Comments

Anura November 25, 2016 5:52 PM

I see I’m failing in my lifelong mission to educate the world about the differences between squid and cuttlefish (for example, squid is often hailed as great bait for catching many types of fish, while cuttlefish is often hailed as great bait for catching many types of finches).

Chief Robert Eaton sorting his enemies list by penis length and girth November 25, 2016 6:02 PM

One of the most pernicious aspects of surveillance is the way it seeps deep down into the bureaucratic dung heap. Every goober idiot cop in Mayberry RFP starts to think he’s the superhero world puppetmaster in his panopticon, then goes all Captain-Queeg-with-the-strawberries when people tell him grow up, you’re a stupid gumshoe cop, not a spy.

http://www.lowellsun.com/breakingnews/ci_30599897/townsend-board-police-chief-hasnt-resigned-after-all

Tõnis November 25, 2016 6:07 PM

Weird stuff with email this week. I have at least seven email addresses, most of which are configured as IMAP or POP3 accounts on my BlackBerry 10 smartphone. Several different times, each of the two Microsoft Outlook.com email addresses were reported by the smartphone as log-in information incorrect or changed, and there were warning emails from Microsoft with the following message:

“We detected something unusual about a recent sign-in to the Microsoft account *******@outlook.com. To help keep you safe, we required an extra security challenge.

Sign-in details:
Country/region: Unknown
IP address: 25.161.213.147
Date: 11/21/2016 5:43 PM (EST)

If this was you, then you can safely ignore this email.
If you’re not sure this was you, a malicious user might have your password. Please review your recent activity and we’ll help you take corrective action.”

Changing the password didn’t help; the accounts wouldn’t take in the smartphone IMAP settings. In the multiple cases, the problem fixed itself overnight. I saw many reports of this in the Crackberry forums, but it’s not limited to BlackBerry devices. I Googled the issue, and the same thing was being reported on the net in other non-BlackBerry related sites and forums. I also know that it wasn’t limited to Microsoft email accounts. My Verizon home email (configured as a POP3 account on the smartphone) also had unusable log-in information, however Verizon didn’t send me a kind warning email.

I looked up the IP address and it comes back to the “UK Ministry of Defence.” Others in the forums reported the same IP in the Microsoft emails they received. It’s curious that the “Snooper’s Charter” recently went into effect, and now there’s this suspicious behavior pointing back to the UKmod. My own theory is that the mod is up to additional large scale spying/surveillance, and someone at Microsoft goofed (or there were technical difficulties) which further outed Microsoft (and by extension others like Verizon) as the NSA/UKmod collaborators that they are!

Thoth November 25, 2016 6:39 PM

@Nick P

“Bruce’s essay on regulating the IoT got a lot of popularity (and criticism) ”

From previous squid blog post. I guess the well deserving status of current IoT security where holes are EVERYWHERE. Our host, @Bruce Schneier, was too kind to stand out and try and make a difference. These days as long as you say “you gotta regulate XYZ”, most people will simply jump to the conclusion without a second thought and “Boo” at others.

Recently, I was meddling with a HP OfficeJet printer and to my horror, the HP Direct WiFi connection does not allow password change !!! The default password is set to 12345678 if I did not remember wrongly. Which smart guy in HP decided that default passwords that cannot be changed are secure. IoT (Internet of Terror – and aptly so), will reign forever. It will be the next Windows XP era of sorts just like how Windows and Android became so vulnerable.

The problem is not because the MCUs are incapable of security. It is the stupid decisions made by stupid humans who thing password as “12345678” over WiFi is secure … and to add insult to injury, does not give an option for changing the damn password. Maybe I am wrong that the HP Direct password could be changed by a user but I can’t find the button or menu on the printer to do it.

Volunteer Surveillance Team November 25, 2016 6:47 PM

What is the Volunteer Surveillance Team (VST)?
http://www.lapdonline.org/mission_community_police_station/content_basic_view/9066

VST is a group of community volunteers living in the LAPD Mission Area that are specially trained and supervised by LAPD officers to observe and report criminal activity.

How does a surveillance detail operate?

When a crime pattern is identified, the LAPD officers in charge plan how a surveillance detail would be safely and effectively conducted. Volunteers are assembled at a roll call and assigned predesignated observation posts, typically located in cars, vans, buildings or rooftops. The VST members who observe criminal activity in the surveillance area report this via police radio to patrol officers assigned to the surveillance detail. These officers respond to the call, stop and question the individual(s) suspected of the criminal activity and make an arrest, if warranted….

Nick P November 25, 2016 7:00 PM

@ Thoth

“The default password is set to 12345678 ”

You might too hard on them. That password is stronger than one used in defense systems good enough for stopping threats from space.

Ted November 25, 2016 7:10 PM

Privacy International released “The Global Surveillance Industry” report in July 2016. [1]

According to the report “surveillance technologies are not new” and Privacy International provides a list of surveillance companies operating in nations including Israel, the United States, the United Kingdom, Germany, and Italy. The United States is noted as headquartering 122 companies that are listed on the Surveillance Industry Index (SII), while the United Kingdom domiciles 104. [2]

The technology type distributions of these companies are classified in the following categories: analysis, audio surveillance, phone monitoring, biometrics, location monitoring, internet monitoring, monitoring center, video surveillance, counter surveillance, forensics, equipment, and intrusion. In addition to providing information about privacy and the surveillance industry, Privacy International advocates for the implementation of effective regulations and safeguards to promote international stability and security. [1]

[1] “The Global Surveillance Industry” report
https://www.privacyinternational.org/node/911

[2] “Privacy International launches the Surveillance Industry Index & New Accompanying Report”
https://www.privacyinternational.org/node/912

Clipper November 25, 2016 8:19 PM

Some exciting news for those of us who want to get rid of Intel backdoors:

https://trmm.net/Installing_Heads

http://hardenedlinux.org/firmware/2016/11/17/neutralize_ME_firmware_on_sandybridge_and_ivybridge.html

I frankly can’t wait till the total success of the project and flash an X220-230 for good.

In the meantime, no one seems to pay any attention to similar possible AMD backdoors that come with their new Zen – Bristol Ridge line.

I would love to buy a new thinkpad, but I won’t pay that much money to buy a backdoor ridden device. So I will use an X230 for a few years and hopefully someone will come up with a better alternative, possibly using some other CPU architecture.

Anura November 25, 2016 11:00 PM

@Grauhut

Luckily, looking at the code, it’s not too severe (only zeroes the memory). That’s the kind of stuff that could have just as easily leaked plaintext if it was a memcpy instead of memset.

I can’t believe how that’s written either (well, I can believe it, but I don’t want to). I mean, they should abstract away buffers, but it’s not just that, it’s that the functions do so many things. You should have your underlying cipher functions operating on the block level, then you should have the main utility functions to handle reading fixed-length blocks from the buffer and storing partial blocks, as well as comparing MAC tags, and if you do it right your helper function that encrypts, authenticates, verifies, and zeros the buffer if it is wrong should be a really simple function with a few function calls and a condition or two, but that’s it (seriously, the same function also has code to convert from big to little endian within it).

https://github.com/openssl/openssl/blob/master/crypto/evp/e_chacha20_poly1305.c#L196

Thoth November 25, 2016 11:11 PM

@Figureitout

Finally got GroggyBox working for encrypting text typed into the built-in textpad. Was pixie-led (misled) all over the place and the one simple thing that was the cause is I forget to get the GUI to respond to certain events. Took time to dig through hex editors and APDU traffic. Good thing traffic is still unencrypted making debugging easier.

The smallest thing is the deadliest thing 😀 .

Now it could encrypt text from built-in textpad or from a file for local / personal use. Next step is to build an address book and allow email / PGP style encryption for friends.

Concerned netizen November 25, 2016 11:34 PM

When a vulnerability was found in SSL/TLS that enabled hackers to degrade their victims’ security to RSA_EXPORT, called Logjam(CVE-2015-4000) was exposed, authorities reacted quickly to protect people from this breach, and SSL/TLS implementations were secured to no longer be vulnerable to downgrade hacks. Problem solved, government networks win, corporate networks win, civilian networks win.

When a vulnerability was found in GSM that enabled hackers to degrade their victims’ security to A5/2, called Stingray(no CVE number for some reason) was exposed, authorities reacted quickly to commercialize the explpit kits and sell them brutal dictators, and GSM was never trusted again, nor was any phone which fell back to it (almost all do). Problem amplified, government cell-nets lose, corporate cell-nets lose, civilian cell-nets lose.

What a strange contradiction. Maybe Russia is responsible. Or North Korea, China, Cuba, Vietnam, or some other red fraction.

Anura November 26, 2016 12:56 AM

@None of your business

Your first link doesn’t say what you say it does, but I mean, yes Russia and the US have been spying on each others scientists since the cold war days.

65535 November 26, 2016 2:33 AM

Q and A of Snoopers’ Charter cont. [1] [2]

@ Ted and Tõnis

“I looked up the IP address and it comes back to the “UK Ministry of Defence.” Others in the forums reported the same IP in the Microsoft emails they received. It’s curious that the “Snooper’s Charter” recently went into effect, and now there’s this suspicious behavior pointing back to the UKmod.”- Tõnis

You could be correct. There may be some test run of the hardware and software to hone the collection of data related to the Snooper’ Charter. Here is what has been discussed about the Snoopers’ Charter:

[Ted from prior post]

‘According to this Wired UK article, data could be bulk collected from a foreign region where terrorism is suspected, if security and intelligence agencies apply for a warrant from the Secretary of State. I don’t know if this answers the question? The article also includes a list of the nearly 50 public authorities that can access Internet Connection Records (ICRs) based on Schedule 4 of the Investigatory Powers Bill. A link to a 304-page iteration of the bill can be found in the article at “Full bill as passed by House of Lords.”‘

“Snooper’s Charter is set to become law: how the Investigatory Powers Bill will affect you”

http://www.wired.co.uk/article/ip-bill-law-details-passed

[Ted’s last post]

https://www.schneier.com/blog/archives/2016/11/securing_commun.html#c6739166

It looks like the interpretation of [what are the countries that will not comply to this Snoopers Charter] is not clearly answered.

As to the Full Snoopers’ Charter it still appears to be semi-complete because the last step is Royal Assent. It is stuck at “Consideration of Amendments” which is a circle symbol which appears to be half full.

http://services.parliament.uk/bills/2016-17/investigatorypowers.html

For those UK Barristers or anybody knowledgeable in UK law, can you explain this “Consideration of Amendments” and the half full circle symbol?

It still appears that 11th hour changes will be made to the Snoopers’ Charter – from my understanding.

[1] https://www.schneier.com/blog/archives/2016/11/securing_commun.html#c6739023

[2] https://www.schneier.com/blog/archives/2016/11/securing_commun.html#c6739108

Thoth November 26, 2016 3:21 AM

@Grauhut

They should have used my 8-bit jChaCha20 implementation 😀 (just kidding).

When have OpenSSL never had problems with all sorts of overflow. OpenSSL should be dumped into the Crypto Trash Bin and never be allowed to resurrect again. We should have been using Haskell, Ada, Rust or some safer language implementations of cryptolibs.

Link: https://github.com/thotheolh/jChaCha20

P2P November 26, 2016 4:42 AM

Saying “choose totalitarianism or let America be over-run by terrorists and anarchists” is a false dichotomy.
The choice isn’t between having the feds continue to nullify more and more of the bill of rights, and total anarchy/oligarchy with no government whatsoever.
Libertarianism isn’t the former or latter. Republicans are the former (Bush’s 8 year War on Liberty) and Democrats are the former (Obama’s 8 year War on Liberty) is the former.

Libertarianism is having the bill of righta protect citizens from corrupt government officials, as well as protecting them from corrupt business executives.
Libertarianism is giving power to the government that the constitution says that the government can have.

Giving the powers that the constitution says are reserved to the people, back to the people, doesn’t mean the government having no power. It means the government having as much power as it did in the beginning, plus the power to enforce ratified ammendments that were legally added, such as letting African Americans and women vote.

Libertarianism means the feds have very little power, just the power that is really important for them to have, with most of the government power going to the states, and any powers not explicitly granted to the government being reserved by the people.

I just want to see America succeed, and for that to happen requires a leader who keeps his oath to uphold the constitution.

Curious November 26, 2016 4:45 AM

Possibly relevant I suspect, but ofc I am by far no expert on any of this. Afaik nothing concrete about computer security, but I thought it was interesting when at the 54 min marker, there was a comment about mimicking physical systems, and the idea of making them bigger and slowing them down, to do manipulations that previously hasn’t been possible.

“Our Quantum Society: Living with Entanglement”
https://www.youtube.com/watch?v=wDr_7kCeHF0 (7. Nov 2016)

At around the 54 min marker, Leonard Susskind points out that he thinks quantum computing can be used to mimic physical systems, making them bigger and slowing them down (because simply copying them is too difficult as I understand it). This had me wondering if maybe this could be used an an intermediate system between normal computer computations and the atomic/subatomic physical world which computers is fused into, for better and for worse (like backdoors/select manipulations of a process for computation), used in a complementary way, like having a regular computer process with a quasi-quantum mechanical system fused into that fist system in some bottom layer. As if you had a quantum computer hooked up to, or fused into, a regular computer, and doing quick manipulations to that old style computational process’.

I can’t really prove why this is dangerous to security and computer security, but it sort of seems to me that having some special arbitrary process to classic computer process’ is like asking for trouble, if this allows for covert manipulations of a computer or networking system.

Curious November 26, 2016 4:50 AM

To add to what I wrote.

And maybe this is just silly of me, but it just occurred to me that in programming there is something called a ‘race condition’. As someone that isn’t into programming at all, I couldn’t help but wonder if maybe that aspect of programming would obviously be compromised if you fused a quantum computer into a classic computer system.

None of your business November 26, 2016 5:12 AM

@Anura
“Your first link doesn’t say what you say it does, but I mean, yes Russia and the US have been spying on each others scientists since the cold war days.”
My first link shows the attempts to break into US scientists’ gmail being blamed on Russia without proof.
My second link shows proof of the NSA deliberately sending dangerous malware to US scientists who weren’t suspected of any wrongoing.
I’m not complaining about NSA using billions of tax dollars a year to hurt Russian scientists. They’re using it to hurt US scientists. That is treason far more than the pentagon paper leak or the snowden leak, which were done to protect US liberty and justice.

ab praeceptis November 26, 2016 6:45 AM

Grauhut

No matter how good the work of the real crypto guys (in this case djb) is, one can be sure that the openssl losers will find a way to weaken in and/or to wrap crap around it.

Anura

“Funny”. After all those decades many C/C++/jave & Co guys still haven’t got the message. They still crap out worna (write one, read never again) code although the reality is very much different.

It’s, for instance, inconsistent even within the function, sometimes 0-checking the “!foo” way, othertimes the “foo == NULL” way. Obviously that code wasn’t produced along a reasonable and binding set of guidelines.

The problem was in line 302 -> “memset(out, 0, plen);” with out not pointing to the start of the buffer. The fix hence is to change the first parameter to “out – plen”.

This isn’t “just a small error that can happen to everyone”. This is a clear indicator of a grossly unprofessional mindset and attitude and of incompetence.

Not knowing where in ones buffer a pointer is is about as bad as it can get. One culprit, btw, is also an almost total lack of comments, lousy “let’s save 2 chars” variable naming, saving closing comments at control structures – which, damnit, are well known to be troublemakers (e.g. dangling else), and other major sins and failures.

And all of this after lots of buffer related trouble and playing with what can be considered the crown jewels of (not only) unix security.

Some bazillion people out there relying on ones work? Fuck them! The openssl “developers” want fun and want to be cool.

Beest Fuude November 26, 2016 8:02 AM

@Tonis

Seems MS may have been routing outlook emails through UK government addresses for some time. Basically, the government decided to use MS cloud services. And, it may be part of the deal was to route data through MoD addresses.

This is the gist of a ticket now taken down from the Office365 site that goes back to Mach 2015:

“I have been made aware of some interesting information. It would seem like a good majority of our corporations emails are being run through the DINSA/Ministry of Defense UK subnet. 25.0.0.0/8 Did Microsoft purchase IP addresses?

I did a good swath of Google searches trying to find an answer but found none other than people asking questions. What is going on? This message was an internal email between two employees. This is very concerning if these addresses are not owned by Microsoft.

What is going on here?

Thanks,
Andy”

MS response:

“Hi Andy,

“When an Office 365 user send an email to an external user, it will go through EOP. To let the admins manage the mail flow by the IP addresses, Microsoft public the article. However, when an Office 365 user send an email to an internal user, it will not go through EOP. And admins doesn’t need the IP addresses to manage internal mail flow. So Microsoft doesn’t list these IP addresses in that article. These IP addresses are Office 365’s IP addresses and they are not publiced.

Please don’t worry about the security of the emails.”

Thanks,
Xinyu”

from: https://community.office365.com/en-us/f/158/t/318199 (March 2015, now deleted)

It’s possible since internal emails can’t be snagged at cloud choke points, they are instead blind copied to MS/MoD cloud servers for whatever reason.

Most people don’t care about this, (certainly the Brits don’t) or are completely resigned to the militarization, collection and censorship of formerly private electronic electronic communication.

Our stuff is their stuff and that’s that.

Curious November 26, 2016 8:36 AM

I can hardly believe that EFF are actually pressing people to use a password manager on Twitter this way:

“Use the long weekend to set up a password manager and protect your online accounts with stronger passwords.”

What I find offensive about this idea, is how trivial this suggestion is, in having people simply start using password manager software. Surely NSA and the world of police state surveillance would prefer this kind of trend as opposed to manually typing in passwords that you can easily write down on a piece of paper without the risk of simply forgetting this information.

I think that yet another disturbing aspect to this idea of the police state abusing people’s privacy by tampering with their computers, is imo, there mere possibility of there becoming a training aspect to it all. As if having “society” trending towards a homogeneous use of technology (think password managers) will spur on “innovation” (research) in the various schemes that underlie state surveillance efforts, an encompassing state surveillance paradigm which I think people should consider being the embodiment of a police state.

Curious November 26, 2016 8:42 AM

To add to what I wrote:

Oh wow, I just had an idea just now!

Imagine how terrible it would be, if US congress ever considered hacking, espionage and state surveillance capabilities to be a form of “innovation”.

What do you think Bruce? Could perhaps the US congress be so bold as to try envision surveillance as being a form of “innovation”, in any case where a concern for “innovation” ends up being the lowest common denominator about any issue?

Heh, I will go watch the entire video which was linked somewhere above, and try look for instances of ironic distancing or outright proclamations of supporting surveillance capabilities, or even upholding law and order, or even considering so called national security.

Curious November 26, 2016 8:53 AM

I think, if US congressmen and -women want to be thought of as being diligent and honest, they should now, or should already have informed about their aspirations, or any special interests either overt or covert, if espionage, hacking and surveillance/monitoring capabilities are deemed a part of this general notion of “innovation”.

Grauhut November 26, 2016 9:04 AM

@anura, thoth, ab praeceptis: Yes its time to get rid of openssl since there are plug’n’p(l/r)ay alternatives. 🙂

en.wikipedia.org/wiki/LibreSSL#Changes

Curious November 26, 2016 9:04 AM

Off topic:

Language and philosophy related I guess. A little relevant though, if wanting to juggle words around for describing the world we live in, when hard tech nomenclature falls short in expressing ones surprise or disgust.

Btw, to my surprise, I found an article about the idea of ‘fascism’ on twitter yesterday. The article basically points out how orchestrated common thinking and acting can bring about an authoritarian and oppressive culture, but in a timeless manner, not just being a mere reference to Fascist Italy around WW2. Or, when used as a mere negative label to try scorn, mock and ridicule authoritarian rule and violence against people.

“Umberto Eco Makes a List of the 14 Common Features of Fascism”,
http://www.openculture.com/2016/11/umberto-eco-makes-a-list-of-the-14-common-features-of-fascism.html

My favorite conceptual understanding of the word ‘fascism’ (a name, like with most things, written or spoken) (and trust me, I don’t like fascism), comes from the image of an axe bundled together with wooden sticks (or rather, the other way around), as if people are supposed to be all the bundled sticks, symbolically enjoined with the action and aspiration of authority and violence (the axe).

Gerard van Vooren November 26, 2016 9:40 AM

@ ab praeceptis,

About the OpenSSL bug. There is a bit more funky stuff going on in that function. What happens with actx? You can’t know it without looking at other (probably a few, scattered) functions. actx got its data from aead_data() but there is no checking whether actx is NULL. Well, okay, it’s “only” a pointer anyway. At the end of the function the pointer itself goes out of scope and we have to assume that the data where actx points to is being freed somewhere else. And there is also the “mandatory” variable with the name “temp”, which is a buffer in this case.

Then there are a couple of problems with C itself, again looking at this particular function. With any bounds checking language the buffer overflow bug would have been found the moment the buffer … overflows. Makes sense.

If you look at line 215+216 you see that it checks whether “in” points to NULL and if it doesn’t … (which assumes that “in” got initiated properly, which C doesn’t do by itself) and then there is a check whether “out” is zero and if that is the case it leaves “out” unassigned. (that’s a problem I see with some crypto code btw (NaCl), the location of the output buffer isn’t always the same but it should)

ab praeceptis November 26, 2016 10:12 AM

Gerard van Vooren

‘in’ is a parameter. But you are right, I picked only some ugly issues and there are more.

As for “buffer always the same” I don’t agree. Such a function should work with whatever happens to be the buffer. That’s not just a question of proper design but has also practical aspects. In event driven code, for instance, you might very little control at all and buffers (locations) change all the time.

But again, your are right. There quite some more issues with that code. One example I noticed is Poly*_Update being a proc rather than a function and it’s just assumed to always properly work, which is obviously nonsensical considering what gets thrown at it.

Yet another issue is lack of decoupling. Code and logic from diverse layers is happily sprinkled all over the place.

But I focussed mainly on the “mindset” problem because that (in my eyes) is the main culprit. As long as that isn’t cured any attempts to do better are bound to fail and we will continue to get “the most current version of the OpenCrap bug collection”.

Newman November 26, 2016 10:20 AM

What kind of CPU has less backdoors these days? All current Intel CPUs have Intel Identity Protection backdoor, so I guess it’s good to totally avoid them. Any idea about AMD Carrizo line?

keiner November 26, 2016 11:40 AM

@Curious

Concept for password managers:

“Single point of fail”

or

Single hack – JACKPOT

Never ever use such a nonsense piece of software. And I’m not any longer sure about the (hidden?) agenda of the EFF…

r November 26, 2016 11:55 AM

@Moderator, All

Please don’t yellow card me but it’s the holiday season:

oreilly-discounts-every-ebook-by-50%

^^

Newman November 26, 2016 12:06 PM

@Nick P

Those designs look too good to be true, I wonder why they haven’t been adopted by some manufacturer for a cheap netbook kind of thing.

