I’ve found. The grant organizations should shift a little funding toward fixing this.

“Take Verifast (the tool I use) for an example.”

BOOM! I knew I’d recognize it. Yeah, Microsoft people love that one. I forgot it used separation logic. Hmm. Will have to look at it again. I’ll need to know separation logic first, though. Quick look at their publications show they’re taking next step of verifying its operation in Coq. That’s good. Also, many specifics in the last paper match what you’re saying in this comment. Appreciate you giving such a detailed evaluation of it and the situation.

“There are 4 “industrial applications” mentioned in the major papers. All of which were actually done by the academic teams themselves. ”

Ouch. Sounds worse than the situation with Rodin toolkit. They at least got their tools and docs in shape enough that a lot of third parties tried it. Still heavy approach vs regular development but enough use to convince more people to try. Seems like next gap for Verifast to bridge.

” very important is that VCC offers ways to spec doamin/codomain properties in a rather simple way (through pre/post cond). Of course, those aren’t really proper specs;”

Quick question. I noticed other projects that do the specs in Z or B because that’s straight-foward for many to learn but code-level verification is manual or weaker tooling. They kind of cheat to avoid having one logic handle abstract and concrete properties. Could something like them be used with VCC as the next step up toward full specs for people that can’t learn heavy stuff?

tyr September 17, 2016 5:18 PM

@Nick P

The unusual liscense is just an attempt to weasel
their way out of something they dislike in the
original. Everybody has a mad scheme that will
not work designed to demean the idea of a
commons available to all. That’s what the whole
IP as property and DRM smoke and mirrors are all
about.(Once I steal it, it is mine, and the law
has to defend my claims against the victims of
the scam.

You can see a highly entertaining tracing of the
historical development by searching for Mark
Blyth on youtube. I will believe corporations
have the same rights as a person when I see one
locked up in jail. They were developed so that
the persons in them could avoid richly deserved
jail terms, so their sudden squeals for personhood
sound like hypocrisy to me.

ab praeceptis September 17, 2016 5:45 PM

Nick P

Ad “VCC and z3”: Now, for the sake of fairness it should be noted that evil corp (albeit almost certainly for other reasons) does offer “boogey” which can be considered to allow for low level (read solver) ignorant upper level layers. Moreover one should note that z3 is a very attractive solver, many tools love to use. To offer a typical example, I know of a verifier that comes with its own (quite capable) solver but clearly states that quite some functionality needs z3. One shouldn’t be too harsh with evil corp for not giving away all the jewels for free.

Unfortunately they are, however, creating a much more grave problem by their what-looks-nice at first sight “free for private and academic use” policy, namely that many companies simply walk away and that engineers longing for proper development need to beg for budgets before they can even start.

Funny sidenote, somewhat related to another question you bring up: Looking closely one will recognize lots of work done for tla+ again in VCC. Smart move, even more so when considering the motivation behind tla+ (as opposed to tla), namely to offer a friendly sugared surface for tla.

Which leads us to that other issue you mentioned (Z, B, etc). Yes and no. To properly answer one can’t but note that the problems in the field already start with “the field” actually being “the fields” (plural). The issue isn’t so much about spec’ing in, say, Rodin (B) or in, say, VCC, i.e. in a spec tool or for a verifier. The issue is modelling.

I sometimes explain it like this: Code is spec, too. Unfortunately though, the “modelling” then is in the product runtime, haha. Real modelling is about tinkering and finally testing and validating and even verifying ones spec.

I may, for instance, spec all day long “var foo \in {1..LIMIT}” (“LIMIT” being some prior def’d constant.) and feel cozy and solid about that – but that’s worth little unless I bring those specs into a model which I then test.
I remember, for the sake of an example, that once I had a large array which for reasons of throwing off cheap attacks I partitioned into multiple regions (say 32). Now, evidently I had to have some (hopefully smart) algorithm implementing and working with that mechanism (e.g. what to do when a regions boundaries overflow?).

To make it short (risking to be boring by repeating holy laws over and over again) : software is the implementation of algorithms <==> those algorithms need to be checked.

That should be quite obvious. Software verifiers don’t (and can’t) check the algorithm; they “merely” check implementation in code. Evidently one is to ask where the implemented algorithms come from and evidently they’d better be properly validated and verified, too, or else we write perfectly safe but mindless (read attackable) code.

That is what it’s about and why “spec” should always be mentioned hand in hand with modelling. Modelling is what it’s about. Spec is merely the act of writing down and specifying algos.

As far as spec per se is concerned, it doesn’t matter too much whether you do it in B or in VCC. Even if it’s not validated you gain a lot, namely proper domains/codomains, limits, etc.

One the other hand (and that’s my perspective), if I have to spec anyway, why not doing it professionally in the first place? Anyway I can reuse my spec for verif, albeit probably somewhat rewritten (syntax transformation between e.g. B and VCC notation).

Moreover – and way more importantly – I achieve the “holy grail”, i.e. a consistent link between model (algo) and code (implementation) plus I get my code verified (e.g. memory problems or type overflows which simply don’t exist in the ideal realm of math).
One can’t hardly stress that enough. Usually one may have a properly spec’d and validated model and then poperly verified code – but nothing assures me the the code really implements the model. That’s what (and why) I call the holy grail.

Finally a short remark ad B etc. being much better documented. Simple reason: Industry needs and loves proper specs. And that’s what they (ab)use e.g. Rodin for. For them those are merely glorified spec tools with the added luxury that, in case your client is picky (mil. med. air traffic etc.) you are prepared to hire a consultant who puts the spec into a proper model and validates and verifies it.
Industry-happy quite directly translates to money-for-docs-available., if alone for the reason that industry needs someone to translate the fightening academic gibberish into language understandable for engineers who need to start right away. Evidence: The (spec obsessed) car industry threw buckets of money at Rodin.

Bob F September 17, 2016 6:10 PM

Black electrical tape prevents the webcam from being used but what about the microphone? I imagine that hacking the mic is far more useful than the camera.

Just Kuzz September 17, 2016 6:55 PM

@Anton Grubitz

Well, yes, BND was denounced. But, the last sentence of the report tells all:

“the government drafted a reform bill for the BND thatnot only legalizes the organization’s actions, but even increases its powers.

This legislative package is scheduled to be adopted this year and will presumably come into effect at the beginning of next year.

Edward Snowden and Andrea Voßhoff have shown that secret services always get close to the edge or even overstep the boundaries of law. Now, the governing coalition wants to extend the law.”

I going to call that phenomenon the “Snowden Effect” which occurs when a government intelligence agency is revealed for vast violations of a country’s laws and human rights. Upon the revelation, the government promulgates new laws making all the violations legal and with a prescription for immunity for any past, present or future infractions, …forever.

In the USA the Snowden Revelations were directly followed by the Snowden Effect with a number of egregious secretive laws passed with no discussion hand crafted by the violators to make everything they do legal with no accountability, forever.

Ditto that for the BND it appears.

The vast corporate surveillance machine patterned on Mr. Zuckers platform worries me because I see the same thing happening: Vast corporate violations of law and human rights, followed by new laws making what they do all legal and unaccountable, written by the corporations.

Because: Security.

John Wayne's Evil Twin September 17, 2016 7:40 PM

@Clive

“Three pounds of C-4 will bring down an average house if carefully placed.”

6 ounces of C-4 and a 5-lb bag of flour will bring down an average house if carefully placed. It’ll be the same house, just a very short house. 😉

But, yeah, in general, LE estimates of explosive power and drug values would lead one to believe that that bong in the evidence room is probably still warm.

Nick P September 17, 2016 7:41 PM

@ tyr

I agree with these. Especially on the corporations. I wish they didn’t exist given the abuse vs benefits.

@ ab praeceptis

“Moreover one should note that z3 is a very attractive solver, many tools love to use. To offer a typical example, I know of a verifier that comes with its own (quite capable) solver but clearly states that quite some functionality needs z3. ”

It’s true but they often do MS-specific tech in their stacks. That increased both applicability and lock-in. The competition often used open tech or at least did plug-in architecture. That’s the context.

That is what it’s about and why “spec” should always be mentioned hand in hand with modelling. Modelling is what it’s about. Spec is merely the act of writing down and specifying algos.”

I agree with verified algorithm to implementation. Far as this, it’s used in the literature as a formal description of what the thing does at a higher abstraction than code itself. It might be the what or how. It’s kind of a loose term covering a broad range of sub-fields or niches.

“Even if it’s not validated you gain a lot, namely proper domains/codomains, limits, etc.”

Yes.

” if I have to spec anyway, why not doing it professionally in the first place?”

You just told a gloom and doom story for the person trying to learn the good tools. That’s why. There’s simpler tools with less learning experience used by Altran/Praxis, etc. They do Z specs, some refinement, and SPARK tied to Z specs for verified code. So, I was curious if easier methods could be tied to VCC as an interim solutions that solved some if not all problems. Then, as professional skill is attained, it could be used instead.

” in case your client is picky (mil. med. air traffic etc.) you are prepared to hire a consultant who puts the spec into a proper model and validates and verifies it.
Industry-happy quite directly translates to money-for-docs-available.”

Ok. You called that one well. Perhaps Verifast team and others with potentially great tooling need to get on advertising it to those industries with paid support that improves them. Might help?

Don September 17, 2016 8:08 PM

@ Thoth

You have written about methods for plausible deniability & rubber hose encryption regards your smart card. I don’t know exactly what they look like, but for passing through checkpoints of some kind what about making the smart card look not like a smart card?
Just so that it can be over looked during a search as being inconsequential. Or, it could be all out designed to resemble something else entirely like a credit card, photo ID or a different kind of ID pass. A childrens game-puzzle piece. The opportunities are many?

Don September 17, 2016 8:12 PM

RE Laurie Love

interesting footnote, he had a HD seized years back encrypted with True Crypt, for which he would not reveal the key . At least they have not prosecuted him for not giving it up.

if TC is broken it may be a case of them pretending they can’t open the HD thus to maintain the secret of TC being in fact broken

ab praeceptis September 17, 2016 8:41 PM

Nick P

“doom and gloom story”? kindly help me out here; I don’t know what that means.

[z3] … MS-specific tech in their stack

Hmm. I happen to have it running on linux. No problems whatsoever. It seems that the problem is a purely legal one (license) in this case. But, disclaimer: I’m in no relation whatsoever with evil corp and don’t know much about them beyond what I happen to fall over in my field (e.g. z3 being used or discovering VCC). So I might be wrong.

[spec] … used in the literature as a formal description of what the thing does at a higher abstraction than code itself. It might be the what or how. It’s kind of a loose term covering a broad range of sub-fields or niches.

I think the reason for that is that we’ve gotten that whole chain wrong in the first place. That’s also what I meant in earlier posts (brutal and impolite summary: “the problem of IT is that is was basically a pure us-american domain and to a large degree still is”). Neither bitching nor praising but merely saying what I observe and conclude. The us-americans, like everyone, have good and bad sides. One classical issue is that they are brutally result (and profit) driven and don’t shy away from fumbling without having wasted any thoughts in advance. Again, that may be positive or negative, depending on the field, but here it clearly is negative.

Pretty much all other engineering related fields were discovered before and hence had a good foundation in intellectual tradition. Not so with IT.

To make it short: One is to ask again a very basic question, namely “what is software creation?”. Among other aspects one will find that it’s a transformation and engineering process whose beginning is a request, usually from someone outside the IT field and talking in his language. Hence, the first task of software creation is to interpret that request, to extract the relevant information, and to communicate together with the architect, bookkeeper, railroad engineer, etc client; the meta language for which quite naturally is math. (or power point for idiots and marketing drones).
At the other end of the software creation process is digital hardware.

Which leads to the next and quite remarkable aspect: We humans are creative and smart but have weaknesses too; e.g. being very precise over huge sets of data points just isn’t something we’re good at. Luckily that just happens to be the strong point of systems, but hardware, unlike ourselves is very inflexible and stupid.

Obviously we should do the thinking and the machines should do verification, even more so as they are the reason for its need (because they are stupid and inflexible). Where we, for instance immediately notice that a cone of icecream with a price tag of -5$ or of 7000$ is evidently erroneous, a cpu will happily march on.

The programming language actually is a very minor and unimportant detail – theoretically. But something else is important about them languages: they became so important because “we” (the guys across the ocean) created them without understanding their role (which among others lead to C and later to C++ making it worse).

That also struck me when we discussed about C vs Ada. Which brings me back to the point you brought up:

The difference (which actually is very small. In the end they all produce an AST) is based largely on putting a role to languages that is a wrong one. Looking correctly, one will find that the real center around which development circles is the human who intellectually works on, combines, and creates mechanisms. Obviously those mechanisms should be specified and validated. That’s the role of spec and modelling. Again that is the pivot point and the center. Programming is but a necessary final transformation step, that, due to diverse reasons, is usually performed in higher level languages. But again, that step only serves to transform the solution into something that is digestible for a system. That’s all. But that’s also something very ugly when and if the chosen language isn’t a good medium.
That, in my minds eye is one of the strong points of Ada, Modula, and Pascal (modulo Borlands idiocies).

As for your question: Oh, if you know and like Ada, you should by all means stick with it and, as you felt to assume, complement that with e.g. B/Rodin (which is a quite useful and good tool). Similarly, don’t worry too much about the spheres of sep. logic (let alone following its every evolutionary move). Spark is a fine tool, too. That’s even more true as sep. logic is, to a certain degree, hunting problem classes that are created by C in the first place. So, why should Spark care about problem classes, one simply doesn’t encounter with Ada?

So, yes, stick with Ada/Spark, if that’s what you know and like. spec/modelling in the area of B/Rodin seems like a good complement to Ada/Spark. You might also want to have a good look at the scandinavian school (Uppaal et al.) as, iirc, B isn’t strong in time related problem domains (they may have worked on that; I don’t track B very closely anymore).

For those who like VCC I’d recommend to have a look at tla+. I personally don’t think too well of it but probably it has evolved and matured and you’ll have the advantage of quite similar notation. In fact, quite a lot of your tla+ spec might be almost copy/pasted into VCC H triples. Also it isn’t to hard to learn.

Don September 17, 2016 9:07 PM

Watch out for ‘Disconnect Search’ also used by Tor browser bundle

for what it’s worth, they used a VPN for connecting to google and other search engines like duck duck go. Obviously readers here will find that quite fallable but it’s ‘something’ for the lay person.
the company appeared to hold up for offering some basic security, seemed reputable

The idea of connecting to duck duck go with a vpn seemed nice. Turns out, they only used the VPN to the other search engines (like google) because ‘duck duck go doesn’t track you’ .
and more recently, it appears they don’t offer connection to any other search engine but duck duck go

Further, they now have a symbol advising they are proudly partnered with Yahoo. WTF ?

Sounds like disconnect is a whole lot of snake oil after all

CarpetCat September 17, 2016 9:12 PM

In light of the late Septemper Tor meating, I offer some links for your perusal:

https://www.buzzfeed.com/josephbernstein/dissent-and-distrust-in-tor-community-following-ja?utm_term=.vmol48v9Ml#.nyE0Jryjv0

More of an unbiased reporting, imho.

https://shiromarieke.github.io/tor
https://www.oneeyedman.net/

Some reports of others leaving and questioning.

https://www.wsws.org/en/articles/2016/08/19/appe-a19.html
Some more news, trust of the site may vary.

All in all, echoing my sentiments. Such odd behavior among people, yet such unexcusable behavior of an institution. Poor Bruce. I wonder how the EFF is doing without Steele. I question how long Tor will employ her services.

ps. If Tor had a fit about a former CIA being hired, why are then not upset about Steele’s husband, the former Pentagon employee? But I guess if you dig too deep, everyone is out. I would be too, after thinking about it. I’m probably not even 7 degrees of Kevin Bacon away. 🙁

My Info September 17, 2016 9:33 PM

Re: ongoing discussion of high assurance

One thing that may not have been mentioned is the use of high assurance software and hardware for various booking and control systems in prisons and jails. (Then there is the commissary and phone system run by Securus Technologies, Inc., which, well, think of a financial system run by prison inmates.)

Escapes are either extremely rare or extremely well covered up. The latter is probably more the case in, say, California, which has an exorbitantly high incarceration rate.

In my worst nightmares I fear some kind of dirty deal being struck between the D.O.J. and the Mob in pursuit of high assurance, where the Mob promises never to allow a D.O.J. prisoner to escape in exchange for a D.O.J. promise to never free a Mob prisoner.

The real problem of course is that we lack a high assurance court system: our courts in the U.S.A. suffer from what I call “the Isaiah problem” in reference to Isaiah 59:14-15.

Ratio September 17, 2016 11:00 PM

@tyr,

The unusual liscense [of ZeroMQ] is just an attempt to weasel their way out of something they dislike in the original. Everybody has a mad scheme that will not work designed to demean the idea of a commons available to all.

Yeah, that must be it. Except, you know, it’s so not. Seriously, have you even read that page?

@Nick P,

You may be interested in skimming the book Social Architecture, which explains the ZeroMQ community in detail, especially the section named How to Capture an Open Source Project in chapter 2.

Clive Robinson September 18, 2016 1:28 AM

@ John Wayne’s Evil Twin, Slime Mould…,

The “Three pounds of C-4” is not my comment, I know that you can bring a house down with a lot lot less than that. It realy depends on how quickly you want it to fall…

Many buildings are in effect designed to be demolished, if it is intentional or not is another issue, but it does save on a lot of costly materials being used, and also significantly reduces construction time. In essence a “core” is designed then the rest of the building effectivly hangs off of it or pushes up against it, but in either case the loadings are designed to balance out at the core. The core however is usually only strong enough to support a small amount of imbalance in the loadings. The example I often use for this is “Think of a stack of pushbike wheels to form a very tall cylinder”. Each wheel is a balance structure with the real strength being the spokes in tension. There is thus not much strength to stop the hub being pushed out of alignment by a force against it. Thus the stack of wheels would colapse down on it’s self under quite light loading. To stop this as you add each aditional wheel you put straps down from the wheel rim to the rim below and ensure they are in sufficient tension to hold the weight of two wheels. Thus you form the outer cylinder, that is also in tension not compression.

