Friday Squid Blogging: Chilean Squid Producer Diversifies

In another symptom of climate change, Chile's largest squid producer "plans to diversify its offering in the future, selling sea urchin, cod and octopus, to compensate for the volatility of giant squid catches...."

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on April 14, 2017 at 4:25 PM • 168 Comments


Ben A.April 14, 2017 4:30 PM

ShadowBrokers: The NSA compromised the SWIFT Network

"It is by far the most powerful cache of exploits ever released..." "it is very significant as it effectively puts cyber weapons in the hands of anyone who downloads it. A number of these attacks appear to be 0day exploits which have no patch and work completely from a remote network perspective."

Security vulnerability in Drupal References contrib module puts 120000 sites at risk

Breaking Signal: A Six-Month Journey

"We don’t see why Signal can’t address some of these flaws. I’m guessing it’s not going to cost them anything..."

Why Banker Bob (still) Can’t Get TLS Right: A Security Analysis of TLS in Leading UK Banking Apps

What Every Developer Must Know About HTTPS

Certificate Authority Authorization

CAA is a new mechanism that will allow site owners to specify which Certificate Authorities are authorised to issue certificates for their domain name.

Using a web ad blocker could identify you – to advertisers

You can try out the browser extension and login-leak experiment here.

Random thoughts on the use of breach data for protection of accounts

Microsoft Joins Other Tech Companies by Releasing 2014 National Security Letter

EFF’s "Spying on Students" Report

Germany’s Crypto Past and Hacking Future

saltpack - a modern crypto messaging format

Free, open source screen capture, file sharing and productivity tool

It has numerous features but the one which readers on here may be interested in is the ability to upload text directly and anonymously to sites like Pastebin,, OneTimeSecret, Paste2, GitHub Gist, Paste, Slexy, uPaste,, Hastebin, File uploader etc.

HIPAA Compliance with Microsoft Windows 10 Enterprise

Why one Republican voted to kill privacy rules: “Nobody has to use the Internet”

Latest version of Denuvo’s DRM cracked yet again

Legal Implications of Brexit

Happy Easter all

ThothApril 14, 2017 6:24 PM

@Ben A.

re: Saltpack

I won't recommend saltpack as it has an immediate glaring hole which is the PGP style of Begin/End Saltpack message. This is like a calling card and invitation for anyone on the network or email storage end to see that indicator and draw attention. The better way approach is to assume all messages are saltpack.

John GaltApril 14, 2017 6:55 PM

Cool... Windows 3.0 with a Win10 UI. I was wondering how I could do that.

Don't get sick!

I thinks these two go hand in hand:

HIPAA Compliance with Microsoft Windows 10 Enterprise

Why one Republican voted to kill privacy rules: “Nobody has to use the Internet”

Appendix A: Suggested Active Directory Administrative Settings and Registry
settings for Data Security and Cloud Communications with Packet Captures
The following configuration was tested and verified to provide minimal cloud-communications
that would not compromise required functionality. (e.g. Allow Windows Registration data, etc.).
It is provided as a suggested configuration to reduce data communications as initiated by the cloud-features of Windows 10 Enterprise.
The test computer system was a default installation of the Windows 10 Enterprise Anniversary Edition and part of an Active Directory Domain with the following Group Policy Object (GPO) settings:

Computer Configuration>System>User Profile
Turn off the advertising ID

Computer Configuration > Administrative Templates > System > Internet Communication
Management > Internet Communication settings
Turn off Automatic Root Certificates Update - Enabled
Turn off the handwriting recogn
ition error reporting - Enabled
Turn off Windows Customer Experience Improvement Program – Enabled
Turn off printing over HTTP – Enabled
Turn off downloading of print drivers over http – Enabled
Turn off Windows Erro
r Reporting – Enabled
Turn off internet file association Service - Enabled
Turn off access to the Store – Enabled
Turn off handwriting personalization data sharing - Enabled

Computer Configuration>Administrative
Templates>Regional and Language
Options>Handwriting personalization
Turn off automatic learning - enable