Concerning Intel, even older versions have the ME/SBA backdoors. AMD Zen comes with PSP, which is a lesser evil but still not good. At least with desktops the FX line looks pretty safe so far.

I just hope libreboot people have better success with their efforts so that even modern models can be properly flashed.

ab praeceptis November 26, 2016 12:17 PM

Newman

Oh, those designs have been picked up. One of the two major russian processor families is (open) Sparc based, and the Gaisler Leon also is (it was, iirc, done for esa, the eu-ropean space agency). Probably Nick P would know some more examples.

As for AMD … let me put it like this: I wouldn’t hold my breath.

r

The Chinese are big mips players. For some (unknown (to me) reason, their loongson processor seems to never have hit the shops big time but they have improved it generation after generation.

I don’t know whether they are still available but there have actually been “netbooks” available which were based on that chinese mips.

Newman November 26, 2016 1:01 PM

@ab praeceptis

So do you think that there is no reason to prefer an AMD equipped laptop, even without PSP, over an Intel ME one? Or an FX over some i3 for the desktop?

Of course I understand USA based manufacturers like HP and Dell will have their firmware backdoors on all of their products, but I would expect it to be far easier with Intel providing a ready made solution.

I do remember the loongson netbook, but it was like something a Chinese would carry around during his trips and not something you could buy yourself. If they have a modern version that can run Linux, in these days of alibaba and taobao it would be far easier to get one. Even the thought gets me excited.

r November 26, 2016 1:15 PM

@Newman,

OpenBSD directly supports loongsoon, as it something else too… Just can’t remember what offhand.

Honestly, when compared to linux on a fringe platform such as that I doubt anyone would really be missing any modern (hardware supported) features – file systems are a different topic though if you’re after cutting edge there.

Newman November 26, 2016 1:15 PM

Those alternative CPU designs are so exciting, I do hope we will be able to buy a product right off ebay or something during the next year. Maybe the EOMA68 project will be the first of that kind, similar to the loongson netbook in some respects.

Frankly for most purposes like browsing and communicating on a secure hardware platform it doesn’t require too much of processing power. So even if that kind of netbook won’t be able to play modern games or open a dozen facebook tabs, it would be perfect for many people.

r November 26, 2016 1:24 PM

@Newman,

Sharp Zaurus is being discontinued by them, that was the other niche product but it’s an intel(?) arm(?) at it’s core apparently.

Remember, these chips are “open” so you can print them at a foundry – this means unless it’s a SoC (even if it is a SoC) you still have an entirely incomplete product – form factor and features are still missing from blank impls like this which is why the cores are made to be ‘softcores’ (which run on a compatible fpga) and hardcores which are the type you create and then socket/solder.

If you want a ready to go product you might want to look into bunnie’s … “Novena”.

PSP was a mips, that’s another potentially semi-secure device imb provided you can securely source compatible code (think netbsd).

NetBSD is likely something very good to have laying around in source form where things like dban requirements are concerned.

ab praeceptis November 26, 2016 1:31 PM

Newman

Maybe I should have worded it differently. I should have said “I know of no particular reasons that would lead me to strongly assume that AMDs processors are ‘clean'”.

It is my – not well researched – take that one might as well use an intel processor. This is even more true when considering that quite some successful work has been done in “cleaning” some of the #%&§$.

That loongson notebook was available at some shop in netherland or belgium.

Moreover there seem to be some chinese mips based tablets (and possibly netbooks) out there.

If you are interested in a reasonably secure system, things get way more complicated as other factors get involved.

Ted November 26, 2016 2:34 PM

@65535 @Ratio

It still appears that 11th hour changes will be made to the Snoopers’ Charter – from my understanding. – 65535

[See also Consideration of amendments, Royal Assent for background information on these two stages.] – Ratio

.

Thank you both for providing the links. I don’t know how much or if the bill will be modified before Royal Assent, however there is an active e-petition requesting the repeal of the IP Bill. As of a moment ago there were 104,450 signatures.

“Petition: Repeal the new Surveillance laws (Investigatory Powers Act)”
https://petition.parliament.uk/petitions/173199

Some more about petitions: UK’s Parliament’s “Get Involved” page has a “Create or sign a petition” link. On that topic, they provide an easy-to-understand 2:35 video about petitions. According to the information presented, the Government will respond to all petitions that receive more than 10,000 signatures. E-petitions that receive over 100,000 signatures will be considered for a debate.
http://www.parliament.uk/get-involved/

Twitter #IPBill

AlanS November 26, 2016 3:42 PM

More on the Investigatory Powers Act. As with Brexit, the Labour Party facilitating the Tory right-wing rather than opposing:
The UK’s Investigatory Powers Bill is about to become law

The pattern of debate in the Commons was depressing. The SNP and Lib Dems stood firm, with help from the Greens and Plaid Cymru – but with Labour absent from almost every vote, there was no chance of making any significant progress. And then at the final stage, the crucial decision as to whether the House of Commons did want to endorse unprecedented powers to spy on its own citizens, Labour did finally show up – to vote with the Tories.

Newman November 26, 2016 3:57 PM

@ab praeceptis

There are the Allwinner products, but the company has been criticized for not adhering to open source principles and leaving a backdoor on some of its products which had a custom kernel with the debug option left behind. Not sure it was intentional or just stupid.

Concerning Intel backdoors, there are efforts to neutralize ME on several older Thinkpads, and I believe the Librem(?) laptop project people approached Intel with a request for a modern product without ME but Intel didn’t wink an eye.

I think Intel completed their backdoor technology with the so called Identity Protection, which means they can pinpoint a specific machine based on its CPU serial number. Like enabling further use of ME backdoors after identifying each individual target. Pretty scary. It’s like a textbook application of the Snowden files.

I really don’t know how far AMD went with their PSP coprocessor, but I certainly wouldn’t trust it either. I could accept it as a possibly less evil option though. To he honest, I would prefer a libreboot friendly device even if it was slower and not as powerful.

ab praeceptis November 26, 2016 3:58 PM

“uk snooping”

a) maybe we should examine the question whether what the uk really did was to merely do officially what many other do secretly.

b) I’d like to suggest that we look at that matter mainly from a technical perspective as there is our forté and our defense options.

One path of thought that might be promising is to not only focus on the “encrypt everything and transmit everything encrypted” but also on the path of staging.
By staging I mean to find ways to work with transmitting only a few bytes which then can be “unfolded” or used a seed, or … to en|decrypt.

Another question I’m pondering is to generally understand our opponent (state actors) better rather than to think quite unidimensionally in ITsec/crypto terms only.

Example: we strive for random looking byte streams. That’s one important measure of quality for us. If, stupid example, we’d find ways to disguise, say as mp4 byte streams, we could deny the opponent a critical element, namely to easily and automatically categorize and recognize some stream (in a cable) as “encrypted stuff” and then to tag it as suspicious.

Newman November 26, 2016 4:11 PM

Maybe the other way around is if more and more people used encryption and secure hardware and software so that the pool becomes larger. Suppose you had 2 million people in the UK using VPN and Tor and PGP?

Anon November 26, 2016 4:15 PM

Note that “considered for debate” does not mean it will be discussed at all. The Government could just decide it doesn’t want to debate it, and that’s that.

ab praeceptis November 26, 2016 4:32 PM

Newman

Part 1, processors.

Allwinner is Arm afaik. Everybody his own, but my view is that I consider the whole Arm zoo to be gravely tainted and not at all trustworthy.

If one wants a really trustworthy processor, about the only option seems (to me) to go the soft-cpu/fpga route. Even the asic route with those same processors can already be tainted.

If you want to have something simpler and ready to rock you might have a look at some older sparcs.

If you want to stay on the x86 route what you indicated seems reasonable, but keep in mind how relative “reasonable” is.

part 2, “the other way around”

Yes, maybe. I don’t yet see a clear winning path, at least not one for millions of Joes and Janes. I tend, however, to look at it from a military perspective; after all, it is a kind of war, a war of the governments against their citizens. Seem from that pov chances are that the gov. forces will outrun us if we bet on the “massive encryption” way.

Newman November 26, 2016 5:46 PM

@ab praeceptis

If the governments wage war against their citizens, then it’s up to people to decide if they accept tyranny or no. Of course, if most people don’t bother with their government snooping around their emails and personal searches and web browsing and chats and sextings, then we are doomed beforehand. At least we can raise public awareness on the subjects of privacy and personal security and hope people listen.

Thoth November 26, 2016 6:19 PM

@Curious

re: Passwords
Even if you were to hand type the passwords into web forms or GUI forms, it is already game over. Anything touching your PC and it’s keyboard is already considered irreversibly compromised (assuming there is backdoors and malware). Password manager only adds a tiny dimension of security but the master password can be obtained by listening in on the memory. Same goes for entering passwords onto forms. It doesn’t make a huge difference.

There are talks about using hardware password manager (i.e. Mooltipass or some other hardware that allows external input and all that) but it makes no difference since the website’s password would have to be decrypted from the hardware password manager and transferred to the PC’s web or GUI form eventually which can be exflitrated.

The better way is some form of public key login with the private key stored in an external hardware (HSM) and the input PIN to authorize the keypair authentication usage should be best implemented as a secure input on the HSM to avoid the HSM PIN from touching the possibly backdoored PC.

@Newman

re: Backdoored Intel and other CPUs
You should look for Intel chips with vPro / AMT technology. Once you spot chips with this feature, avoid them. This is the same tactic Purism uses to create their Librem laptops by avoiding Intel chips with vPro / AMT backdoors. The Intel IPT technology comes as part of package because it leverages vPro / AMT using the memory space in the vPro / AMT partition to store “secure credentials”. Pur simply, once you have vPro / AMT on board, it has storage capability on chip and who knows what they are doing.

AMD’s PSP is similar to Intel vPro and a competing version. In essence, vPro, PSP …etc … all comes from referencing ARM TrustZone design making TrustZone the granddaddy of them all and thus also indicating that TrustZone from ARM is equally capabkle of backdooring you seamlessly. Good luck to all those ARM A series chips (all smart phones uses an A series chip) that has TrustZone whether you like it or not.

ab praeceptis November 26, 2016 6:30 PM

Newman

Pardon me, but I’m afraid that’s (what’s a nice term for “wet dream bla bla”?).

Don’t you people get it?

“up to people to decide if they accept tyranny or no” – The usual outcome is dead people, not a dead tyranny. Keeping on blabbering the “democracy credo” is roughly equivalent to writing “Victim. Do it again!” on ones forehead. The played with election many times, politicians lied so many times … and very fcking time the sheeple play the same role as if they were programmed. Did any major politician ever care? Did you ever hear a major politician say (credibly and act on it) “OK, I see the light. We will stop fcking you”? I don’ think so.

“we can raise public awareness” – Has happened. -> Snowden, Assange, and more. Result? Not much. Let me tell you something: If apple tomorrow offers a cool new gadget and makes enough marketing noise the vast majority will switch from “Trump|clinton is evil!” to “where can I buy that cool new gadget? Wanna have, wanna have!”

“and hope people listen” – Why? a) we are not political missionaries or are we? b) what makes you believe that more missioning and – possibly – more people listening would change much? c) Don’t you see that in your very statement you basically, if indirectly, say “too bad I’m living in a society full of ignorant, market driven, TV and media remote controlled morons”? Because otherwise you hope wasn’t needed.

Please, I say that sincerely, do not take that as against you personally. It is certainly not. You just happened to be the one to get me triggered …

There are laws and constitutions. And the governments shit on it and eavesdrop, start wars, have citizens killed, and so on and so on. Don’t get me wrong. I do understand that people have a need to whine, to bitch, to hope, to demand, to believe in law and democracy, to dream.
But even if we assumed that that could change anything to any not insignificant degree, shouldn’t those discussion happen elsewhere? Somewhere where politics professionals or legal experts or even revolution experts are.

Here is a place about ITsec; here are people knowledgable or at least interested in ITsec. Maybe ITsec can’t help much with those problems; maybe ITsec can offer only very limited help, but damnit, ITsec is what we’re here for and ITsec is what we know well. ITsec is the segment of reality we can change. Which is quite good because IT also happens to be one of the major segments the politicians turn against us.

So again: How about keeping all that political stuff out or limited to what is relevant in terms of ITsec.

“Trump is a racist!” or “clinton is a serial liar!” is not relevant or actionable here. “We have tangible indications that they bent the elections with digital election machines” is. That’s something where we can contribute something.

Ergo Sum November 26, 2016 7:42 PM

@ab praeceptis

“There *are* laws and constitutions.”

Oh yes, there are. Most, if not all constitution guarantees freedom of speech. That’s the good news. The bad news is the none of the constitution guarantees freedom after the speech….

Ergo Sum November 26, 2016 8:17 PM

@all…

About the Intel ME…

Most of the links I’ve red remind me of the IBM mainframe OS/390 and z/OS LPARs, where the initial LPAR has unfettered access to the subsequent LPARs and no reverse access. On the Intel side, the ME is pre-created without end user access to the ME and pretty much the same unfettered access to whatever OS the end user installs.

Since the ME “calls home”, presumably an IP connection, was there anyone who captured the “home” IPs? If there’s a list of “home” IPs, can they be blocked by a hardware firewall without disabling the motherboard?

The Intel ME exists on all PC and server platforms, including Macs, correct?

Eliza November 26, 2016 9:51 PM

@ab praeceptis

Which is quite good because IT also happens to be one of the major segments the politicians turn against us. So again: How about keeping all that political stuff out or limited to what is relevant in terms of ITsec.

How does this make you feel? Please, tell me more about keeping all that political stuff out of the limited terms of relevant ITsec discourse.

Uncle Joe Stalin November 26, 2016 10:22 PM

PropOrNot covered by Washington Post proves its the Ruskies hacked the election fer sure.

https://www.washingtonpost.com/business/economy/russian-propaganda-effort-helped-spread-fake-news-during-election-experts-say/2016/11/24/793903b6-8a40-4ca9-b712-716af66098fe_story.html

Ace reporter Craig Timberg sez “experts say” RuskiEs HAckeD the ELectioN, they have a list at PropOrNot. Proof by anonymous website cuz the WashPost tells us, just like Bruce said! I am so sorry that I doubted Bruce cuz David Stockman, Black Agenda Report, Ron Paul and Drudge are all Russian agents according to the WAsHPoST. Some were even against the Vietnam war and stuff, traitors to the USA. The security of our election is sacrosanct. And this isn’t even Facebook/Google/Twitter fake news but the Washington Post who only prints truth.

Unless maybe it is the Chinese cuz they are darned inscrutable, ya know.

tyr November 27, 2016 2:31 AM

OT political

@ Clive

The rods bundled with the axe in a fasces were
used to punish offenders by beating them the
axe was there to execute offenders for some
offenses. The symbol was for the state use of
force to administer the laws. there’s a lot of
mealy mouthing around the governments use of
force against its citizens but there aren’t too
many governments that don’t do it.

The definitive work on facism is Wilhelm Reich,
he explained it well enough that the US government
tried to burn all of his books. You can probably
find a pdf online. As a random perjorative it is
used far too often by people who are more fascist
than those they use the label on.

I also saw that Khodorofsky thinks that Putin is
now in control of the Irish State Police. You’d
think that a guy who runs a country 11 time zones
wide wouldn’t have enough time to run the FBI, the
Irish Police, Wikileaks, and his own country while
invading the Ukraine and Syria for no reason. The
gullible nature of humans for alloting superhuman
powers to supposed villains boggles every mind
except PTerry fans.

Here on the other side of the pond we are still being
deluged by snivelling over the election of a wild
card. The crap you hear about him with very little
factual basis is music to the ears of us who have
disliked the insular stupidity of the so-called
elites who know whats best for years. I hear he has
tossed a few lobbyists and turned K streets bandits
of the beltway into a frenzy of wondering if their
scam has finally overeached itself. It isn’t over
but you should keep the popcorn handy for the show.

An observer had to have a sense of humour for the
US election, the media made fools of themselves
with fake predictions and falsehoods, the Republicans
turned against their own candidate, the Democrats
cheated and swindled their only viable candidate
by illegal scams. Out of this trainwreck comes a
loudmouthed real estate type who bragged about his
paid for relations with crooked politicians on
broadcast TV. The best thing about reality is you
couldn’t write a book about it and get anyone to
but it, unless it was peddled as satirical comedy.
The capper is that Farage wants a job in his new
cabinet.

65535 November 27, 2016 3:07 AM

Q and A of Snoopers’ Charter cont. 2.0

[As Nick P would say, I am keeping a log of the final version of the Snoopers’ Charter on a “sacrificial” machine. It is an important issue that affects both UK citizens and world wide citizens. Thus, the 11th hour amendments to the Snoopers’ Charter may make a huge difference in the out come.]

@ Ted, and Tõnis

‘I looked up the IP address and it comes back to the “UK Ministry of Defence.”‘

[Interesting]

https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739153

https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739256

“Petition: Repeal the new Surveillance laws (Investigatory Powers Act)”
https://petition.parliament.uk/petitions/173199

Dose this petition all non UK citizens to vote?

[Thanks, noted and bookmarked]

@ Beest Fuude

“Seems MS may have been routing outlook emails through UK government addresses for some time.”

https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739211

[Thanks, noted]

@ AlanS

More on the Investigatory Powers Act. As with Brexit, the Labour Party }facilitating the Tory right-wing rather than opposing: The UK’s Investigatory Powers Bill is about to become law}

[Thanks, noted]

@ ab praeceptis

“a) maybe we should examine the question whether what the uk really did was to merely do officially what many other do secretly. b) I’d like to suggest that we look at that matter mainly from a technical perspective as there is our forté and our defense options. One path of thought that might be promising is to not only focus on the “encrypt everything and transmit everything encrypted” but also on the path of staging.”

https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739263

[Thanks, noted]

@ Anon

“Note that “considered for debate” does not mean it will be discussed at all. The Government could just decide it doesn’t want to debate it, and that’s that.”

https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739265

[Thanks, Noted]

@ Newman

“If the governments wage war against their citizens, then it’s up to people to decide if they accept tyranny or no. Of course, if most people don’t bother with their government snooping around their emails and personal searches and web browsing and chats and sextings, then we are doomed beforehand.”

[Good point]

https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739268

ab praeceptis November 27, 2016 5:18 AM

Eliza

How does this make you feel? Please, tell me more about keeping all that political stuff out of the limited terms of relevant ITsec discourse.

It makes me feel more focussed and more confident that we here might actually be able to change something.

I remember, for instance, lots of (well justified) noise against “election computers” pretty much since they were first used. I remember lots of – very much justified – noise against diebold and some others. I remember witnesses from the companies themselves and professors and experts demonstrating again and again how unreliable and insecure those machines were/are.

And I remember how those machines spread like a disease anyway. I also remember strange outcomes, strange cases, and bewildered voters pretty each and every elections.

Obviously all the democracy noise, popular demands, etc have failed.

I’m not too confident that we will be able to come up with something better or with an antidote. I’m afraid, professors and highly involved experts and makers will be bought or, if necessary, suicided. Plus I expect plain nothing whatsoever, not even a million for development, from the democracy sect believers and noise makers.

But there is a chance, probably not a big one, but a chance anyway that we ITsec people can create a or contribute to reliable and fair elections.
That, however, will not be done through democracy sect prayers and credo chanting or by attacking each other. It would need us to focus on our field and to cooperate.

Disclaimer: I’m not at all against democracy. But I know that democracy has (at least) two important factors in common with ITsec: a) it’s an endless process that needs proper reasoning and working on it. It is not something to be demanded and consumed, nor does religious chanting help much. And b) there are agile, determined, and well equipped adversaries.

Newman November 27, 2016 7:41 AM

Intel says that ME and SBA are there to help big and small business manage their equipment, so I wonder if there is some IT admin in such a company who has used the full potential (as offered to the average small or larger company, because surely NSA has more options available).

I have been told that admins who tried to use those options were frustrated, so I tend to believe that the whole structure of ME with its java modules is similar to the PRISM structure, where end user functionality appears to come as an aftermath after the exploit has been planted.

Clive Robinson November 27, 2016 8:53 AM

@ ab praeceptis, 65535, others,

a) maybe we should examine the question whether what the uk really did was to merely do *officially* what many other do secretly.

I can’t speak for other countries, but I can make informed guesses, and we know that many claim that it’s a tie between spying and prostitution as to which is the oldest proffession (with the clear advantage to prostitution on the honesty front).

However a little more recent history in the UK might be relevant. Less than a quater of a century ago espionage on the citizans was as less regulated than prostitution. That is there were relatively few “shall nots” but no guidence on what was permissible.

Thus some idiot advised Home Office Minister David Blunket that regulation of espionage on the citizens by other citizens or those employed from the public purse was needed due to the rising efficacy of technology in this area.

So the Regulation of Investigatory Powers Bill (later act hence RIPA 2000) was drafted first as a white paper then draft legislation. It caused one almight shit storm and there was a lot of back peddling.

However it became law in parts and that is where the real trouble started. Prior to RIPA most people paid from the public purse did not in any way indulge in espuonage, due to the risks involved. Therefor surveillance was actually quite minimal due to fear of court action via civil proceadings etc. RIPA kicked that all away, and compared to previous behaviour a veritable orgy of surveillance started. Some use was absolutly ludicrous such as trying to catch who was putting a tea bag in the wrong bin, so they could be hit with an £80 fine, and others where parents were spied upon for considerable periods due to “school catchment area” issues.

The point is by providing the regulation the uncertainty was removed and thus the flood gates on stupidity, waste and veinal political behaviour were unleashed, by those of petty mind and position.

Sometimes it’s best to not regulate that which is better restrained by uncertainty due to fear of civil suite, as it only encorages the idiots to be stupid beyond reason.

Perviam November 27, 2016 11:13 AM

Opus Dei fanatic Cardinal Comey wants to be everybody’s father confessor so he’s gutting judicial checks with a change to the red tape called Rule 41. Wyden is trying to kick the can to keep FBI from regressing to the Spanish inquisition.

https://www.techdirt.com/articles/20161122/10381536112/bill-introduced-to-push-back-approval-dojs-proposed-rule-41-changes.shtml

Comey’s new red tape would make technical privacy countermeasures like Tor grounds for suspicion of wrongdoing. Why, if Tor’s so useless?

Clive Robinson November 27, 2016 11:55 AM

@ Perviam,

would make technical privacy countermeasures like Tor grounds for suspicion of wrongdoing. Why, if Tor’s so useless?