Thus you end up with a quite strong but very light structure, where the strength comes from all but the core being in tension. That is if the wind etc pushes against it the straps in tension stop the cylinder bending, buy causing the force to travel along the spokes to the core. Provinding the core is not compressable the building stays up.

Thus even a quite small amount of explosive placed in drill holes on the leeward side of the core from the prevailing wind will have a fatal effect. Because the core gets fractured in a way that makes it ever so slightly compressable. Over time wind induced extra load on the spokes and straps will cause them to “work harden” become brittle and thus snap. The build will thus fall down eventually, as more and more straps and spokes fail.

You can likewise work out which windward straps and spokes to cut, to cause similar workhardening failures.

The same problem can be seen in the individual wire strands that make the massive cables that hold up suspension bridges. As each wire breaks it’s load gets put on other wires that “fail early” and thus the fails cascade slowly at first but ever quicker with time.

The same applies to most structures that are not “over engineered”. But even “over engineered” structures can be made to fail under their own weight in time, you just need a large enough bang to cause sufficient fractures to spread, a bit like a chip in a vehical wind shield.

Thus very little “bang” gets a lot of colapse “eventually”, you just have to be patient.

Which just leaves the question of where and the very nonlinear equation of how much bang gets you how long before “the rot” of stress and work hardening spreads sufficient for the building to fall.

Clive Robinson September 18, 2016 3:26 AM

@ ab praeceptis, Nick P,

Modelling is what it’s about. Spec is merely the act of writing down and specifying algos.

The use of multiple algorithms has “side effects” as the interact with each other. It can be shown that even with simple nonlinear algorithms the interaction is to complex to be modeled, further with many algorithms their interaction can lead to a cusp or similar where the actual values can not be represented on the underlying computer hardware or get treated in a different way in different maths libraries etc. Thus modeling of all but non trivial problems will be incompleate at best.

Thus there is only so far you can go in the “correct by design” game. Thus you get into the law of “power cost increase for fractional improvment game[1].

Thus there will never be a “one tool” or method etc, and those that exist will be imperfect even in their areas of strength.

Thus in the real world we have to accept two things,

1, Perfection is not possible.
2, The pursuit of Perfection has infinite costs attached.

Thus you have to decide what level of imperfection is acceptable at any given cost[2].

[1] The law of “power cost increase for fractional improvment, indicates that at some fractional value the cost increases as a power. Thus if the fraction is 0.9, the cost to go from 90% to 99% costs as much again (twice), to 99.9% three times and so on. The larger the fraction the less the cost to get to a given requirment, however no matter what the cost 100% will not be achived. If the cost doubling fraction is small the project is probably not a good idea unless you are a contractor on “costs plus” payment.

[2] The cost is not just the cost of this project but the cost of aquiring the knowledge etc.

ab praeceptis September 18, 2016 3:56 AM

Clive Robinson

Thus modeling of all but non trivial problems will be incompleate at best.

Uhm, anything that can be programmed can be modelled as well. As I explained, programming itself can be seen as (improper) modelling.

Also, your complexity argument doesn’t hold. a) for the reason mentioned above and b) you seem not to know that we have lemmas (“subroutines”) and complex predicate conglomerates available.

This is no theory. I speak from practical experience. One can model even quite complex multi algo constructs. Of course, some parts have to be brute force checked (e.g. domain exhaustion) but all in all runtime is comparable to interpreted code, i.e. well feasible.

Thus there is only so far you can go in the “correct by design” game

So what? a) we can use an inert property of design, namely the building of properly modelled and verified libararies, b) cost? Tell me, what’s the worth of 100 or even 10 mio human lives? On the other hand, of course, not everything must be completely nailed down. But then, our problem is not that we model and verify too much but that we have only very, very small amounts of properly modelled and verified algos/code.

Thus there will never be a “one tool” or method

Actually, we are getting pretty close. Spec/modelling and verif. are getting closer and closer.

<Thus you have to decide what level of imperfection is acceptable at any given cost

Well observed and I fully agree. However: We can drive the cost very considerably down so as to enable ourselves to have reasonably well designed and verified code not as the extremely expensive and rare exception but, say, as a reasonable and realistic upper level norm (e.g. OS, core libs, etc).

Clive Robinson September 18, 2016 5:05 AM

@ Don,

At least they have not prosecuted him for not giving it up.

The reason for this is that is that at the time Mr Love was detained he had not been investigated in the UK, the raid and gathering of evidence was all based on questionable statments from the US. No attempt to investigate or prosecute Mr Love in the UK was carried out, nor does it appear that in the intervening time any investigation or prosecution has been even considered. Presumably because there is a very real risk it would prejudice the US case for extradition, and thus cause political kick-back.

The hard drive does of course raise a further issue. The US case the judge examined for the extradition hearing is materialy incompleate, in that only when the evidence has been examined can the charges be fixed. That is the judge has been told Mr Love “currently” faces a limited number of charges of a specific type. In theory if he is extradited then further charges could be made, that far exceed anything currently proposed, including the death penalty.

UK and EU law currently prevents extradition for capital punishment and EU human rights legislation has put a cap on “whole life” or greater tarriffs, effectivly setting the maximum tarriff at sentencing to 25years of which parole would normally be considered after 16 years including all time served. The US is currently talking 99+years which would normaly kill any EU extradition. However the “grinning moron” Tony Blair when UK Prime Minister signed a special treaty with the US effectively removing nearly all protections from extradition to the US. So a kind of “They ask, they get, no questions asked, you die there” type arrangement.

It’s not as though there were no objections at the time, a large part of the UK judiciary said it was dangerous and would give rise to false/extorted confessions and all maner of injustices. But Tony “moronic” Blair was on his “modernise justice” crusade which in reality was about saving money no matter what the result, so he signed without question…

As it turns out our current PM Theresa May is no better, if you look up the case of Garry McKinnon, she made changes to the system that suposadly would stop such injustices. However on this it’s first test it’s so far proved to be worse. It will be interesting to see if Amber Rudd MP who it falls to next will just kowtow or grow a pair. Some how I doubt she will do anything other than nod it through to preserve her ministerial position…

Many years ago you could appeal to the House of Lords, and they tended to have a “weather eye” for such cases, see the “Crown -v- Schifren & Gold” case which whilst clearing the defendents, gave rise to the UKs appaling computer misuse act. Which bad as it is, is not as bad as the US legislation and it’s idiotic interpretation the DoJ and FBI put on it.

Jacob September 18, 2016 5:27 AM

@Clive

I wondered if you can share your take on Startcom SSL cert secret purchase by WoSign, and whether you would trust that CA now (please see the first message posted on last week’s squid blog).

Clive Robinson September 18, 2016 7:41 AM

@ Jacob,

I wondered if you can share your take on Startcom SSL cert secret purchase by WoSign,

There are a number of questions that can be asked, and how you would frame the answers depends on how you perceive WoSign.

For instance “Why did WoSign purchase go through in secret?”

One set of potential answers might be understandable for any company not wishing to effect stock prices etc etc, thus appear ligitimate.

But those same answers become suspect due to the reputation of the company involved. Let’s face it it’s sufficiently bad that everything they do is going to raise suspicion with many.

Thus the question you should ask is “Will I have either root certificate in my trust keyring?”. The answer in my case would be no, but then they were not in there prior to the news anyway. For obvious reasons I don’t have the likes of GoDaddy and many others in it either. Even though I do not partake in web based commerce etc.

The simple fact is CA’s are not nor as far as I am concerned have they ever been what I would regards as trustworthy. You only have to read their terms of service agreements to realise they “have no skin in the game” thus no liability for their actions. Which means there is no reason for them to be “duly diligent” in their actions.

Thus in very real terms their “contract” with you is worth rather less than the cost of electricity it you paid to download it…

As far as e-comerce goes, the payment houses should issue certificates to merchants for a direct chain of trust. After all they do have “skin in the game” for both profit and liability. It’s a serious “tell” that they have elected a different way to do business where financial trust is involved…

Jacob September 18, 2016 8:20 AM

@Clive,

I totally agree with you re chain of trust of commerce sites.
However, just realizing now that kernel.org uses Startcom as a CA, which is equivalent to saying that the Chinese government is the CA for the main Linux kernel distribution site, surely doesn’t convey much comfort.
And if you don’t trust the Chinese government, then many other critical dev and free software sites are off limit too.

Clive Robinson September 18, 2016 8:27 AM

@ r,

As I don’t do javascript, I don’t do slashdot (the site software is baddly written as well so zero trust earned by them) I’m assuming it was the LA Police story from a couple of days ago.

The story is odd for a couple of reasons, firstly because apparently the suspect was not technicaly armed at the time. That is he was not in contact with the rifle and due to being in the prone “belly down” position and the rifle a distance from his feet could not have easily or quickly got to it let alone bring it up into the aim or fire off a shot.

Secondly and more surprisingly, apparently the man was “distracted” by the police sufficiently that they could “sneak up” behind the suspect with a physicaly large, quite noisy and slow bomb disposal “Remotely Operated Vehicle” (ROV -often called “wheelbarrows” due to their size, and being RC not autonomous, such devices are not technically robots).

Apparently the RC operator got this slow and noisy behemoth up behind the man in heavy undergrowth and tangled fencing, reached out for the gun, pulled it well away from the man then went back and started to pull fencing down before the man noticed…

Which is all a bit odd, I used to design equipment for ROVs / PIGs / Wheelbarrows and the like. They are most definatly not what you would call stealthy, and many could not work on slopes more than 30degrees let alone move through/over scrub.

All most odd.

Clive Robinson September 18, 2016 8:43 AM

@ Jacob,

… is equivalent to saying that the Chinese government is the CA for the main Linux kernel distribution site…

In theory this should not be a problem, if two certificates are used from two different CA’s and the site owner sets things up the right way.

In practice it sounds like it’s time for a well publicized change of CA and revoking of the old StartCom cert.

Clive Robinson September 18, 2016 9:38 AM

@ JG4,

another “data” visualization

Did you notice that the first info grafic has a few mistakes in it?

Look at Northan Ireland and Ireland predominantly they are Catholic, not Protestant, and in the case of Ireland English is nolonger the language. Then there is Cyprus being Catholic not African-Muslim, as for Malter, since when did it leave medeteranian waters for those of south america 😉

If they are excluded from the “English Speaking” you are left with the Original “Five Eyes”.

Further if you look at Protestant Europe you will see the newer members of the expanded Eye club (with Israel absent but Iceland included).

There are also a few other interesting similarities as well.

r September 18, 2016 12:13 PM

@Clive,

Slashdot works just fine from links, elinks, lynx, w3m. I just posted a comment over there – no javascript required for AC[l]s.

Additionally, I read the latimes article now – and I don’t see what’s fuzzy(?) you’re speaking of. It sounds like they used it for recon, discovered the person laying flat with the gun at his feet – laid out DDDD plan with an objective of recovering the weapon. Employed a lawnmower and cough “trolls” to entertain his irrationality and then stole the gun. Returned shortly later to rip down the fense with the mobot. Your question about the birm-ease quisine though is dilectable, but without pictures I’m just left here chewing on my bit.

Nick P September 18, 2016 12:25 PM

@ Ratio

Several people have recommended that book in past few days. I will read it eventually. Especially given he’s such a smart guy with plenty of experience on that issue and software quality in general.

@ ab praeceptis

“”doom and gloom story”? kindly help me out here; I don’t know what that means.”

You’re cautionary tale about an ordinary developer picking up separation logic and Verifast. That’s pretty gloom and doom versus case studies of them trying to learn Z or Hoare Triples. You also pointed out you can practically feed it to VCC. That versus the backdrop of poorly-documented, very-different tools like Verifast was gloom and doom for adoption probabilities. Hence, me wanting to know about alternatives for such people until learning curve gets fixed.

“”the problem of IT is that is was basically a pure us-american domain and to a large degree still is”). Neither bitching nor praising but merely saying what I observe and conclude. ”

I think you are. The job postings on Hacker News and Monster advertise the same shit tech being used all over from North America to Europe. Same types of posts on methodologies, platforms, stacks, unit testing will save us, etc. Universities on both sides invented better tools and methods. Companies on both sides ignored the better tools outside rare exceptions that usually don’t make a dent. Worse is Better effect won over. I don’t see the difference you’re seeing in tech adoption where it’s U.S. causing these issues. It’s not an American thing. It seems more related to human nature, social factors, and economic cost of legacy rewrites. The foreigners could’ve just as easily adopted Wirth, INRIA, etc in mass with sales creating tooling and library ecosystems for them. They didn’t. You can’t blame our people if everyone wanted and enforced use of the garbage some of them made. Also, SAP is German and probably worse than the other top 10 in terms of legacy lockin vs cost vs benefits (esp flexibility). Most of these countries have crap that’s among top sellers.

“We humans are creative and smart but have weaknesses too; e.g. being very precise over huge sets of data points just isn’t something we’re good at. Luckily that just happens to be the strong point of systems, but hardware, unlike ourselves is very inflexible and stupid.”

Yep. Hence mixing it up where we do what we’re good at and it does what it’s good at.

“Programming is but a necessary final transformation step,”

I thought that at first but disagree now. The best work does top-down and bottom-up. It’s best to start by modeling the hardware so you know what yours specs are can even be expressed on it efficiently. Things like caching, branch prediction, modular arithmetic, floats… aren’t in the human specs. There’s ACL2 and HOL libraries for many of them these days. You’re high level view doesn’t start with them, though. Their constraints dictate certain patterns over others at the lowest levels. So, teams like Verisoft and seL4 did a parallel process where they made the specs and code simultaneously with plenty communication to catch these issues. I agree most work should be in spec but code or hardware isn’t just a final, transformation step. Doing it that way failed a lot of projects.

“That, in my minds eye is one of the strong points of Ada, Modula, and Pascal (modulo Borlands idiocies).”

I agree. Certain languages are designed to make verification easier. So the match is easier. ML was one of first. SPARK is obvious candidate. On C side, Verisoft did C0 subset in HOL to make the matches easier. Hard to imagine verifications would’ve been done with as few problems if they used, say, raw Ada or C.

“So, yes, stick with Ada/Spark”

I don’t use any of them right now. I’m using it as an example since it was the status quo on easily-verified, imperative programming.

“You might also want to have a good look at the scandinavian school (Uppaal et al.) as, iirc, B isn’t strong in time related problem domains ”

Will do. Yeah, lots of them handled timing or concurrency using stuff like SPIN. These days TLA+ is more popular.

“In fact, quite a lot of your tla+ spec might be almost copy/pasted into VCC H triples. Also it isn’t to hard to learn.”

Now that is great news given how popular TLA+ is getting. Especially after Amazon’s report. I’ll see if I can find some TLA+ or VCC users to suggest it to.

“Tell me, what’s the worth of 100 or even 10 mio human lives?”

It doesn’t matter except to you, me, and a tiny percentage of the economy. Since you asked, the value is N for number of lives times $188.36. That’s the average cost of life insurance capped at $250,000. Probably cheaper if we don’t need that much. So, 10 million lives being upper bound of disasters cause by all software… which have actually killed few people in practice… would be $1.88 billion. The rewrite of Solaris into Solaris 10, done by experienced pro’s with basic development, cost almost $200 million. I imagine redoing all the software with VCC etc would cost significantly more than $1.88 billion. So, policy makers and risk managers would answer you’re question as follows: “A hell of a lot less than the quote on better software.”

Yeah, the world is evil. Human life barely matters. You might be better off determining how much lost tax revenue the 10 million people would represent. Add the average liabilities in lawsuits minus what life insurance would cover. Then show a combo of annotations and static analysis that cost a lot less. They might listen then. Extra emphasis on might.

Decentralization Done Right September 18, 2016 2:13 PM

@CarpetCat – “If Tor had a fit about a former CIA being hired, why are then not upset about…”

The problem with Tor is the capital T. I don’t believe that their motives are sufficiently genuine and wise. Of all people, they should understand the need to take a truly hard line on Decentralization. The idea that there is “The” onion rout(er/ingmethod/etc) instead of a spectrum of sourcecode forks of the implementation and deployment, with many of the most secure ones having no sense of author or contributor identity at all… seems to be the real problem to me.

In my fantasy world where there is an anonymity protocol that I trust and is in widespread use among mere mortals / civilians / etc, the obfuscation routing protocol of my choice would literally have no known, or knowable authors or contributors. (except perhaps some core math algorithms, that should probably also be that way, but perhaps won’t for another century).

I understand that wasn’t optimally eloquently stated, but I think you get my point- The Tor(tm) organization itself is the key aspect of centralization that seems likely to be the long term achilles heel in Tor(tm)’s attempt to succeed with decentralized anonymity protocols/software.

Daniel September 18, 2016 3:43 PM

@Decentralization

Your solution is economically nonviable. Or to be most precise, there is no evidence that such a situation would be economically viable. The heartbleed bug in OpenSSL is proof positive that good cypto implementation is human resource expensive and that very few quality people will work for free.

So I get your point about the irony of a centralized group of people creating decentralized software but until Jesus comes riding back to earth on his dino I don’t see an alternative.

ab praeceptis September 18, 2016 3:55 PM

Nick P

doom and gloom story

Misunderstanding. My question was simply from the non-native Speaker corner, what that term means.

doom and gloom story, 2

As far as I hopefully understood the term: I didn’t say that spec/model/verif is easy to learn. In particular sep. logic is a rather hard nut compared to the rest. That’s why I recommended VCC so happily and somewhat loud. It’s the first solution I know of that is both, a) quite well working and b) within the reach of somewhat experienced developers, the latter being the bright light.

One can hardly overestimate that point because non-verif’d code often actually is “better” than code badly (pseudo) verif’d by someone out of his depth. I call that the “body armour problem”; it’s somewhat akin to some Ada people who coded quite mindlessly and carelessly because, “ya know, Ada is secure!”