Computer Configuration > Administrative Temp
lates > System > Device Installation >
Prevent device metadata retrieval from the Internet - Enabled

Computer Configuration>Administrative
Templates>Windows Components>Data
Collection and Preview Builds>
Allow Telemetry – enable – Level 0
Disable Pre-release feature or settings – Disabled
Toggle User control over insider builds – Disabled
Do not show feedback notifications – Enabled

Computer Configuration > Administrative Templates > Windows Components > Internet
Prevent participation in the Customer Experience Improvement Program –
Turn on Suggested Sites – Disabled
Allow Microsoft services to provide enhanced suggestions as the user types in the
Address Bar – Disabled
Turn off the auto-complete feature for web addresses - Disabled
Disable Periodic Check for Internet Ex
plorer software updates- Disabled
Turn off browser geolocation – Enabled

Computer Configuration > Administrative
Templates > Windows Components > Windows
Media Digital Rights Management
Prevent Windows Media DRM Internet Access – Enabled
Browser Configuration > Administrative Templates > Windows Componen
ts > Location and
Turn off location - Enabled
Turn off sensors - Enabled

User Configuration > Administrative Templa
tes > Windows Components > Windows Media
Prevent Music File Media Information Retrieval Enabled

Computer Configuration>Administrative Te
mplates>Windows Comp
Turn off Application Telemetry – Enabled
Turn off Inventory Collector – Enabled
Turn off Program Compatibility Assistant - Enabled
Turn off Step Recorder – Enabled

Computer Configuration>Administrative
Templates>Windows Components>Camera
Allow use of Camera - Disabled

Computer Configuration > Administrative
Templates > Windows Components > App
Privacy >
Let Windows apps access the camera – Disabled
Let Windows apps access location – Disabled
Let Windows apps access Microphone – Disabled
Let Windows apps access account information – Disabled
Let Windows apps control radios – Disabled
Let Windows apps sync wi
th devices – Disabled
Let Windows apps access motion – Disabled

Computer Configuration>Administrative
Templates>Windows Components>Cloud
Do not show Windows Tips - Enabled
Turn off Microsoft Customer experiences – Enabled

Computer Configuration > Administrative
Templates > Windows Components > File
Configure Windows SmartScreen – Disabled

Computer Configuration > Administrative Templates > Windows Components > MDM
Disabled MDM Enrollment – Enabled

Computer Configuration > Administrative Te
mplates > Windows Components > Microsoft
User Experience Virtualization
Enable UEV - Disabled

Computer Configuration > Administrative
Templates > Windows Components > Online
Turn off Active Help – enabled

Computer Configuration > Administrative Templates > Windows Components > OneDrive
> OneDrive
Prevent the usage of OneDrive for file storage – Enabled

Computer Configuration > Administrative Templates > Windows Components > Search
Allow Cortana – Disabled

Computer Configuration > Administrative Te
mplates > Windows Components > Store >
Disable all apps from Windows Store - Enabled

Computer Configuration > Administrative
Templates > Windows Components > Windows
Error Reporting
Disable Windows Error Reporting – Enabled
Computer Configuration > Administrative
Templates > Windows Components > Windows
Defender > MAPS
Join Microsoft MAPS - Disabled

Computer Configuration\Administrative
Templates\Network\WLAN Service\WLAN
Allow Windows to automatically connect to suggested open hotspots, to
networks shared by contacts, and to hotspo
ts offering paid services – Disabled
Do not Allow web search – Enabled

Computer Configuration>Policies>Windows Settings>Security Settings>Local
Policies>Security Options>Interactive logon
Machine inactivity limit - Enabled
The results of a workstation with the applied ab
ove configuration showed conversations kicked-
off to the Internet during a 1 hour turn-on, login and wait period. For a copy of the data sniffer
traces in PCAPNG format,
click here
. A DNS query of packet communications shows limited
communications for DNS purposes
, and Microsoft Activation.