The quick simple answer is “technology gets better with time” unless legislated otherwise. To legislate effectively you have to “nip the bud before it blooms”. That is whilst the technology is emerging rather than developed and main stream in use. That way you only upset those geeks with little or no power, not main stream business with political power.

But in the case of Comey and Co nothing is ever simple. From the FBI point of view there is no money for them in common crime, no reason to demand increased slices of the tax take, more manpower, more offices etc to grow the mountain that is the visable side of his rather unpleasant nature and ego. Which if people go back far enough they will find he blackmailed Obama and roughed up his Obama’s Silicon valley friends at what was supposed to be a cordial get together.

If Comey gets the “right of privacy” in your communications etc turned into the “right of suspicion” think how much leverage it will provide. Overnight there are hundreds of thousands of new suspects to be processed. Worse it’s upto him and his cronies who to investigate and how. Just send in a SWAT team or two to rough up a few people in their homes infront of their partners and children, kill a few family pets on the way just to show who is serious, this is the MO of the FBI and likewise the NYC DA. Kill peoples businesses by taking away all their computers, paperwork, equipment etc, calling it “evidence” then just sit on it and fight all attempts at recovery, stripping the oeners of their rights and any monies they might have. If the owners have been sensible and off shored finance etc use the Racketeering legislation against them… Remember there is suspicion of a crime with any and every action you take in business, and any manner of laws with wide scope to snare you and bring you down…

It’s the way of bullies and others seeking to harm others for vicarious pleasure that goes all the way back to the likes of J Edgar and has never ever gone away. Those who mistakenly think that the FBI is a law enforcment organisation find out the hard way they are anything but, they are in fact just as political as any hard lobbying organisation that also has paramilitary capabilities that despoiled foreign lands on US Government business…

Ted November 27, 2016 1:25 PM

@65535

Dose this petition all non UK citizens to vote?

I believe the petition</a href> is volitional and available only to British citizens and UK residents; however it currently has over 115,043 signatures and counting. Not bad for opening just four days ago. It includes a map that shows how many signatures have been recorded in each consistency and what percentage this is of the area’s total constituency.

From the article “Parliament Must Debate The Investigatory Powers Bill Again”
http://www.huffingtonpost.co.uk/jim-killock/parliament-must-debate-th_b_13256510.html

“Of course it is unlikely that the whole bill will be undone, as the petition demands. Not all of the bill is completely bad, either; oversight arrangements are generally improved.”

Here’s a good article that describes the UK’s Investigatory Powers Bill and the US’s proposed amendment to Rule 41 scheduled for December 1st. Author and legal officer Scarlet Kim reviews the nature and scope of general warrants authorized for electronic devices, anonymization and encryption technologies, telco and tech company involvement, and the purview of judicial oversight.

“Just Security” article
https://www.justsecurity.org/31876/world-this-uk-government-hacking/

Markus Ottela November 27, 2016 3:30 PM

@ Nick P

Your feedback over TFC has been extremely valuable over the years, thank you for that. I hope you can find the time to take a look at the latest version and share your thoughts.

Clive Robinsob November 27, 2016 3:53 PM

@ tyr,

It was @Curious not myself going on about the fascist emblem of bound axe and rods (with which to beat backs).

It was often incorrectly described as a “bundle sticks” to students in the UK, which ment many confused it with a “faggot” which was used for fires to burn witches, martyrs, traitors and others found to be unpopular at the time.

I don’t know if you’ve read Terry’s book with Neil Gaiman, where Newton Pulsifer as a “witchfinder” has to show his ID to a guard on a US Airforce base, who gets upset when he reads the ID and finds that he is to supply Newton “With all the faggots he doth require”. Untill Newt explains he needs them to burn, where the US Airman made some comment about Limes being tougher than he thought.

As was once observed the UK&US are but one nation seperated by a common language… And a supposed hatred of the continentals, where the only redeming features were the great capitals of Germany and France with their bohemian life styles (and yet another word that means different things to different people).

Curious November 27, 2016 4:28 PM

Nick Weaver has decided to go on a Twitter destruction spree and delete all his tweets. Anyone know why? Was his account hacked?

Clive Robinson November 27, 2016 4:35 PM

@ Newman, and the usual suspects,

One piece of advise is to use older Intel and AMD CPUs that you can still buy in old business desktops etc.

There is however a problem in recent times,

A secondary piece of advice was to disconnect the hard drive from such second hand machines and run a “live CD” in RAM. With a secondary note to get the Live CD from the front of a PC Magazine to avoid download implants (the idea being the likes of the NSA would not implant such CD/DVDs with ET type malware that phones home, as it would have a high probability of being spotted).

Well the problem is those second hand machines tend to be “32bit” not “64bit”, a glance around PC magazines recently shows that with a rare exception (Android for x86 which has it’s own problems) the live CD OS’s are all 64bit…

Thus the risk of an implant injected during a download is much more likely.

Which means a better option is to just use two PC’s one of which you never connect to a network that you use for “secure” activities, the other you use for “online” activities and you use some form of “energy gap” between the two and a strongly mandated, controlled and secure “gap crossing” technique, where data has to on the rare occasion cross.

The problem with this is of course “energy gapping” the secure PC. This is getting harder and harder day by day, just finding a system that does not have WiFi, Bluetooth or other potential RF comms is chalenging. Even “build your own PC” motherboards are becoming “all in one” with RF comms of one form or another being built in as standard.

Likwise using SoC based systems like the alternatives to the Beaglebone or Raspberry Pi are starting to have “on board RF” more and more.

It’s why, building with older MCU type chips for “secure” systems is becoming more relevant. Especially when you remember that for many years Unix ran quite happily with 4-16 users on Mini-Computers with lower specs than some $1 MCU chips. In fact you can find a BSD port to one or two of them.

The advantage of MCU systems if you can build them is that the resulting PCBs are usually small enough that “energy gapping” via the use of dicast aluminium boxes with the rubber gaskets replaced with RF gasket material is viable for a home maker/constructor. Which also means slinging them in a reasonable safe when not in use is not to much of an issue.

JG4 November 27, 2016 8:11 PM

I think that someone posted a version of this story last week. I doubt that anything new has been added in a week.

http://www.techrepublic.com/article/google-deepmind-ai-destroys-human-expert-in-lip-reading-competition/

This looks important, both from the usual daily compendium.

http://understandingsociety.blogspot.nl/2016/11/coarse-graining-of-complex-systems.html

http://arstechnica.com/science/2016/11/the-personal-bloodbath-behind-theranos-rise-and-fall/

http://www.zerohedge.com/news/2016-11-25/meet-real-fake-news

Curious November 28, 2016 2:11 AM

@Curious

Nick Weaver has decided to (…)

Why would you want to ask anyone other than the twitter account holder re. this? You could just try ask him you know.

Mike S November 28, 2016 3:22 AM

If the UK government is is going to force ISP to log all the sites people visit, everyone should run a small program in the background that makes random google requests. Hopefully it will fill up their databases and make it prohibitively expensive 😛

65535 November 28, 2016 4:09 AM

@Ted and Clive

“I believe the petition is volitional and available only to British citizens and UK residents; however it currently has over 115,043 signatures and counting.” –Ted

You are saying the UK petition is only available to UK residents. That is logical because it is a UK law [although the other IC agencies tend to rout US packets around the world to side step privacy laws]. That question is now answered.

I see an important link in the Huffington Post leads to a removed page:

http://www.huffingtonpost.co.uk/jim-killock/parliament-must-debate-th_b_13256510.html

“…restricting what data can be kept, how it can be used, and most importantly, how access is authorised afterwards. That is how the Advocate General’s opinion suggested the court rules.” –Huffpo => link

“This document cannot be found.”

See:

http://curia.europa.eu/juris/document/document.jsf?text%3D%26docid%3D181841%26pageIndex%3D0%26doclang%3DEN&sa=D&ust=1480209140859000

Could the above be one of those 11th hour changes?

@ Clive

“…the Regulation of Investigatory Powers Bill (later act hence RIPA 2000) was drafted first as a white paper then draft legislation. It caused one almight shit storm and there was a lot of back peddling. However it became law in parts and that is where the real trouble started…” –Clive

I can see your point. I do think that the Snoopers’ Charter will greatly increase the UK’s ability to spy on it’s citizen and outsource this spy technology to the USA and other countries. This is bad.

Ratio November 28, 2016 5:14 AM

@Ted, @65535,

I don’t know how much or if the bill will be modified before Royal Assent, however there is an active e-petition requesting the repeal of the IP Bill.

All that’s missing is the (royal) rubber stamp. It’s done.

And that petition is going nowhere. This Bill passed because both the Tories and Labour wanted it to pass. Does anyone really think they’ll suddenly go “oops, this is terrible, let’s cancel the whole thing”? Seriously?

@Eliza,

How does this make you feel? Please, tell me more about keeping all that political stuff out of the limited terms of relevant ITsec discourse.

What makes you say that?

@Clive Robinson,

It was often incorrectly described as a “bundle sticks” to students in the UK, which ment many confused it with a “faggot” which was used for fires to burn witches, martyrs, traitors and others found to be unpopular at the time.

The word faggot comes from the Latin fascis which means precisely that.

65535 November 28, 2016 5:41 AM

@ Ratio

“All that’s missing is the (royal) rubber stamp. It’s done.”

Well that is a blunt no nonsense assessment.

Does this mean the UK Intelligence Agencies is engaging the spying apparatus at this point in time?

See: Tõnis
https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739153

I am not familiar with the UK law making system. In the USA there can be considerable hanky-panky during the making of a bill into a law. There tends to be 11 th hour amendments or changes which have a very significant outcome on the bill. Both the Affordable Care Act and the USA Freedom Act had sudden changes/or shove-down passage during odd times such as a weekends and other odd times. I don’t know if the UK employs such sneaky tactics.

Your input is noted.

Ted November 28, 2016 11:43 AM

@65535

I see an important link in the Huffington Post leads to a removed page:
https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739327

Thanks for the heads up. The reference to the Advocate General’s opinion sends me to the same broken Curia link too. In the paragraph above the one you highlighted in the Huff Post article</a href> the author mentions Tom Watson and David Davis, both MPs who previously challenged the emergency surveillance legislation in the European Court of Justice.

According to Wikipedia, Curia is a database of the European Court, that you can search with multiple parameters including case number, text, and subject matter.

http://curia.europa.eu/

For example: InfoCuria > Case-law > Search form > Text: “C‑698/15” > List of documents: 3

The third document is this one: Case: C-2013/15, Document: Opinion ECLI:EU:C:2016:572</a href>

OPINION OF ADVOCATE GENERAL SAUGMANDSGAARD ØE delivered on 19 July 2016 (1) Joined Cases C‑203/15 and C‑698/15

Tele2 Sverige AB v Post- och telestyrelsen (C‑203/15) and Secretary of State for the Home Department v Tom Watson, Peter Brice, Geoffrey Lewis (C‑698/15), Interveners: Open Rights Group, Privacy International, The Law Society of England and Wales

[…] 7. For the reasons which I shall set out below, I have the feeling that a general data retention obligation imposed by a Member State may be compatible with the fundamental rights enshrined in EU law, provided that it is strictly circumscribed by a series of safeguards, and I shall identify these in the course of my analysis. […]

Here are a couple more articles about David Davis, Tom Watson, and their concerns for “fundamental rights, respect for private and family life and protection of personal data.”

“MPs David Davis and Tom Watson in court challenge over surveillance act”
https://www.theguardian.com/world/2015/jun/04/mps-david-davis-and-tom-watson-in-court-challenge-over-surveillance-act

“Bulk data collection only lawful in serious crime cases, ECJ indicates”
https://www.theguardian.com/world/2016/jul/19/bulk-data-collection-can-only-be-used-to-fight-serious

ab praeceptis November 28, 2016 5:24 PM

Sancho_P

Frankly, they deserved it. If after all the problems they already had they still run publicly accessible systems on windows – and obviously lousily set up at that – then they deserve to get bitch-slapped.

Btw, I’m astonished that them evil Russkies haven’t been accused yet. Because “hacker” == “russkies”; we know that thanks to the experts of the dnc. But maybe the russkies had no time to hack muni; after all they had lots of work to do hacking the election scanners …

Ted November 28, 2016 6:07 PM

@Ratio

And that petition is going nowhere. This Bill passed because both the Tories and Labour wanted it to pass. Does anyone really think they’ll suddenly go “oops, this is terrible, let’s cancel the whole thing”? Seriously?

http://www.pbs.org/wgbh/frontline/film/terror-in-europe/

The British Director or Europol Rob Wainwright calls attention to the privacy-security tradeoff that is understood as acceptable to people of different national backgrounds, specifically the mindset of German and Austrian citizens who experienced the expansive state-sponsored data collection practices of the second world war and think “never again.”

Minute 14:20 to 15:30.

Horace Horsehead November 28, 2016 8:58 PM

Quantum physics offers new way to factor numbers

Now in a new study published in Physical Review Letters, researchers Jose Luis Rosales and Vicente Martin at the Technical University of Madrid have taken a different approach to the problem.

The researchers have shown that the arithmetic used in factoring numbers into their prime factors can be translated into the physics of a device—a “quantum simulator”—that physically mimics the arithmetic rather than trying to directly calculate a solution like a computer does.

Although the researchers have not yet built a quantum simulator, they show that the prime factors of large numbers would correspond to the energy values of the simulator. Measuring the energy values would then give the solutions to a given factoring problem, suggesting that factoring large numbers into primes may not be as difficult as currently thought.

“The work opens a new avenue to factor numbers, but we do not yet know about its power,” Rosales told Phys.org.
[…]
“We have shown that a quantum simulator able to factor numbers exists and, in principle, it could be built,” Martin said. “Whether the simulator is feasible with current technology in a way that it can factor numbers of the same size as the ones used in cryptography remains to be seen, but the avenue is now open. The prospect of building such a device before a quantum computer is built is something to be pondered seriously.”

Article URL:
http://phys.org/news/2016-11-quantum-physics-factor.html

Curious November 29, 2016 12:23 AM

@Horace Horsehead re. “Quantum physics offers new way to factor numbers”

I am not surprised in the least, that something like that would show up (not that I would claim to really understand that stuff), but I am glad reading about it. 😐 Some kind of pattern machine I imagine.

Spooky November 29, 2016 12:58 AM

A few quick comments on this lengthy thread…

  • I believe Intel ME started to show up on top-tier Intel processors during the 1st or 2nd quarter of 2007. Budget class processors did not receive ME until quite a bit later. So, if your CPU was manufactured well before that date range, you should be fine. On the other hand, that does limit you to older, mostly 32-bit processors or budget CPUs (as mentioned by Clive and others) so these systems will not be capable of running Qubes, although OpenBSD, FreeBSD, NetBSD or Linux should be fine (with as much hardening as you see fit to add). Or, perhaps DOS or FreeDOS. You laugh–and rightly so–but a real mode, single-user, single-process system that runs from a ramdisk (and happily ignores most built-in hardware) has many legitimate uses.
  • If you had a nicely spec’d laptop afflicted with the ME disease, you could still use that machine as your standalone (non-networked) system with Qubes. I’d deliberately neuter it and remove the mini-PCI/PCIe wifi card, camera, mic, speakers, etc. I might partially desolder the wired network port (to prevent accidental connections that could potentially allow ME to leak captured data). Until the firmware that enables ME functionality has been nuked or monkey-wrenched with a custom update, the machine should only be considered “safe” when it cannot communicate with the outside world at all.
  • It should be noted that the U.S. does not require an explicit snooper’s charter because it already has an implicit one that’s been functioning since 1981. With a sheaf of executive orders (esp. order no. 12333), incompetant or complicit congressional oversight and a FISA kangaroo court ready to rubber stamp every request, NSA can legally do a full take on anyone (or everyone) without consent. Today. Plus, it’s no trouble at all to bounce traffic through the UK, and have it “handed” back by their pals in the GCHQ. Instant regulatory bypass, if needed. Works the other way around as well.
  • The UK charter certainly underscores the grim, meathook future that is soon to arrive on our doorstep. Your ISP will surveil and record everything of data-mining value (probably feeling entitled to MITM your https sessions at will, while injecting ads) and will turn over every scrap of that data to the government without a single subpoena changing hands. You can forget due process. Ditto for your cell phone records and provider (AT&T, O2, etc). Ditto for your operating system provider (Microsoft, Apple). Ditto for your application providers (Adobe, Google, Microsoft, Facebook, etc). All of them will either roll over, or can be compelled (by various means) to roll over. Folks, you are about to be screwed from so many different directions that you’ll need to start using aleph notation to enumerate all of your newly acquired orifices… It’s gag and gauge time down at the corporate kleptocracy booth, now being hosted on the floor of this year’s International Congress of Excruciatingly Narcissistic Nationalists (ICENN). Better acronyms, anyone?

Cheers,
Spooky

Clive Robinson November 29, 2016 3:35 AM

MS Win10 upgrade PrivEsc built in

In news that will be unsuprising to those who have been around a while[1], Microsoft have blown a huge hole in Win10 security including bitlocker.

http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html

It would appear that MS Win10 “in-place” upgrade not only alows a user to easily Privilege Escalate up to System, but it also usefully from an attackers point of view turns off bitlocker…

Just what all the kiddies will want to know for Xmass…

[1] This is almost as good as the time Microsoft had a quick and easy local Privilege Escalation attack to god using it’s version of the *nix cron utility, years after cron had fallen foul of the same issue. For some reason Microsoft have a habit of “copying others but not learning from their mistakes”. Or as was once put “Those who fail to learn histories lessons, are usually cursed to relive them”.

Clive Robinson November 29, 2016 3:59 AM

Those watchibg the UK snoopers charter progress may be interested in this,

http://www.independent.co.uk/news/investigatory-powers-bill-snoopers-charter-2-petition-stop-protest-theresa-may-a7443491.html

However I don’t think it will have much effect on the United Kingdom’s PM (or “Psycho May” as some wag has joked).

I suspect it will have two effects, the first May will avoid/fight it, the second that those who signed it will now be “Persons of Interest” to those who will profit from the snoopers charter… As by signing the petition they have provided “Credible Suspicion of serious possibly terrorist intent” or some such…

I’ll let you know if I’m “Disappeared” or some such, just listen for Dawn’s Canary Song to be silenced 😉

Clive Robinson November 29, 2016 4:29 AM

The joys of unpublihing eMedia

Once upon a time, publishing involved paper ink and a degree of permanence that thousands of paper copies brought, thus such sage words as “The thought once writ large can not be unsaid” were considered by editors seriously.

Well technology changes all that, and it would appear encorages a little “free enterprise” largesse for editors.

It has been reported that a senior Chinese representative of a well known Chinese “communications” company –the US has accused of being a security risk– got himself “fueled up” and went for a spin in his BMW and took out a number of other vehicles on the road… Big news you would think? It was untill mysteriously the story started to disappear,

https://www.cambodiadaily.com/news/huawei-boss-crashes-news-stories-disappear-121165/

Thus it would appear that if you “splash the cash” you can make the written words of others about your actions as ephemeral as the sound of that tree falling in a distant forest.

I wonder if such largesse is covered by US anti-coruption / bribary legislation…

removed comment? November 29, 2016 4:37 AM

@Moderator, all

am I the only one who is missing some post, most probably at the time between Clive’s https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739384

and Curious’s
https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739392

(or next one by Spooky)

I’ sure I saw it, contained I don’t what 😉 but 4 links to some webpages/forums(?) – was it some phishing/badpage which was removed by Moderator?
After refresh it just disappeared…

just curious (without capital C), if its so thanks for keeping the blog clean, otherwise ??

ab praeceptis November 29, 2016 8:05 AM

Spooky (12:58 AM)

Thanks. Yes, DOS is still good enough for quite many jobs incl. things like encrypting and/or storing sensitive stuff.

I’d like to add a small hint re. “ME” and consorts: Never use the network ports builtin on the mainboard. Not having a network cable plugged in there actually is a quite sensible defense measure. Rather use an add-on network card.

That said, do not use anything with an x86/amd64 cpu on it for sensitive jobs. Mayn would be astonished how amazingly fast many, many things can run on e.g. an old sparc. Granted, I wouldn’t want to kde on it but then, would I want kde or gnome on anything? Don’t think so.

I’m just playing with an old fire 240. Not a speed demon, certainly, but damn good enough to compile and run quite much stuff.

65535 November 29, 2016 8:50 AM

Q and A of Snoopers’ Charter cont. 2.1.0

[Link list is long but not inclusive]

https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739195

[and]

https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739282

[and]

https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739327

[and]

https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739331

@ Ted

‘The reference to the Advocate General’s opinion sends me to the same broken Curia link too. In the paragraph above the one you highlighted in the Huff Post article the author mentions Tom Watson and David Davis, both MPs who previously challenged the emergency surveillance legislation in the European Court of Justice.’

‘For the reasons which I shall set out below, I have the feeling that a general data retention obligation imposed by a Member State may be compatible with the fundamental rights enshrined in EU law, provided that it is strictly circumscribed by a series of safeguards, and I shall identify these in the course of my analysis. […]

‘Here are a couple more articles about David Davis, Tom Watson, and their concerns for “fundamental rights, respect for private and family life and protection of personal data.”

“MPs David Davis and Tom Watson in court challenge over surveillance act”

https://www.theguardian.com/world/2015/jun/04/mps-david-davis-and-tom-watson-in-court-challenge-over-surveillance-act
See

https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739354

@ Ted

http://www.pbs.org/wgbh/frontline/film/terror-in-europe/

‘The British Director or Europol Rob Wainwright calls attention to the privacy-security tradeoff that is understood as acceptable to people of different national backgrounds, specifically the mindset of German and Austrian citizens who experienced the expansive state-sponsored data collection practices of the second world war and think “never again.” ‘

Minute 14:20 to 15:30.

http://www.pbs.org/wgbh/frontline/film/terror-in-europe/

See:
https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739370

@ Spooky

“It should be noted that the U.S. does not require an explicit snooper’s charter because it already has an implicit one that’s been functioning since 1981. With a sheaf of executive orders (esp. order no. 12333), incompetant or complicit congressional oversight and a FISA kangaroo court ready to rubber stamp every request, NSA can legally do a full take on anyone (or everyone) without consent. Today. Plus, it’s no trouble at all to bounce traffic through the UK, and have it “handed” back by their pals in the GCHQ. Instant regulatory bypass, if needed. Works the other way around as well.
• The UK charter certainly underscores the grim, meathook future that is soon to arrive on our doorstep. Your ISP will surveil and record everything of data-mining value (probably feeling entitled to MITM your https sessions at will, while injecting ads) and will turn over every scrap of that data to the government without a single subpoena changing hands. You can forget due process. Ditto for your cell phone records and provider (AT&T, O2, etc). Ditto for your operating system provider (Microsoft, Apple). Ditto for your application providers (Adobe, Google, Microsoft, Facebook, etc). All of them will either roll over, or can be compelled (by various means) to roll over. Folks, you are about to be screwed from so many different directions…’ -Spooky

[Noted]

https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739393

@ Clive Robinson

“Those watchibg the UK snoopers charter progress may be interested in this,
http://www.independent.co.uk/news/investigatory-powers-bill-snoopers-charter-2-petition-stop-protest-theresa-may-a7443491.html

“However I don’t think it will have much effect on the United Kingdom’s PM (or “Psycho May” as some wag has joked).”