And it makes sense. After all evil corp has some ten thousand (??) developers and some gazillion lines of code base. Certainly not all of them are enlighted masters. So evil corp is its own use case.

It’s a very major part of VCC’ value that it’s “easy” or at least within the reach for very many. Similarly I finally see a chance for professors to reasonably teach verif. Even better, due to tla+’s notational similarity, evil corp is clearly going the route towards a all-in-one solution.

same shit tech being used all over from North America to Europe

Yes, certainly. But then I didn’t say that europa is any better (how could it be, being hardly more than a colony…). Neither did I say “all us-americans are stupid as dogs”. Obviously there are very bright us-americans, too, and obviously some of them are in IT. It should be quite clear that my statement was akin to “the Chinese build cheap plunder”; that’s, of course and evidently generalized.

Funny that it’s so hard to be understood on that. Again my issue isn’t to paint us-americans dark – my point is the search for an answer why and how we ended up in this unpleasant situation; and not for political reasons but because usually knowing the causes helps a lot when looking for a repair.

And btw, you might want to look at where the basis for spec/model/verif. comes from. Wirth, Ichbiah, Ocaml, Haskell, Dijkstra

[Programming is but a necessary final transformation step]

There we are talking different things and I do not see to much contradiction. Kindly note that I did not say that compiling is a simple thing! What I said was from a 10.000 feet perspective. Of course there is a steady correspondence between bottom and top. In fact I made myselves enemies for years because I preached that every software developer should have done at least some TTL practice. You certainly remember the days when guys like us built not just boards but even our own “cpus” from TTL. It’s an immense difference between reading about L1/2/3 caches and “smartly” talk BS or having soldered wires to a “carry flag” pin.

Seen from the 10.000 ft perspective, though, programming is but the last step. All the intellectual work has been done and the verif backbone is there, too (prob. taken from spec). I concede that I exaggerate somewhat there but I want to put it into peoples heads that “hacking away” is not the center of software development. This very misconception is the major culprit for the mess we are in today.

As for the rest: I think that we can expect a lot more to come from evil corp. one thing that I expect to sooner or later come is an even tighter connection between tla+ and VCC; it simply begs for it – and not by coincidence I posit. I don’t know (and care) who that man is but it is clear to me that evil corp has a brillant guy behind their undertaking. One of the strengths of their approach is practical usability (the big painful spot of spec/model/verif.). In the end it’s brutally simple: If one wants the armies of coders to write better code one must provide them with tools which are more or less comfortable.

Ad “worth of lives”: I get your point but I simply refuse to submit to that ultra-capitalist abomination of a world-view. Keeping insurance fees low or share value up is not and will never be my motivation. In the center of my universe are human beings.

ab praeceptis September 18, 2016 4:01 PM

Jacob

that the Chinese government is the CA for the main Linux kernel distribution site, surely doesn’t convey much comfort.

Seems to be a subjective thing. For me, for example, the chinese government being behind something certainly conveys no less comfort than a us-american corp. (and the nsa) being behind something.

For me verisign, symantec and similar are the response to the question “Can it get considerably worse than microsoft?”. Obviously it can.

That said, I’m wondering why eff, linux and a plethora of other orgs didn’t yet open up their own “peoples and geeks CA”.

Clive Robinson September 18, 2016 4:02 PM

@ Nick P,

If you do decide to follow up on,

You might also want to have a good look at the scandinavian school (Uppaal et al.)

You need to know that “Uppaal” that is a tool that is around twenty years old, but has been neffectivly neglected for half a decade. It comes from the University of “Uppsala” (so don’t confuse the names)

Uppsala is the fourth largest city in Sweden –but geo-area wise is smaller than my home town, and about the same size as a park just up the road from me– it is just outside of Stockholm and has a realy nice University, with an excelent CompSci department, which I’ve studied in and also given a couple of talks over a decade and a half ago.

Oh only one reason not to go to Sweden that I can remember is the beer and spirits or lack there of. It might have changed but when I was last there beer was at “Central London” prices and unless import not much stronger than root beer but with less flavor (just kidding almost 😉 To buy beer or spirts for home consumption was not that easy, it was only available through “special stores” that were not open very long during the day, and were less inviting than a Russian communist baker before the end of the cold war. The last time I went I took a couple of very decent bottles of 25year old single malt, it was funny how many new friends I made who had never tasted a decent whisky let alone a single malt 😉

Oh and if you like music Stockholm has what seems like hundreds of little clubs in all sorts of odd places around the “old town” (Gamla Stan) and on the mainland to the south of the island (in the less reputable sodermalm area).

All in all it was a realy nice relaxed place when I was there. Oddly the “off season” for hotels was mid summer, I stayed a few times in what you might call “hostels” for their curiosity value . On one occasion in what was once a prison –Langholmen Hostel– to the west of Gamla Stan, and another time on the “red boat” just south of Gamla Stan in Sodermalm.

http://www.slowtravelstockholm.com/historical-stockholm/staying-afloat-stockholms-botels/

If I can find a reason to stay in stockholm without family again, I’d like to try the af Chapman which is named after one of my historic relatives on my mothers side of the family,

https://en.m.wikipedia.org/wiki/Fredrik_Henrik_af_Chapman

There’s a bit more to the story than it shows in wikipedia, handed down through the family but I guess families are supposed to keep their secrets 😉

moz September 18, 2016 5:18 PM

@Clive @Jacob

The fact that kernel.org uses Startcom is almost irrelevant. If they used any other certificate authority, Startcom could still be used to forge the kernel.org certificate. What is wrong is that, even though Startcom seems to be willing to allow certificates it knows are compromised to continue in use, multiple web browser companies are still accepting certificates from Startcom.

Certificate companies are only relevant because Google, Mozilla, Apple and Microsoft accept them. If even just the first two of those disowned Startcom and all similarly compromised cer there would be no problem in real

My Info September 18, 2016 6:11 PM

@SSL cert mafia aka moz

I had no idea the SSL cert business was quite so similar to the New York City concrete cartel. I have that sinking feeling that the only “compromise” here that is really relevant is that Startcom isn’t charging enough money for their certs (in fact they happen to offer a basic cert for free) and their “competitors” would like to charge even more, so out come the kneecap-crackers as usual…

Clive Robinson September 18, 2016 6:25 PM

@ JG4,

I got your double quote reasoning, but not what you suspected, hence my question.

But what I don’t get is this, I suspect the underlying points on the graph are accurate, but why oh why did they not do a better job on the coloured overlays they put on?

If you look at the mistakes nearly all can be corrected with just a little more care with the coloured pencils, nothing more… The corrections would not change the picture sufficiently to cause any issues with the picture they are trying to portray. Thus I can only attribute it to “laziness on their behalf”, which is silly of them.

But as I said looking at the points and where the Five Eyes and later joiners fall definatly tells a tale of it’s own. Effectivly being at the right of center on the graph.

It would be interesting to see what other people might spot as well…

Jim N September 18, 2016 8:11 PM

@ All

Never knew there was a Pulitzer award until WaPo received one for Snowden. Making a name for oneself is a dream of many but a shallow desire at best. When MSM lost public’s trust, what’s an award or two among industry insiders? Having that said, I think Edward Snowden is a traitor.

@ r

“Slashdot works just fine from links, elinks, lynx, w3m. I just posted a comment over there – no javascript required for AC[l]s.”

Yeah I’m reading it just fine. Great site with a good selection of articles and interesting comments section.

Clive Robinson September 18, 2016 10:55 PM

@ r,

It may well do so “if and only if” you are running what it considers to be a “desktop”.

What I said was,

    As I don’t do javascript, I don’t do slashdot (the site software is baddly written as well so zero trust earned by them)

The first part states my choice –for valid reasons– not to use javascript on my “internet device” which is an Android phone.

What happens with slashdot, is a clasic example of programers not talking thus ending up working at cross purposes which is why “the site software is badly written”.

What happens when you hit the “go” key on a URL to their site is, it reads various bits sent, and concludes “Smart phone” and shunts you off to the “mobile site” which then checks for javascript (why I do not know). If you don’t have javascript it puts up a page that says,

    It looks like your browser doesn’t support JavaScript or it is disabled. Please use the desktop site instead.

The page adds a “/?desktop=1” onto the url for the front page of the desktop site, you think “that’s the flag to append” onto the artical URL…

WRONG… Because with actual articles the topics server(s) does not check for the flag prior to diverting you back to the mobile site, so you end up going back to the same error page…

Hence my “baddly written as well so zero trust earned”. That is if they can not get that fundemental function working, why on earth should I trust them to get their other code –that needs javascript enabled– right?

So I don’t do slashdot because they csn not get even the relativly simple coding right.

@ SlashDot programers,

If you work for slashdot’s development or test team how about puting it in for a “bug triage”.

Nick P September 19, 2016 12:11 AM

@ ab praeceptis

“One can hardly overestimate that point because non-verif’d code often actually is “better” than code badly (pseudo) verif’d by someone out of his depth. ”

I hear you on that.

“And btw, you might want to look at where the basis for spec/model/verif. comes from. Wirth, Ichbiah, Ocaml, Haskell, Dijkstra”

Don’t start. I already countered this kind of thing when a German tried it here. I’d start with Hamilton outdoing them all in 60’s in Apollo program and later with 001 Toolkit which did what Euro R&D is trying to do today (AADL etc). I’d also add Bob Barton whose 1950’s vision led to co-invention of software engineering, high-level CPU’s, hardware/software architecture, and first machine (Burroughs B5000) to put it all together plus make billions. That’s just the 1960’s. I can do this shit all day for U.S., UK, Europe, Australia, whatever. I can talk tech with impact or actual stuff built with most utility.

It’s just bullshit, though. Pointless to even start naming names or countries. Reason being they people we name are not representative of their countries. They are exceptions who deserve credit individually or as a team. The countries themselves mostly all failed at big picture of robust software or INFOSEC. So, best to list each team doing good work, what they’re doing, how one might build on them, and encourage all types of people to try. The pissing matches are just wasteful and ultimately inaccurate since they’re over exceptions rather than the rule of countries involved.

“my point is the search for an answer why and how we ended up in this unpleasant situation; and not for political reasons but because usually knowing the causes helps a lot when looking for a repair.”

Now, this is worth asking. I’ve looked for the answer myself over the many years. I think I’ve come pretty close to figuring it out but it’s not simple. All of this is a series of complex systems interacting with much emergent behavior over time. So answer isn’t easy. I probably am missing pieces. I’ll try to put something together for you over next few months in what little time I can spare. Reason being I’ve been wanting to integrate the pieces I’ve learned this year into another big picture presentation. Here’s some highlights:

  1. Richard Gabriel’s Worse is Better essays show that half-assed solutions almost always win over others because they’re just good enough to work. They spread rapidly to take up the market or user base. They then get money or contributions coming in to improve them from halfway to closer to 100% of what they needed. They’re never as good as The Right Thing solutions that take so much longer to create and perfect. Those usually won’t get any acceptance, though, because the others beat them to the punch. This is a critical effect that happened over and over.
  2. All the earliest systems were glorified number crunchers. Nobody knew how hard it would be to create and maintain software. They were clerical things. Only thing they cared about was getting performance up, price down, and eventually backward compatibility. These focus areas would have tragic results.
  3. By 1950’s, people start building abstract languages to use over the ever more powerful computers. Fortran, COBOL, and ALGOL come to mind with LISP 1.5 being brilliant but weird and isolated. Fortran matches the number crunching stuff people do the most. COBOL looks easy enough for business people to write themselves because English requirements and English-looking programs require no thought. 😉 ALGOL is designed by smart people for future requirements of software. It, like COBOL, is complicated. Both might run slower than ASM or Fortran on machines whose users’ priority is fast and cheap.
  4. IBM and Burroughs both compete to build a business mainframe in the 1960’s. IBM spends several billion dollars with thousands of people on theirs that emphasizes integrating prior systems/software (backward compatibility), raw speed, and Fortran + eventual COBOL. Delivered around 1966 I think. Bob Barton’s 1950’s vision for Burroughs B500, delivered in 1963, was a machine that implemented high-level CPU for easy ALGOL compilation, built-in checks for safety at CPU level, OS in high-level ALGOL, code vs data separation, modules for apps, type-checks at runtime for function calls, ability to freeze/fix/restart rogue processes, virtual memory, and multiprocessing later on. Amazing machine so ahead of its time. Both got adopted with the companies selling billions.

  5. Competition was fierce. IBM did many dirty moves to try to eliminate their competitors including what amounted to bribes. They’re also a big defense contractor that previously had a big chunk of the market whose dumb apps could be run on the System/360. I’m not sure exactly what all transpired to give them the big market share but they ended up taking 90%. I already see enough in backward compatibility, speed over everything, and dirty tricks for Worse is Better effect to kick in. Once enough adoption happened, you have a whole ecosystem appearing plus appearance of corporate stability that makes them the default choice for many enterprises.

  6. DEC enters the fray by betting against the mainframes. They make weaker, but cheaper, PDP’s and VAX machines with VMS OS to increase availability of systems. This turned out a good idea with them having First Mover advantage. They become big. The VMS system, led by Dave Cutler, was actually more a Right Thing type of design where they carefully built what they thought engineers would need with extra quality. Led to legendary uptime for OpenVMS. Meanwhile, others worked in the hardware’s tiny constraints to build BCPL, UNIX, and C. UNIX was inspired by MULTICS and CPL by ALGOL in some ways. Yet, BCPL, UNIX, and C chopped off all the safety, maintainability, etc features to get most performance out of their crap hardware. Shared the stuff freely with academics. A half-assed thing that’s fast, free, and meets most of your needs gets more adoption than expensive things that can’t. Whole ecosystem appeared around UNIX and C with many never even seeing better things.

  7. Tired and memory problems make this hazy for me as so much stuff happened. Yet, the microcomputer and personal computer revolution involved all sorts of players. The hardware was again very constrained. The existing ecosystems were BASIC, Pascal, and C. The former two were more educational so C ended up getting most of the action here. Microsoft and Apple each made their moves to get their own thrown-together crap in many people’s hands. New ecosystems formed with even magazines, stores, and so on dedicated to it. Stuff was still simple enough that many started making their own. It was the ladies at (Vector?) I believe that pioneered what eventually became the modern model of PC sales pushing their stuff. The Palo Alto work inspiring it all continued to look amazing with Mesa, Smalltalk, etc. The LISP machines came and went with AI Winter. Two guys, Wirth and Jurg, in an alternate universe used their PDP-11 to build Modula-2 and Lilith in safer, easy-to-compile, fast-to-run language with homebrew computer with HLL CPU. They kept this trend going into the Oberon systems also using this weird hyperlink style of connecting documents and programs that never went anywhere. 😉

  8. At some point, we have shitty-looking Mac and Windows 3.1 systems that are barely desktops. The UNIX workstations are most powerful and reliable but very expensive. DEC’s management ran things into the ground, even pulling Cutler’s Prism project to make mini-VMS servers. Microsoft poached him and his team to clone OpenVMS into a desktop with backware compatibility. Once again, Worse is Better dictates they had to do it in 1-2 years sacrificing quality to gain market share. They delivered Windows NT. It kept getting better and more software with their OEM schemes until it started displacing UNIX workstations and servers. In time frame, Steve Jobs had been fired from Apple, got his shit together, mixed a pile of techs into Next Computers, ignored innovative BeOS with its mind-blowing concurrency, got acquired by Apple, and his NextStep turned into MacOS X.

  9. Let’s pause to mention Intel. They made their 8-bit CPU that was great. They then upgraded it to 16-bit with backward compabitibility and more speed. That made them lots of money. They upgraded again to 386 with same method. Many superior designs existed, some theirs, but market only bought what was backward compabitible, worked with favored (Worse) languages, and had best price/performance. Safety, security, etc weren’t an issue. Intel makes so much cash this way that they actually improve better than superior architectures basically by brute force. Apple eventually switches to them since PPC’s weaker finances can’t help it catch up. There were also OEM tricks and agreements with it and Microsoft that helped that along. 😉 Another design, ARM, got popular in embedded as fab costs went up since it basically had nothing in it. Inherently low power and cost for decent performance. Similar process happened with it where it’s dominant with a full ecosystem. There’s CPU’s that have almost no licensing and without ARM’s royalties but they won’t get bought since ARM is market leader and all ecosystem/tooling is on it due to that.

  10. Web solved problem of easy distribution of data and updates. Initially just documents but people wanted app-like functionality. Like with UNIX, fragmentation everywhere for the good solutions with everyone fighting with each other. A first mover put together a language called JavaScript that sucked but was there. People started using it. Microsoft responded with their own variant designed for lock-in. The feature requirements added overtime for HTML, CSS, and JavaScript increased barrier to entry where fewer browsers were made. Ecosystem effects kick in to make most target the leaders. Standardization eventually happens that they alternatingly ignore or follow. People build on extensions during dot com boom with all sorts of people of low skill able to crank out web pages and basic apps. These need more power, since everyone has a web browser at some point, so people start targeting apps and building apps techs in browser to reach all these people without running installers. Initial web applications + Web 2.0 are born. Barrier to entry goes up to reduce things down to just a few, main engines that start standardizing on main stuff. Happens in mobile, too. Now, the only thing present in every device is a web browser along with all its cruft plus Javascript, Ajax, HTML, CSS, HTML5, etc. Pre-requisite for distribution despite many workarounds like ASM.JS forming.

  11. Somewhere in 8-11 languages were “improving” using same principles. C++ was designed to be compatible with C and have similar syntax to increase odds of adoption. Tried to add features from many better languages no C developer would use. Worked with complexity building over time. Sun dumped massive amounts of money into Java for desktops, applets on web, servers, etc. Gosling joked about trying to make something between C and LISP with more similarities to C or C++ for uptake. Combo of money, marketing, and less friction created Java ecosystem. Microsoft created C#, again similar to C and improved over Java, to start replacing unsafe C++ code with lock-in for them. Perl, Visual Basic 6, and PHP were easy for novices to hack up solutions to common problems. As many more used them, ecosystems developed to have much code and help to use them more. Now, C, C++, Java, C#, and PHP are dominant languages. Awesome thing about HTTP or server apps as a platform is that very little of interface or starter code is necessary to build something useful. So, we have continuous competition with new languages and platforms in this space. So many, actually, that its hard for most to gain lasting momentum. Python, due to significant discipline by its creator, was probably the only scripting language that got mainstream attention that had many “Right Thing” traits.