John GaltApril 14, 2017 7:48 PM

@ Milo...

With respect to the second part of that, the recruitment online, enormous amount of resources are being brought to bear. I remember now almost three years ago, almost four years ago, December 2013, there was a man in Wichita, Kansas, who tried to blow up our airport. He got very close. And through the great work of a number of elements of our intelligence community, he was foiled literally at the airport gate. It was very, very well-done. He had been recruited online. It was an aircraft worker who one might not think terrorist, bought a gun online, had found Inspire magazine inspiring, and had made an endeavor to blow up – put a truck with a bomb between gates six and seven at Wichita Mid-Continent Airport – the place that I took off from each and every Monday morning.


"Inspire" has ALWAYS been hosted in Turkey (a NATO ally). Why would "AlCIAda" do that? So NATO could log the IP addresses in the middle of an uninhabited desert or an Afghan cave that has no communication links?

I even looked at the alleged website once right after whichever president mentioned "Inspire magazine."

It's another joke perpetrated by the boogie man so the NYTimes can fill a print column on the front page.

name.withheld.for.obvious.reasonsApril 14, 2017 8:32 PM

Some Poetry for the Weekend

Theoritical, and Operational Security;Goverance. Legal, Policy, and Technological GAP analysis of the United States of America institutions and supporing trend analysis

The growing "National Security State" as causative in forming or shaping law, policy, and societal institutions and the cost/benefit analysis is provided that takes a wider view to understand what can be differentiated with a GAP analysis of these U.S. governmental (federal, state, local, etc.) institutions/systems. The new "National Security State" born from the "War on Terror[1]" where primacy and aegis in both the political and operational forms consists of constraints and exceptions, and more broadly transitioning resources and priorities remain the purvey of the political class irrespective of consequence. The political control of the theoretical and operational exercise that constitute the "National Security State" remains, for now,an extreme risk in transmogrifying the controls by political means into a "technocratic-only" system in the near future--or it might be just that case today.

[1] Suggesting that the term "Acceptance of Ignorance as Knowledge and Wisdom" replace the "War on Terror" as the contextual lexicon for "fighting the unknown, unknowingly, and unwittingly") .

SystateApril 14, 2017 9:26 PM

I dont want to get poltical on this blog but i think the infosec community has caught the from Russia with love fever. The movie was good but this fever isnt. When the cia cache was released all i could hear was get an iphone or wikileaks doesnt matter cause we already know the cia spies. I cannot and will not trust any of those people ever. Not to name names but this shit was coming from people like thegrugq and et all.

The gem from the lawfareblog is this

"I’m comfortable with the NSA keeping as many 0-days affecting U.S. systems as they want, so long as they are NOBUS (Nobody But Us)."

Is Nicolas Weaver dreaming? I know he hates Wikileaks but is he dreaming? Like it has been said here many times NOBUS does not work. How a cryptographer can say this is astounding. The intelligence agencies hoarding vulnerbilities makes EVERYONE vulnerable. Even by his own reasoning, this tools have been burnt and there is still no response from the SUITS. What does that tell him? If the NSA has it there is a good chance that all other SUITS have it.

NOBUS implies that somehow your SUITS are better than other SUITS which has some truth because compared to the chinese or north koreans or any other country the United States has an overwhelming technological advantage over them because tech companies are over here. It is literally down the street for the SUITS to obtain this overwhelming advantage.

In my opinion when people such as him advocate such position it is because of one thing: Priviledge.
They believe that their SUITS will always come out on top. He better take a good look at history no country stays on top forever. Clearly he is okay with the CIA and NSA spying on people so if the north koreans or chinese do the same he needs to be okay with it.

Ps NOBUS does not work

Nick PApril 14, 2017 9:56 PM

@ Systate

"Ps NOBUS does not work"

Has there been a leak of the keys NSA had to break that RNG they had NIST subvert? It was a truly NOBUS design where mathematically only they could do it unless they lost the keys. The program would likely be a SAP like the others the tech Snowden talked about came from. He got it once they shared the details outside the SAP. The tech in the SAP seems to leak only to nation-state infiltrators. That's pretty bad but you're claim is past that.