[Noted]

https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739400

Freezing November 29, 2016 1:26 PM

There are still some nice 32-bit OS`s that can be run from a live CD. I would recommend Puppy Linux.

Curious November 29, 2016 3:16 PM

@Curious

Re: Nick Weaver

Don’t use Signal.
Don’t Use Tor
and I most certainly do not tweet.

He posts here sometimes, though.

Nick P November 29, 2016 6:04 PM

Anyone got a link to my Insecurity of OpenBSD draft I posted here? I can’t find it in Squids or Google. Should’ve been in a recent one. Weird. I bumped a similar article to top of Hacker News. It’s at 60+ comments. I’m going to drop a revised version of my essay on them to see what happens. Now it’s… gone.

@ Bruce

Did you restore the site from backup or something recently? Or run one of those apps that promised to speed up your computer by deleting “junk?” 😉

Clive Robinson November 29, 2016 6:24 PM

@ Freezing,

There are still some nice 32-bit OS`s that can be run from a live CD. I would recommend Puppy Linux.

Agreed, but the problem is that they rarely make it onto the front of computer magazines where as these days 64bit Live CD ISO’s do.

Thus you have the problem of your download being intercepted by the likes of the NSA / GCHQ et al, if they consider you “a person of interest”. Like all MITM attacks the problem arises because you do not have a sufficiently reliable side channel to be able to verify what you are receiving from your Internet gateway is tamper free.

Magazine front cover disks gave you a degree of asurance, because you could go to any number of newsagents or shops thus if you went at random all the IC entities could do was either intercept the disk after you had purchased it, or backdoor every cover disk. The former would on the face of it be difficult, the latter at high risk of discovery. Thus there is a reasonable probability the contents of the magazine cover disk are as the distribution authors issued it, unlike a “home download” by a person of interest.

Bong-Smoking Primitive Monkey-Brained Spook November 29, 2016 7:29 PM

@Ratio, @Clive Robinson,

Yes, fabulously gay. (See what I did there?)

Come on, guys! You’re treading on thin ice with these jokes, butt f**k it, it’s your asses on the line 🙂

Nick P November 29, 2016 7:37 PM

@ ab praeceptis

Damn. I caught that too late. Went ahead and clean slated it. Thanks anyway, though, as I still need it for revision in case recent one missed anything.

New version is here. Had to put it in Pastebin as it was too big. Apparently, I forgot some nice details and remembered some more. Next version will merge them.

Clipper November 29, 2016 8:53 PM

@Clive Robinson

Many distributions these days offer PGP verification of their ISOs. At least the more security conscious ones.

Ted November 29, 2016 9:47 PM

@Ratio

Am I to take your comment to mean that you think the Investigatory Powers Act will be repealed? If so, why?

To tell you the truth, I am still trying to understand the substantive details of the legislation and its historical, political, and social underpinnings. Thanks to you, @65535, @Clive, and all the bright lights here, I’m less in the dark than before. So as much as I can gather, here’s at least a few more details.

The government has issued a response</a href> to the petition, though consideration for a debate is still pending.

The response suggests the act is necessary to keep people safe and that it does these three things 1) consolidates the powers available to key agencies to obtain data and communications, and makes these powers and their safeguards clear 2) overhauls the way these powers are authorized and overseen 3) ensures the powers are fit for the digital age. The response also gives a high-level summary of the public scrutiny it has received, and offers its baseline assurances on the matter of privacy and oversight.

Do I think there is a reason people aren’t yet comfortable with the legislation? Yes, in at least as much as they don’t understand it. Do I think it will be repealed? No, I think it pushes a very powerful solution on several existing and anticipated problems. Do I think it will be debated? I’m not sure. I have read several opinions that say additional oversight and data protections will be incorporated, however the initial government response feels comfortably resolute. Do I think it will be “safety-proofed” in the coming months and years in a court of law? If necessary, I hope so. And I hope it is done in the anticipation of avoiding harm, and not long thereafter. What do you think? Do you believe any revisions would make it more compatible with its citizens or more well-received?

JG4 November 30, 2016 7:27 AM

can someone remind me how to post a link to a book without using Amazon?

this is an excellent companion to the article I linked last night

Pre-Suasion: A Revolutionary Way to Influence and Persuade
Hardcover – September 6, 2016
by Robert Cialdini Ph.D. (Author)

back in the day, I used to used bestbookdeal.com, but it hasn’t worked for close to 10 years

the problem of agencies running code on your coputer hardware, using backdoors that subvert the processes, is analogous to the cognitive limitations that enable the persuaders referenced in my post last night to subvert our thinking individually and collectively.

I have been aware for some time that various industries have done an excellent job of brainwashing the public. I am cautiously optimistic about Trump, not that I soiled my mind by voting, so I don’t want this link to be interpreted as anti-Trump, not that I am pro-Trump either. the takeaway is that cognitive limitations provide numerous backdoors to subvert and that special interests have been hard at work to exploit them at least since Bernays.

Frightened by Donald Trump? You don’t know the half of it
https://www.theguardian.com/commentisfree/2016/nov/30/donald-trump-george-monbiot-misinformation
George Monbiot Wednesday 30 November 2016 06.00 GMT
Many of his staffers are from an opaque corporate misinformation network. We must understand this if we are to have any hope of fighting back against them
Yes, Donald Trump’s politics are incoherent. But those who surround him know just what they want, and his lack of clarity enhances their power. To understand what is coming, we need to understand who they are. I know all too well, because I have spent the past 15 years fighting them.
Over this time, I have watched as tobacco, coal, oil, chemicals and biotech companies have poured billions of dollars into an international misinformation machine composed of thinktanks, bloggers and fake citizens’ groups. Its purpose is to portray the interests of billionaires as the interests of the common people, to wage war against trade unions and beat down attempts to regulate business and tax the very rich. Now the people who helped run this machine are shaping the government.
I first encountered the machine when writing about climate change. The fury and loathing directed at climate scientists and campaigners seemed incomprehensible until I realised they were fake: the hatred had been paid for. The bloggers and institutes whipping up this anger were funded by oil and coal companies…

Clive Robinson November 30, 2016 8:16 AM

@ Clippet,

Many distributions these days offer PGP verification of their ISOs. At least the more security conscious ones.

Yes they do, but without a secure authenticated side channel, how do you know what you are seeing is what they are telling you, or what somebody else has injrcted into your viewing/download stream?

By the way this is not a new issue, philosopers have endlessly, and still do debate a more fundemental version of the problem. Back in the 1800’s and earlier it was to most just an excercise in reasoning between philosophers, much like a chess game between two grand masters. However things changed in the 1900’s with medicine and more recently with real engineering problems that are at the root of much of the way a modern society works…

That is,

Our brains build up a world view based on the perceptions they receive from our bodies sensing organs. So how does our brain verify it’s world view is actuall, self delusional or staged by others? That is if the sensing organs are not working the way we think they do, or worse part of our brains are malfunctioning, or worse still we are in some kind of state where external entities we have no knowledge of are controlling the inputs to our sensing organs?

One example from medicine is when people have strokes, a part of the brain that deals with the ouput from the sense organs is impared. Thus if you ask the to draw a clockface they will leave parts of it out, because their brain due to the imparement effectively fills it in for the person, even though their hand has not drawn it. Another example from medicine is called “Phantom limb syndrome” where a person loses say a foot in an accident, the brain losses the sensory input and can effectivly “fill it in” thus the person may suffer a very anoying itch they have no way to scratch or in other physical ways elevate. Then there is the apparently harmless “seeing things in clouds” you might think you see a face, others might see kittens playing. Most of us do not think any further on this, but some have and we end up with “optical illusions” that by manipulating the sensory input makes our brains see something that is not actually there or see it inacurately.

We think of such art as fun tricks, but what about camouflage used in warfare, it uses a similar principle. But how about those advertising illusions, where the advert is painted on the pitch in such a way that when seen from the fixed position of a television camera it looks like it is standing up in the pitch? Have you ever thought what might happen if somebody painted something similar onto a large canvas or tarpaulin and put it on a road in the dark, such that someone coming around a corner gets tricked into thinking there is a large animal or maybe a child standing in the road? Would their brain say “illusion drive on” or cause them to swerve and come of the road and maybe crash?

This latter problem is one that is causing issues with A.I. Systems for driverless cars etc. But prior to this driverless trains and aircraft auto pilots. Aircraft have crashed because incorrect information arives at the computer input of the auto pilot, it treats it as real and responds and the aircraft goes outside it’s flight parameters… The same has happened with real pilots flying on instruments, somehow “pilot error” sounds more comforting and more like an “accident” than “computer error”.

In computer security we have the same problem, if I can control your computers view of the world then like the cockpit instruments it will change your view of the world and I can get you to do something you would not otherwise do, and your computer security crashes and burns.

To reduce or eliminate this you need other viewpoints I don’t or can not control. The problem is that often we invest certain security measures with incorrect meaning. One such is “code signing” I have pointed out the various flaws in it for years, and it was only sometime later with Stuxnet some people came to realise what I had been saying was unfortunately true.

I can sign my code, but what does it realy mean? Overly simply it means someone applied a large integer via modular arithmetic etc to a file or files and published the result and another couple of integers at some point in time.

That’s all nothing more… It says nothing about who used the integer, the quality of the code or actually the point in time… In effect it’s an illusion in which you are investing not just your trust but your safety as well by your assumptions, without being able to verify any of the assumptions…

Does that sound wise?

Possibly not, but with a side channel I can not control you have the potential to get a second viewpoint I can not effect. Thus you may be able to verify or refute those assumptions and discover that your computers viewpoint is incorrect and has somehow been manipulated.

What Stuxnet should have taught people is that integers are niether unique or uncopyable, thus others can use them to sign code. It should also have told people that code signing says nothing about the code that has been signed, or the security of the entire process. Further it should have rung loud alarm bells about the dangers of the assumptions surounding a single virwpoint or channel to signed code at the resulting integer.

Unfortunately the attitude was “Well it’s the only option we’ve got”, rather than “How do we improve what we have?”. One way would be honest with people and say “Go get other points of view from uncorrelated places and systems, and try to verify not blindly trust”… But for most it’s not a message they want to hear.

JG4 November 30, 2016 8:35 AM

@Clive

I read a long time ago that phantom limb itch can be addressed by having the patient look in a mirror at the reflection of their other limb, whilst scratching it. the brain believes that the itch is scratched and the problem often goes away, never to return.

can’t recall if I posted this before, but it is a companion to your thoughts on subversion. cognitive dissonance is a key part of some TV commercials

http://www.zerohedge.com/news/2016-10-31/dilbert-creator-explains-how-do-i-know-emails-are-bad
…[he provides keen insight into the human condition]
First some background from Adams on ‘The Persuasion Filter’:
As my regular readers know, the Persuasion Filter is related to the idea that the human brain never evolved to accurately comprehend reality. In order for us to be here today, our predecessors only needed to survive and procreate. They had no need to understand reality at any basic level. And we have no such need either. That’s why you might believe you are reincarnated from a monk and I might believe my prophet flew to heaven on a winged horse but we can both get through the day just fine. Many different interpretations of reality are good enough for survival. I like to describe reality as each person living their own movie, which works well unless our scripts conflict. When that happens, one of us goes into cognitive dissonance and rewrites our past to make the movies consistent.
That’s how I see the world.

Just for the record, I would have been more likely to vote with my feet sooner if Hillary were taking the controls. A guy could come up with worse ideas, especially if there were some well-run countries that were affordable.

http://blogs.sciencemag.org/pipeline/archives/2016/11/15/if-design-govern-in-a-thing-so-small

The real estate background goes a long way towards explaining what seem to be two key parts of Trump’s worldview: everything is transactional, and everything is zero-sum. The world, in this picture, is made of deals, nothing but deals, and in these deals someone has to win and someone has to lose. There’s no other way. Trump’s statements on trade and the economy, as far as I can tell, all spring from these ideas. This all makes some sense for a real estate developer, but doesn’t necessarily apply as well to other fields of human action.

Marvin November 30, 2016 10:36 AM

@ JG4, “The world, in this picture, is made of deals, nothing but deals, and in these deals someone has to win and someone has to lose. ”

Not a big fan of Quantum, are we?

Perhaps Cold Fusion is a better analogy. In order to gain something, we must lose something in return. That’s alway been the way.

In order to trade, we must give and take. There is no true charity in the world.

Marvin November 30, 2016 10:49 AM

@ JG4, “the most profound thing that you’re going to read this decade

https://medium.com/deepconnections/media-as-a-shaping-agent-of-society-wherefore-art-thou-treacherous-62b4c3f843d6#

Not sure what ya mean profound. It’s common knowledge. People have become quite good at reading their intents.

The new social internet media is another story. There are many hints and traces of what’s being done, mostly left in plain sight, but the truth is out there if you know where to look.

ab praeceptis November 30, 2016 12:20 PM

Nick P

I’d like to introduce another, probably more constructive, perspective.

While I agree that the OpenBSD crowd is somewhat bigmouthed I also see a high level of professionalism and expertise and not just good intentions but also lots of work to make those intentions real.

Most importantly, though, I’m driven by the question “can Unix be made secure?”.

I think that I’m not far off when I say that in the professional field (networks, infrastructure, …) Unix is pretty much the wide spread incumbent. And for a reason. It’s a very mature system and it’s well understood, well known, and well established. The reasons are probably to do a lot with history but also with certain qualities like the “everything is a file”, high flexibility and others.

Let us assume, just for a though experiment, that some fairy provided us with a far more secure but still flexible and widely usable OS. Click, here it is. Would that change a lot? No, at least not today. Millions and millions of admins, developers, and others would need to learn using that system and building on, for, and with it. Thousands of academice projects would need to study it, and so on.

Another important (albeit maybe unpleasant) angle is human inertia. We do have quite some results of a lot of work toward security. Hell, we even had complete systems in production that were way more secure than what we usually use today.

Yet, for whatever reason, we arrived were we are today.

All in all I think that, although we certainly must work hard on, almost certainly new, secure systems we must also at the same time achieve way better security with what we have, with systems that more or less feel unixy.

Is that interesting, cool, and fun? Probably not; probably it’s painful and not too exciting. The OpenBSD guys walk that way; they work on that.
Looking at the not insignificant Unices, the OpenBSD guys are indeed “the security obsessed”.

I think it will be way more promising the help them taking some steps towards better security rather than scolding them and telling them how lousy their work is (which is btw not true looking from a real word perspective. It’s only true looking from regrettably are but niches).

Clive Robinson November 30, 2016 1:53 PM

@ ab praeceptis, Nick P,

Most importantly, though, I’m driven by the question “*can* Unix be made secure?”

Simple answer short, Yes and No.

Unix in it’s various flavours has continued to evolve, and security has received a lot of attention, more so than MS and Apple products.

The problem is that good old Achilles heal that has blighted Microsoft and it’s called “backwards compatability”. In Unix’s case it’s more a human than technological “hold back”. All those admins you mention.have a notion of “the one true unix” which boils down to the lowest common denominator of the available security features set. The three biggies being the superuser, file permissions and file tree assumptions.

All three can be changed or augmented but there is the “something will break” argument pops up every time you suggest making things more secure.

One “joke on everyone” is that because many *nix’s like FreeBSD are Open Source without any real licence preconditions. Thus, academics and others are free to make changes or augment them and they do frequently when prototyping security systems. Including advanced Capability hardware security features (Cheri on top anyone?).

So, “Yes” you can make a *nix as secure as you want including real serious hardware security support, but then, to most it would not be Unix –as they understand it– anymore, so “No”.

r November 30, 2016 4:49 PM

@Clive,

There’s another way to go about what you’re saying,

and that is that pretty much everything that *nix enumerates is technically not unix – linux is not unix, *bsd is not unix technically speaking even though they are derivs they are not THE unix which had a controlling license and was (not(?) open source.

Nick P November 30, 2016 7:18 PM

@ Clive

It’s true on the social factors. There is a huge technological component, though. It’s basically the COBOL effect for FOSS. All that code they put in for poorly-designed apps and OS interfaces must be maintained or those might break. As they put in more, the cost of rewriting it all or even making a single, major change goes up. They kept putting that stuff off bandaiding around it for years. Eventually, it’s just too big to fix without forking from the ecosystem.

Which is what OpenBSD did from NetBSD to implement their vision. They mostly kept UNIX with compatibility with apps. It’s not hard to get things working on OpenBSD. A fundamental, substantial change would’ve caused them even more problems. We saw this with things like Helio and Mach hybrids. The whole ecosystem goes away with a small group left toiling away at their little project with basically no contributions. Fixing the UNIX’s root problems would require doing that. The few that did, like Trusted Xenix, were ultimately abandoned due to effect of ecosystem loss on sales or usage.

Thoth November 30, 2016 7:59 PM

@Clive Robinson, ab praeceptis, Nick P

Whenever I think of security systems, I always think of half-baked systems with band aids. SELinux and such are a good example of band aids and Capsicum for FreeBSD, BSD Jails and what have you with all kinds of band aids in the market.

Do we have better options like security focused microkernels, somewhat more easily verifiable prcoesses, security enhanced processors and co-processors … we have a ton of them in paper (theory) and on implementation (practical).

Most devs and people are going for the half-baked and insecure stuff leaving those who implement good security systems to mostly starve on their own with the exception of a few high profile security projects (i.e. Signal) and not to mention other high profile security projects are cash starved most of the time as well (i.e. GnuPG).

The crap security gets the benefits (i.e. OpenSSL) when they are undeserving and more attention should be going to the cash starved alternative that are more secure (i.e. LibreSSL) with less crap on the codes and design but the World as it is, twisted it has always been where the underdogs are always better designed while the leaders are pretty badly design in most cases.

What has become of the World ? When given better security, people simply just walk off and pick the worst of the two. Sometimes, I really wonder if it is worth pushing on for higher security or simply just give what the people expects.

Need some evidence of the crapped up state of security ? Good example is that Android phone you are using. They had options to be more secure but they simply binned it. Matthew Green attacked them for making such bad choices where Apple had succeeded 6 years ago (Android phone encryption vs. Apple phone encryption) in his latest post linked below.

The main thing is not about Android or Apple’s data encryption is better but how given the choices to choose between higher security and one with more relaxed security, people tend to shoot themselves in the foot and mostly pick the easier way out.

Is it the GUI that’s a problem ? Is it the user workflow process that’s a problem ? Or is it the devs picking the bad designs, algorithms and protocols that’s the problem ?

Let’s take Android phone encryption for an example, I have my phone enabled with the DM-CRYPT FDE for Android and the GUI is very friendly and intuitive. Now it’s not the GUI’s problem (i.e. Why Johnny Can’t Encrypt problem) since it’s just typing a password and pressing at most 1 or 2 buttons.

Since I mentioned that the button presses only requires at most a couple of button presses, the workflow is very nice and smooth for most part.

Have the “Why Johnny Can’t Encrypt” problem been fixed with all the GUI advances in encryption apps ? From the perspective of Android FDE, Johnny doesn’t even need to think of encryption because it’s FDE or at most a file-based encryption only needs a password right ? How hard can that be ?

Now what’s left is the devs and human element that’s the problem. We are still stuck at lazy devs, ignornant devs and problematic decisions being made by devs.

Who else are we going to blame next in this security blame game ?

Link: https://blog.cryptographyengineering.com/2016/11/24/android-n-encryption/

Anura November 30, 2016 8:34 PM

https://www.wyden.senate.gov/news/press-releases/wyden-leads-7-senate-intelligence-committee-members-calling-on-the-president-to-declassify-information-re-russia-and-the-us-election

Intelligence committee members calling on Obama to declassify information regarding Russia and the DNC hacking. It really should be done – it’s in the public interest, and as long as sources are properly protected there is no real reason not to. Then the public can see whether or not anything is actually there.

ab praeceptis November 30, 2016 8:35 PM

Thoth

Big, fat complex one could write a book about. One major factor, I think, is the wide gap in terms of immediate usability.

A kernel, no matter how great, doesn’t help you a lot. You need some system programs, some at least reasonably base editing, compilers, etc, etc. Most of those have their own needs such as libraries.

I’m convinced that, for instance, Minix 3’s take up is not due to its considerably enhanced kernel and functionality or safety – but that you can have lots of packages for it.

This leads many to think along a line line “If I bring in gazillions of loc with all that package crap, I might as well stay with, say, linux as well”. Add aslr or whatever security-feel-good du jour, et voilà there you have the next firewall or whatever built on linux or the like.

As far as companies are concerned, (reminds me of my question to Ratio “what is reality?”) they want to sell. To sell you need customers to think (or feel) they’re buying a secure whatever (box, software, …). It sounds brutal and it is brutal and ugly but often it turns out that spending 50.000 on a good designer is fully sufficient and so much faster and cheaper than spending 500.000 or 5 Mio. on really creating secure stuff.
And it’s working better (in terms of sales)! “we made lots of serious efforts to properly specify our algorithms and to then implement them properly in a way that allowed us to formally verify our work” simply won’t be understood by 99+% of customers. Putting crap into a nice box, though, maybe with a yellow-black vault symbol will be understood and will convince many.

Regulation? Don’t hold your breath. Most politicians won’t even think about disturbing a running business world. Moreover, sorry if that’s ugly, do regulators, i.e. governments really want citizens to have secure systems and phones? Don’t think so.

All in all there is way too little motivation and way too many hurdles for people to properly fill the gap between secure kernels from academia and crap 2000 in the sales shelfs.

Talking about that, excuse me, I have to hurry and buy something. The new crap v 5.7 has the “activate defense” button now with 3-D effect! I just have to have that. Security, you know …

Spooky November 30, 2016 9:31 PM

@ Nick P,

I enjoyed your write-up on OpenBSD, it’s nice to see so much early history in review. I’ve been an OpenBSD user since about 2002 and while I have always applauded their singular focus on security (over nearly every other consideration, even performance) the main reason I keep coming back to it on all of my older systems is that I feel a great affection for the default, post-installation environment. From a useability standpoint, everything one needs is already there. It is refreshingly plain and unadorned. It is text- and script-based, easy to administer and largely avoids the passing fads that plague other Unix-like systems. Each release is nearly identical to the one before it, plus patches and updated driver support. No surprises. The default i386 installation media is still just north of 200 MB (including X) in an age where nearly every other distro requires you to download a 4 GB DVD iso. For 90s era computers, 32 MB of RAM is sufficient with swap for OpenBSD although 64 MB is the practical desktop minimum (older NetBSD kernels could run with 8-16 MB; I think Basic Linux with its 2.x kernel can raise a shell on 4-16 MB; for comparison, DOS gets the job done with 128k to 1 MB; CP/M does it all in 64K, long live WordStar; the 1960s PDP-8 had 4k of 12-bit words).