  12. The DARPA Strategic Computing Initiative, big tech companies, Silicon Valley, and VC’s all threw money at every tech that might be a moon shot. Many of the better ones made enough money to improve themselves to experiment. Many survivors, which were rare, ended up in specific cities like Austin or areas like Silicon Valley where a critical mass of hardened entrepreneurs, investors, senior scientists, and developers existed to dramatically accelerate any project with higher chance of success. That’s why Silicon Valley became what it is and is virtually unclonable even in U.S. unless same, rare, and even ridiculous factors are re-created. The results of all this after so many techs and revolutions are status quos involving legacy mainframes, UNIX/Windows/Mac ecosystems, COBOL/C/C++/Obective-C/Java/C#/PHP dominance in areas where money is, just two phone OS’s with App Stores for lock-in, two social networks, a few browsers that people expect almost all apps to be on for a few dollars, massive numbers of frameworks/libraries for them, and constant churn of code and developers. That almost nobody does research or appreciates veterans… “so last year”… means lessons of past are continually forgotten to be relearned by failure or success.

So, that’s what happened. It happened here with a lot of the tech being adopted outside America. So, similar effects might have happened over there or our tech just improved faster with Worse is Better getting it adopted there, too. I know Clive writes often about UK businesses doing same corner cutting for profit, wanting latest and greatest, and so on. Anyway, the result was many movements with great momentum all running together… diverting or mixing… with collective result having a ton of momentum on tech that sucks in many ways but is very productive and cheap. 😉 Unfortunately, these factors all work against quality and security. So, that still takes a back-seat with even safety- and security-critical industries staying on inferior techs due again to ecosystem effects like talent, code, or hardware availability at certain prices. I’m not saying it’s unbeatable in some way but it’s most uphill battle ever.

Hope that helps you in your quest to understand things. Future write-up will have references for some of above claims.

“You certainly remember the days when guys like us built not just boards but even our own “cpus” from TTL.”

It’s something I plan to do in the future. I worked at a higher level. What I did do was spend time with such people, read literature on it, etc to see an idea of what went into it. Gave me serious appreciation for HW and embedded people. Plus my “magic” tooling. 🙂 It’s past year or so I’ve been delving broadly into hardware lifecycle in digital and analog. Most interesting parts are that analog is still hand-done since machines mostly can’t handle it and that almost every aspect of digital’s tooling is an NP-hard problem working with other NP-hard problems. Amazed at where synthesis and verification are today.

“I concede that I exaggerate somewhat there but I want to put it into peoples heads that “hacking away” is not the center of software development. ”

I’ll agree with that.

“one thing that I expect to sooner or later come is an even tighter connection between tla+ and VCC; it simply begs for it – and not by coincidence I posit. I don’t know (and care) who that man is but it is clear to me that evil corp has a brillant guy behind their undertaking.”

Lol. Do you not know who Butler Lampson and Leslie Lamport are? Or just didn’t know they’ve been working at Microsoft a long time? They, plus MS Research’s usual talent, are the explanation for all the great stuff happening with TLA’s and verification of distributed systems. So, good guess on that part. The main guy behind VCC is Wolfram Schulte. I don’t see an obvious connection in publication summaries where he came from their ASM modeling work, then some protocols, then Spec# for Code Contracts, and eventually VCC. Smart guy. Many useful tools. He could’ve just learned from one of the other two at some point or read some of the same stuff.

I’m thinking the latter. In his Spec# work, he references Floyd, Hoare, Gypsy, Euclid, Eiffel, SPARK and many others. He’s well-read. His background is abstract machines with that attempting to put Eiffel or SPARK interface checks into C#. So, it has to be something with pre- and post-conditions + invariants. Narrows options down. A later paper explored model generation on software using Horn clauses with future considerations of applying that in constraint solvers. First VCC paper just references Eiffel and solvers so it builds on Spec# work. Paper about integrating separation logic is unavailable. (sighs) Assembly paper too hardcore. Most of them just mention conditions, annotations, invariants, etc without saying what they are or why. The next VCC paper says those in VCC were like (maybe inspired by) “ESC/Java, Spec#, or Havoc.” So, it’s clearly inspired by them. Are any of these using annotations close to TLA+ like VCC itself is? If so, that’s the answer. If not, the mystery continues.

All my sleepy brain could put together skimming their papers without knowing much detail about logical predicates and such. I figure you have enough data to, as a specialist, connect the dots or some more at least. Interesting to see what you report back. 🙂

John Smith September 19, 2016 1:38 AM

Re WashPo shoots the messenger. From the Intercept article:

“…But what makes today’s Washington Post editorial so remarkable, such a tour de force, is that the editors are literally calling for the criminal prosecution of one of the most important sources in their own newspaper’s history. Having basked in the glory of awards and accolades, and benefited from untold millions of clicks, the editorial page editors of the Post now want to see the source who enabled all of that be put in an American cage and branded a felon. That is warped beyond anything that can be described.”

Yes it’s warped. It’s the mindset of authoritarian followers. Reason, logical consistency, ethics and decency are just impediments to the mission: to aggressively prosecute the desires and wishes of their masters. Say hello to Fascism, it’s here.

Thoth September 19, 2016 2:27 AM

@Nick P, Clive Robinson, JackPair fans and subscribers et. al.

JackPair hardware inline voice encryptor has reached it’s delivery shipment phase and are in the final phase to mass produce the JackPair voice encryptor and may see the first shipment around October this year.

JackPair team claims to have re-written the voice codec software and transmission protocol to become much more efficient to fit into the NaCL inspired cryptographic protocol. The updated voice codec software and encoding protocol is said to be very efficient across both GSM and VoIP channels. This seems like a very huge improvement when compared to the past many months when they had voice quality issues on GSM networks in the past.

Whether the re-written voice codec and encoding protocol for GSM and VoIP would be released as open source or not is still unknown.

They have also released a sample call on their Youtube channel featuring what it seems like a sample recording of a call and a call quality test which seems acceptable from the video but the truth would only be known when real life testing in actual GSM and VoIP networks are tested.

The link below would provide more details and clarity. I have not spoken to them recently yet over the improvements.

Link: https://www.kickstarter.com/projects/620001568/jackpair-safeguard-your-phone-conversation/posts/1654032

ab praeceptis September 19, 2016 3:20 AM

Nick P

I didn’t mean the people behind tla+ and VCC but the guy who is in charge of evil corps verification endeavour; the one who directs the whole efforts and who chooses into what money is pumped.

As for the us-america vs europe thing we continue to misunderstand each other and to see things from different perspectives. Many points, for instance, that you launch “against me” don’t disturb me the least; I did, for instance, myself say (multiple times, btw.) that the situation in europe is not better than across the ocean.

So what, we are grown up and we can certainly live with disagreement on some issues. Finally let me offer an example that you will probably like, where they are better across the ocean, because they are result and profit driven: VCC.

Here in europe we have better (not only) intellectual foundations and did indeed create and contribute far more in the field of safety/security/proper design and verif. etc – but alas, most of that is in lousy shape and hardly used, has non existing or bad or meager doc, low user acceptance, etc. The eu thews millions and millions into that field, much of it probably eaten up by eu bureaucracy and we have quite some brillant and happy academicians but very little that is actually used and usable.

Funnily, much of the good stuff that evil corp created is actually europe-based. I think that’s very positive because the americans can profit from our intellectual culture (oh well, what’s left …) and we can – and should – learn a thing or two from them about caring about creating
actually useable products (rather than proofs of concept).

Btw. a short remark re evil corp and their games: From what I saw pretty every wonderful tool they created has an ugly link to evil corp. Either it only runs on windows (e.g. vcc) or it’s .net bound. No matter what one ends up with microsoft one way or the other (Please, don’t tell me about mono). As you said: sons of bitches.

V September 19, 2016 5:43 AM

@tyr:

I will believe corporations
have the same rights as a person when I see one
locked up in jail.

House arrest could work. How does “30 days with shipping and receiving locked by the sheriff, no electricity, no phone, no Internet, bank accounts frozen…” sound?

Heavenly Spook September 19, 2016 6:38 AM

@WashPo story

Clive Robinson • September 18, 2016 6:08 PM

WashPo shoots the messenger

The Washington Post that won a Pulitzer off of the information they received from Ed Snowden, is activly calling for him to be hung drawn and quatered. To call it “Hypocrisy” is not doing it justice.

https://theintercept.com/2016/09/18/washpost-makes-history-first-paper-to-call-for-prosecution-of-its-own-source-after-accepting-pulitzer/

I have scanned quite a number of whining posts here this morning, about all sorts of complaints and accusations all sorts of people have. Where just about all of them made me wonder at why on earth they bother.

Of these, this one truly stands out as being a truly grotesque example of startling, terribly ugly evil.

These folks truly have no sense of how wretched they are. It is a terrible stink.

What bribe did they take to come up with such audacious crap and present it as their moral backbone? Or do they just not know the difference between a truly disgusting and terrible product of their bowels and between what should be, what? Their spine? Their mind? Their heart?

As for “what ‘evil’ Snowden did”? “PRISM”? Ho hum. Really nothing he released was of much effect either way, except that it has shown up very many for the real sorts they truly are. Not unlike what we saw with the Civil Rights movement or the abolition of slavery.

Indeed, as inquisitions were finally done away with, and the smoke cleared, we now all have a good look at their grotesqueness.

And hardly what could be more truly said about the post-mortem of Stalinism, Maoist, Pol Pot, communism? Or the greatest of evils, the very embodiment of the anti-christ, Adolph Hitler, and the Nazis?

ISIS… well, that is a big pile of nastiness right there. But, one gets the feeling those folks really never had anything to shit all over in the first place. Toilet babies, the lot. But, when someone walks up into a nice, pristine church and takes a giant dump all over the floor,that is quite a deplorable spectacle. Such things should be flushed away, never to be discussed or talked about.

But, this is not what we have from the very paper who once broke Watergate.

And, we see similar behaviors from many of these leaders doing the very same over their big and “powerful” organizations. All over the same nonsense. All of them nakedly rushing towards the illusion of power.

Selling their souls for the illusion of it. Godforsaken, the lot of it. Paying no mind to just how quickly the years tick by, until they are just able to look to answer to their Maker.

Because like ISIS and the worst of the lot of human beings they have not the slightest fiber of confidence there is a God or Heaven at all.

Because it is only the very worst of them who take on the guise of goodness, shouting it out as they do, not hedging any of the slightest nor remotest of bets whatsoever. No fear of God in any molecule of their body.

My Info September 19, 2016 7:56 AM

Totally off the wall

Units of computer memory:

  • 2 bits = 1 shave and a haircut
  • 2 shaves and haircuts = 1 nybble
  • 2 nybbles = 1 byte
  • 2 bytes = 1 word
  • 2 words = 1 double word
  • 2 double words = 1 quad word
  • 2 quad words = 1 paragraph

Does anyone still use these or know where they came from or have any more information on them?

CallMeLateForSupper September 19, 2016 8:02 AM

@Heavenly Spook

I wish you luck with getting professional treatment for your anal fixation.

My Info September 19, 2016 9:13 AM

Regarding my previous question, I am particularly curious about this “two bits for a shave and a haircut” business because there is definitely a haircut when we start getting 1,000 bytes rather than 1,024 for a kilobyte, 1,000,000 bytes rather than 1,048,576 for a megabyte, and, well, I’ve never heard of a “mebibyte” before, but the hard drive and networking equipment manufacturers went metric all of a sudden and decreed that 2^10=1000. Now that’s the way RAM is sold, too, and it seems like more than two bits get shaved off each time.

r September 19, 2016 11:20 AM

@Clive,

Sorry for not following your logic initially. Now that I see it, it’s funny because your logic with them is the exact logical argument I posted about Oregon trusting Oracle to provide them “value added” software after botching their (much bid on) state medical site.

Nick P September 19, 2016 11:31 AM

“the one who directs the whole efforts and who chooses into what money is pumped.”

This isn’t by any means a full answer. I think it will tell us things. Here’s the person on top and the head of Cambridge. The page for Shum indicates he moved up from research in China to a local head and eventually head of all research. The description indicates the head of research works at a broader level like saying let’s push for AI, Quantum Stuff, Datamining, Verification, etc while thinking of products like X or vision Y. Bishop’s case indicates the heads of research for individual labs might be very smart people along line of what you described. Bishop is a machine learning expert that studies all the other areas of the lab. These two imply that the work is probably self-directed with the various teams where they come up with what they want to study with some guidance.

“much of the good stuff that evil corp created is actually europe-based. ”

I’m going to have to disagree with that now that I looked its research labs. The “Europe” lab is Cambridge in U.K.. It’s a personal opinion of mine but I don’t think of Britain as Europe. It may be “technically” or “geographically.” Maybe Clive can chime in with his opinion but I don’t think of them as European past that technicality. The fought Europe for a lot of its history. They largely do their own thing. They had their own competing colonies. One even fought them and France before becoming a country. They entered EU for political reasons due to their globalist elites pushing for it. They eventually exited it. They, not Europe, are also in Five Eyes alliance with U.S. and others that spies on most of Europe. Just doesn’t seem like they and Europe are same people on same team.

Also, British are a lot more like us than most of Europe that I can tell. There’s never any cultural barrier when I run into them in online games or forums. There’s differences but understandings come easy. So, MS Research stuff from Cambridge is mostly America and Britain based, not European as most would imagine it. 😛

Note: Stuff like this is another reason I don’t like talking this continent vs that continent. Many in Europe count UK as their continent despite very different culture & style. Continent’s stuff doesn’t necessarily apply to that country and that country’s actions don’t necessarily apply to that continent. Same over here with Canada, U.S., and Mexico. “North America” is meaningless outside the trade and travel deals.

” but alas, most of that is in lousy shape and hardly used, has non existing or bad or meager doc, low user acceptance, etc.”

I believe it. It happens over here a lot, too. The C0 and Clay languages are good examples in system programming where they might accomplish something if polished up. Kind of stopped at the stage of “prototype academics can do stuff with and write papers.”

“The eu thews millions and millions into that field, much of it probably eaten up by eu bureaucracy and we have quite some brillant and happy academicians but very little that is actually used and usable.”

It’s hard for me to track given the language differences. Much of their best work they publish in English to make sure it’s known. I don’t see a lot of it on the high-end in the fields I cover. Yet, it’s clear the groups I see have really smart people. The high-end stuff mainly comes from specific teams like Gallium at INRIA, TU Dresden, and ETH Zurich. So, I speculate the people managing where the money goes and for what might just not care about results. Maybe paper citations, who gets most funding, what topic is academically popular, maybe not selling funding organizations on better ideas… stuff like that. Those are majority of what happens in American research that I can tell. Squandered.

I think what you’re getting at is that the financial incentives to make stuff useful… especially with partnerships between US industry and academics… might be what increases our output of useful technologies or research. There needs to be something there forcing the smart people to focus on important stuff with intention for result to be practical. We have quite a few labs that do that in many areas with companies often getting the patents or the University itself having a startup program for them. Sometimes, we’re lucky and they open-source it. Culture is also a factor where people are encouraged to do their own thing and innovate at all costs or disappear into being unknown with no money. The culture aspect is a dual-edged sword.

Another thing you might want to know trying to figure these things out. America is nowhere near what its intellectual output could be in CompSci due to a “brain drain” of talent going into financial sector. You see, the majority of smartest minds in CompSci going to schools like MIT realize the IT sector is considered a liability by management where they constantly cut labor or force use of shit tech. There’s also tons of discrimination, esp age discrimination. The smart people will enter tech, be treated like garbage, always forced to do less, and maybe be kicked out of labor market at peak of skills to keep pay low. So, most of them say “Fuck that” to go to finance on Wall St where they start out at six digits then just go up from there. All that stuff you see with derivatives, high-frequency trading, etc is designed and built by the people that might have built the next Big Thing. We have labs that would take them but smart Americans are raised under capitalism to go where the money is at. Our policy makers, dirty as hell, have made sure the money isn’t in research or otherwise contributing to society. The brain drain continues with us just lucking out that we have what bright researchers that are left. A lot of them end up in industry, too, on top of that. It happened to Shapiro, effectively cancelling BitC language & COYOTOS operating system.

So, there is that effect. It’s the most damaging to U.S. R&D and tech. Silicon Valley has the age discrimination and focus on bullshit. However, the bullshit is the newest tech instead of the oldest. They will hire bright people. They usually try to trick them into working all day for lower wages promising equity will make up for it when startup hits big. Smartest or wisest (with age) won’t take that “deal.” Their focus is on anything that will grow into an IPO or acquisition. That means they mostly build useless bullshit because things like infrastructure or tooling certainly won’t get to 1,000,000 users in a year. The oldest tech firms… that sell things for a profit… still do useful product and tech R&D like Microsoft’s. Silicon Valley as a whole mostly produces nonsense with a few gems here and there. They don’t see forest for trees.

There two that mess us up from opposite ends of the spectrum. The older, profit-hungry people managing the country and big businesses minimizing our IT people as much as possible. The startups exploiting them on largely, useless stuff as much as possible. Academic sector is mostly on publishing as many papers as quickly as possible for maximum citations and grant money. Lastly, you have financial sector saying they have jobs for people with brains, pay a fortune, expect results, prefer self-driven people, and have less age discrimination. The choice is obvious for most of our brightest. Given Wall St’s impact on country, that probably is worse for us in the long-term than it sounds initially.

Note: Hope you’re still following Mr Robot. I’m assuming due to Evilcorp reference. It got a bit slow as they were out of ideas on first, few episodes of Season 2. Then Esmail got his steam back. I haven’t seen latest episode but one before that was “Holy shit!” Last few have been pretty awesome. They picked good actress for the FBI agent, too. She has unique style.