It's more like: "NOBUS with SAP's and careful controls might leave everyone using that tech vulnerable to Russians and Chinese top, most-selective hackers that vast majority of citizens aren't worried about if NOBUS is about *reading* information."

Hint: Most of those same people are already vulnerable to the same groups plus black hats plus their coworkers and ex lovers if they can Google or buy attacks. A NOBUS solution that was secure against all the rest would still be a net gain. Oh shit! The morals suddenly get complicated! I still don't like it but this concept isn't cut and dry except that stuff will leak to our opponents. That's certain if we use NOBUS and to a degree if decentralized since market produces only handfuls of good solutions at any given time. You're hacked by nation-states regardless! Mwahahaha.

RachelApril 14, 2017 10:57 PM

@ Clive
@ anyone else who has something useful to contribute

" As has been pointed out in the past you can put a mobile phone electronics all in a quite small chip such as a SoC. Further as is well known you do not need a SIM --physical or software-- to use the network world wide, the most obvious being emergancy calls but there are other tricks. Also where a software SIM can be used to dial home on reverse charges or simply connect to a free phone number used for data connectivity, much like a broadband mobile data dongle. So the idea that a "firewall" will stop Micro$haft and their "instrumentation" or others getting at the managment engines is quite old fashioned technology wise."

Clive, you wrote the following a few weeks back about Intel ME. i was really glad to see it raised as it as seems generally assummed that ME spyware or anything in that class, requires internet access or at least opportunistic 'store and forward'.
you have described something that i recall came up in Snowden documents but has not been taken seriously or received the required attention, except occasional 'debunkers' "oh that would never be possible".
That is, an Intel cellular 3G connection available at all times, or able to be activated offensively as required. This would be the sort of implementation the TLA's could be so desirous of keeping secret they are willing to drop prosecution against tor users, for example. An interesting test would be with a Gauss metre of the required range & sensitivity. About the only way of really being sure. Whats more, as you have pointed out elsewhere, it wouldn't even need 3G network to send that data. So not point moving to a 2G country.
Anyone tried this? Anyone able to try this? FigureItOut appreciate your interesting engineering work in these areas, may be something to consider. Just in case you felt your paranoia was improving.

SystateApril 14, 2017 11:28 PM

@Nick P
It is cut and dry. First question is who is our enemies? And when i mean enemies it must be people the US has in some way or form antagonzied. Well that list gets pretty long. So rather than admit our mistake we say 'since we have enemies (but leave out the part about being the aggressor) we need to develop these tools so the other guy doesnt.' It reminds of nuclear weapons. Amendement 1 of the UN was to stop nuclear weapons but guess what no. Big Boss did not like the idea and now we are escalating tensions with a nuclear winter. (Have you started collecting your caps yet?).

NIST is located within the US so the SUITS over there can already lean on them. Can you imagine if the NIST were located in Russia and we find out the SUITS over there leaned on them we be having a 'they can be trusted party'.
Hegemony only needs hegemony.

I agree with your last point. Even if the SUITS within the SUITS have the advantage they wont have it for long. Their opponents will always be trying to play catch up.

Ben A.April 15, 2017 5:18 AM


The quoted section from Lawfare about NOBUS made me laugh too.


Microsoft have said that most of the Shadow Brokers vulnerabilities are already fixed.

“EternalBlue” Addressed by MS17-010
“EmeraldThread” Addressed by MS10-061
“EternalChampion” Addressed by CVE-2017-0146 & CVE-2017-0147
“ErraticGopher” Addressed prior to the release of Windows Vista
“EsikmoRoll” Addressed by MS14-068
“EternalRomance” Addressed by MS17-010
“EducatedScholar” Addressed by MS09-050
“EternalSynergy” Addressed by MS17-010
“EclipsedWing” Addressed by MS08-067

Of the three remaining exploits, “EnglishmanDentist”, “EsteemAudit”, and “ExplodingCan”, none reproduces on supported platform.