From a security angle, I think your criticisms were quite fair and measured. The inflated claims often made for OpenBSD make me cringe and really do not help their cause or bring about the kind of development assistance that would (eventually) lead to changes in some aspects of their approach to security. If they’re confident about the purpose and continued relevance of the project, then there’s no need for boasting or academic peak-bagging. I suspect a certain defensiveness or (false) competitiveness occasionally bleeds through in some of Theo’s monologues. Keep in mind that their developer base is very small, leading to a fairly unforgiving approach in evaluating and setting priorities; when proposals are made that offer potential benefits but also require a bottomless well of man-hours (such as rewriting substantial portions of the kernel or base in a safer language) well, you can understand why that would be a problem. On the other hand, nothing ventured nothing gained. Based on some of your earlier posts here, perhaps one of their long-term goals could eventually be ticking off most of the check-boxes for a medium-assurance approach? I’m not sure whether they are to the point of actually worrying about deterministic builds, etc. I do hope some of their developers are also exploring the isolation mechanisms currently used by Qubes (and Subgraph); there’s no shame in stealing really good ideas… 🙂

Cheers,
Spooky

Methods November 30, 2016 9:37 PM

@Anura

Then the public can see whether or not anything is actually there.

And how could that possibly work without revealing methods or sources? I can’t think any method of digital attribution which would both all but eliminate reasonable doubt and not reveal sources. Love to be wrong though!

Spooky November 30, 2016 11:37 PM

@ ab praeceptis,

I’m curious about your earlier comment above; were you recommending non-Intel architectures based on the idea that the smaller market for those chips would be a disincentive for bothering to include backdoors? Or just that by virtue of being a non-Intel processor, there would (presumably) be no risk of having something like ME included on-die? Sorry, just trying to understand.

Re: Sparcs, as I recall there were plenty of those boxy multi-CPU sparcstations still being used in the late 90s and early 2000s as capable web and mail hosts. Very fast, nimble machines. Are you running Solaris on your Sun Fire 240, or Linux/BSD? Although it is very rough around the edges, you can actually compile CDE (the Common Desktop Environment) for Linux and the various BSDs. More of a curiosity at this point but if you really enjoyed that environment, you can probably hack around the broken bits well enough to make it useable. I always liked the mwm-style frames and coordinated color schemes; at least, I never thought they were ugly!

Cheers,
Spooky

tyr December 1, 2016 3:20 AM

@ Clive + usual suspects

I think you might have identified a real problem
source. Until humans have an actual working model
of what humans are instead of a nebulous load of
crap inherited from thr bronze age and passed off
as ‘real human nature’, we are going to capable of
huge amounts of gullibility through inputs to the
mechanisms of the mind.

The illusory nature of ‘reality’ makes most people
extremely uncomfortable even though it is easily
verified by a little rudimentary psychochemistry.

All I do is hang around with and read what smart
people have to say. By using those extra side
channel inputs to test my own weirdnesses against
I have a chance of some small t truths that might
be useful.

I’vee seen too many dreadful kludges cobbled into
existence and perpetuated on the gullible as the
way to do ‘real’ computing to believe that the
marketplace is the ideal mechanism to develope any
security for the field.

If I was the main stream media I’d back off on the
talk about ‘fake news’ since their own lovely
output might get scrutinized with results they do
not expect. There are fairly big government agencies
that have been nudging and editing news stories for
years. They aren’t going to go away and wishful thinking
won’t make them try to be more truthful about what
you see and hear. If you see something ask yourself
who benefits from having you believe whatever BS is
being peddled.

Clive Robinson December 1, 2016 5:48 AM

@ Anura, Methods,

Then the public can see whether or not anything is actually there.

The real problem is not actually “methods and sources” but “false flag operations and attribution”.

Traditional forensics generaly are not about discovery of an “unknown individual”, but linking a “suspected individual” to the event under investigation.

That is the investigating authorities frequently use non scientific methods –hunches, gut feelings, “the buttler did it”, etc– to produce a limited and flawed list of potential suspects. They then use “The old fashioned beat methods” to whittle down the list. Only then, if deemed financialy justifiable, taking the “evidence” for forensic tests, to try to link one –or more– of the suspects to the event.

This dire process often works out only because humans are creatures of habit, alibies imperfect, and –so called– physical trace or contact evidence difficult to prevent.

False flag operations are about “painting a picture” and as they say in the UK “putting somebody in the frame”. That is the objective of the attacker is not the “event” as it would be with more traditional criminals, but putting somebody else “in the frame” for the spotlight to fall on. This means that to the actual attacker the event is in effect irrelevant, any of hundreds of events will do, because the real objective of the false flag operation is to ensure the spotlight falls on the chosen “fall guy” entity, so even a “deaf dumb and blind investigator will be unable to miss them. So the attacker is free to pick and chose events that best suit their purpose. Thus for the attacker any convenient event, or events will do, which is where “circumstantial evidence” becomes very dangerous.

Part of the process of eliminating suspects off of a list where there are multiple events is to see who has contact no matter how tenuous with all the events, the first person to be shown to do so usually goes to “suspect #1 spot” and usually stays there unless the suspect can produce stronger contrary evidence. Which often is not possible because details of the case are kept away from the suspect untill it’s the shortest period possible before trial, which thus causes other issues for an entity defending themselves.

Thus you can see a trail of investagatory failure right from the start of the investigation. Not only are the investigators using non scientific methods, they’ve fallen into the trap of making assumptions based on the event(s). In miscarriage of just post mortem enquires –where innocent people have been punnished but subsequently found innocent– the common finding is that it all starts off with these assumption based mistakes and goes down hill from there. This is due to the inherent confirmation bias in “making the case”. That is the investigators concentrate on the wrong individual from the get go and spend their time trying to link the suspect rather than eliminate them, the longer the investigation takes the worse the bias becomes (the old “He has to be guilty I just have to prove it” grove).

But that is not the worst of it, because evidence suffers from entropy, corruption and polution, the longer it is between an event and the actuall evedentury examination the worse these problems. Thus the faint contrary indicator evidence starts to hit the noise floor quickly.

Further the attacker can now have hindsight work for them, if they can see or predict how the entity being framed trys to defend themselves, the attacker can then target such contrary evidence for destruction, further painting the suspect into the frame.

Now as a thought process ask yourself what happens when the false flag attacker and the investigator team are on the same side, but with the attacker effectively in a senior or overview position? They get to see much more than the the entity they are putting in the frame. Further they can selectively “report up the command chain”, thus the head of the chain gets partial misleading information, and any further downward enquires the attacker makes will cause the investigators to move all be it subconsciously in the attackers chosen direction…

In the past I’ve mentioned on this blog that “methods and sources” are neither omnipotent nor omnipresent. They are usually either a “key hole view” or a “high altitude view” by the very nature of the covertness of either the technical method or individual human source. Because of this and the fact you do not know if a false flag attacker knows about your methods and sources you make assumptions to paper over the gaps you can not see into. As I pointed out with some technical detail it’s possible for the attacker to use or create gaps to their advantage.

A simple example is, as an investigator I can see data enter a network node on one port and leave the data on a different port. Do I assume it’s just a routing node or do I try to see if it is more than that? If I don’t go with the easy assumption, how do I determin if the data is not being either stored at the node or copied out of another port I am unaware of?

The simple answer is I can not unless I effectively own the node and can see all it’s activities. But the answer is actually way more complicated than that assumption. I further have to consider the use of “Vampire Taps” and “data diodes” which conceal “instrumentation” from my view.

That is as a false flag attacker you know what physical port the data goes into the node and which physical port it goes out of the node. You can Vampire Tap and instrument either physical port and invisably to me “tee out” the data… My ability to detect your Vampire taps or data diodes that conceal your instrumentation is based on my ability to physically instrument the network ports for very subtle “tells”, that arise from the likes of cable impedence changes. To see what is involved in finding vampire taps and data diodes, look up “return loss bridges” and “Time Domain Reflectometry (TDR)… As you will find it’s both dificult to do, uses expensive equipment, and is very far from covert. TDR especially as it works on the same principle as a RADAR, and thus suffers the same failings of covertness that RADAR does.

I could go on but you should by now realise that as an attacker running a false flag attack you have most if not all the advantaged when faced with my normal flawed and limited investigatory procedures.

Thus atribution on a network system is not just difficult it’s inherently unreliable to the point of impossibility (ie proving a negative).

Anon December 1, 2016 5:58 AM

@JG4: I don’t think MMGW is real, or that climate change is happening because of CO2, and I do think the pro-MMGW climate scientists are corrupt, along with the IPCC and various Governments, and I’m not a paid shill of the oil/coal industries.

Follow the money! Look at all the environmental taxes being raked in under this scam!

Clive Robinson December 1, 2016 6:13 AM

@ Anon,

…or that climate change is happening because of CO2…

If not CO2 then what? “cattle farts/burps”?

Are you trying to suggest that some unspeccified group of people have raised a faux market to doubly profit out of the “Great American Steak Dinner”?

If you are going to say something anonymously, that conficts with what others have put their name to, then you have to prove your case, not wave vagueness in the air and expect it to be treated as credible, by others than those who are congenitaly gullible.

JG4 December 1, 2016 6:22 AM

@Clive

Nice summary of the investigative process, at least before collect it all and parallel construction. We might want to put the motives of the investigators into the puzzle and quickly realize that “the truth” is secondary to whatever glory they can bring to themselves, their superiors, the department and the government. Thus, the confessions by torture that were extracted in the Thailand murder case, where a couple of tourists were killed. The broad strokes are the same in Chicago, Philadelphia, LA and NY, to pick a few random examples. We are quickly arriving at the point where an individual could elect collect it all for themselves by recording audio, video and location data continuously. It would be difficult for the authorities to refute a complete dataset, although they would be only too happy to delete it if it doesn’t fit their narrative. I’ve only scratched the surface here, because in many cases, the authorities don’t know that their thinking is corrupt. I’m not sure, to pick a random example, that Hillary Clinton knows that she is completely corrupt. She thinks it’s OK to lie and calls it a public position. So it is with the police, particularly when they testify. They deal with so many people who are guilty of minor infractions that they assume everyone is dirty. And history has shown the most of the cops in any given big-city department are on the take.

Anura December 1, 2016 7:45 AM

@Clive Robinson

Your assumption is that all the intelligence comes from network/systems analysis. If that is the case, the intelligence tells you nothing, and you know that the claims are baseless. If they are getting their intelligence from other sources within the Russian government, then that is a lot more reliable.

ab praeceptis December 1, 2016 9:45 AM

Spooky

I’ll gladly answer your question if you help me to understand which of my processor related posts you are referring to.
Without knowing that I can tell you that I generally avoid x86/amd64, no matter intel or amd, because it’s rotten. Not because it’s cisc (although that almost certainly is a factor) but because it’s a hodgepodge zoo. There have been quite many cludges added for diverse purposes and remote management is just one of those, albeit a particularly nasty and fat one.

And I do not even see a practical problem in avoiding that architecture because one can still use it where it’s needed if one proceeds with an activated brain, applies some experience and know-how, and puts some walls around it using other architectures.

As for the fire box: Solaris 10, TUI only. No real work on it, just toying, remembering the good old times ™ and compiling some of my stuff (some might be surprised how important the sun universe still is at certain places).

ab praeceptis December 1, 2016 9:56 AM

Anura

“If they are getting their intelligence from other sources within the Russian government, then that is a lot more reliable.”

Is it really? I don’t think so. There would still be quite some traps and ugly corners. For one example, a Russian working for the arch enemy couldn’t be trusted as he obviously might have his own interests to paint his people as evil.

Moreover, if we assume that it was Russians, would they know with certainty whom they work for? If Putin wanted that done, would he send them a commanding note signed by himself?

That hole secret services world is a strange maze. Very, very little can really be considered reliable. It’s not too rare that a secret service is more occupied with playing games with others than with tangible intelligence gathering.

The attribution problem stays a very ugly and hard to solve one.

Anura December 1, 2016 10:13 AM

@ab praeceptis

Your point relies entirely on speculation on what the evidence might be. Without seeing the evidence, you can’t make that judgement. That’s the whole point of asking for the evidence. If the intelligence agencies are saying that they know it was Russia, then they better have solid evidence. If they do, then we will see that, if they don’t then you will see that as well. No transparency leaves you with nothing but speculation, which either side can exploit for their own purposes, which is the worst possible outcome as I see it (either side will just believe what they are told, just like Democrats believe it was the Russians and Republicans believe that it’s all a lie for political motivation, and in both cases either side has absolutely nothing to back it up).

The “Don’t show me the evidence, I prefer to make my judgement without it” mentality is something that I wouldn’t expect from someone unless they are worried about being proven wrong.

ab praeceptis December 1, 2016 10:22 AM

Anura

Nice try.

But neither did I say I don’t want evidence nor did I speculate what the evidence might be.

What I did was to critically look at your statement. As it turned out, your statement doesn’t hold too well.

Anura December 1, 2016 10:46 AM

@ab praeceptis

You were giving examples of specific situations in which evidence would not be trustworthy, while not considering the situations in which it would be trustworthy – that’s not a critical look, that’s straw grasping. You are looking to discredit evidence before you have even seen it.

Nick P December 1, 2016 10:57 AM

@ Spooky

Glad you enjoyed it. It does have its benefits. It’s also still the closest thing to an actual UNIX of the old days. Still kind of like a cathedral instead of a bazaar.

“The inflated claims often made for OpenBSD make me cringe and really do not help their cause or bring about the kind of development assistance that would (eventually) lead to changes in some aspects of their approach to security.”

Both that and their cultural approach to such contributions. 😉 Yeah, my counter is mainly about them overselling themselves on security provided. There were others in HN comments saying they mainly focus on correctness with security secondary. Even that would’ve been more honest if it’s what they marketed.

“Based on some of your earlier posts here, perhaps one of their long-term goals could eventually be ticking off most of the check-boxes for a medium-assurance approach?”

That’s the most a UNIX can achieve unfortunately. That should be their goal, though. There’s two routes they might go here for best bang for the buck. First is the proven one that predates Qubes & which I told Joanna to use (she didnt’). That’s Nizza architecture where you put critical components (esp crypto, filesystem, GUI) on a microkernel in isolated spaces with the rest (untrusted) in a VM. They could hoist OpenBSD into user-mode with critical stuff on microkernel. One person did build a prototype of that on L4 but it was abandoned. The closest thing in production to this is newcomer Genode with some of same components (eg Nitpicker GUI) as Nizza.

Note: Genode is already way ahead on at least the architectural and design side of security with just 2 or 3 main people working on it. MINIX 3 got ahead on reliability and self-healing in a few years with a few people. Certain properties are easy to achieve when using methods that make them easy to achieve. 😉 I wouldn’t vouche for the code of either against OpenBSD at all given they’re both pretty alpha + OpenBSD’s coders are better.

The second option is to make the language safer w/ compilers. The best example of this is probably SVA-OS with its SAFEcode compiler. The SAFEcode compiler combines automated checks for safety and static analysis to remove unnecessary checks to make a C program safe. Integrates with LLVM for its benefits & open-sourced on SVA Github. The SVA-OS sits between it and an OS (currently FreeBSD) to mediate access to certain critical things like MMU. Basically checks they’re used correctly. This combo automatically prevents entire classes of errors from happening with performance loss that’s significant but usable. When people gripe about latter, I tell them it’s cheaper to buy an extra server w/ SAFEcode or Softbound+CETS than license or build an ultra-secure OS w/ its supported hardware. 😉

Another thing they might do is selectively rewrite stuff in Frama-C, SPARK Ada and Rust to get their static analysis. They can prove absence of a ton of errors at compile time. SPARK sets the baseline, Rust adds safety of concurrency and against things like use-after-free, and Frama-C is there to ensure it maps to C. The tools would be applied to things like networking stack, OpenSSH and so on that reflect the most common use-cases. They incrementally prove absence of errors in all kinds of things over time. Adding design-by-contract to components to represent environmental assumptions would be a good idea, too.

So, there’s some options they could take. They’re against all of them currently. That means there’s an upper bounds to what reliability or security they can achieve. The many projects doing stuff along lines of Genode with inferior BSD or Linux distros will hit high-security faster just because they’ll only have to secure a few components & input validation.

ab praeceptis December 1, 2016 11:02 AM

Anura

OK, to cut it short: Can you give realistic examples where evidence gathered through intelligence operations in Russia were the evidence would be verifiably reliable?

Also note that there are not too shabby us-american sources saying that it was a us-american operation. I don’t see why anyone would still insist on following the russian path other than for biased political reasons.

Anura December 1, 2016 11:23 AM

OK, to cut it short: Can you give realistic examples where evidence gathered through intelligence operations in Russia were the evidence would be verifiably reliable?

Don’t treat me like an idiot, I’m not new to the internet.

I don’t see why anyone would still insist on following the russian path other than for biased political reasons.

“I don’t see why anyone would be so against seeing what the evidence is other than for biased political reasons.”

ab praeceptis December 1, 2016 12:02 PM

Nick P

Careful there. Your are looking from a papers tower again.

Nizza can’t even be found (at least not easily) at the Dresden L4 zoo website. There seems to be not much more than a paper (which you linked).

Genode is all but unusable for anyone but experts and people willing to dig in deeply. If what they get is worth the trouble is a question which isn’t easy to answer positively.

“Minix 3 … OpenBSD’s coders are better” – uhm, on what is that statement based?

“SVA-OS” … I won’t say much; it suffers from he usual maladies (I’m absolutely not happy to say that and to see our field in such a state, but, hell, that’s the reality).

I’ll rather look at SAFEcode. The last official Version is for LLVM 3.0 and from what I see the git version is for 3.2 – in other words: very yesteryear. Unfortunate but regrettably usual in that field.

Moreover SAFEcode seems to be closer to Deputy/Ivy than to Frama-C. Bounds checking and pointer zoo management mainly.

Next, you seem to have a rather, let’s say individual, view on the languages you mention. Spark isn’t “the baseline”. While Sparks looks more modest and seems to not have some pointer related features that is wrong. Spark which is based on Ada simply doesn’t need those loony bin wardens as access types are well behaved by design.
About the only criticism I see with Spark is that I personally prefer a more formal math-like notation (Maybe I’m spoiled by some tools I got used to).

Rust has a non-futile approach, too. I don’t like it because rather than nailing it down hard and tough Rust – in my personal view – choses to departmentalize the pointer loney bin with lots of wardening thrown in.
I often hear “but we need them pointers. One can’t to system programming without them”. After seeing my patience worn out my answer usually is something like “a) bullshit and b) have a look in Ada’s RM”. Ada does offer what’s needed and in a secure way, too. In fact, one can quite arbitrarily assign an adress like, say the video buffer (a common example).
Similarly with the implied Ada is weaker than e.g. Rust in concurrency. No it isn’t. Ada has very well done tasks since aeons and some other very well thought out and implemented extension that came with the years. The two weaknesses occasionally mentioned, greenlets and AIO can be and are done in libraries; that’s how they are implemented in C and others, too.

Frama-C is a great tool. I like it. But it’s a bitch. apt-get install frama-c only tell half the truth. It gets hairy quickly when you want (and need to) a reasonable set of SAT backends. You’ll find yourself soon walking in weird mazes like having ocaml install (the system way, say, apt-get) but to remove frama-c and to reinstall it through opam (a package manager in the OCaml world).

Next you’ll have some Janus kind situation. On the one hand it’s, of course, an advantage to annotate as that is the most practical way to go at an existing code base. On the other hand that doesn’t integrate with your code but inside Frama-C.

Again, all in all Frama-C is an excellent tool but it comes not easy and comfy in quite some regards, the most important of which is coding in C in the first place.

Or look at verifast. Excellent tool, love it. And the only real pointer related bug killer I know. But very, very few use it. It’s fearsomely complicated for most developers who already find Frama-C frightening. You didn’t even mention it.

C, although I myself sometimes can’t resist (some binary fiddling, for instance, is a PITA in most languages and very nice in C) is the single most evil culprit for virtually all OS and library related problems we experience. In all but very experienced and responsible hands (and a well trained bhind behind those hands) doing a project in C is akin to throwing a couple of cobras into the living room.

That’s also the reason why I don’t think very well of Rust, although it really has quite some nice features and some things done really well. But in the end it’s just yet another attempt at “Let’s create a sane C like language”.
(About the most positive thing I personally have to say about Rust is that it’s got quite some potential to be a D killer).

Looking at how much mio. $ and time and efforts we have wasted at creating better-behaved or at least warded Cs we should have thrown a tiny fraction of that at creating a modernized, possibly LLVM based, Modula-3b and an freed Oberon (“freed” as in the language Oberon out of the cage of the OS Oberon).

And no, them new – and very promising – kids on the block like Idris, Albatross, or F* won’t save our asses anytime soon. To do that there will be an ecosystem with IDEs, libraries and more around them.

Which kind of is my anti-position to the paper towers. We can’t build code with papers. Not even with some compiler. To build code we need much more and when looking at languages we must look at the complete picture with the question in mind whether we could really and tomorrow morning start to use them for major projects.

ab praeceptis December 1, 2016 12:08 PM

Anura

So, asking you to actually show us something re your position is “treating you like an idiot”? Uhum.

And, no matter how often you repeat that nonsense, I did not say we should ignore evidence.

Anura December 1, 2016 12:26 PM

@ab praeceptis

Asking me to do what I specifically said you shouldn’t do, when no matter what I say you will deny it is not a new, clever invention of yours; it’s a trolling tactic that has been on the internet since at least the usenet days (and has probably been around outside of the internet since the dawn of civilization).

ab praeceptis December 1, 2016 12:56 PM

Anura

Now we are at the point where you accuse me of trolling? Pardon me, but your attempts are getting ever poorer.

I’ll stop that non-discussion now. Have a nice day.

Ted December 1, 2016 1:24 PM

The Multi-State Information Sharing & Analysis Center (MS-ISAC) published a “End-of-Support Software Report List” on November 30.

The report provides a list of software products that will reach their End-of-Life (EOL) or End-of-Support (EOS) dates during the 9 month period of October 1, 2016 to June 30, 2017. Some of the vendors that MS-ISAC covers are Adobe, Apache, Apple QuickTime, Drupal, Google Chrome Flash, Google Android, Microsoft, Oracle Java, and WordPress, each providing the specifics for software products they built.