Gerard van Vooren September 19, 2016 2:42 PM

@ Heavenly Spook,

Well, I am an atheist and because of that I don’t fear any God. But that isn’t the topic I want to discuss. The topic is, like most of my topics, about hypocrisy.

In my opinion Snowden is a whistle blower. A courageous one but nothing more, nothing less. The fact that he is in Russia makes me sad. Being a whistle blower is tough.

But the origin of why people like Snowden, Manning, Drake and many others became whistle blowers are decisions made by the Bush administration, lead by G.W. Bush.

The hypocrisy in this all is the last minute cancellation of the 2011 G.W. Bush visit to Switzerland because there was a warrant against him with a 2500 page charge of torture, which is illegal in Switzerland. If Bush was only one inch of the things that he preached all the time, naming self sacrifice, patriotic, brave and law abiding, and he had the guts to stand behind his own policy, he should have went. Instead he showed the world that he isn’t a brave, self sacrificing leader at all. Some even called him a coward.

It’s so funny to see that guys like Bush have created an atmosphere where real courageous people are called traitors because they blow the whistle.

ab praeceptis September 19, 2016 4:17 PM

Nick P

Shum, Bishop, …

I’m assuming (read: wildly guessing) that it’s neither. I’m assuming that some years ago, possibly still under b. gates (hint: singularity) someone at the very top of evil corp understood that they’ll be thriving or falling due to a solid base. So they started an internal group with the clear goal of somehow getting their hands on the needed good basis. Probably quite secretly and anyway directly attached to someone on the board.
I’m assuming that that was one of the major reasons for the creation of what today is the ms research giant and I’m assuming that that person has direct access to the ms research group and is partially directing areas of efforts.

Whoever will be first to have a (actually useable and general) OS will blow out many if not all out of the water. This world just needs (as in survival) a solid computing base. To create that an effort of such magnitude is required that only quite few players can enter the game. apple has gone the “good enough” way (with lots of gadgets and design as is typical for them), the unices are dead or in a commercial grinder (oracle) and linux/the BSDs are way to rotten.

Summary: Not that I like it (after all, it’s evil corp) but from what I can see, ms has the position, the need, the money, the resources, among them the extremely valuable ms reseach group.
Funny sidenote: Probably their biggest brake and problem is their (assumed by myself) wish to have that new OS be somehow compatible with windows.

Less funny sidenote: We europeans had some excellent pieces and lots of money but failed miserably. We had a big chance and failed big time. Fck, ms research is getting *far more out of europe than eu-rope itself.

The “Europe” lab is Cambridge in U.K.

Yes and no. Cambridge is the eu labs HQ. Quite some stuff (e.g. VCC) is done in diverse eu countries, e.g. Germany/Achen and there’s also lots of more or less formalized cooperation with inria, eth, and others.

Sidenote: We (continental) europeans, of course, know about your “proximity” and don’t particularly trust or love the brits for that, but still they are lightyears and dimensions closer to us than you across the ocean.

It happens over here a lot, too. The C0 and Clay languages are good examples

Nope. I think you can’t even imagine, how idiotic and destructive eu-ropean bureaucracy and attitudes (and dirty lies behind friendly smiles) are. Trust me, across the ocean you would look like innocent new born kittens even if you tried hard to ruin research efforts compared to what is in everydays work in eu-rope.

Btw: C0 is a nice example. For one it’s at least reasonably useable, probably not for a project but for professional tinkering (I sometimes used it for things one would nowadays do with, say dafny) and there is half way decent docs. Plus: Prof Pfennig is european (german) *g

groups I see have really smart people. … like Gallium at INRIA, TU Dresden, and ETH Zurich

Yes, these are among the best known. But we have really good research all over the continent. While many know Dresden, few know about Saarbrücken or Munich. Some know about Prag (Helen OS), yet few ever heard of Brno (Predator), etc, etc. Problem is that, so it seems, those are all islands and sometimes one might even think, they have been intentionally walled.

nowhere near what its intellectual output could be in CompSci due to a “brain drain” of talent going into financial sector.

I know that – and it creates a very happy smile on my face. Not only for reasons of justice served but also for a constructive reason: Sometimes, to learn one must feel the pain oneself that one so generously gives to others. I don’t want to even get started on the brain drain the us-americans inflict upon us. True, that is partly a problem where we ourselves have some guilt, but still it’s immense what is inflicted upon us.
Works the other way, too. Not only are you importing many of our brightest but you are also exporting stupidization. There are only few education systems over here that survived half-way intact, the french, for instance (and they work hard on that).

It feels extremely weird but one of the reasons I see to make some kind of peace with evil corp is that their efforts have pumped some urgently needed understanding, insights, and of course $ into the uropean compsci landscape. Maybe most importantly I think they serve us some urgently needed reminders about creating actually useful stuff and about collaboration (rather than the widerspread eu-ropean everyone against everyone).
In fact, they have convinced me enough to use of the enforced upon me (when buying a new computer) windows licenses and to install their open source toolchain and to play with it.

Last but not least I hope ms creates enough pressure or even fear over here to make us europeans come to reason.

Mr Robot

Sorry, I pretty much never watch TV or movies (except some french, eastern european, and of course russian movies). So I don’t even know about Mr Robot.

moz September 19, 2016 4:23 PM

@Bruce

The squid is the same one as you posted about in a Japanese harbour in January. No idea if there’s something new in the video.

Jim N September 19, 2016 7:38 PM

@ Nick P

“Their focus is on anything that will grow into an IPO or acquisition. That means they mostly build useless bullshit because things like infrastructure or tooling certainly won’t get to 1,000,000 users in a year.”

Like the poster “ab praeceptis” pointed out, I think the value is in managing where all the money gets poured into because it sets the direction of our future, and it’s not limited to start-ups. Lots of mid-sized corps got broken up, split, or acquired by bigger corps on their way to the higher echelon. It’s a lot like climbing a corporate ladder, only there are more stakes at hand and more stakeholders to please. There is always a bigger fish to fry until it runs out of fish in the tank. In that sense, corporate cultures are a lot less efficient than a government one.

“The oldest tech firms… that sell things for a profit… still do useful product and tech R&D like Microsoft’s.”

I think this has more to do with the philosophy of maintaining a competitive edge by setting the table, known as game making or the house in some circles, and it operates in plain sight though mostly protected by NDAs.

@ r

“s this a publicity stunt?”

I would think so, and what looks like a well calculated one.

Anon10 September 19, 2016 8:12 PM

@Gerard

The hypocrisy in this all is the last minute cancellation of the 2011 G.W. Bush visit to Switzerland because there was a warrant against him with a 2500 page charge of torture, which is illegal in Switzerland. If Bush was only one inch of the things that he preached all the time, naming self sacrifice, patriotic, brave and law abiding, and he had the guts to stand behind his own policy, he should have went. Instead he showed the world that he isn’t a brave, self sacrificing leader at all. Some even called him a coward.

There’s at least three problems with this.

1) There is no and never has been a warrant for President’s Bush arrest in Switzerland.
2) Even if there was a warrant, former Presidents keep diplomatic passports and diplomatic immunity for life. The worst Switzerland could have done is persona non grata him and force him to fly back to the US.
3) Even ignoring 1+2, there’s an absolutely 0% that any country anywhere in the world would actually arrest and charge a former US President.

Jim N September 19, 2016 8:29 PM

@ Anon10,

Not to mention charging a foreign (ex) leader with crimes could be interpreted as “declaration of war” among some circles. 🙂

Jim N September 19, 2016 9:38 PM

@ Clive Robinson,

“I guess you are going to love this”

I’ve not read that techcrunch article but the title itself is absurd enough to not inspire the read. First, no POTUS as commander in chief would pardon an exile who has not yet been convicted; thus, I doubt the technicality of that statement. Lastly, there is no medal for traitors and deserters, because it’s against morale. Thus, the journalist is better off (in an intellectual sense) calling for Snowden to be awarded with a Pulitzer instead.

65535 September 20, 2016 4:26 AM

I have been thinking all weekend about your solution to my lawyer customers and I don’t see any clear cut solution.

The energy gap method could be done with considerable effort. But, if you are talking about setting up a room with a TEMPEST style security including, copper plates in walls, baffles on HVAC filtering or blocking all electrical outlets [say using battery power only by some unusual method], sound proofing the walls and so forth – that will be hard for lawyers who rent office space.

If by chance a renter would incorporate such a room in a rental building the additions to the TEMPEST room transfer to the building owner under law – of which could be far too expensive for a profit oriented business.

I like the idea about using paper. That would involve type writers… but, that would also involve copying machines and possibly word processors which have their leaking points. But, eventually pdf forms from court rooms and even the DOJ have to be filled out – pdf documents are now mostly server side and are a leaking point to the public. This would mean going to the web and downloading said legal forms or searching online using Lexisnexis, Findlaw, or other internet communication – breaking the paper only rule.

Worse, a lot of lawyers use mobile phones where their conversation could easily be monitored by police with “Stingray” scanners or Federal aircraft with DIRT boxes flying above. There is some evidence that Stingray type devices are trickling down to private security firms and Private Investigator which could cause the electronic equivalent of a “Black bag Jobs” only with private parties.

“…unless you “personaly courier it” yourself you will not know if the document package has been “intercepted” and copied.” – Clive

That is a huge concern because of the DHS and USPS use of the mail cover act where they copy all the covers of all mail items – and could open said items if need be. Then there is the USA’s Boarder exception rule which can open anything at boarders and international airports [the USPS does using major airlines for mail service which is a part of being a commercial airline, that is transporting mail.].

“…your “legal customers” have to make a “risk-judgment” decision on how they run their business and it boils down to my old meme of “Efficiency -v- Security”…” – Clive

You are correct that legal customers would have a risk judgment to make. It is possible to make concentric rings of security where the most important item is handled in the center and the least important at the outer DMZ rings. There is probably a tiered method using a risk judgment to do what you suggest. But, I have not figured it out for actual viable business use.

I think some privacy legislation is in order. I don’t how they will be implementing it – if at all.

Lastly, is the current “pressure cooker bomber” in the news. This will be politically be spun like an out of balance washing machine – rippling and encouraging even more government digital surveillance. I think this will be chance for a power grab by the TLAs.

[I don’t know what happened to my earlier post]

The Charles Taylor Suite September 20, 2016 8:51 AM

Anent Anon10 whistling past the graveyard

1) There is no warrant for Bush’s arrest. True. Bush’s panicked flight from Switzerland was spurred merely by a Swiss legislator’s public reference to his crimes, and supporting public demonstrations.

2) Bush keeps diplomatic immunity for life. True – as long as he stays home painting puppies. Bush can be detained for investigation and prosecuted or extradited in any of the 100+ states that have established universal jurisdiction for war crimes and crimes against humanity, such as George W. Bush’s systematic and widespread torture. Torture investigations are ongoing in several countries and multiple treaty bodies have directed accountability for torture explicitly including command responsibility.

3) No country would arrest a former president. Indeterminate. There is no statute of limitations on universal-jurisdiction crimes. Times change. As an unauditable US military gets hollowed out by corruption and loses more wars, and the isolated US regime loses standing, influence, and face, there will come a time when the USA needs to appease more powerful blocs. The cheapest way to do that is sacrifice some old despised criminals. CIA purged Nixon to atone for the bombing of neutral Cambodia. CIA will not hesitate to make an example of Bush if that is their best option. But they will wait till G.H.W. Bush is dead.

Clive Robinson September 20, 2016 11:34 AM

@ r,

The IEEE has a page on the $30 home made version.

As for the company that makes the $600 epipen, the words “you havr to be joking?” and “just how corrupt?” comes to mind.

But having had to use similar injection devices to the epipen (as quite a few soldiers have) I can tell you after taking a few appart that even $30 is rather more than it should be by a factor of atleast 10.

I’ve even developed prototype motorised injection systems for precise dosing etc back when I used to design medical electronics. You would be shocked to lear just how cheaply the mechanics can be produced for in the likes of China. (the real expense is getting the software not just right but user foolproof prior to type testing and then approvals/certification).

Clive Robinson September 20, 2016 12:13 PM

@ 65535

I have been thinking all weekend about your solution to my lawyer customers and I don’t see any clear cut solution.

And you have realised what some of the issues are. Importantly that although giving 20,000ft description of a solution is comparatively easy, the closer you get to trying to make a solution the harder it is, and the more costly not just financialy but in manpower turnover and time.

However even if you do get a workable technical solution, you will find that there are other associated but not technical issues that effectivly make the task many times more difficult.

One of which is “best practice” issues. I think most of the old timers around here will say that “best practice” is at best a joke. That is there is no tested evidence to show it works in reality so it’s mainly “Magic Umbrella Thinking”[1]. However that does not stop “best practice” rearing it’s ugly head in court rooms to be very expensively “second gessed” by other trying to make money out of you.

Thus I would advise not trying to solve the problem, because you can not cover all bases or eventualities. Instead solve individual small parts of the technical problem.

You have three main areas to consider with information,

1, Storage.
2, Communication.
3, Processing.

Take storage for instance, if you take a look, you discover a whole series of sub parts. The top level of which being the distinction of “data at rest” and data in some other state (of which there are many). The usual argument for Data At Rest is “encryption”, but this opens a whole can of worms to do with Key Managment (KeyMan).

I could go on but hopefully I’ve got the point over, that the best thing is to only bite off not just what you can chew, but swallow without choking, digest without irritating your gut etc. But most importantly it does not end up giving you a heart attack at a later date.

[1] I have found a magic umbrella, that I’ve noticed stops it raining when I carry it out with me. However it’s obviously so valuable I rarely dare take it out in case I lose it, or it gets stolen.

Heavenly Spook September 20, 2016 12:58 PM

CallMeLateForSupper • September 19, 2016 8:02 AM@Heavenly Spook I wish you luck with getting professional treatment for your anal fixation.

Anal != poop… These words, representing people’s bile movement products are actually used so frequently in your language, by everyday speakers, because it so deeply represents ‘that which people most deplore’. Consider that, being of regular human bodies, in a relatively lawless and highly primitive society, that depicting what is objectionable universally is difficult to do.

Because these folks do so very much which is heinous, but which they consider to be ‘good’. Such as this article, and such as what very much of your “law enforcement” and “intelligence” engage in.

The reason for this is because your bile movement is full of potentially harmful microbes. So, on a deeply instinctual level, you understand the evil of poop. As a very large number of these microbes pass in there in order to infiltrate the environment and spread.

Likewise, there is a clear understanding of the vileness of being sneezed on, or coughed on, where there is considerable spray.

So, for instance, you probably consider your law enforcement to be pristine upholders of decency and order. Only you sentence them to deplorable jail systems for astonishingly lengthy prison terms where homosexual rape and assault is considered part of the justice they should have to deal with.

If a wealthy person is full of drugs which are mind altering to help them live their deplorable, insignificant existence, this does not bother anyone. In fact, most of the population over a certain income bracket is on some manner of mind altering drugs. But, for your poor, they do not have access to these much more expensive and process driven status quo drugs, so you have their drugs be universally and deeply condemned. Using them puts them in your modern day inquisitional hellholes.

Even the most safe of such drugs, such as marijuana, is deeply lied about in regards to its’ “evil”, and no one shows any trace of shame or concern about this.

In this case, on the topic, you have one of your most respected and prestigious news reporting journals condemning their own source, one who won them a globally recognized prize of great acclaim, to be condemned to either execution or life in your toilet jail hellholes for exactly doing the very work they won their acclaim for.

This is far, far worse then ingesting brain worm infested human poop.

But, words escape me. How does one explain that such things are truly to be hated and avoided?

There is no concept of shame or hypocrisy. In fact, as simple as ethics and morality are – ‘as you condemn others, the same standard is used for you’ – this is completely evaded in as far of the opposite of a direction as anyone could ever imagine with all of their imagination and efforts… which have produced so much product over the years of some notable consequence. Like fantastic movies, music, technology.

Of course, I can only state such imaginings in context for understanding, as the vast majority of ‘what is’ and ‘what is not’ is entirely separate from common modern, ‘first world’s’ greatest of understandings.

Never mind, of course, the fact of “irony” that someone calling their self a “heavenly spook” would use such language. In fact, this is how we sorts live among you. Not at all unlike your undercover, only far more intense and deeper. Albeit, without the sorts of dangers of discovery and resulting ramifications those come with.

No, rather, we do this because disclosing our selves is mind breaking, soul annihilating.

You have your prejudices, your biases, of understanding “heaven”, so it is trivial to have a full dictionary of things to show and say which hide us. Not that shutting that door is difficult to do, criminal groups do not want to know their best friend is a police informant. Any human being does not want to know that an amazing number of everyday “people” out there, including some close to them, are not at all of this world.

No small part of this is because of the abyss of hypocrisy and condemnation which passes for your everyday understandings and the beliefs of your heart.

Heavenly Spook September 20, 2016 1:58 PM

Gerard van Vooren • September 19, 2016 2:42 PM@ Heavenly Spook,

Well, I am an atheist and because of that I don’t fear any God. But that isn’t the topic I want to discuss. The topic is, like most of my topics, about hypocrisy.

As you certainly have some sense of, I am not talking about you. And my definition of “God” is a core reason there.

People on earth have no understanding of God. But what language can one use. Their language.

This does not mean the “bible” is “untrue”. But it is certainly entirely different from how I see people normally take it. In fact, you here concern your self deeply with hypocrisy?

You get that from heavenly disclosures. The concepts and in-depth explorations of ‘what hypocrisy is’ are found where? People credit Galileo and Einstein, and Buddha, and Socrates. But, the good ones learn and are born from one whose name they are very familiar with, but have no idea they are actually living according to what he taught.

Because human beings are indirect creatures full of the dark abyss of condemnation, of hypocrisy.

Of ignorance and confusion, which passes as knowledge.

So why this was such a central part of such a major cornerstone of heavenly disclosure to earth is not at all for the reasons why people think it is.

No small reason for this misunderstanding, as deep as it is, is because of just how deeply hypocritical the bar of understanding is.