Excellent demonstration of phishing website if you use Google Chrome

Read the Wordfence article and then scroll down and click on the demonstration link.

It affects the current version of Chrome browser, which is version 57.0.2987 and the current version of Firefox, which is version 52.0.2. This does not affect Internet Explorer or Safari browsers.

We created our own example to demonstrate how an attacker can register their own domain that looks identical to another company’s domain in the browser. We decided to imitate a healthcare site called ‘’ by registering our own fake site. You can visit our demo site here in Chrome or Firefox. For comparison you can click here to visit the real

Clive RobinsonApril 15, 2017 6:02 AM

@ Rachel, Figueritout, Interested others,

An interesting test would be with a Gauss metre of the required range & sensitivity... ...Anyone tried this? Anyone able to try this?

As you have noticed "People need to see to believe" otherwise they stay in a "heads down in the sand bottom up" stance that leaves the quite vulnerable.

The classic as you indicated being the Ed Snowden revelations. A few had said XXX was going on log prior, but the many chose not to believe it untill the newspapers started saying the same. The response of both US and UK politicos when they found out theier own SigInt agencies had been doing it to them was comical.

On a more technical side the history of BadBIOS is similar, a couple of people here said exactly what you needed to do to get it working as we had done similar in the past. But predictably we got the "no not possible" response... Then an academic paper came out and within a month or two various malware writers were trying it out with advertising etc (Wait till Burger King's new ad realy annoyes people it's the same sort of thing only with "legitimate" commercial backing ;-)

Back on track however, I've mentioned in the past you don't need an expensive bit of kit. If you can solder or go out and buy a cheap AM radio, you can "see" the GSM envelope if close to the handset.

In essence you make a "wavemeter" which is a step or two up from a "diode probe" as some Amateur Radio enthusiasts call them (from what @Figureitout has said in the past his dad would probably have built one or similar such as an SWR meter or GDO).

Put simply what you need is a halfwave or better antenna at the required frequency, you couple that into a quaterwave stripline filter with three resonators. You couple the output into a diode detector the output of which you lowpass and amplify with any opamp, which is a modern version of an AM TRF or "crystal receiver". Rather than take that output and feed it into an audio amp and speaker, you instead put it into a OpAmp window comparitor or Schmitt trigger and feed it via a cheap LF or above NPN transistor to a buzzer/LED. When you've got the basics working you can make audio filters that are tuned to the GSM envelope to reduce the false positive rate.

The only hard part if you can solder would be sourcing the detector diode but a look around a current ARRL or RSGB book should give you the details of not just a 2.5GHz capable diode to search for directly but also the info you need to build the quaterwave line filter. I'm guessing you are near to France, which has quite a good "Homebrew" / "Maker" scene, but DigiKey cover most western countries these days with next day delivery.

If you want to get realy posh look up something called a "Rat Race Mixer" as it's a "sampling mixer". As you are looking for a "base band" output --Direct Conversion Reciver-- you can drive the OSC port with a squarewave of any "sub multiple" frequency, even 25KHz will work provided the rise time is sufficient. Again you will find an ARRL or RSGB publication with a design for a "comb generator" that often gets called a "frequency marker". They are not used as much in these days of single chip synthesizers but if you look in the "Microwave test" sections you will find one plus the info you need to build it.

You may have seen there is a bit of an argument on one of the other threads about "craftsmen and tools" what nobbody has mentioned is that "A good crafstman knows how to make his own tools" and when cutting a new path --as researchers etc do-- they frequently have to[1]. Which is just one reason I've tended to perfere hard science and engineering grads over CS grads when looking for close to the metel software developers. They've usually had to get "down and dirty" at that level to do their projects and later research, whilst most CS types rarely dip below the standard libraries.