According to the article, software that reaches its EOL may still receive some vendor support, while software that passes its EOS date will no longer receive patches, updates, or any support. Without receiving patches, software can become significantly more susceptible to security vulnerabilities.

The article reviews the types of risks users may be exposed to as a consequence of less developed patch management programs, or because a particular piece of software is operating beyond its EOS date. The multi-state ISAC advises it has composed this list to help reduce the time someone might spend looking for the life cycle status of widely deployed software.

https://blog.cisecurity.org/end-of-support-software-report-list-1

Gerard van Vooren December 1, 2016 3:05 PM

@ Thoth,

What has become of the World ? (… about security in sw/hw/networking)

You can do the 5W1H all by yourself. It isn’t that hard because you and everybody else who cares already know. But it can be of help if you want to find the root cause.

What can be done about it? Pretty easy, again you also already know this. It’s roughly the opposite of the 5W1H answers and that is the reason nothing is gonna change.

I can go in general, in detail, in whatever direction but we all already know it. What you need to do is make a big mindmap (take your time for it), put everything you know on it (also with news articles and pictures if you like), start drawing lines and fill in the 5W1H questions.

In the end you are gonna realize that it’s because the capitalistic system has a bug, which is called competition. And that leads to a race to the bottom.

Okay, if you want to read a good article, read this. Nothing has changed in 30 years.

Ratio December 1, 2016 4:17 PM

@Gerard van Vooren,

It was all going great until…

In the end you are gonna realize that it’s because the capitalistic system has a bug, which is called competition.

Competition is a feature, not a bug.

And that leads to a race to the bottom.

And to the top. It simply leads to a race where “better” wins.

How do you think you’d get to where you’d like to go? It’ll be competition and optimization in your preferred dimension(s). That’s the only difference.

Anura December 1, 2016 4:30 PM

@Gerard van Vooren

In the end you are gonna realize that it’s because the capitalistic system has a bug, which is called competition. And that leads to a race to the bottom.

The disease of capitalism is much more fundamental: private ownership of capital. I recommend looking at the economy from the viewpoint of bargaining power, which is just the ability to get a favorable deal. Competition gives bargaining power to consumers over producers by giving them a way to walk away (in this case, an alternative product that they can buy instead).

The problem is that ownership of capital gives you bargaining power that grows with your wealth, and as you get wealthier you get more bargaining power. This means that over time, the tendency is for money to flow from the poor to the rich. This not only produces bad outcomes, but leads to high instability as the wealthy get the gains in good times, while the poor take the losses in bad times. It turns into a vicious cycle where wealth buys power and power buys wealth. This leads to instability, as aggregate demand becomes much more dependent on investors and consumers of luxury items, which are the first things to be cut when people are worried about their situation.

If all of your businesses were, for example, workers cooperatives, then the bargaining power of workers is dependent primarily on the market for an individual’s skills/education/experience, as well as the desirability of the job, while the bargaining power of consumers is dependent primarily on competition.

Now, there are a lot of other things wrong with capitalism, and neoliberal economics in general, but the main problem is that the mechanism of ownership of capital within capitalist systems leads to high inequality, which inevitably leads to poor outcomes, instability, poorly allocated resources (giving $1000 to a poor person and they will get a lot more out of it than if you gave it to a rich person), and when you have all that wealth and inequality you end up with corruption as the rich buy influence.

Anura December 1, 2016 4:32 PM

The second paragraph should have read: The problem is that ownership of capital gives you bargaining power that grows with your wealth, and as you get more bargaining power you get wealthier.

Nick P December 1, 2016 6:01 PM

@ ab praeceptis

“Careful there. Your are looking from a papers tower again.”

What I describe is sold as commercial products already from Green Hills, Lynx, Sirrix, Sentinel, Secure64, Microsemi, etc. There’s also FOSS projects in the list. Papers is your dismissal word rather than what’s going on.

“Nizza can’t even be found ”

It’s an architecture not a product. The paper I linked explains the concepts better than about any out there. Their demonstrator was called TUD:OS. It’s been superceded by Turaya used by Sirrix and GenodeOS in FOSS.

“Genode is all but unusable for anyone but experts and people willing to dig in deeply.”

So was everything we are using at early stages. Genode is alpha stage by my measure. FOSS people dig in deep all the time into alpha stuff. Just not to stuff like Genode. 😉

“SVAOS” I won’t say much; it suffers from he usual maladies (I’m absolutely not happy to say that and to see our field in such a state, but, hell, that’s the reality).”

Same reply as Genode. Much FOSS code does. Contributors can fix it. Although my statement was applying its techniques to OpenBSD. That would be trivial for them given the main techniques are small. They do harder stuff on regular basis.

“Minix 3 … OpenBSD’s coders are better” – uhm, on what is that statement based? ”

OpenBSD’s coders have a strong reputation on low defect, more-secure code. Academics going to Tannenbaum’s school don’t. Average FOSS contributor doesn’t. It’s a good assumption to go by that OpenBSD’s people will outdo them on secure coding part.

“I’ll rather look at SAFEcode. The last official Version is for LLVM 3.0 and from what I see the git version is for 3.2 – in other words: very yesteryear. Unfortunate but regrettably usual in that field.”

It’s true: in FOSS there’s rarely contributors in general vs users. If it’s a correctness enhancement, even more so. Advice still stands for anyone willing to get hands dirty. It is more like Deputy, though. I gave it as example because it’s low effort compared to Frama-C-ing whole kernel.

“Next, you seem to have a rather, let’s say individual, view on the languages you mention. Spark isn’t “the baseline”. ”

I have no idea what you’re talking about here. There’s a lot of languages that make things safer by design with tons of runtime checks and/or GC’s. Quite a few are popular. There’s very few that can do that without runtime checks or GC’s. Most are theorem provers with extraction facilities. SPARK is the only open-source, industrially-proven language that automatically proves absence of comon errors in code without developers learning much. Even the pre and post-conditions are regular Boolean on purpose to aid their learning curve. People can practically throw together verified code in it compared to others. That makes it the baseline for verified, low-level code without formal methods expertise.

“Similarly with the implied Ada is weaker than e.g. Rust in concurrency. No it isn’t. Ada has very well done tasks since aeons and some other very well thought out ”

I’m not an expert on either language’s concurrency. I do remember reading the Ravenscar document to find there was a huge pile of restrictions. Rust’s guidance was more straight-forward. Integrated with borrow-checker that gives no use-after-free errors as a result which Ada cannot do without reference counting or GC.

“apt-get install frama-c only tell half the truth.”

I could see all you said about it being true given where the components come from. Really heterogenous.

“Or look at verifast. You didn’t even mention it.”

Why would I? It uses separation logic. They’re not going to learn or understand that. All my mentions are relatively low effort with stuff close to what they’re doing. Coding an equivalent program in SPARK and Rust covers spatial + temporal + concurrency errors without knowing any logic. Done. Spooky already brought up priorities and time dictating things. I’m going for recoding in something easy to learn vs learning and applying separation logic.

“possibly LLVM based, Modula-3b and an freed Oberon (“freed” as in the language Oberon out of the cage of the OS Oberon).”

Try Component Pascal with Blackbox Builder. It got quite a bit of uptake with many code samples in its community. It’s an Oberon dialect with simple OOP.

“kids on the block like Idris, Albatross, or F* won’t save our asses anytime soon. To do that there will be an ecosystem with IDEs, libraries and more around them.”

This is true. It’s why I brought up safer C tools, SPARK, and Rust. They all have these or closer to having them. Also all been used in OS’s.

“We can’t build code with papers.”

Instances of the stuff in the papers already runs desktops and companies. You might as well drop that papers thing as it just makes you look foolish with red herrings. Unless you really think anything in existence is negated because it was described in a paper once. You must be using undocumented OS, language, and HTTP software to write your posts. Using undocumented features of an SOC from China nobody has described in writing. Just whispers in the slums inside Shenzen where they rigged it up. 😛

Gerard van Vooren December 1, 2016 9:14 PM

Ah of course Ratio has got to make his argument. I am gonna answer it this time because maybe I wasn’t clear but if you turn out to be a PITA again, screw you. I lack the patience of ab.

Competition is a feature, not a bug.

Look at the history of the car industry. Competition made the cars a lot of “-ers”, as in faster, shinier etc. It didn’t made them safer.

With a few exceptions competition did not made the car industry safer. Legislation did.

Now I am gonna replace car with sw/hw/networking.

With a few exceptions competition did not made the sw/hw/networking industry safer. Legislation did.

Except that there is no legislation.

And about the race to the bottom, again look at the car industry. Cars have become luxurious with hundreds of buttons inside that nobody cares about or even know without studying the 200 page manual which nobody does. But the profits in the car industry are slim. All it requires is one big smelly fart from China or India and, with some exceptions, the entire Western car industry is gone. Do the Chinese or Indians do it better? No, they are making the same crap we do.

In the near future this will count for sw/hw/networking as well.

And make no mistake, we are all in it, we all participate in this system, the Chinese and Indians as well.

I have been thinking about it for quite a long time but I don’t have an answer for this situation.

ab praeceptis December 1, 2016 9:21 PM

Nick P

“What I describe is sold as commercial products…” – No. What you described were academic, alpha or all but dead projects. One of those you yourself describe as “It’s an architecture not a product.” 😛

“Green Hills, Lynx, Sirrix…” – It makes little sense to compare OpenBSD against commercial products.

“(Me:)Genode is all but unusable for anyone but experts and people willing to dig in deeply. – (You:) So was everything we are using at early stages.”

You can’t compare “early stages” (or dead since years) projects against OpenBSD, which one can install quickly and without problems and with which one can work right away.

“Contributors can fix it” – Sure. But that happens rarely.

“applying its techniques to OpenBSD. That would be trivial” – Nope. That would be a major undertaking. FreeBSD, for instance, which has quite some people behind it, was chewing years on Capsicum.

“OpenBSD’s coders have a strong reputation on low defect, more-secure code. Academics going to Tannenbaum’s school don’t.” – Some of Tannenbaums school have created compilers, verifiers, etc.
If you belittle the Minix coders you should offer concrete examples.

“(Me:) SAFEcode. … very yesteryear. – (You:) Advice still stands for anyone willing to get hands dirty. It is more like Deputy, though. I gave it as example because it’s low effort compared to Frama-C-ing whole kernel.”

Grave mistake. Frama-C and Co. need annotations or macros or … The major roadblock is C not being unambiguous. SAFEcode was another – extremely laudable and interesting – approach towards the “golden grail”. And it was bound to fail. The reason is C not being unambiguous. No matter LLVM and how one massages and analyses the AST or the intermediate code, one will not arrive at having a reliable assessment of the codes quality and correctness.

That’s why we came up with annotations. Ugly, clumsy, cumbersome but the only way. Of course LLVM brought new attempts at the golden grail with it; it was just too seductive and looked so promising. One of the “static analyzers” even is (or has become) a part of the LLVM family.

To feed a SAT, however, we need much more, things C simply can’t express.

“SPARK” – A mistunderstanding it seems. probably due to my english. With a small but: properly understood and looked at Spark isn’t the base line. It’s about the best we can do today.

“I do remember reading the Ravenscar document to find there was a huge pile of restrictions.”

a) There are always restrictions. That’s in the nature of concurrency. One interesting approach btw., Pony, is basically bult on (hopefully smart) restrictions. Looks very promising, although much on the performance! side.
b) Ada evolved and evolves. I have not yet encountered a restriction that made my life hard. And it gets more confortable as Ada evolves.

“… uses separation logic. They’re not going to learn or understand that. All my mentions are relatively low effort with stuff close to what they’re doing. Coding an equivalent program in SPARK and Rust”

a) Regrettably, error free software doesn’t come cheaply. In one way or another one pays a price. If you just have to do something in C (which still can happen) and if you have to have correct code or else … the price of separation logic is still much cheaper than the price of failure. But granted, I wouldn’t recommand that for everyday use. For some very sensitive kernel stuff, though, I would seriously consider it.
b) One of the reasons I’m lauding Ada/Spark is that they put the hard stuff into quite comfortable garments. In my minds eyes Ichbiah did an amazing and brilliant job. He understood some problem classes that still bite us today, decades ago and developped an brillant concept. Rust otoh still stays in the old worldview; it will either become very cumbersome or it will fail to deliver when it gets hard.

“spatial + temporal + concurrency errors without knowing any logic.” – Pardon me, BS! They might put it in comfortable garments but there is no such thing a program that is free of spatial, temporal, and concurrency errors without a solid portion of logic.
Just have a look at spec. tools whose job is simpler in a way. It gets complicated quite quickly once you leave the level of simple demands. Of course, when Abrial demos B it looks simple (particularly with bank account examples *g) but try to spec a not trivial example where, for instance, the temporal layer is ripped by asyncronous events.

“Try Component Pascal with Blackbox Builder” – I know that. I would actually like it a lot. Unfortunately, today it’s all but dead and useless. I’m also a great fan of Hansens SuperPascal. let’s talk again when you have it running on an amd64 with some Unix on it…

“safer C tools, SPARK, and Rust.” – The “safer” in “safer C tools” is very relative. If one knows ACSL good enough (plus the involved intricacies) one may as well learn and use a better language in the first place.

I myself, as I confessed, still use C sometimes; there just is some kind of stuff where everything else is a PITA. If it’s sensitive enough I use ACSL/Frama.
But I’d tend to see those tools mainly as an emmergency approach for existing code that just must be made safe.

Moreover there is a large “grey area” I mention again with good reason: plain Pascal or for somewhat elevated demand plain Ada. Spark isn’t needed for everything. One reason for that is purely informal: To efficiently write Pascal or Modula or Ada code one must develop a mindset that helps to avoid many problems anyway.

Btw, as a funny sidenote: Know what I sometimes successfully did with old C code bases? Plain and simple const each and every parameter to each and every function. No formal tool, no annotations. Just the screaming compiler that will feed you plenty hints … and you have your work cut out and red flags marking all the places needing a closer look. Hehe

Gerard van Vooren December 1, 2016 9:22 PM

@ Anura,

Yes, Capitalism has more problems. I only referred to code quality. I think that legislation is needed here, I don’t see an alternative.

@ ab praeceptis,

About Wirth languages. Two questions: Subtyping yes or no and fully GC yes or no. Which do you think should prevail and why?

ab praeceptis December 1, 2016 10:40 PM

Gerard van Vooren

Front up: That’s my personal take. I’m not preaching that as the final truth.

Subtypes: Clear yes. Those together with proper ranges can kill armies of bugs.

GC: Not yet. Not with what we have as PLs. Theoretically a nice thing but practically …
Moreover: Maybe I’m a strange animal but I very rarely encountered the kind of problems GC is supposed to take care of (better than a human).

Right now, for a current example, I’m working on a dual stride trie. I know when kids aren’t used anymore. I also know whether I want to keep them alive because they’ll soon be reused. In case I want them freed I walk a couple of steps down and kill them upwards.
Does a GC know? Nope. To a GC those are but meaningless mem ranges in use or not in use. Plus it’s not faster per chunk, quite the contrary.
What’s my cost to keep them alive? Some kind of (rather short list). That vs free – and alloc again sequences by some GC should be obvious to judge.

Another problem I see is that if we’re talking about a handful of something, say, structs, it’s not worth it; one can certainly and very comfortably manage those oneself. Now, let’s look at an event driven server with a couple of 100,000 private data structs. GC’ing that will introduce ugly problems, will be slow and will keep me from reusing chunks.

In a way one can look at it as a case of generalization. The GC knows next to nothing about my code/mem and needs to be prepared for any- and everything. It’s bound to be more expensive and slower then what I can do. Plus it has its own life I know little above.
(Hint: There is a reason that any halfway solid language with GC I know allows me to disable it …)

There certainly are cases where GC is a blessing, but I haven’t seen many of those.

All in all, not meaning to insult anyone, I feel GC usually is a solution to a problem that only became a problem because someone either didn’t properly understand what he was doing or because he was sloppy or lazy.

Why you ask?

Ratio December 2, 2016 1:09 AM

@Anura,

The disease of capitalism is much more fundamental: private ownership of capital. […] The problem is that ownership of capital gives you bargaining power that grows with your wealth, and as you get more bargaining power you get wealthier.

If capital leads to bargaining power and bargaining power leads to capital, the only way of preventing private ownership of capital is to make sure that private individuals never have any bargaining power.

@Gerard van Vooren,

Ah of course Ratio has got to make his argument.

Those are introductory pleasantries, I presume?

I am gonna answer it this time because maybe I wasn’t clear but if you turn out to be a PITA again, screw you.

More pleasantries.

I lack the patience of ab.

That bad, huh?

All right, with all that out of the way, let’s talk about the topic instead of the people. Is that okay with you? 🙂

Competition made the cars a lot of “-ers”, as in faster, shinier etc. It didn’t made them safer.

With a few exceptions competition did not made the car industry safer. Legislation did.

Not my area, but just looking at Volvo would suggest otherwise. And it’s not just Volvo. See the history of airbags, crumple zones, and seat belts. (Apologies for the links to Wikipedia, but I’m sure you know how to find more data elsewhere.)

But never mind all that. That wasn’t my point anyway.

My point was that competition is about trying to outdo each other, but it doesn’t say in what. It’s the mechanism, not the policy.

In case that’s not clear, a car analogy. You don’t like where the car’s going and you say the engine is broken because the car’s going in the wrong direction. The engine’s fine; it’ll get you anywhere you want to go. You’re looking for the wheel.

I have been thinking about it for quite a long time but I don’t have an answer for this situation.

This situation is SW/HW security? SW/HW quality in general? Either way, I think you’re right that regulation is needed. That’s the easy part, though. The hard part is deciding what the regulations should say…

Clive Robinson December 2, 2016 2:19 AM

@ ab praeceptis, Gerard van Vooren,

Define “better”.

I was going to make the point that legislation does indeed make “better” markets but Gerard beat me to it.

However I would add a rider to that (having lived through the Thatcher Years where she led Ronnie by the nose). It’s the type of legislation that counts.

This can be clearly seen with the “Who leads the legislation?” question. In the case of Thatcher’s “Light touch” on the banking sector it gave us the likes of the Libor scandal, oh and the setting up of many faux markets. Likewise you can look at the DMCA etc, the list is quite long including environmental legislation. It’s why the other day I mentioned the industry Lawsmiths to L.Lozinski and my inability to think sufficiently hinky to spot there self interested little “thread pullers” that unravel hundreds of pages of what otherwise might have been good legislation.

Which brings us on to a sickness that is spreading through Western Politics. Put simply sufficient politicians see their success mrasured in volume of legislation not quality of legislation, the result being reams of legislation that few can read through let alone comprehend in the short time it is in scrutiny. This especialy includes the politicos that subscribe to the quantity over quality view. The problem is their abdication of effective control with the 90’s “Make it So” managment ethos. This allows even there own departmental lawsmiths to slip in bad law, prior to going out the revolving door to a well paid “commercial opportunity” with just the same people who have benifited from the bad law. But Govetnment these days is about “cutting waste” which is another way of saying “remove oversight”. Thus the make it so types, nolonger have their own lawsmiths good or bad, thus corporate lawsmiths ship in reams of their “booby trapped” legislation “signiture ready” for the boobies to pass into law. Oh and just to ensure the boobies don’t get overtaxed, they also supply precies, press releases, speaches and all manner of other assistance including venues with well stocked hospitality etc.

So I’m rather more cautious than our host about invoking the use of legislation to alter markets, because these days the legislation oft turns out to be the opposit of what’s needed.

Clive Robinson December 2, 2016 3:42 AM

@ Ratio,

If capital leads to bargaining power and bargaining power leads to capital, the only way of preventing private ownership of capital is to make sure that private individuals never have any bargaining power.

Err no that way leads to the likes of far right or far left politics, which history suggests more often than not will end very badly and violently.

The solution that has worked in the past and still works today is to limit the capital any individual entity can deploy to change the social good / harm balance. Which is why the very rich spend so much fighting it.

It’s called “taxation” and is usually deployed in a manner where the level of taxation effectivly increases as the level of capital an entity aquires increases.

It’s a subject the likes of “tea baggers” and those who describe themselves as libiterians get hot under the collar about because they unfortunatly don’t appear to have the mental capacity or will to go beyond learning and chanting slogans.

@ Anura,

You left out why the rich get richer, mechanism that causes the inequality, and it has a pronounced nonlinearity about it (much like compound interest).

Each social unit be it an individual, family or larger, has basic needs that have to be satisfied. Thus all income below a certain level is devoted to subsistance (often incorrectly mediated by the notion of the poverty line). As a social unit gets above a certain point they have what is refered to by many as “disposable income” as it implies they have a choice of what to do with it. The two broad choices are fritter or invest. Overly simply the purchase of goods or services that do not provide capital returns and thus devalue are the basis of frittering, buying goods or services that do provide capital returns is the basis of investing.

Providing the capital gain exceeds devaluation and other charges such as taxation the gain will grow as a power law.

As can be seen devaluation appears as a consideration in both fritter and invest. It is another mechanism by which the rich get rich and the poor get poorer. For some reason it gets an inverse name of “inflation” to try and make it sound like a good thing. However if you do not invest or invest incorrectly then it is a secondary hurt you suffer as the price of what are considered essentials to life just rise. History shows that for many the increasing price outstrips their ability to increase their income thus they slide backwards towards poverty or worse poverty.

I’m not going to go into the “economics” of inflation as a measure of growth in the economy, or as a driver for growth as it has some quite flawed fundemental assumptions underlying it. It is almost equivalent to saying,

    It works on alternative wet Wednesdays in the third month of years where the second month has an excess day, providing the correct umbrella is carried on alternate dry Wednesdays in every tenth month.

Where the complex verbage hides the “get out clause” thus the rule can never be disproven as it’s always somebody elses fault when it fails, not the economists…

Clive Robinson December 2, 2016 4:33 AM

@ Ratio,

Also, the rules of logic don’t apply by decree

They don’t need to, they are more fundemental than the vexation then caprice of mankind.

Clive Robinson December 2, 2016 4:47 AM

@ Bruce, and the usuall suspects,

Did you Realy say that!!!

It would appear that Adobe are doing it again this time with sound rather than pictures…

http://motherboard.vice.com/read/after-20-minutes-of-listening-new-adobe-tool-can-make-you-say-anything

Note the “big laugh moment” in there where they mention “digital watermarking”. Anyone remember why DWM was a failure with photographs and the like?

I Guess Adobe either don’t or are hoping you don’t.

Ratio December 2, 2016 5:19 AM

@Clive Robinson,

Let’s try it another way: the rules of logic aren’t temporarily suspended just because you’re busy having an opinion.