How does the saying go? “It is not what someone does not know which is the problem, but what they think they know which just is not so”.

But, folks say, “you don’t believe because…” Because why? They have not seen, you have not seen. One can talk, as the above, and people can get some unconscious sense. But, for such things it is necessary to show, not say.

So, it is all absurdism.

Like saying someone does not believe someone is a spy or some great spy operation is ongoing, when there is no evidence that proves it to them.

Could be true, could be a lie. But outsiders would never know.

In my opinion Snowden is a whistle blower. A courageous one but nothing more, nothing less. The fact that he is in Russia makes me sad. Being a whistle blower is tough.

I think Russia gets a lot of bad press. Iran does too.

Does not mean I am against regime change in either country.

But first world countries need significant work as well.

Snowden is obviously a good guy, and did what was correct.

The very vast majority of major nations intelligence is, of course, entirely worse then useless.

Good example is how they spend trillions searching for “terrorists”.

While their real problems are with other nations. Including their needle in haystack/imaginary wolf “terrorists”.

Nevermind their real problems are, like their volatile and more obviously totalitarian nations, very unstable.

So, it becomes a comic book, like “V is For Vendetta”. “Terrorists! Terrorists!”. Absurd. Though, that author obviously used a format which deeply underplayed his outrageously powerful capacities for observation and communication. Moore.

But the origin of why people like Snowden, Manning, Drake and many others became whistle blowers are decisions made by the Bush administration, lead by G.W. Bush.

Uhhh, I think you are on the right track, but these problems are far from so simple as blaming on any one person or one organization.

Also, the idea of persuading people, of social movements, of getting folks together to “do something”, this will never be the solution.

Like above, I scanned it, see a lot of “Microsoft! Microsoft!”, like one heard back in the 90s. What about Google. What about Apple. What about…

Clinton! Trump! Putin!

….

Not that I share such condemnations. I view the problems as far deeper and far more complex.

Frankly, I see the same sort of griping on video game forums. (Yes, this posting, like reading at other forums, for me, is entirely just fun. Though here, I notice lotsa undercover. Bad ones. That is fun for me. Decades undercover and everyone I know, and you have these little pirahna swimming around. Mosquitos. Born a few days before, gone a few days after. Microbes.)

Gerard van Vooren September 20, 2016 3:12 PM

“But, folks say, “you don’t believe because…” Because why? They have not seen, you have not seen.”

Sorry. I am quite sure I will never “see” the things you see. You gotta respect that.

“I think Russia gets a lot of bad press. Iran does too. Does not mean I am against regime change in either country. But first world countries need significant work as well.”

I agree on all items (who not). But it has got to come from the inside, not the outside. The latter is doomed as history has shown us.

“Uhhh, I think you are on the right track, but these problems are far from so simple as blaming on any one person or one organization.”

… and …

“Not that I share such condemnations. I view the problems as far deeper and far more complex.”

That is where I disagree. Totally disagree actually. Yes we all share our background, culture and status quo. My background as a Dutch speaking person is quite different than yours and that counts for Russians, Brazilians and everybody else. But that doesn’t mean that Bush can set new immoral standards (we all know them) without any consequences. And it was really he who decided at that time. He and he alone was ultimately responsible and it was he who really created this mess.

“Like above, I scanned it, see a lot of “Microsoft! Microsoft!”, like one heard back in the 90s. What about Google. What about Apple. What about… Clinton! Trump! Putin!”

If I was writing a book here then I might. The fact however is that I have a limited vision and limited experience, like most of us. I have a lot of experience with Microsoft which makes me a bit more knowledgeable about Microsoft. Maybe in the future my vision gets a bit wider and I will also add Google to my repertoire. And about Clinton/Trump, well lets face it. Is this the best the US can deliver? I don’t think the future will flourish with either one. I think with Sanders it could have.

Clive Robinson September 20, 2016 3:14 PM

And you thought IoT could not get worse?

This actually made me smile and shake my head in that slow “what the heck were they thinking way”,

https://techcrunch.com/2016/09/20/why-why-why-headdesk/

I wonder how long it will be befor some idiot puts one in the wrong place when cleaning or storing. Then their house burns down when some script kiddy does the wrong thing…

ab praeceptis September 20, 2016 3:45 PM

65535

Clive Robinson is a deservedly respected, experienced, and smart guy, so so not misunderstand as against him what I’m going to say.

Following the path of what Clive Robinson says and explains will lead you into a neverending odyssee.

Reason: He is researching “perfect security”. Well noted, this is worthwhile and even necessary because one must research the outer limits, too, to understand and learn for downtown. The world is full of phänomena where we thought, we have understood something only to later find out that far out there in the periphery there are holes in what we considered well researched and a law.

But – and that’s a decisive but: In the real world, i.e. in a lawyers office or even in a government agency, there are many other factors entering the game; obvious things like budgets and less obvious things like the – sometimes very tedious and long – way from proof of concept to actually useable solution. One of those factors and an important one is cost vs gain ratio; that one is responsible for nsa pretty certainly never ever air-gapping your grandmas or even your lawyers computer (unless maybe your lawyers client were Snowden).

Second major point: Pretty all experience shows that we are not successfully attacked because our crypto wasn’t strong enough or because we were air-gapped. No, we are successfully attacked because the banking clerk shouted the password across the hall or because of lousy buffer overflows, i.e. shoddy coding.

In the end it comes down to a choice: You can either spend years and millions to reach 99.7% security (and nsa simply sending you a team tht will definitely make you talk) or you can spend a reasonable and adequate amount of money, know-how, work, and resources to go from, say, 30% to 85% security.

And guess in which range 99.9% of all attacks happen …

Clive Robinson September 20, 2016 3:48 PM

@ Heaven’s Grate,

I want to grow my own food, but I can’t find bacon seeds anywhere!

They are easy enough to find… Be like a vet and lift a pigs tail and stick your hand down there and have a rummage about you are bound to get close…

r September 20, 2016 4:51 PM

@Gerard,

You missed it, that specific GRB caused a flipflop to smack you square in the face.

There’s a SNR labeled truth and perception/belief, I think you have foreground clouding your ability to see a much more nuanced background than you admit.

We all put our pants on one leg at a time. You are illustrating a personal bias that only goes as deep as your religious background, as any religious background. He is saying that much of the east in today’s mind is both classically and traditionally west. Think about it, don’t waste too much time putting your head into that ruminant though.

‘The West’, was traditionally centered around Rome (not the United States or the Americas). The Eastern Orthodox church isn’t an expression of being “from the east” just of being “more east than rome”.

He was addressing a cultural distinction you are simply dismissing, or hopefully merely overlooked.

The ‘far east’ is the true east if you want to find long standing differences in subcultural habits.

r September 20, 2016 5:11 PM

@JG4,

Down in the comments there’s two gems in that link:

1) FBI: Frameups, Bullshit, Ineptitude
2) … anagram for “FBI LIES AGAIN” >>> SAFE ALIBI-ING

John Wayne's Evil Twin September 20, 2016 5:14 PM

@ Heaven’s Grate

And be sure to insist on genuine certified IoT bacon seeds, so they can be remotely controlled by you, the IoT Bacon Seeds Enforcement Agency, and little skiddie007 from his mom’s basement.

Wireless seeds, baby. Let’s get them wireless non-wires in everything.

Heaven's Grate September 20, 2016 5:53 PM

@John Wayne’s Evil Twin

Mmm seedy.

How delightfully thoughtful of you to pre-program such behavior into our plot[s].

And to think, I found myself salivating over orchestrating obsolescence and death.

The wind-mills doo make flower.

tyr September 20, 2016 6:47 PM

(OT) or maybe not

I’m amazed at the TLAs and the modern leadership
shown by the bureaucracies.

Bombers daddy ” I told the FBI he was crazy two
years ago.”

Topping off that nice work. DOJ decides to push
the german banking system under by fining it most
of its assets.

CIA/OSS spent years and many US dollars convincing
europeans that the EU was a great idea. Whether it
was a good idea depends on your viewpoint. Once the
flaws in the current setup were exposed by finance,
the EU has embarked on a massive bank bailout scheme
covered up by political noises about ‘lazy Greeks’
and southern Grasshoppers vs industrious northern
ants. This has barely managed to kick the can into
the future. This precarious position is now under
dire threat from a US DOJ fine. If it gets levied
the bank has no collateral left due to overleveraging.
If they go down, the Euro goes with them, the crash
will take out the EU and the ripples through he world
economy returns everybody to the soup lines of the
1930s.

You see similar effects in Syria, as the state dept.
brokers a tenuous ceasefire, DOD strikes the Syrian
army buggering up the ceasefire.

Now ostensibly all of these idiots work for the good
of the same country. It appears that none of them
understand what cooperative teamwork toward a common
goal means.

They need to find a plan, agree on it, and stop undoing
each others efforts.

On the political front, the last time Germany was
forced into beggary, there was a political solution
that leaves a bad taste in everyones mouth today.

Austerity only works if the belt tightened goes around
the waist, looping Germans austerity around the necks
of the southern europeans is a guaranteed disaster
coming.

I don’t think Dump or Frump have every addressed any of
the real problems in their campaigns either. It’s popcorn
time as Clive says.

Jim N September 20, 2016 6:54 PM

@ 65535

re: your lawyer customers

If there’s a lesson to be learned with the latest Clinton’s “tech guy” bruhaha, it’s cover-your-own-ass. And make sure you stay out of their ‘”risk-judgment” decisions’. 😉

Jim N September 20, 2016 7:23 PM

@ Gerard van Vooren,

“But that doesn’t mean that Bush can set new immoral standards (we all know them) without any consequences.”

The POTUS may be one man (and resumably a role soon to be taken by a woman), but he (she) work with a strong posse. At the time of GWB presidency, the predominant was neo-conservative think tanks. You can see their hand in all sorts of political, economics, and foreign endeavors. In my opinion, it is biased to blame it all on one person, but frankly I wasn’t surprised when you said that due to today’s prevailent “risk-judgement” sorts of decision-making and the common mindset.

Jim N September 20, 2016 7:50 PM

@ r

“‘The West’, was traditionally centered around Rome (not the United States or the Americas).”

Certainly. ‘Wild Wild West’ sounds more saucy, and cajun. 🙂

Interestingly, ‘the East’ (eastern roman empire) was also centered around “Roma”. Matter of semantics…

My Info September 20, 2016 9:16 PM

@tyr

Austerity only works if the belt tightened goes around the waist, looping Germans austerity around the necks of the southern europeans is a guaranteed disaster coming.

The technical term for that is “mercantilism,” which has hundreds of years of history in Germany, and is definitely in full swing these days. Now they’ve locked in the exchange rate with the euro, which is managed by (who else?) the German central bank, and forced a chronic structural trade surplus over Southern Europe by undermining southern European manufacturing, exports, and domestic industry in favor of German protectionism and industrialism. It’s nothing but a giant shakedown.

r September 20, 2016 9:21 PM

@All,

About radar face detection…

I rescinded my comment about placing the technology into guns and bullets, but another good place to deploy it where it may (or may not) be effective is the sporting goods kiosk.

Sorry, you can’t buy a gun angry.

r September 20, 2016 9:24 PM

@All,

Third times the charm, that emotion sensing capability would be a nice fit for large pay-out tables at the casino.

My Info September 20, 2016 9:26 PM

And I’d be a lot more forgiving of Germany if they weren’t pulling some of the same tricks on the U.S. as they pull on Southern Europe.

My Info September 20, 2016 9:38 PM

@r, #1

“… uses radio waves to detect whether someone is happy, sad, angry or excited …”

Hogwash! We have plenty of trained female humans who are professionals at detecting male emotions at every train station, bus stop, parking lot, and airport.

Let’s not kid ourselves. No one is concerned about a woman scorned or such nonsense.

Heavenly Spook September 20, 2016 11:51 PM

@r

hehehehehe.

There was, lol, actually some coherence to what I was stating, but unfortunately, I am used to both acting and speaking in code. We don’t actually “speak in code” like “hey, I want to purchase 800 bananas”, or on meeting a contract, stating, “the moon is certainly beautiful tonight”, expecting a very specific answer back, like, “yes, but the night is full of mystery”.

Inference, further, is greatly relied upon. Especially, sophisticated inference which someone listening in would not be able to gather. Plausible deniability is one’s right hand, always there, always in game. You manage this in countless ways. What would someone consider plausible for their suspicions? What can make their suspicions entirely implausible?

Rarely is it so simple, as saying, David disguising himself by pretending to be mad so his hunter, King Saul, did not even recognize his own son-in-law. Nor is it so coarse as pretending to be a religious zealot, a conspiracy theorist, or a drug addled drunkard.

While possibly not interesting to you, you should be aware that this site is heavily monitored by what the FBI calls “OCE”. “Online Covert Employees”. And I certainly do not mean simply the FBI. The topics and nationalities here attract a very large brood of mosquitos from all over the world.

Of course, if I did mean you, I would certainly not want you to suspect that, however. And why is that? Because, basic approach to counter-intelligence 101. Never let them see your hand. And always expect them to have X-Ray vision.

After all, when you are catching spies, you have to be a little more savvy then your … prey?

What works for blue collar political misfits and metro police undercover does not fly in the world of ….

What world is that, exactly? One of billions of inhabited worlds. One which was fed a population many years ago, by a civilization billions of years ahead of them. Where the technology is not even relying on material physics, but material physics has been entirely surpassed.

Erase from your mind the following statements that entirely discount my sanity and capacities: 911 was an inside job — by Iran. Obama’s birth certificate was faked — by his android makers from outerspace. Microsoft, Amazon, Google, Apple — were all initially funded by the CIA. In-Q-Tel was merely a clever disinformation project to make the concept appear ludicrous in retrospect.

Manning and Snowden both were CI deep cover agents working for the USA.

(“Were”, because neither are where anyone thinks they are. )

Figureitout September 21, 2016 12:38 AM

Clive Robinson
–Yeah, that’s pretty crazy. I thought that was impossible. Guy’s history is kinda funny, his dad teaching him C at age 6…I was still learning to read then and playing w/ tonka trucks. Was expecting a pretty small MCU project..nope lol. Unzip file, nothing happens…oh it’s still unzipping…now my desktop is covered in files. Pretty intense to “run” all the code in head, can’t follow flow of code at all in the few seconds I looked at it (which is unfair of course, sometimes my first impressions are wrong, and code isn’t that bad and probably better than I can write). I can’t take on another code base, even though I want to build one kinda. Lots of hacks (pretty sick, intense hacks though, want to experience them). At least I could read some of the ARM asm, then the main_avr file, knew what was going on there, familiar. At least he doesn’t get tricky there, just write normal. That seems to be his specialty, emulators and vm code. It’s still not bad for linux I guess, I just don’t know the magic values and registers (fake registers in some emulated ARMv5TE, emulated pxa255? goddamn lol) he’s using in other files. We need a clearer explanation of just what’s going on here though.

This brings up 2 strategies I still obsess about in my quest for untouchable computer security:

a) have something like this, a MCU w/ full-blown Linux, you somehow have that massive kernel running via an emulator on a 8-bit CPU (this shouldn’t be possible! lol), and you can do security operations relatively easily w/ support from programs already written (encrypting, secure storage, coding/projects you want offline/secret, datalogging/filtering for capturing or removing malware). The cool thing about this approach, is while you take a risk of bugs/virus embedded in kernel, once you get on your MCU, you can have a pretty good dev environment to work off of big desktop PC’s that you just can’t trust.

b) have small MCU’s each w/ separate small functions. You encrypt w/ 1 MCU, store via 1 MCU w/ a EEPROM or something, do coding on a larger MCU, etc. Likely much more secure but usability is a huge killer, less fun.

Both are still vulnerable to malware on original PC’s that infect everything downstream. Important to be aware of that but don’t let it paralyze. I’m doing a mix of both approaches (got a long way to go), using an MCU (which I could downsize or port to another one…) for legal evidence of physical intrusions (my final revisions I want time stamps saved to a SD card of activations but I’m going to need to share the SPI bus). But using a RasPi, and I want to use a lan-tap to sniff my network continuously. Raspi sniffer is much more fun.

Walks With Crows September 21, 2016 1:55 AM

^^ guys in authority who live their jobs really don’t like to be put in demeaning positions by individuals they consider to be highly sketchy.

And, now for Someone Completely Different. I considered using that as my next nick, but discarded the idea. Considering it too niche.

@Gerard van Vooren • September 20, 2016 3:12 PM”But, folks say, “you don’t believe because…” Because why? They have not seen, you have not seen.”

Notice how sloppy I am with reusing this old method of quoting someone. A method no one else is going to copy, so it is forensically … what is the word.

Sorry. I am quite sure I will never “see” the things you see. You gotta respect that.

This, sir, is why I sometimes come down and post here. Because of curious problems exactly like this. It is exactly like why I so love mind bending psychological horror movies, or cinema which explores the darkest edges of good & evil.

Let me note here, what I am talking about. I explained that I was privy to some extremely highly improbable evidence. The term “astrononmically improbable” does not do these claims justice, it is so unlikely.

I pointed out that words could not prove my statements, one had to have hard evidence they could see on their own. In fact, the exact same manner of evidence I have seen.

Your response was so incredulous, you could not even state the word “see” without quotes. Believing, despite my statements, I was meaning “see”, with quotes. As if “evidence” is a product of one’s imagination. What one wants to believe.

Indeed, a catch phrase of mine, which I learned from work, is, “there is no truth, because people believe what they want to believe based on their preferences”.

Kind of more like a zen koan, wouldn’t you say? After all, there must be truth, right? You certainly are a very strong believer in the impossibility of my claims, so strong you can not even entertain the seriousness of them.

One could state, “science states this is improbable”, or even “impossible”, if one wishes to be that close minded.

What, may I ask, will the future be like in merely 500 years, considering things continue on their current course? If you had a time machine and could go there, do you think you would find anything which contradicted your strongest beliefs, based on science, common sense, global consensus of experts, physics, mathematics, all known observations….