You should look on building your own detector as being "A right of passage" ;-) It will also put you streets ahead on the "respect" scale with others as you will be seen as "contributing" thus others at what you might call the guru level will be more happy to help you along (It's easier to teach someone to swim when they are immersed, rather than when they've not yet dipped their toe in). You'ld also be likely to get a spot on Hack-A-Day if you wanted a notch on your gun and C.V.

The alternative is as I said a cheap AM radio of the old analog dial sort. You can select one by simply turning it on and tuning it to either noise or a weak signal, then make a phone call and put the mobile near the radio, it you hear a noise like a grunting buzzsaw you are getting break through at the radios envelope detector or audio amplifiers input[2]. The further away you mobile whilst you still hear the grunt, generally the cheaper it is, but importantly the better it is for what you want to do (sometimes bad can be good).

Arguably such poor quality radios should not be "placed on the market" as they are supposed to under go EMC testing before getting a CE or FCC approval. However, as the tests required for the approvals do not use RF signals pulsed at frequency in the audio band they generaly pass.

[1] I've made a lot of tools in my time, some have been as simple as filing/cutting an existing cheep screwdriver to work with the latest "keep the customer out" screws etc. Some have been various types of radio test equipment, also making my own software tool chains including assemblers, interpreters and compilers. In nearly all cases it was due to "needs must" as there was no viable, timely or cost effective alternative. It's much less of an issue these days but it can be fun to take a very cheep consumer item such as a childs radio control toy, and strip out the built RF parts to repurpose them rather than build from scratch.

[2] You can tell the difference between these two paths by the effect the volume control has, or more correctly does not have when it's getting into the amplifier and the grunt comes out at high volume.

Clive RobinsonApril 15, 2017 7:29 AM

@ Systate, Nick P,

Even if the SUITS within the SUITS have the advantage they wont have it for long.

Not wishing to rub salt in, it needs to be said that Russia is not lacking in brains. Also history shows us that when it came to surveillance the were streets ahead of the US for all of the cold war, and probably still are today. Likweise when it came to coding they were much more advanced and disciplined in the general case than the more coseted code cutters in the US, due to the "needs must" and "make do and mend" of higher level resource issues.

Whilst Russia is rich in raw resources and manpower it suffered under a political system that did not encorage the production of the resources necessary to pass the second industrial reveloution. Thus they could turn out the macro industrial products in vast quantities but not the micro industrial quantities. It often supprises people to see the inside of an older Soyuz capsule. There is little or no electronics and it's "all levers and valves". However the same basic capsule these days is still flying --unlike NASA-- and now they have more equitable access to electronics on the world market, equiped with quite advanced electronic systems.

The point you need to remember is underestimating a potential opponent based on incorrect perceptions is something you get warned about in "The Art of War".

It would appear that few people in the US or UK have taken time to "know the enemy" something some of my German friends tell me is very worrying. Likewise the same issue with China and a number of other places. One mistake that many make is over India, they have both brains and ability as well and developed their own nuclear capabilities oh and sent their own mission to Mars.

This weekend is North Korea's 107thbaniversary of their perpetual leader. It will be interesting to see what they do technology wise to celebrate. They are also a country that whilst smaller is in a "cold war" position as Russia once was fourty to fifty years ago. However they do have brains and ability with some access through both Russia and China to modern micro industrial products, thus it might only take them a decade to catch up (their response after Stuxnet says a lot about what they can do and have done).

Whilst South Korea did make attempts to start trade in a way that would ensure peace it got repeatedly derailed by US War Hawks, thus the likelyhood of yet another war with NK is vastly increased, only this time it's going to be somewhat more interesting.

Apparent Pres Trump has sent a US taskforce down there, however I very much doubt it was his idea as it's going to ruffle China's feathers thus put the Chinese more over to the NK side undoing earlier gains. But people are forgetting an important point, NK has successfully shown it can target it's rockets quite a bit further than the US task force is, which puts them in range, whilst NK is still out of range for the bulk of the US taskforce weapons. NK has show that it is more than prepared to "fire back" against previous US backed aggression, thus we are entering dangerous waters...