What I wrote logically follows from what was posited by @Anura. (It’s basically modus tollens.)

If you’re disagreeing with what I wrote (and it sorta kinda did look like that), then your problem is with the rules of logic.

Alternatively, if it’s really because you don’t like the point I highlighted (don’t shoot the messenger!), something will have to give. You can’t have all that at the same time. Not without decreeing that the rules of logic don’t apply and hoping that’ll do the trick.

There was a reason I posted my comment, you know?

Thoth December 2, 2016 6:13 AM

Re: Unlimited Guess Attack on VISA system

Two possibilities will occur. Either VISA upgrades system to detect guessing attempts or the industry will simply ignore it partially ir entirely.

There is no easy fix anytime soon. Just more vulnerabilities being discovered.

ab praeceptis December 2, 2016 8:23 AM

Gerard van Vooren, Clive Robinson

I’m not so sure about legislation making anything better. I like the idea and I would like to believe in it, sure, but I’m having a hard time with that.

But probably you are right; probably putting ones hope in legislators is at least slightly more promising than putting it in the profiteers of predatory ultracapitalists. After all there might still be a couple of the former left who are not completely sold out to the latter.

ab praeceptis December 2, 2016 8:27 AM

Ratio

“And it’s not just Volvo. See the history of airbags, crumple zones, and seat belts.”

Please provide the logic path between that statement and your original statement that that is thanks to competition as opposed to legislation.

ab praeceptis December 2, 2016 8:34 AM

Clive Robinson

“…”taxation” and is usually deployed in a manner where the level of taxation effectivly increases as the level of capital an entity aquires increases.”

In school books and some gazettes, yes. In real life the wonders of representative democracy somehow magically make it that for you and me and John and Jane that statement is true while those north of a certain capital level pay more like 1/10 (in percents) of what we pay. After deducting the company yacht and the private jet, of course.

ab praeceptis December 2, 2016 8:44 AM

Clive Robinson

“credit card attack” – don’t you worry! Do178-man, Eal-man, Fips-man, and Javacard-woman are already dispatched. And committee-man and federal cyber-man are on their way, too; their golden security stickers are polished and ready for action. Those evil attackers have no chance. The security-heroes will dactivate them no later than after reaching compromise in their decisive 17th meeting in 2034.

Clive Robinson December 2, 2016 9:11 AM

@ Ratio,

Let’s try it another way: the rules of logic aren’t temporarily suspended just because you’re busy having a fit of caprice.

As for the rest of your comment I realy think you should go away sit down, calm down and apply a little more logic to the problem.

I’ll give you a hint, when you have two items each driving each other (capital drives power which drives capital and round again) you can adjust the motion by making a change to either item. You certainly do have to go to extremis as things can either stop dead (no economy) or fly appart (revelotion).

Now if you have argument with that then good luck to you.

Ratio December 2, 2016 9:25 AM

@ab praeceptis,

“And it’s not just Volvo. See the history of airbags, crumple zones, and seat belts.”

Please provide the logic path between that statement and your original statement that that is thanks to competition as opposed to legislation.

My original statement said no such thing. In the comment you’re quoting from I said that I got the impression that it wasn’t true that competition hasn’t made cars safer, but legislation has.

Why did I say that? Because you’ll see that those safety features arose before the relevant legislation existed. Those could be the few exceptions @Gerard van Vooren mentioned, but the examples I gave are not minor details: these are the first things that come to mind when you (or I, at least) think about car safety.

Also, Volvo used safety prominently in its marketing. They clearly saw it as a way to distinguish themselves from the competition. (If you ask random people what brand of car they think about when they think of safety, the’ll likely say “Volvo”.)

As I said, it’s not my area and I don’t think this is very relevant for what we were discussing (although it was a nice illustration of the general point @Gerard van Vooren was making), but there it is.

Unlimited / Distributed Guess Attack December 2, 2016 9:31 AM

I’m sure it is not so bad as article wnats to think you of,

there are in fact ways how to detect\decline those attempts (and its already in place, not a science-fiction).

Ratio December 2, 2016 10:06 AM

@Clive Robinson,

Let’s try it another way: the rules of logic aren’t temporarily suspended just because you’re busy having a fit of caprice.

I fully agree with you there. Not so sure about the insinuation there, but why let that spoil a beatiful day? 🙂

As for the rest of your comment I realy think you should go away sit down, calm down and apply a little more logic to the problem.

The thing is, there is no problem. I’m not solving a problem. You seem to be, and we could agree on a solution (or not, as the case may be). But I wasn’t giving my opinion, or offering a solution. I merely took what @Anura said and applied the most basic logic to it. My comment to @Anura was only to highlight a logical implication of what he stated.

I’ll give you a hint, when you have two items each driving each other (capital drives power which drives capital and round again) you can adjust the motion by making a change to either item. You certainly do have to go to extremis as things can either stop dead (no economy) or fly appart (revelotion).

Now if you have argument with that then good luck to you.

That is not, and has not been, what I’ve been talking about.

Here is what I said, without the cycle (which doesn’t matter for the point I was making):

If […] bargaining power leads to capital, the only way of preventing private ownership of capital is to make sure that private individuals never have any bargaining power.

What I’m saying is basically “if that’s true, then this necessarily follows”. And that all I’m saying.

Anura December 2, 2016 10:06 AM

@Clive Robinson

Demand-driven inflation encourages growth (but not all inflation is demand driven, there is cost-driven which can just be a result of capital taking a bigger cut as they gain more power over labor), but it isn’t a panacea and it isn’t a complete policy. I personally think we should be tying net expected returns over the economy to inflation. The inflation encourages you to put the money in an interest-paying institution (use it or lose it), while the policy ensures that 100% of real economic gains go to labor (including management and executives).

So while I agree with you that if capital has disproportionate bargaining power, inflation is bad for wages as it means that workers need to fight against the tide (something you can combat by indexing minimum wage to labor productivity, growing union labor, and increasing infrastructure spending to increase demand for labor), but I don’t agree that a deflationary policy is a good thing since the link between inflation and unemployment is pretty solid. So you have to be careful.

Anura December 2, 2016 10:53 AM

@Ratio

If capital leads to bargaining power and bargaining power leads to capital, the only way of preventing private ownership of capital is to make sure that private individuals never have any bargaining power.

Bargaining power is largely relative, and this means that if all actors in the economy had equal bargaining power, then all actors in the economy end up with the same income, and the same influence over the government. You will never get there, but you can get close enough to ensure that no small group of individuals ever has power over the group as a whole, and as income inequality declines, the differences in ideology among people correlate less and less with wealth and income, making it significantly less likely that any subset of the population defined by their ideology will have disproportionate control over government.

Anura December 2, 2016 12:12 PM

@Clive Robinson

In my previous comment to you I wrote “Demand-driven inflation encourages growth” which is really poorly worded, and gets the cause and effect backwards.

Increased demand increases economic growth, but if demand increases faster than supply can increase, you get price increases, which encourages increased production, hiring, and investment. Too little demand, and you get high unemployment, too much and you get high inflation. So you want to balance that out. This isn’t to say that you can’t have growth in a deflationary economy, but that deflation has to come from productivity gains, not a decreasing money supply (which causes deflation through lack of demand, and discourages growth).

Gerard van Vooren December 2, 2016 1:22 PM

@ab praeceptis,

To start with the last:

Why you ask?

It’s because of the evolution. Wirths first real OS language was Modula2. After that he removed subtyping and committed to fully GC with Oberon. This because he wanted a PL that was fast to develop with. It’s much easier to iterate with less constrains and the compiler could also kept simple. Yet the type safety and still strict language kept it safe (I guess).

Subtypes: Clear yes. Those together with proper ranges can kill armies of bugs.

Can I ask then which language you prefer?

GC: Not yet. Not with what we have as PLs. Theoretically a nice thing but practically …
Moreover: Maybe I’m a strange animal but I very rarely encountered the kind of problems GC is supposed to take care of (better than a human).

With concurrency (green threads) I think things change. But I’m not an expert in this area so I could be completely wrong. I also think that for network servers it’s not wise not to use GC (esp. with variable data).

Right now, for a current example, I’m working on a dual stride trie.

You mean tree? In that case … interesting. I’ve only done striders with ordinary vectors. But about your structs, if they only contain fixed data then yes it probably makes sense to stick with manual memory management.

ab praeceptis December 2, 2016 2:10 PM

Gerard van Vooren

I’m not so sure about your take on Wirth. My impression, based on what I saw during considerable study of his work, is that his priority was teaching and that being pro-GC was a tempting answer to some of C’s worst problems.

(My) Preferred languages: Difficult to answer. Practically Ada/Spark for serious and sensitive stuff (which in my case means most of what I do).(Free-)Pascal (which I subjectively do not really like; never did) for purely pragmatic reasons. It’s quite ideal for gui stuff (which I dislike) and truly cross-platform (unlike Ada with its (quite nice) gtk binding).
I very much like Modula and would love to use it more but, alas, it seems to slowly die. For me personally Oberon is a nice and very interesting thing but the zenith of Wirth’s work for me is Modula-3 (which is somewhat funny as it’s very strongly and obviously influenced by Wirth but not really one of his languages).

Plus, surprisingly maybe for some, C – but as a glorified meta-assembler. In my minds eye it’s a perversion to write any non very low level sw (parts) in C but at the same time for me personally it’s a perversion, too, to not use C for certain very low level stuff. Having ACSL and Verifast available I also feel quite confident (but I would certainly not like to do larger portions of code that way).

re GC: Oh, I know the arguments of both sides and I do absolutely not consider the other side stupid. Actually I might myself make GC the law in some major (as in “many devlopers”) projects. But that happens to not be my world. And in my world and with the kind of people I happen to work. the kind of projects I happen to work, and the mindset (I select for and obsessively impose *g) on teams, GC is but a useless and expensive toy.

“greenlets” – call it political if you like but I consider greenlets and similar “salvations du jour” short lived phaenomena. They may look impressive with ping pong benchmark servers, though …
As I see it it’s going to stay/be threads (distribution over cores and MT games), AIO/events (for obvious reasons) and Actors.
Properly designed and engineered and done by professionals the value/cost for GC is unattractive and worse, we don’t like mem/temp/concurrency domain crossover spikes and surprises.

Maybe it helps to say that I’m pretty much at the opposite end of the functional fans in the spectrum. Both reasoning an experience tell me that computing happens to be about data and state (and events/state transitions) and where the functional people like to idealize it out of the picture I prefer to have it naked and raw right before my eyes.

“trie” – no, not tree but trie. Don’t care, just think “well defined structures” (with pointers involved, too, but so what). I also mentioned them because they happen to be an example for what I mentioned above. Mostly Spark plus some bit fiddling in C. Developing the whole thing in C would take more time for proper sep.logic annotations alone than the whole thing fully verifiable costs now in 95% Spark and 5% w/simple (ACSL, not sep.) logic and even less smart SAT backends are smart enough for it,

Clive Robinson December 2, 2016 3:41 PM

@ ab praeceptis, Gerard van Vooren,

“greenlets” are a pain, if you do not write your own async IO, one blocks and your whole userspace process hangs.

Whilst those who have got down and dirty with assembler and device driver code grok what needs to be done to “play nice” most code cutters have to learn the painfull way.

To a certain extent the Sun Green Team anticipated this –in their java user space thread library–, they over estimated the ability of the code cutters…

As for Garbage Collectors, it was pointed out to me many many moons ago that “BASIC needs GC because as Dijkstra has identified such (ab)users had been permanently tainted beyond redemtion”[1].

Again those who have had to get down and dirty with assembler on embedded microcontrolers with only 256bytes of RAM and a couple of registers to play with understand the managment of memory in a way few others ever do…

Such programers are very rarely the product of a graduate CompSci course, they tend to come from the hard science and engineering courses, where the undergrads have to build their own test equipment as an aside to their actual course/project work.

Much as I like Wirth’s work, his idea like that of the original Dartmouth BASIC developers was to provide an abstract environment that hid the real details of a computer away from students. I know that in all likelihood I will get howls from certain quaters but C was likewise designed to abstract away the real details of the underlying hardware for I/O etc. However the level of abstraction where memory was concerned was different –because of the linker– it needed a hardware MMU to give a virtual linear memory space to all but “down and dirty” IO bit bashers and kernel hackers. Other, stack based languages did not need an MMU just a sensible way to use base pointer indexed memory. People tend not to know that Forth was also it’s own operating system and with minor tweaks was comfortably multitasking in a Real Time way.

At the end of the day the push in languages has generaly been to abstract away any kind of real detail and cocoon programers in a safe and secure “play pen” environment where they don’t have to think about such detail. The downside is no play pen is 100% safe or secure, and when things do go wrong such coseted programmers often do not have a clue why, nor how to get out of the hole they find themselves in. Often this leads to “my best guess cludges” that more often than not hide other horrors to await the maintanence cycle.

For those that can and do get down and dirty, the abstractions and safety mechanisms are often not just something you can ignore but a real impediment to getting work done.

The example I usually quote is “pointers” to an assembly level programmer these are simply memory addresses to a piece of memory that is in effect “a bag of bits” container that the programmer knows how to use. To many C programmers pointers are a nightmare because of what the compiler does with data types (abstracted containers) and thus the hidden pointer arithmetic.

I must admit my usual answer when someone presents me with a pointer arithmetic issue is to tell them to “cast to void then come back and talk to me”… For some reason I tend not to see them come back 😉

[1] The actual Edsger Dijkstra quote has been recorded for posterity as,

    It is practically impossible to teach good programming to students that have had a prior exposure to BASIC, as potential programmers they are mentally mutilated beyond hope of regeneration.

Thoth December 2, 2016 5:27 PM

@Clive Robinson

“Again those who have had to get down and dirty with assembler on embedded microcontrolers with only 256bytes of RAM and a couple of registers to play with understand the managment of memory in a way few others ever do…

Such programers are very rarely the product of a graduate CompSci course, they tend to come from the hard science and engineering courses, where the undergrads have to build their own test equipment as an aside to their actual course/project work.”

More accurately, that is a product of some code cutters or engineers hit by reality of needing to handle embeddedd in RAM memory of only a few thousand bytes at the very most and not the seemingly infinite GBs of PC memory that automatically caches memory to disk when more memory is needed. Those kind of experience can only come when someone gets down and dirty with embedded chips that are constrainted and without the luxury of more advanced and resource consuming caching algorithms.

Most CompSci and IT students I see at my side these days are very pampered until they are thrown into the deep end due to projects or necessity.

Ratio December 2, 2016 6:11 PM

@Anura,

After another train wreck, I’m not sure if there’s much point in pursuing this further. I’ll respond briefly to your comment and probably leave it at that.

Bargaining power is largely relative, and this means that if all actors in the economy had equal bargaining power, then all actors in the economy end up with the same income, and the same influence over the government. […]

I agree, in both cases it’s about the power is derived from the differential.

But I think the rest of your comment is problematic in various ways. (I mean that in the sense that I think that what you’re proposing doesn’t really work the way you’d like it to, and / or has associated costs that you maybe haven’t considered and wouldn’t like to pay.)

Three things to (maybe) ponder:

First, government also has power, vastly more than large groups of individuals (outside government) in this hypothetical situation, and that power is wielded by individuals inside the government.

Second, while all private actors in the economy would have equal power, that is only true when taken individually.

Third, trying to maintain the hypothetical situation you describe would put real restrictions on people’s liberties.

(My initial comment was meant the same way, but… well… see what happened above.)

@Clive Robinson,

What blockquote would that be?

I thought I had mangled the <blockquote> around the penultimate pargagraph in <a href=”https://www.schneier.com/blog/archives/2016/11/friday_squid_bl_555.html#c6739625″”>my response to you, but now that I look at the source I see no evidence of any <blockquote> at all, mangled or not. Anyway, that paragraph was supposed to be in a <blockquote> (and there are some other… “imperfections”, shall we say?), but there’s not much I can do about that now.

I hope I at least finally got my point across.

Wael December 2, 2016 6:21 PM

@Clive Robinson,

Did you Realy say that!!!

Wait a minute, now! You mean we were fooled all these years? This is not real? I always thought there was something peculiar about this picture, but I couldn’t put my phinger on it!

What him say? Him say: Your Kung fu isn’t good, bi**h!

Wael December 2, 2016 6:26 PM

@Ratio, my friend!

Why are you causing so much commotion? Ummm you don’t happen to have a foot covering made by @ianf, do you? 🙂

Ratio December 2, 2016 8:12 PM

@Wael, hey, hadn’t seen you around in a bit. 🙂

Nope, no @ianf-made foot covering that I’m aware of.

Why the commotion? Ha! I ain’t falling for that one. 😛 Isn’t the latest train wreck enough for a while? 😉

65535 December 2, 2016 8:28 PM

@ Clive Robinson

“It would appear that Adobe are doing it again this time with sound rather than pictures…” –Clive

http://motherboard.vice.com/read/after-20-minutes-of-listening-new-adobe-tool-can-make-you-say-anything.

“Note the “big laugh moment” in there where they mention “digital watermarking”. Anyone remember why DWM was a failure with photographs and the like?” -Clive

The ability to alter voice conversations by just typing in what you want to alter is somewhat unnerving given the Snoopers’ Charter and the possibility of creating instant evidence, probable cause and manipulating conversations to add people to no-fly list and so.

I guess Adobe knows the dangers for their voice/conversation editing software and is attempting to put some controls on the use of their voice editor. I doubt Abobe’s first concern is safety – but instead profits. What could go wrong? /

name.withheld.for.obvious.reasons December 2, 2016 8:52 PM

A moment in a preponderance, of sorts, considering a highly virtualized shadow internet infrastructure…

  1. Internetworking infrastructure (major and some other nodes Mae West/East, NAP hubs, etc.) virtualized using pseudo, not physical, links
  2. DNS Root servers (duplicate DNS and DNSSec records and certs/keys/)
  3. PKI Certificate Infrastructure (Duplicate of Root (highly prized) and Registered Issuing CA’s (Trusted CA’s)
  4. Packet Traffic in time (snapshot of all these points at any/all moments of time) on the public internet
  5. Resultant network from the above processes (queued from traps in the public network) can provide useful data?

Without having to capture all packets, but only the ones that from a session topology, the data is mapped to a logical (operationally minimum as defined above) and network topology to provide a parallel network inspection capacity using the virtualized shadow network.

Wael December 2, 2016 8:56 PM

@Ratio,

Isn’t the latest train wreck enough for a while?

I was enjoying the show and wanted to pour more fuel on the fire. Burn, baby! Burn 🙂

Ratio December 2, 2016 10:10 PM

@Wael,

I was enjoying the show and wanted to pour more fuel on the fire. Burn, baby! Burn 🙂

I guess it was all worth it, then. 🙂

But maybe we could find some alternative form of entertainment for you? The first reviews are in and not everyone seems to be so enthusiastic about the latest production. 😉

(You don’t enjoy the constant trolling about روسيا for example? We never seem to run out of that lately. Any favorites?)

Dennis December 2, 2016 10:32 PM

@ Anura, “So while I agree with you that if capital has disproportionate bargaining power, inflation is bad for wages as it means that workers need to fight against the tide (something you can combat by indexing minimum wage to labor productivity, growing union labor, and increasing infrastructure spending to increase demand for labor)”

What you propose would only work in a protectionist environment, which is what we voted for.

Wael December 2, 2016 11:23 PM

@Ratio,

You don’t enjoy the constant trolling about روسيا for example?

I don’t mind reading about روسيا (roosia: Russia, for the Arabic impaired.) What I read is expected and not surprising, but the sarcasm is sometimes interesting. As you may know, I and sarcasm are quite fond of each other… oh, those Russians. Politics isn’t my cup of Darjeeling tea, though. I learned long time ago not to believe politicians[1].

Any favorites?

Anything that can be tied to security.

[1] Two stories during college days. One is not that interesting about a chess game, and the other is funny / strange and hard to decipher, but could potentially be offensive to some.

Figureitout December 3, 2016 1:34 AM

Gerard van Vooren
I think that legislation is needed here, I don’t see an alternative.
–First tell us how to prevent backdoors being mandated in the legislation (will be a false sense of security as backdoor will be found or many attacks are still too easy even w/ legislation). That’s step 1, and is the burden of anyone saying this is a solution. How much experience do you have w/ legislatures or how laws are made? Laws are guidelines written on paper or bits on harddrives. What’s actually needed is better engineering, then extensive checking (they’re different skills, the primary creators, then the checkers and testers) and actual actions of individuals proactively preventing attacks via OPSEC dedicating computers to specific purposes so the opportunity cost of any attack goes up. Or setting up loggers to track down attackers. Ask any attacker what they don’t want (speaking from a bit of personal experience), is a total f*cking minefield of wolves in sheep’s clothing, honeypots and elaborate traps out there, anywhere. Wasting their time and bringing the attacks back their way is what they don’t want. You retract from what you’re doing at that point.

Clive Robinson
So I’m rather more cautious than our host about invoking the use of legislation to alter markets
–Why do you think I’m so against it, w/ your bias you think I’m sort of cheerleading freemarket race to bottom imbecile. Intelligent laws aren’t being created…look at all the crappy laws being made all over the world now (check out the UK laws making the news, not too good…). People need to actually observe the law-making process and just how shallow it can be. Better yet, everyone needs to see experiments of laws made in a controlled environment, my most useful class getting a public affairs degree (sadly they were considering removing that class…); seriously…it’s so revealing of humans too. It only takes 1 mindless zealot of a person to completely ruin it all, unless they can be overridden. To get other people to agree the end result of legislation is massive crappy piece of law. To make smarter pieces of law, you need to involve less people (need to be localized as much as possible), which means our laws need to be based on a publicized algorithm that any citizen can check themselves and judges need to be open source robots (open source hardware and software). Laws need to apply more strongly to local places, that’s how humans work; not huge global laws, they lead to tyranny/slavery and loopholes and backdoors etc. if they can’t be changed quickly and easily…Trust needs to be regained that laws are not just mandating backdoors into products or just completely out of touch “pie in the sky” wishes.

People that advocate need for more legislation than the “London fatberg” mass we already have, need to say specific legislation they want and if it can actually a) be implemented and b) not be a total fail, otherwise this is just a worthless exercise.

Such programers are very rarely the product of a graduate CompSci course
–Yep, but they do exist. Had one in my class, weird guy but he seems to be a damn good programmer (likely not at assembly though, not sure). Pulled off a pretty good project in the class. Works for a local company which is known for just excellent programmers that track down bugs so fast and do such a wide range of projects.