I would posit, you would likely have your mind blown with so many different things, even to the point of exclaiming that today’s world and highest knowledge was completely wrong in so many fundamental beliefs. Conclusions. By evidence.

A statement I like here is “magic is nothing but technology not yet known”. A statement made by an ardent fan of modern science, and one given to trying to dream of future science.

However, if I have your attention this far, let me put this back into an everyday situation. Here we are, posting anonymously online, and regular posters at a respected forum, no less. Because of bad hackers…. because of potential trolls with a grudge… because of bad cops and bad spies… we both realize the danger of giving out so much information here our real self and real name can easily be found.

Granted. This could be your real name. I do not know. It could be I could look you up and find your full resume. Everything. But, another factor about this site, is it is often very focused on individual rights to privacy. So, this I do not do, as a matter of honor and respect.

(I have only ever outed one person here, and that was indirect, in such a way that they knew I knew, but that no one else had any idea of what we were talking about. This was, believe me, highly unusual for me, and only out of what I found to be extraordinary necessity.)

Further, it is an intellectual forum. And, you being human, probably want to bond with people, but as much as you want to bond with people… you are smart enough to know the risks that carries.

I would point out that I can tell, not from memory of your statements, but from your above statement about hypocrisy, you are an essentially pure person.

Does that classification bother you.

Have my people reading skills failed me.

All of which means you have some bother with all of this secrecy and intrigue, even if it merely is best practice. More importantly, all of this means: you probably are such a person who has things about his self which would be extremely difficult for anyone to believe, if you could attempt to persuade them under these very difficult constraints of posting here.

Maybe, for instance, you are actually a famous person in the field of computer security. Maybe you are high up in the foodchain at the NSA. Maybe you have coded major pieces of code which are used by everyone. Maybe you worked at … some Boston defense contractor… in the 70s and created the mouse.

Maybe you founded ebay and are now retired, as a multi-millionare living in Belize.

Maybe your life has been so interesting… someone made a movie about it.

And so on.

What could you state here, to me, under all these constraints, which I would find extremely unlikely and improbable, yet… is completely true, and you know it?

Or, maybe nothing at all?

Point being, because someone believes something is untrue and there is no evidence even possible for it? Certainly does not change Reality. And if you are not some lifelong loser with zero unlikely circumstances, you know just how painful it can be to not be believed… and how completely absurd, and ultimately very laugh worthy.

I am actually a rare person who often makes “Bwa Ha Ha” laughs, btw. And I mean them. And I am not a zupervillan.

So, here’s a real life example, happened just this past few weeks. I actually have an jaw dropping good resume in computer security. Not so long ago, a new manager came in. We hit it off quite well, and got to gabbing. He pointed this out about me, and asked me, actually, stated, a few times he could not figure out what I was doing here.

I could, however, point out the same to him.

Unlike mine, though I have been in all the wrong places at all the wrong times, nothing was overtly and entirely obvious “government” about it. His, however, he was a lifelong CI in signals intelligence in a military group.

Now, I was a bit curious, as I actually had worked extensively in intelligence and counterintelliegence, but this is not explicit in my resume. And probably only the most ardent of foreign intelligence analysts would really pick me out of the row. They would be certain of it, if they did some googling, even.

So, first, I made some claims as such to him. And then? I got black out drunk. And made myself entirely implausible. Terrible, really. Complete personality change. I do that sometimes.

Later, I approached the situation carefully. Did he believe me about the government stuff. And then I slowly started to point out conditions and examples. Methods of operation. Stuff folks outside of anything heavy would never get, stuff folks inside would get every single bullet point. And after each statement, I carefully, cautiously, inquired if this sounds like it was legitimate government.

Despite all the crazy-crazy “Tony Clifton” (watch the biography about Andy Kaufman, “Man on the Moon”)… after only about ten bullet points, did he finally return a statement which completely made me confident he believed I was not “fucking around”.

I asked if this sounded like government to him, at that juncture, and he returned, “enough that it scares me”. This is a decades long CI guy whose own wife did not initially know him – after marriage – by his real name.

Now, a lot of verbal math thrown around here. And I wonder. What is your sense about this conversation you find your self in.

You know, another thing I love about this forum is not only do you have a bunch of untrained undercover here? But you also have a lot of gov “in the know” talk by people you know are not and never have been in the know.

Am I a sort of guy whose job it is to fuck with the minds of planners and brass of other companies, who work in the very worst and most diabolical areas of counterintelligence? Am I a troll making up shit.

Search Amazon ondemand video for the name “Anna Chapman”. Watch the episode she is portrayed in, in “Who the Bleep Did I Date?” While she was not lifelong, you really get a good view of exactly what folks like me appear like in everyday life. We do a helluva lot for show. We spend enormous amounts of time doing “nothing” – fake jobs of the most convincing variety and efforts you would consider outrageous, like being sure to take intricate work calls in front of you – just as everyday stuff.

Of course, what contradicts all of this? Well, last thing a spy ever wants to do is EVER make anyone actually believe they are a spy. That.

Thing is “spy” is just a word in my own area of work. I don’t actually spy on people. I work with people working to change the world.

Just like Mr Robot. Only, government.

Government. With a capital “H”.

ROFL. 🙂 😉

Regardless, for me, notice, no computer security statements. Where do we work that might employee such people? I will note I have worked with many of the American and global luminaries. I have most certainly spoken at major security conferences. I have a lot of product and bona fides.

A guy I founded a major… group… with once said to me, assuring me, “I create my own stuff”. That is, the government, whomever that may be, did not just give him his accomplished works, so he could travel about the world hob knobbing at major computer security conferences as a prized speaker.

Ditto. Went to special camps and schools ever since I was twelve.

Invented some seriously mind bending shit way ahead of its’ time. And, this is just a cover job.

These matters said, all smoke aside, obviously, I have some wicked agenda here, likely covered over by layers of pretension. And authenticity. I really do like giving some folks the sort of vibe… well, the sort of vibe they get. Taunting.

Danger. Inconceivable “treasure”.

“Not that I share such condemnations. I view the problems as far deeper and far more complex.”

That is where I disagree. Totally disagree actually. Yes we all share our background, culture and status quo. My background as a Dutch speaking person is quite different than yours and that counts for Russians, Brazilians and everybody else. But that doesn’t mean that Bush can set new immoral standards (we all know them) without any consequences. And it was really he who decided at that time. He and he alone was ultimately responsible and it was he who really created this mess.

First of all, I hate to tell you but “Satan” was a, what we can call, a “literary device”. People need a scapegoat.

Let me see, Dutch hackers I have known… Thor Larholm.

Forgot about him. Worked with him quite a bit during a period. Even visited his American office. It was plastered wall to wall with media prints from his interviews.

I am not sure what happened there. I have kept top hackers as friends from Germany, Israel, China, Russia, America, Romania, England, Luxembourg even, but lost him after awhile.

Anyway, do I believe you know the power structure here, in America, better then I do? Unfortunately, not to slap you in the face, but no. I grew up in this power structure.

I have deep family ties not only into that hidden power structure, but more directly into the Golden Unicorn of US intelligence: the deep cover, generational, by blood familiar structure that so many nations have, but there is zero evidence the US has.

So, I know, when I read Anna Chapman had no training and dad was just some dignitary in Russia, this was all extremely likely to be a lie. For example.

Nothing has changed. And what was Europe was American. Old boy network, as they say, in England.

Know why the American Cosa Nostra fucked up so bad? They mixed together a number of groups from Italy. Called themselves “family”. Yeah… blood is thicker then water.

Fake family informs and betrays. Real blood does not.

‘Ndrangheta never joined with that crap.

Don’t be a conspiracy theorist. Study real conspiracies that work.

Anyway, so many ways to dissect this error: do you wish for me to pontificate on the intricacies of the real power structure of Denmark? Sadly? I can not. And would not.

We could email each other, and then I could give you my real name, and you could start digging with google.

I am joking, I would never personally contact anyone here, lol.

But, also true. I have googleable ties to the FBI, CIA, DoJ (in general), NSA, multiple US military agencies, major US political groups (as in “DNC” and “RNC”)…

And quite a bit more.

But, so what? Anything Bush said or did set no precedent, and Obama in many ways went much further in many of the most condemnable ways Bush did. Obama also, shock, was a figure head.

U should know, as a bona fide wicked and diabolical Ozymandias Rex… I do not actually mind explaining our plan for why we used Bush and Obama for our plan to change the world.

I can intellectually defend these plans as well.

But, just arguing “Satan”, “Satan”, “Satan”… this is not a conversation.

<blockquoteIf I was writing a book here then I might. The fact however is that I have a limited vision and limited experience, like most of us. I have a lot of experience with Microsoft which makes me a bit more knowledgeable about Microsoft. Maybe in the future my vision gets a bit wider and I will also add Google to my repertoire. And about Clinton/Trump, well lets face it. Is this the best the US can deliver? I don’t think the future will flourish with either one. I think with Sanders it could have.

Trump and Clinton are also just figureheads…

Clinton is where she is because she knows how to work with the power structure. Even if no small part is so against her (and her husband, Bill).

Trump, really, much of the same. He knows the tune to sing to the ‘powers that be’ in “top secret America’.

Look, everybody has the wrong idea. Like Hitchhiker’s Guide to the Galaxy, “Everything is Under Control”. You don’t worry about WTF happens to you after you die. You just trust that “if there is a God”, well, you tried your best. But, He has never contacted you or anything. Still? Being a pure and good poor son of a bitch, you hedge your bets, whether you admit this even to your self, or not.

And, all this great, vast …. palace maze of dominoes I personally have? House of cards? As much of cover and bullshit as my jobs have been.

Day jobs, that is.

So, while this “math” gets to the calculus ‘in your head’ level, what sort of person would write such a fucking tome, knowing that there are going to be the sorts of people reading this list as there are? And completely not giving a shit?

Saying stuff like this is a vast and super powerful conspiracy where we literally are working to “change the world”. In this climate.

Our payoff is all about this kind of thing.

Right now? The world is in the dark.

Tomorrow? The world will be covered with the knowledge of God, as the waters cover the oceans.

There is not a single cog which is out of place.

In the very not so distant future, the global economy of ‘what people think they know’ will flatline.

You simply are not that stupid.

Think about it.

There are powers and intelligence and capabilities beyond your current knowledge.

Or do not. Your “unconscious” sure the hell will.

Heavenly Spook September 21, 2016 2:19 AM

@tyr

Woe to the prince of……

The song I am listening to, right now:

https://www.youtube.com/watch?v=LoF_a0-7xVQ

You often have some very good observations, but blaming “OSS” [sic] and the CIA, lol, on WTF, EU???

No.

As a coupla posters here could exclaim, “I am really not CIA”. Worked with them. Fucked them. Moved on. Have some respect for em, but, ex-gf’s, you know. And I have kept my same main GF since HS……

(She let’s me fuck around as part of my devious job.)

That operation, if u wish to know: we came to them with an outstanding claim, and worked in some head DST.

Problem was, the source was ours. In a foreign country.

Agenda a bit more complicated. And while this is not my first explaining of it all to them……

The EU is inconsequential…

Anyway, back to computer security, Barnaby Jack, before he passed on, died, Wut The Fuck Ever… one of his last statements to me was I was the shadiest person he ever knew. And his nick was Dark Spirit.

Of course, anybody stupid enough to believe that someone with such a blatant, in your face pirate name was a real person is a complete idiot.

And, my brother went to high school with Jeff Moss. Another infamous “Dark” person. DT.

Let me just point out here, before me, there was The Pirate. Finding key router bugs, in the early 2000s, writing my PoC for them. The US Gov was all over that.

So, yeah. “We” stung some US agencies you believe are all seeing quite hard.

Revelation level conspiracy theories about kings with ten heads or whatever, EU forming was never important to anything, obviously.

And, food for thought, about 99% of what is going on at the utmost levels of everything is 100% intentional distraction so people can get the work done necessary for changing the world.

End game? If you were God what would you make for all your children? This crap?

Petter September 21, 2016 2:19 AM

The Swedish mobile payment system Swish which is a co-op between Swedish banks, made headlines a few years back when it became clear they had used Moxies GPL code for cert pinning in their Android app without disclose their code.

Now it seems that there are other issues with how different banks implemented the phone-number-to-name verification and exchange on their side of the system.
If you are living with a secret or hidden identity you and your information should be available for anyone except for the certian persons within the government systems.

But while some banks return the information as “personal data protected” for an initiated payment after you enter the phone number other don’t.
They simply return the full name no matter if you go through with the paymeny or not.

The bank Nordea, in which the Swedish state have a 8% ownership, knows about this but feel that they have informed the users in the agreement they accept when they begin to use the app.

http://www.nyteknik.se/digitalisering/swish-kan-roja-hemliga-telefonnummer-6788064

Walks With Crows September 21, 2016 3:05 AM

@Petter

If you are living with a secret or hidden identity you and your information should be available for anyone except for the certian persons within the government systems.

Lol.

Did anyone watch RIPD or… even better… Preacher?

I love the scene in Preacher where the Vampire knew the two guys were “government”.

It took him awhile to realize they were Heaven government.

A vampire.

This stuff is hilarious to it. I am not sure if it translates.

Did you know the guy who invented the cover identity management software system in the 80s turned traitor? He was a drunk and some kind of transgender.

Army CI handled that case. It was in Germany. Crazy case.

The CIA undercover calls this sort of thing, what, pocket lint or something.

Others might call it paper trail.

Modern cognitive behavioral scientists would note human beings have significant “change blindness”. So, water into wine? One plate of fish and bread multiplied impossibly? People miss this sort of thing.

Change blindness.

Is it possible for some folks to just imagine themselves legitimate and so force all paper trails to be?

Yes.

But, who would believe this?

And intel agencies typically are just so silo’d. Compartmentalized.

OPM controlled so many records, for instance. And they still are on paper for veteran retirees.

Mission Impossible made great film for finding the NOC list.

But, adding to that nefarious NOC list? Whomever you want?

The only real difficulty these days for such groups is such things as forging historic photos and keeping up aliases alive on social networks….

Problem was solved already.

My Info September 21, 2016 6:26 AM

@Heavenly Spook, Walks With Crows

I think you two met at the wrong Starbucks and they put too much truth serum in your coffee.

John Wayne's Evil Twin September 21, 2016 10:17 AM

@Heavenly Spook, Walks With Crows

Thanks, man. Before you posted here, there were so many things I didn’t understand. Then again, until I dated a Punjabi pole dancer back in the Eighties, I didn’t understand why the Beatles would fly that far for a bag of weed.

JG4 September 21, 2016 10:36 AM

@Heavenly Spook

Your point about disguises is spot on. I think that I’ve posted this link before, possibly with a different excerpt. I’m not sure if the link still is live, but the whole thing is a crazy read. I think that I stumbled into it from the links appended below. I make no representation as to the accuracy of this data, but if it is fiction, he is a brilliant writer.

http://www.freerepublic.com/focus/f-bloggers/2178601/posts

I waited outside of Union Station for the trolley. At approximately
2:45 PM, just after I had purchased my ticket inside the station, I
was sitting next to a white homeless man with a grey beard in his
50’s. He had two shopping carts full of clothes, food, radio etc.,
apparently his life possessions. We were the only two people sitting
on this stone circle just outside the station. Suddenly, the homeless
man starts gibbering some kind of weird code. He sounded like this,

“Echo one four two seven, target is in the building, repeat target is
in the building…”

Then he paused and I looked up and a big SUV had pulled up right next
to us, and two BIG mofos in yellow gold shirts got out of the SUV,
opened the back door and started putting on body armor and packing
mega heat… all the while they are scouring the area for the “target”.

The homeless man is talking to them through a device in his battered
shirtsleeve,

“No point in wasting time, I want to get paid for this, target is in
the building… Ok, but I thought you might want to just get the target,
repeat — target is in the building, target is in the building. Stop
wasting time out here.”

He was mixing in code talk with things I could understand.

Finally, these Blackwater types in yellow who had no badges or
official insignia head into Union Station carrying full weapons.

I’m having a heart attack. They looked straight at me at least twice
but I looked like such a clown. If they were looking for the brown
haired bearded intellectual looking lawyer guy who was in court that
week there’s no way they would recognize me with shocking platinum
hair in my face, a dayglo blue jacket, flared jeans and trainers.

I first picked up the thread here
http://bariumtitanate.blogspot.com/2011/04/improbabilities-theme-natural-born.html
The cult is a dangerous group of individuals working in concert
to advance the arbitrary power of government.

I think that this is Leo’s blog
http://blogtext.org/naturalborncitizen/

This is amazing and chilling. It shows the power of the cult.
http://naturalborncitizen.wordpress.com/2011/07/01/justia-com-caught-red-handed-hiding-references-to-minor-v-happersett-in-published-us-supreme-court-opinions/

65535 September 21, 2016 10:37 AM

@ Clive

I get the picture – it is a huge task. Unfortunately, without lawyer/client “confidentiality” our legal system, as we knot is, now in the flusher.

@ ab praeceptis

Yes, there is probably a away to do so.

Let me give it some thought.

JG4 September 21, 2016 11:09 AM

@Clive

I missed the name of the 6-year old was who was tutored in C. Can you fill in that blank? It jogged my memory that John von Neumann was tutored in calculus from roughly the same age. That’s in the wiki entry. I’ve probably commented before on the Hungarian influence on science and engineering. Szilard being one of the key players. Feynman was roughly the same caliber. You could think of these people being like the superheroes, each having their own special superpower. Feynman’s was path integrals.

I’ve said Thanks before about the link to The Outsiders. In subsequent weeks and months, I’ve stumbled into a series of articles on closely related topics of prodigies. Apologies for any redundance where I’ve posted these before, or someone else has.

How to raise a genius: lessons from a 45-year study of super-smart children
http://www.nature.com/news/how-to-raise-a-genius-lessons-from-a-45-year-study-of-super-smart-children-1.20537

Pioneering mathematicians Terence Tao and Lenhard Ng were one-percenters, as were Facebook’s Mark Zuckerberg, Google co-founder Sergey Brin and musician Stefani Germanotta (Lady Gaga), who all passed through the Hopkins centre.