The US War Hawks have been trying to mix it up with NK for over half a Century and appear to have a sense of "unfinished business" and want to win what they lost. This is at a time when China is making it clear it does not want the US in the South China seas. Many in that part of the world are actually scared that the US will do something stupid under Trump, like they did with Syria the other day. They see him as a "loose Canon" and thus feel they have reason to fear the likely retaliation from either NK, China or both.

So not "knowing the enemy" or assuming they think or act in the ways they did could be a bad position to be in.

T+4, T-2April 15, 2017 8:12 AM

The Northeast US targets in Vault 7 will be let us say intriguing.

Turns out Tam and Jokar had doubles at the site of the shootout where the government killed him. Just Like Oswald and Atta did. Two more classic boogymen for CIA armed attacks on the domestic civilian population.

The government is going to kill an innocent man because CIA wanted to march an F Troop of dumbass Boston cops around town like an occupying army. They're practicing for the day when the average chump realizes CIA runs your country with fake threats and real terror.

FigureitoutApril 15, 2017 8:43 AM

--Thx, my paranoia has improved, my free time hasn't though, so not sure I can help you much now, sorry. So you want a generic detector of a cellular connection? I'm pretty sure what you want exists as test gear at some telecom company.

It's a problem though that's going to get worse, there's magical (don't know how they work) ceramic chip antennas that add at least 2dB gain that'll look like a capacitor/resistor on the board and other antenna designs and RF hardware is shrinking into encapsulated chips that'll be hard to disable. Newer RF chips coming out take basically all the old hardware needed to have RF comms, into the chip; they have better receiver sensitivity and can transmit longer w/ less power (crazy). I'm trying to learn about them as much as I can, how to disable them, etc. Very cool from a technology perspective, very scary from a security perspective.

skugganApril 15, 2017 10:49 AM

About the Shadow Broker vulnerability release.

Something's going on between NSA and Microsoft. A "trusted relationship", perhaps.

Anyway some cooperation, maybe for the purpose of giving a false sense or security. Who knows the same access could be provided by other means after latest Windows updates.

Below snippet from this article at Engadget.

Yesterday, the world of infosec turned upside down when "The Shadow Brokers" -- a group claiming to have stolen gear from an NSA operation -- released information including tools for hacking many versions of Windows (and details on an allegedly-targeted Middle Eastern bank). Early Saturday morning, things took another turn when Microsoft responded, noting that of the tools released, other than the ones that targeted already-obsolete versions of its OS, every vulnerability mentioned is addressed by an existing patch.

Since four of the vulnerabilities were fixed at once just a month ago it appears that Microsoft got an inside tip about the leak. Whatever happened, the company isn't saying, and conspicuously failed to credit a source for that particular vulnerability in its patch notes. As for end users, all you need to know for now is that if you're running Windows 7 or later and have the current updates, then you don't have to fear these attacks.

Slime Mold with MustardApril 15, 2017 10:56 AM

Re: Cheap (analogue) AM radios

Tip: Use one with an earbud when doing electrical work (i.e. home, automotive) with any amperage. Hearing sparks is easier than grabbing a multi-meter.

Big-Data Brain HackingApril 15, 2017 11:00 AM

A most shockingly and remarkable documentary from CBS 60 Minutes:
Silicon Valley is engineering your phone, apps and social media to get you hooked, says a former Google product manager.

'...every time I check my phone, I’m playing the slot machine to see, ‘What did I get?’ This is one way to hijack people’s minds and create a habit, to form a habit.

Inadvertently, whether they want to or not, they (big-data engineers) are shaping the thoughts and feelings and actions of people. They are programming people (our children).

A computer programmer who now understands how the brain works knows how to write code that will get the brain to do certain things.

You don’t pay for Facebook. Advertisers pay for Facebook. You get to use it for free because your eyeballs are what’s being sold there.'

A Bleak Future
'Asking technology companies, asking content creators to be less good at what they do feels like a ridiculous ask.'