RE: dijkstra’s quote on basic
–Probably not fair since actual good programmers are going to want to program anything in any language, toy projects in new languages are pretty fun usually. I barely do any BASIC coding, have a couple programs on my calcs, but I love being able to program more things. That I can immediately write code and execute it in my calculator is great, even if it is BASIC. So many things I want to just program and automate the way I want…

Speaking of which, do you have a free compiler for PIC MCU’s that can build w/ least amount of cruft, microchip offers a “pro” version of their compiler for more optimized builds. I downloaded the latest MPLABX and built a stupid LED blinking program and it was like 1.18 kB…I’m trying to make an entry for the 1kB challenge on hackaday, know it’ll be lame compared to some of the insane entries already since I’ll have like a week or 2 at best but want to put something in anyway…

Wael December 3, 2016 1:55 AM

@Ratio,

I should have spelt it: roose-ya

@tyr,

They tell them in therapy: It makes no difference who rules.

Clive Robinson December 3, 2016 2:28 AM

@ Ratio,

I hope I at least finally got my point across.

Oh which one, your affinity for “reductio ad absurdum” as the phrase originaly ment?

Clive Robinson December 3, 2016 5:19 AM

@ Figureitout,

With respect to legislation, I’m in favour of slow-n-steady with plenty of mandatory check points (sunset clauses). My view of legislators is they should be “cleaning up” not “piling shit up”. That is in the main “tending the garden” by carefull pruning and considered oppinion, not adding piles of shit that will blow back in your face.

The problem is the corruption caused by corporations feathering the nests of politicians and civil servants that believe that they are both exceptional and entitled. There is no hell I would not consider for these people, and I’d even bring the popcorn.

That aside to the meat of your post,

Speaking of which, do you have a free compiler for PIC MCU’s that can build w/ least amount of cruft, microchip offers a “pro” version of their compiler for more optimized builds.

No I don’t, as the PICs prior to the 18family are not realy suited to high level language constructs (even Forth 😉

But there is an issue with MicroChip and the 18 and above family, their compiler was based on GCC… With it’s FOSS licence, which kind of means they are not alowed to do this “only paid for premium rate” nonsence.

There is actually little to be gained from even optimized C code when the chips are realy down in ROM/RAM. Such compilers look to be on parity with “average” not “exceptional” assembler programers.

The way C does loops does not realy optomize well compared to other typrs of loop construct and usefull assembler tricks don’t translate well to C. One example of this is multi-entry subroutines. In assembler you just call your chosen entry point, with C you have to muck about with “if” or “switch” statments, which is one heck of an overhead. Then there is all the crap to do with pointer arithmetic… I could go on but you probably get the point.

In essence, hard as it is to believe C was designed to be “maintainable”, the OneK-Code chalenges are about wringing the last drop out of every bit you can.

A number of years ago I wrote some “quite tight” assembler code on a 4K ROM part that did an entire cordless phone with LCD display, intercom function data coding for PRK etc handset. Got the sign off to go to mask, only to discover CRC errors coming back from the foundry interface… Turns out the actual mask part was only 3.5K and I had about two hours to refine the code down by around 10%… To cut a long story short I complicated the way the LCD messages were stored and knocked around 50% of their storage space, it was still not enough, then something a colleag haf mentioned came back to me. The CPU had two jump instructions a three byte and a two byte, likewise calls. However the two byte would only jump into page zero, so I built a three byte “jump table” in page zero and accessed it via two byte jump’s from the rest of the code. This shaved just enough off to get me a few bytes under the 3.5K limit. But the result wad one heck of a lot more complexity in the code.

There are no compilers around that can do that sort of trick nor are there ever likely to be as they are way to case specific bit savings. And it’s those very case specific tricks that will get you under the OneK bar, not an optimizing compiler.

I suspect @ad praeceptis also has his own similar “war stories”.

Anura December 3, 2016 5:32 AM

@Dennis

Those are three complementary policies that each reduce the negatives of the other. They are complete, and don’t require protectionism. Protectionism is a bad long term strategy, and even that won’t save the manufacturing sector from being automated away. You want to improve jobs, you need to focus on education. While minimum wage can contribute to inflation, in terms of real prices, essentially you can only change the relative prices, so there is no loss to the economy in the long run (basically, things in which the cost is largely high-paid labor goes down in price, things in which it is largely low paid go up, but as long as overall pay doesn’t go up, then the overall cost of goods doesn’t go up), but it can cause short-term labor demand declines, which any change in distribution of income does that is not growth, as spending habits change and labor needs to be reallocated), which the infrastructure spending counters. For long-term economic policy, it’s sufficient to do so gradually (as long as you don’t exceed

The big reason rural towns can’t survive is a lack of income; you need local services, retailers, etc. and these workers depend on cash flows into the economy. Cutting wages, propping up low productivity sectors will only exasperate that – minimum wage increases income for these towns, and if we would have kept minimum wage growing with labor productivity for the last 40 years, then rural communities wouldn’t have died off so quickly. Protectionist policies have likely made the problem worse, not better, as you can only prop up a dying industry so long before it has a real effect on economic growth – and we propped them up long enough that automation took them away, and this has hurt real income for most workers in this country.

Now, there is another problem which is that the high inequality leads to poorly allocated resources. At some point, if incomes do not grow for most people, due to the marginal propensity to spend the wealthy end up pumping all their money into wealth-gaining, and since there is diminishing returns for investment, it ends up inflating asset prices, lowering real productivity. An economy with high inequality that became more equal would likely see strong growth in productivity, and especially in the net utility of goods and services produced, meaning more real income overall and lower inequality.

r December 3, 2016 10:19 AM

@Dennis,

What you propose would only work in a protectionist environment, which is what we voted for.

May I point out that @Clive and others covered the whole representational politics the other day, that being said: careful what you wish for and how you/they represent it.

r December 3, 2016 10:33 AM

@Clive,

Trampolines huh?

You’re right, the compiler doesn’t technically do that – in the world of c it’s the linker that is privy to all those hartificial constructs.

Well, it’s that or you have to do what you did in your case which is handcode a solution I suppose.

Considering how similar that type of lookup (albeit yours was code) is similar to the IDT/GDT give yourself a pat on the back for reinventing a reasonable facsimile of the modern wheel. 😉 (it’s a good thing)

Borland and MS do imports differently, one is a space saver in the short term (direct calls) the other is a space saver over the long run (multiple callers)

Borland:
call [dword ptr _Import] ; 6 bytes, borland

Microsoft:
call (relative) _Import ; 5 bytes

_Import:
jmp [dword ptr _imp_Import] ; 6 more bytes

ab praeceptis December 3, 2016 11:18 AM

Clive Robinson

“I suspect @ad praeceptis also has his own similar “war stories”.”

Sure. Once at a carrier, about 15 years ago, we needed md5 + base64 on some backend (read: every cycle counts) equipment. It was done in C which was the normal professional way then (probably still is). Problem was it was way too slow. Funny was that the guys either didn’t know or considered it exotic that any decent compiler also spits out assembler of you ask it to. Taking that as a starting point I went at looking for the cycle waster spots. And there were plenty. One I remember because it demonstrated so bluntly how stupid many compilers were was the push some register holding the result of one function as param for the next one which again popped it off into the very same register. Another one was tha for whatever reason the compiler guys seemed to not like registers; they used only about half of them.
To be fair it wasn’t the compiler alone. Our guys had ignored some of the basic rules of the trade like the one that says that the two branches of an if are not at all equal in cost.

Which brings me to my point (that I make so boringly often). Sure, the compilers were still poor then. But the real problem was the guys; the real problem was that they saw C as a language and not as a meta-assembler and that they blissfully ignored (or didn’t know) about the hardware.

To cut it short: Doing those routines properly we increased speed about 50-fold.

Another short story that helped me to set some youngsters on the right track was my “How I learned to program”. I learned it by designing and building a “high-speed” interface with ttl. Nothing in my whole career tought me more than I learned then. Having gotten a nor wrong at 3 in the morning and seeing everything going wrong is a lesson one remembers for a life.
Btw, (as it came up) the programming for that thing was done in basic. Simple reason: that’s all I had then. It was a nightmare; I hated it but it worked. And it tought me another lesson for life: Language is important. The right one for the job will get it done well, the wrong one will make it cumbersome and very unpleasant.

re politics/regulations:

I think that we shouldn’t ignore a certain point, namely that legislation/regulation will come, no matter what. Maybe a trainwreck will trigger it, maybe a pacemaker accident producing corpses and some bad luck, meaning they can’t hush it up. But it will come.
The problem I see with that is that politicians will do what they always do: They won’t listen to experts but to “experts” and they will be guided by the desire to not disturb the large corporations.

If we are very, very lucky, they will at least nail down some reasonable points, too. Things like setting some reasonable rules along the line of “do178 is blabla. How to properly implement it?”, things like proper formal specs and proper formal verif. in some critical areas. We must urgently get out of the “we wrote 1000 spec pages in legalese/engineerese” and “we did unit tests” loony bin.

r December 3, 2016 1:47 PM

@ab,

Our guys had ignored some of the basic rules of the trade like the one that says that the two branches of an if are not at all equal in cost.

Maybe they skipped the lesson that day or maybe just maybe coding from within an IDE (nicks gonna jump me for my notepad usage heretofor “undocumented”) doesn’t exactly scream that not so obvious dilemma.

It bothers me, because we’ve heard of ’rounding errors’ where community colleges and some universities are concerned.

Dennis December 3, 2016 7:10 PM

@ r, “careful what you wish for and how you/they represent it.”

Now, you’re writing like a sore wishful democrat.

Shouldn’t it be ‘careful what you vote for’?

@ Anura,

Over-inflating the minimum wage has further consequences than inflated local prices. It effectively prices sub par workers out of labor market. Factories will move across borders in search of lower and fairer labour rates, raising our unemployment. Unemployment breeds further social unrest and income inequality. It’s a hole the liberals dig ourselves into, time and time again.

r December 3, 2016 9:21 PM

@Dennis,

Exactly.

@Dennis, Anura,

That’s why wages aren’t the problem, it’s returns.

What’s the ROI on time?

Whatever happened to Moore’s Law?

Figureitout December 3, 2016 10:26 PM

Clive Robinson
–That would be nice, as it’s not even clear whatsoever to simply go somewhere and get all the laws, it got mangled when international business started happening. And now backdoored standards being forced on the population via laws. It’s a heaping mass right now that’ll drag a lot of people down w/ it…

RE: no slim c compiler
–Damn, well, I’ve got a working project right now. Been working all day. In C, feels like it should be like 200 bytes in asm. Useful but lame for right now. On the PIC16F18855. 444 bytes, reads a cap. touch button and turns on a relay, so you could control a motor w/ it. If there’s no code in the motor driver (I’d need to check that), I could add that in. I could do serial comms, or add IR activation for relay, enable watchdog, brown out, low power etc, maybe I2C LCD screen (if there’s code in the driver chip then prob. not), and I’m going to have to power it separately b/c there’s likely too much code in USB chip.

I’ll see if I can port it over to asm (I would classify myself as an average asm programmer but I enjoy it, don’t aim for code that blows the mind, more like calms ;P) and get more space, should be straight forward, just never done PIC assembly (lots of “f’s” in instructions, don’t use colons at the ends of labels (bleh..)).

RE: the 4k rom part story
–Pretty sick, I’d be pretty pissed though if I had that thrown at me. Is the 3byte vs 2byte jump like “short” jumps and “long” jumps? In our school boards I didn’t have those contraints thankfully nor did I need to enable more memory like some people needed (think my code ended up being around 6.3KB), not as fun w/ such extreme limits IMO (I like 16K or 32K is really nice now, guess you need to do these exercises to feel it). I just used long jumps and branches everywhere just for consistency.

Well, I’m looking for a feature to really make my project “pop”. Not sure…

Ratio December 4, 2016 12:17 AM

@Wael,

I don’t mind reading about روسيا (roosia: Russia, for the Arabic impaired.)

The Arabic-impaired could of course also try and find out things on their own, like what a word written in another script means. Might do some of ’em some good. (It’ll also show them how transparent their BS is.)

[Favorites?] Anything that can be tied to security.

Heh. Should’ve seen that one coming. 🙂

It makes no difference who rules.

Hold on to that thought, you’ll need it later.

@Clive Robinson,

I hope I at least finally got my point across.

Oh which one, your affinity for “reductio ad absurdum” as the phrase originaly ment?

So I try (again) to move to a less antagonistic situation and your response is more ad hominem. Interesting…

Clive Robinson December 4, 2016 5:54 AM

@ Denise,

Over-inflating the minimum wage has further consequences than inflated local prices. It effectively prices sub par workers out of labor market. Factories will move across borders in search of lower and fairer labour rates, raising our unemployment.

Unfortunatly your explanation is not the reason “Factories will move” The reason the employment cost is so different is the “cost of society as a whole” not the “cost of labour”.

Lower labour rates are found in undeveloped areas/nations, because there is no cost of development and no cost of maintenance. As the land has very low utility value because of the lack of development it’s value is subsequently very low as well. This in turn makes the cost of housing/accommodation very low as well, which is most workers largest capital requirment.

Such situations are exploited by itinerant manufacturing, so what is cheap land/labour today will be increasingly more expensive over time. Thus you have the guarentee that the itinerant employer will move yet again leaving devistation in it’s wake at every jump.

But there is now a reason for the pace of jumping to increase, which is that more and more goods are becoming information based and less tangible than services. Thus the barrier to moving is significantly reduced. Hence we have the likes of outsourcing which are an absolute disaster in more respects than most can understand.

Ultimately it has a knock on effect in that outsourcing gets down to the individual. Thus wages every where go down to the lowest bidder irrespective of the quality of the work. This knocks on to the fact that workers can not afford to become skilled as there is insufficient return in doing so… The result ultimately is the economy not just stalls but stagnates.

Nearly all of this can fairly be laid at the doors of “quick buck” investors, known as shareholders. Who likewise cause the companies to enter into the labour skill fast flight jumping where the only thing of interest is the next quaters share value. Which can only be maintaind by the sort of “creative accounting” that Enron senior managment indulged in.

But this is the trap that libeterian’s want to jump in with both feet and drag the rest of society in on top of them…

Much as people do not like it society grows by socialism with a small s and it’s a tide that raises all boats. Conservatism with a small c allows for an individual ship to be more efficient. But if you get conseratism with a big C where there water is drained, and there is no tide, thus it does not matter how efficient you make a ship it’s beached like a whale, to in short order suffer the same fate.

Anura December 4, 2016 9:52 AM

@Dennis

Over-inflating the minimum wage has further consequences than inflated local prices. It effectively prices sub par workers out of labor market. Factories will move across borders in search of lower and fairer labour rates, raising our unemployment. Unemployment breeds further social unrest and income inequality. It’s a hole the liberals dig ourselves into, time and time again.

You can price someone out of a market only if someone else is willing to do it for cheaper, but you can’t price someone out of the economy as long as people feel the real gains are worth the real effort (and if we get to the point where potential for gains exceeds the effort, you are in a post-scarcity society and nothing we know about economics applies). The fact of the matter is that there can be no shortage of jobs, just a lack of willingness or ability due to structural reasons to allocate the resources to hire people. And that is a very very important thing to understand. As long as there is demand (as in people with cash who want to spend it), there will be jobs. Every single time someone says “That’s too expensive” they mean “I am not willing to allocate the resources” which means “spending more money isn’t worth it to me” – if the people with money don’t want it, then the solution is to give money to people who will. So who would be willing to spend money if you gave it to them? Well, the poorer the person, the more likely they are to spend it.

There is absolutely no level of wages that the market won’t bear, as long as you ensure people get the money to buy them – in fact, high inequality is worse in many affects as it means fewer people can afford goods made by high priced labor. In fact, higher wages encourages higher labor force participation, which is a problem right now in the US. Also, it should be noted that under both Bush and Obama we had both the highest corporate profits as a percent of GDP on record, and the lowest economic growth.

The problem with keeping all these low productivity jobs is that we are hurting our economy as a hole for the sake of refusing to address the fact that society changes.

So yes, there are consequences to that, but there are consequences to high inequality too. We’ve been struggling to grow since Bush because productivity is growing faster than incomes for most of the population, and we don’t have demand for goods and services. It turns out it’s more profitable to focus on cost cutting than it is to focus on growing output, because demand hasn’t really been growing due to all gains going to the wealthy who have no more need for anything, so it goes to increasing wealth, status, and power, which has other serious consequences.

The funny thing is that the only stated advantage of high inequality is literally the ability for rapid economic change by giving people the ability to quickly and easily move large sums of cash. The consequences of change is instability, especially with relation to jobs. Not only that, but it means that the better off you are, the further you have to fall. This leads to higher fear and stress for the middle class, with massive hardship for the poor and many in the middle class. How is any of this better for a society? If you lose your good job, it literally means that your options are much much worse than they would be with low inequality. This is why people are dropping out of the workplace, committing suicide, getting addicted to drugs, because they can’t find anything that allows them to maintain their lifestyle due to decades of stagnating incomes and it is a soul-crushing experience.

I’d say that the entire reason unemployment in the manufacturing sector is a problem in the first place is that wages haven’t been going up with productivity, so those that lost their jobs don’t have any options but to lose all the income gains they made over the last 40 years – the only reason that can happen is because the income gains for the poor and middle class amount to next to nothing, so there are no alternatives for them that pay better.

Wael December 4, 2016 9:20 PM

@Ratio,

Hold on to that thought, you’ll need it later.

Oh don’t be a pessimist! We have a bright future… very bright (and Ratio-active). Wouldn’t it be nice if we glow at night like fireflies and grew an extra eye or two? I mean you believe in evolution, baby! You should be happy, darwindamnit!

Ratio December 4, 2016 10:56 PM

@Wael,

Oh don’t be a pessimist! We have a bright future…

You can read my comment either way. 😉

Wouldn’t it be nice if we glow at night like fireflies and grew an extra eye or two? I mean you believe in evolution, baby! You should be happy, darwindamnit!

Believing in evolution would make me a believer. That’s no good. 😛

Life would be fine, individuals would be f***ed. (See also: saving the planet.)

Clive Robinson December 5, 2016 1:42 AM

@ Wael,

Oh don’t be a pessimist! We have a bright future… Very bright (and Ratio-active).

What a Ronnie Ray Gun style “Nuke the commie 13a5t–ds” one, as the “Dead Cat hairdo” kicks the football rather than the bucket B-)

Or are you “just playing the odds 😉

Wael December 5, 2016 3:30 AM

@Ratio,

See also: saving the planet.

I watched almost all his videos, including this one. The poor guy already got recycled!

Clive Robinson December 7, 2016 6:37 AM

@ Curious and Carousels,

… a monitoring program would not harm normal Tor users

All monitoring programs cause harm, pretending otherwise is idiotic. Even the founding fathers realised this long befor our modern communications were thought of.

And please don’t trot out “if you’ve done nothing wrong…” line.

All monitoring be it of communication content or communication meta dat can be used for harm to an individual, and there are sufficient examples publicaly known to demonstrate this.

Have a look into the history of the FBI and it’s one time leader and what he got upto and that was a lifetime ago, ask yourself how much wotse it could hsve got since then with technology having a generational period of around a year and a half…

Wael December 7, 2016 7:10 AM

@Clive Robinson,

And please don’t trot out “if you’ve done nothing wrong…” line.

If you’ve done nothing wrong… you soon shall, and we’ll be here to witness it. It’s just a matter of time, and we’ve got plenty of that!

Serious about Circuses? December 7, 2016 9:00 PM

Our infrastructure will be built by more than one paranoid person living in a faraday cage

Clive Robinson December 8, 2016 2:02 AM

@ Serious about Circuses?,

Our infrastructure will be built by more than one paranoid person living in a faraday cage

More than you think work in faraday cages developing the communications equipment the next few generations of the internet will use (it’s a legal requirment not paranoia).

Speaking from experience working in a faraday cage can be oh so much more peaceful than the standard cubical, all you have to do is remember to “schedule a meeting with yourself in the calender”. It’s actually better than having your own office as people tend to take the “Do Not Enter” notice way more seriously than a shut office door.

But a serious question how do you as an untrained person tell the difference between “paranoia” and “security”? I’ve worked in environments where the security was way beyond that a diagnosed paranoid would dream up and repeatedly tested…

Oh and that idea of the “mad professor” type inventing in a secret lab… It’s actually a requirment in most countries to take measures to protect your design with secrecy to actually get a patent…

When people actually take the time to look, they find the difference between a castle and a prison is often just a mater of viewpoint as with many a guilded cage.

Wael December 8, 2016 2:36 AM

@Clive Robinson,

I’ve worked in environments where the security was way beyond that a diagnosed paranoid would dream up and repeatedly tested…

You worked in an asylum, too! Cool! But I gotta tell you, it’s a bit*h to work in straitjackets.

Clive Robinson December 8, 2016 4:12 AM

@ Wael,

You worked in an asylum, too! Cool! But I gotta tell you, it’s a bit*h to work in straitjackets.

Hmm the “too!” says rather more about you than it does the places I’ve worked. Though occasionally seen as “mad houses” they were not officially –at least– “asylums”.

As for “straitjackets” do you mean the articals of clothing, or the ones of “uniforms” at every door with guns and itchy fingers?

The former can be seen as “relaxing” where as the later never can if you know anything about mechanics and authoritarian followers that lack the imagination to be anything other than “the mechanism of the machine”. It’s why I talk about “Directing minds” not the “tools” they use as cut outs.

Wael December 8, 2016 4:39 AM

@Clive Robinson,

Hmm the “too!” says rather more about you

That’s exactly what I meant — me too. How else would I know about the difficulty of working in a constrained environment :-8

Wael December 8, 2016 4:48 AM

@Clive Robinson,

It’s why I talk about “Directing minds” not the “tools” they use as cut outs.

I do the same, indirectly. and I meant the former! Brain is getting a bit foggy now… but I multitask, so I use my time efficiently, too 🙂

Mary Davies January 24, 2017 7:34 PM

Ever heard of the Blank ATM card capable of making cash withdrawal without being caught? I use to be a very poor lady, and life seems to be throwing up on me. So i was left with no choice than to extend my search, and i finally came across Shawbrook ATM Hackers. Though i had my doubts at first, because i have tried getting the card some time ago and i was ripped of my money. But i was left with no choice than to try again simply because i had a better understanding of the card from Shawbrook ATM Hackers. To my surprise, i got the blank card within a week. And with this card, i have been able to withdraw more than $100,000 already. I am using this medium to appreciate the good works of Shawbrook ATM Hackers, for giving the poor,hopeless and homeless a chance to keep on breathing, unlike those other fake hackers that keep on stealing from the poor only to make them more miserable. And to those of you out there having difficulties in life and have as well suffered from the hands of those fake hackers, here is another chance for you. Look no further but contact shawbrookblankatmhackers@outlook.com.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.