The man who gave himself away
http://mosaicscience.com/story/George-Price-altruism-equation
How discovering an equation for altruism cost George Price everything.
By Michael Regnier 13 September 2016
Laura met George in the pages of Reader’s Digest. In just a couple of column inches, she read an abridged version of his biography and was instantly intrigued. In the 1960s, apparently, egotistical scientist George Price discovered an equation that explained the evolution of altruism, then overnight turned into an extreme altruist, giving away everything up to and including his life.

How I Rewired My Brain to Become Fluent in Math
http://nautil.us/issue/40/learning/how-i-rewired-my-brain-to-become-fluent-in-math-rp

The Outsiders
http://216.224.180.96/~prom/oldsite/articles/Outsiders.html
©By Grady M. Towers
His name was William James Sidis, and his IQ was estimated at between 250 and 300 [8, p. 283]. At eighteen months he could read The New York Times, at two he taught himself Latin, at three he learned Greek. By the time he was an adult he could speak more than forty languages and dialects. He gained entrance to Harvard at eleven, and gave a lecture on four-dimensional bodies to the Harvard Mathematical Club his first year. He graduated cum laude at sixteen, and became the youngest professor in history. He deduced the possibility of black holes more than twenty years before Subrahmanyan Chandrasekhar published An Introduction to the Study of Stellar Structure. His life held possibilities for achievement that few people can imagine.

might explain some of why our favorite integrated circuit genius was troubled
he showed up drunk at a job interview and got hired anyway
https://en.wikipedia.org/wiki/Bob_Widlar

Think of the heathens! September 21, 2016 12:44 PM

After chewing on that for a while I no longer find the OPM breach to be all that menacing.

vas pup September 21, 2016 3:13 PM

@Jon • September 16, 2016 5:02 PM
Any suggestion how to handle microphone in the same fashion (something could not be bypassed using system or application software) highly appreciated.

Clive Robinson September 21, 2016 3:57 PM

@ 65535,

Unfortunately, without lawyer/client “confidentiality” our legal system, as we know it is, now in the flusher.

Appart from the “now” it’s a fair viewpoint.

I was involved with a case a few years back, and it became clear to me that “privileged info” was becoming “known” not just to the prosecution who were stupidly showing their hand, but also members of the press. I was doubted by the defendents, however a little thought on the matter and a trap was laid which the prosecution walked into. The judge however did not want to know…

So “it’s a known problem” and has been for some time. But nobody wants to do anything about it as long as the illusion of Justice is there.

One of the good things to come from the Ed Snowden revelations is just how corrupt the system is. Which has no doubt come to the attention of some of your clients. The problem, twenty years ago –possibly ten– we could have done something about it, but the trap has now effectively closed. It’s the sort of thing Stalin would have given his “right testicle” to have.

Whilst there are solutions they are impractical for modern legal businesses, and if they started using them it would be sure to attract attention from the powers that be.

As you noted a hierarchical ring solution would appear to be appropriate. The problem as the military found that it’s almost impossible to implement securely unless you have hard segregation at each level with no shared resources across levels. Hence data “diodes/pumps/sluices/etc”.

In many respects the office of 1973 was about as secure/efficient as you could want in business. After all can you see the amount of data exfiltrated in the “Panama files” actually getting taken from old style file cabinates and no photo copier, just the Roneo Machine?

JG4 September 21, 2016 3:57 PM

@vas pup

I’ve been meaning for a while to put together a kickstarter/indiegogo/etc. project to address that issue, but I can barely keep up with the flow of events. I’ve been disappointed with the enthusiasm that I’ve seen for other open source projects to address similar pressing needs. And I’m not interested in offers that I can’t refuse, which are sure to follow such efforts. I just want to live out my days in relative peace or what is left after the psychopaths are finished with the blue marble.

Richard Kindling September 21, 2016 8:31 PM

https://yro.slashdot.org/story/16/09/21/210230/with-3d-printer-gun-files-national-security-interest-trumps-free-speech-court-rules

Shut up and hand over your weapons, never mind the Mexicans we sell weapons to or the crazies building pressure cooker bombs we have your best interests at heart. Come to think of it, haven’t you been a bit frustrated with your home life and your lack of a raise/prospect of downsizing? I bet you’re depressed, teetering. Give me your legal guns too.

Grauhut September 21, 2016 10:03 PM

@John Wayne’s Evil Twin: Its not a bag, thats papers work! Somewhere some home grown plotting software needs an update or a rollback… 😉

@Gerard: If someone (which one?) sends high class comedians directly from the desinformation theater stage, then something here is done rightly. 🙂

https://www.youtube.com/watch?v=NdNQcChKMmM

O great and immortal BOFH, forgive me, but i’m trigger happy today!

@Heavenly Crow: Sorry, i don’t have a lot of shares in religious information systems, so who is your god? Loki, the Matrix architect, Dionysos, someone else…? And why did he send dwarfs?

Wael September 21, 2016 11:57 PM

@Clive Robinson,

And you thought IoT could not get worse?

Oh, it takes talent to come up with stupid ideas! I challenge you to come up with a more stupid idea (as a proof of my statement) 🙂

Thoth September 22, 2016 12:47 AM

@Don

Sorry for the late respond. I didn’t catch that as I am too busy these days with my work and projects which are so much more rewarding.

You can customize the plank PVC cards with lovely designs if you are buying them in bulk. Probably at least a couple hundreds. I had thought of ordering a bunch of them and printing random designs as part of OPSEC to sell them and also offering pre-installing the GroggyBox applet into the smart cards if customers request but I am not certain if anyone is going to want them and some of them might accuse me of mixing personal business of selling printed smart cards with open source projects and some might want to accuse me of inserting backdoors so I do have shelved the plans for now unless I have enough requests to convince my smart card supplier to help me with the printing. The card type that I once had thought of creating a batch of randomly printed card set is Infineon SLE78 chip card with CC EAL 6+ certification.

There are also USB smart card token versions which my smart card supplier have created which are very tiny (same size as Yubico’s Yubikey Nano 4) but are open platform types with ability to load your own applets and control the USB smart card USB token but again, I am not bothering to order them unless there are serious demands for bulk order with at least a few hundred piece which uses CC EAL 4+ NXP JCOP chip.

My security scheme for GroggyBox would be upgraded over time to rely less on the chip’s security so that a higher CC EAL certification would be slightly nice but not a whole lot more which I will detail later on as I develop GroggyBox.

There is the Ledger Blue and Nano S version with secure display and interaction (touchscreen/buttons) which I will have to- re-write the applet from a Java applet to a C application following the Ledger’s C API. For those curious why not to write C codes and then translate to Java, the reason is JavaCard’s Java is a whole different beast and translating C to Java will never work as the JavaCard API and JavaCard’s Java language although looks like Java on the surface is actually much more different so C-to-JavaCard is a bad idea (and yes, I might eventually have to manage a lot of codebases).

Current GroggyBox development is focusing heavily on the Java GUI client and now it can detect the absence of the smart card and refuse to do whatever actions the user wants. The smart card crypto logic is already up and I am writing codes in my free time to link the GUI actions to the smart card crypto logic classes to encrypt/decrypt files.

Ninho September 22, 2016 9:02 AM

Subj: Onionmail (anonymous secure e-mail system using Tor hidden servers).

Hi, Gang ! I’ve just set up ‘onionmail’ on a home computer – Windows, tho like most things networky, ‘onionmail’ is easier to install on *X systems – and I created a couple of accounts to play with.

See URL :
httx://en.onionmail.info/what.html

AIUI, ‘onionmail’ between properly configured users has as its main advantage, over other forms of public electronic mail systems with confidentiality (PGP/GPG, X509, Protonmail, name your petmail…) that it makes snooping ‘metadata’ and/or correlation attacks all but impossible°, so Alice and Bob can exchange mails without an adversary learning even the fact that these individuals corresponded, let alone the subjects or contents of that correspondence. Sorta like old-style “anonymous remailers”, just better in many ways. If I’m wrong please correct me !

Have some of you been playing with it already ? Searching this blog showed earlier mention by Dirk Praet but no more analysis or discussion. I would appreciate the experts’ take on the onionmail system, security and anonymity-wise – assuming emails exchanged between 2 onionmail accounts°°, with (as recommended) as well as without (just for sake of comleteness) additional end-to-end encryption of indivudual emails.

° Leaving alone the known cryptographic fragility of the current version of the Tor protocol for ‘hidden services’, which is being worked upon internally by the Torproject (as Tor proposition 224 iirc)

°° The system allows onionmail to regular internet email and vice versa, for convenience but of course with reduced anonymity and security.

Clive Robinson September 22, 2016 11:17 AM

@ Wael,

Oh, it takes talent to come up with stupid ideas! I challenge you to come up with a more stupid idea

You realise that this is going to get the both of us a yellow card Don’t you?

Well almost of the top of my head… “For the glamping girl, a propane powered, iPhone controled, combined hair curlers and tampon warmer…”

r September 22, 2016 11:32 AM

@Clive,

I wouldn’t discredit that candle too quickly. It could be a nice easy way to burn down your house or file cabinets remotely.

“I didn’t know she left the mortgage on top of it!”

r September 22, 2016 11:34 AM

@Clive,

I’ve been told, and seen evidence of – candle accidents being covered by home owners insurance here in the states. It’s worth looking into at least.

Gerard van Vooren September 22, 2016 2:08 PM

@ Grauhut,

I can make quite a big rant about religion (there is more than enough material) but … not this time.

@ Clive Robinson,

“You realise that this is going to get the both of us a yellow card Don’t you?”

If I was moderator or Bruce I would have kicked myself out a long time ago. I do have my moments but most of the time… 😉

@ John Wayne’s Evil Twin,

“Thanks, man. Before you posted here, there were so many things I didn’t understand. Then again, until I dated a Punjabi pole dancer back in the Eighties, I didn’t understand why the Beatles would fly that far for a bag of weed.”

That’s hilarious!

Scared September 22, 2016 2:08 PM

New way of tracking you(r cell phone)?:

https://community.norton.com/en/blogs/norton-protection-blog/can-mobile-phone-battery-track-you?om_em_cid=hho_email_US_BLST_ACT_CLUBNORTON_2016_09

With this little known exploit, a mobile phone’s battery life can actually be used to track online behavior. Security researchers have found that the battery status API (link is external) of mobile devices can be used to track people online.

The Battery Status API was introduced in HTML5, and this was intended to give site owners information so that a version of websites designed for users on low power devices could be served. This API “allows site owners to see the percentage of battery life left in a device, as well as the time it will take to discharge or the time it will take to charge, if connected to a power source”

This is all seemingly harmless information. But as the security researchers pointed out, the combination of battery life as a percentage and battery life in seconds creates a pseudo identifier for each mobile device. That is, if the device can be identified from one out of 14 million possible combinations.

Grauhut September 22, 2016 5:13 PM

@Gerard “but … not this time”

No need. Seems the bonsai trolls now have other work somewhere else.

From a social engineering point of view they do their job quite well, i just hate to see it. This awkward way of poisoning open minded environments in order to drive good, friendly people out is so disgusting. Have seen it before, had to learn to handle it when doing mod work elsewhere.

Cretins like these talk democracy only to kill it in the next moment “in order to save it”. Talk pluralism, act like a hungry berserk.

I think i should watch the “Snowden” movie this weekend.

Jim N September 22, 2016 7:49 PM

Which isn’t surprising because we’ve long learned from past episodes of chinese panda hackers that u.s.-based cyber security firms are actively monitoring internet comments sections, which may serve as some sort of disconnect/decouple of conversations in its purest form.

Clive Robinson September 23, 2016 7:07 AM

Cost of hacking lower than cost of prevention

Perhaps it’s not surprising to some of us, but many will be unhappy over this,

http://www.theregister.co.uk/2016/09/23/if_your_company_has_terrible_it_security_that_could_be_a_rational_business_decision/

Sometimes known as “The Pinto Option”, you calculate the total cost of being hacked to the organisation to the total cost of prevention and take the less expensive option.

Rational perhaps but total cost is difficult to estimate. Companies are often encoraged to over estimate the cost of attacks as a way to get Law Enforcment to do more than pay lip service to the problem. Further the lack of class or other legal actions encorages companies to discount or disregard the costs of those who have been hurt by the hacking incident.

And people think I’m a bit paranoid when I do not hand over personal details…

Ninho September 23, 2016 8:35 AM

A little surprised nobody in this august assembly (yet) cared to share their analyse/comment about onionmail (cf. my prior post here :
http://www.schneier.com/blog/archives/2016/09/friday_squid_bl_544.html#c6734733 )

This subj matter seems too important to ignore it, doesn’t it ?

Meanwhile there is that nice “hacker10 security” account worth a read on the subject :
http://www.hacker10.com/internet-anonymity/onionmail-an-anonymous-mail-server-running-on-tor/

Opinions, again, gentlemen ?

My Info September 23, 2016 10:54 AM

@JG4

“… one of the larger leaks in history”

Not really. Just a slightly bigger headline than usual. The Washington, DC political machine has reached a Holocaust-level complicity in these data “breaches,” which are getting harder and harder to explain as anything other than willful and intentional leaks by those entrusted with our personal and private data and information.

JG4 September 23, 2016 11:08 AM

@Ninho and whoever posted the VFEMail link

Thanks for bringing this to my attention. Sadly, my TOR machine was compromised almost from day one by one or more spook exploits. I don’t have the wherewithal to scrub the hard drive sectors where APT are lodged, nor the UEFI/BIOS exploits. I think that my only path to a clean setup is Raspberry Pi, for the router and the working machines. I’m not so sure about that path either, but you don’t want to abandon all hope. I haven’t scoured the internet for energy gapping techniques and hardware, but I have worked out many of the pieces on my own. The only way to make this work is to open source it, because it is going to take a lot of effort just to get the hardware right, before starting on the software side of it. Any effort on software is substantially wasted without secure hardware to run it.

Jim N September 23, 2016 11:17 AM

@ JG4, My Info,

“more history that they don’t teach in school”

There is no absolute history. It’s constantly being appended to, revised, and corrected. Feel free to teach what you choose.

@ Ninho,

I’ve not used it nor looked at it. There’s just something about email and tor that I don’t think will work very well together. Outlook and Gmail is more than enough for my purposes.

DoJay walking on Libery Ave. September 23, 2016 11:31 AM

“Those who control the present, control the past and those who control the past control the future.”

Clive Robinson September 23, 2016 11:55 AM

@ DoJay…,

… and those who control the past control the future

Hmm depends what you mean by “control”. Whilst they can certainly burn all the resources and render large tracts uninhabitable, I would call that “future wrecking” rather than “control”. Control implies an ability to “see accurately into the future”, which currently we do not believe is possible.

Clive Robinson September 23, 2016 12:00 PM

@ Wael,

Good for a nice Sunday afternoon read.

Only if lunch ie both early and light 😉

It’s actually quite readable unlike many other thesis 😉

D.O. Jay September 23, 2016 12:03 PM

TIA doesn’t need to behind anymore more than her ever so slight nudges of good will gesturing on the we’ll. 2 degrees are more than enough to change an arclive.

Don’t you think? JG4’s fazionable post about the lawyer who plays keno and has all his numbers drawn on election day may be far fletched Mr. Fetcher – but we already know it’s a) done over Z’s and b)
eye balled back home.

Have you ever heard of hand-breaking?

@65535,
I think your lawyer problem is you’re not selling them snake oil. Don’t think so big – you can see such construction from space.

D.O. Jay September 23, 2016 12:08 PM

@65535,

Also, just because you haven’t sealed all the exits doesn’t mean the purpose hasn’t been served. Having one or two known ways into and out of a building means you can effectively watch a perimeter.

O' Mission September 23, 2016 12:28 PM

ddg.gg/lite&q=prole
ddg.gg/lite&q=definition%20prole
ddg.gg/lite&q=working%20class%20prole

I will no longer be utilizing ddg.

JG4 September 23, 2016 1:39 PM

@Clive

plus ça change, plus c’est la même chose

your point “render large tracts uninhabitable” is a nice paraphrase of “where they make a desert, they call it peace,” which was penned the better part of 2000 years ago

https://en.wikiquote.org/wiki/Tacitus

I like the term of art, “strip mining the future,” but going to the trouble to salt the crop fields is almost the opposite of gain from destroying the environment.

in another time, the quote was, “Kill Anything That Moves” and the term of art was “pacification”

“Empire is a machine, driven by greed, amorality, fear and hubris, that crushes bodies and souls to make money and power.”

r September 23, 2016 2:04 PM

@JG4,

Needlepoint, Pointilism, Sow, Sew.

So, where does that leaven Ms. Information?

Harvesters in the fields of Elysium, spreading panic and disinformation. We didn’t poison their image, they hid in the shadows as whispers almost imperceptible to our ears. They left footprints in flower, the priestly caste hidden from view presented to us as gods free of charge. What are the charged with if nobody will protect us from them?

r September 23, 2016 3:21 PM

@Clive, Anyone

How leaky are capacitors? (EM wise) Could low end hardware (antique ICs) be subverted just by replacing the caps?

tyr September 23, 2016 8:28 PM

@JG4

It’s “Kill them all, let God sort them out”

20th century vesion SE Asia.

Stolen from the Albigesian crusaders.

Kill them all, god will know his own.

21st century is “We kill people based on metadata”

@r

You should be more concerned about the IoT habit
of embedding things into components and caps are
usually big enough to contain a lot more than the
capacitor.

@Clive

The rationality of letting the bean counters decide
your security footprint only looks good on paper.
I worked for an instrument company who had to scrap
an entire run of instruments because some accountant
bought cheaper transistors for the prescaler input.
Think of the savings of paring off a few cents on
each. In less than a year they were in chapter 11
and the county sold off their inventory for back
taxes. So much for economicly rational behaviors.

r September 23, 2016 8:46 PM

@tyr,

point taken, and I began re-reading some things after I posted that question.

Caps were the wrong question but touche` you are absolutely right.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.