Nick PApril 15, 2017 11:34 AM

@ All

Real-Time Programming (Lecture Notes)

Nice pile of wisdom on real-time programming by one of people who standardized Ada 2012. The guy I got it from went to his class. Says he knows his shit. Also, that it was one of only places you could see inside AdaCore's proprietary compiler. In any case, it's relevant here both to embedded people and as the first step in covert-channel elimination. Clock the input and outputs as Clive likes to say.

@ Slime Mold

Hearing sparks with a radio? How does that work specifically?

@ Figureitout

You need to go to Shenzhen. Figure their markets out so you can tell quality stuff from non-quality stuff. You'll then be swimming in a diverse array of parts to build whatever you want.

Nick PApril 15, 2017 11:46 AM

@ Clive, Wael, Figureitout

I was looking for a part that embedded SafeRTOS on TI's web site. They gave me a page not found. They made it into a nice, EE joke, though. Here.

WaelApril 15, 2017 12:14 PM

@Nick P,

Cute! Good thing you didn't end up on a malicious portal. The resistance would be replaced by a suceptance symbol... a hidden one :)

Clive RobinsonApril 15, 2017 12:35 PM

@ Nick P,

Hearing sparks with a radio? How does that work specifically?

A Spark is not a single event but multiple arcs with very fast rise times and as part of it you creat plasma just like lightning does.

Due to the fact all components including wire has bot capacitance and inductance, you've a lot of very small energy storage components. It you remember from school how an inductor produces a back EMF you have with a short to open circuit the very high voltage and energy to cause the multiple ionizations that your eye sees as a visable spark.

The instantanious power of the ionization break down event caused by the high voltage causes a very very low impedence through which not just the inductive put capacitive current flows.That instantanious power is quite a bit and some of the energy gets radiated as EM signals.

The theory says that a near instantanious rise time gives a frequency spectrum that is very wide band thus the power in the spark is spread across all frequencies. Even though the power might be just a microwatt over the 9Khz bandwidth of the AM radio front end it will produce a click in any AM radio in the vicinity that is tuned to either noise or a weak broadcast station.

To stop this happening with every cylinder firing with early valve AM radios put in cars they put a capacitor across the spark gap in the distributor. IF you take out the distributor of older cars --before electronic ignition-- you will find the capacitor.

Does that answer the question for you or do you want the maths behind it?

Clive RobinsonApril 15, 2017 12:42 PM

@ Nick P, Wael, all others who can groan,

They made it into a nice, EE joke, though

Nagh, try,

    She was only the electritions daughter but none of the boys could resitor...

If I told the one about the mechanics daughter I'd get a red card ;-)

I'm risking it with "the newly wed mechanic went home to his at lunch time for a grub screw".

mere mortalApril 15, 2017 1:04 PM

Here's a site proposing a technique for allowing end users to detect whether or not their browser's https connection has been compromised:

Also, for anyone interested, I thought the page provides a pretty good, plain language explanation of how certificate spoofing is perpetrated via devices commercially available to employers, schools, institutions, etc. I'm primarily directing this at others (like me) that can get a little overwhelmed by the deeper technical details and/or are still climbing the associated learning curve. But I'd, of course, be very interested in hearing from those with greater technical prowess (i.e., the "regulars" here, et al) as to any qualifications/rebuttals/additional mitigations/whatever else you guys think would be helpful to the less technical in understanding the issues and what they might be able to do about it.

I've also found this FF addon to be helpful on subject:

SystateApril 15, 2017 1:07 PM

@Clive Robinson

No doubt those guys are smart but dont aggress and claim they are going to hit us. Bruce posted that Obama stepped up cyber war against North Korea a while ago. I also remember him posting about the KGB capturing CIA agents during the cold war.

On another note i saw your post about having immutabe drives when going online. I was thinking about an even poorer and more risky solution. As you might have already guessed where this is heading... it involves the use of a USB. You would want the OS and updates on one USB, while anything else on another. Any media you download goes straight into another USB and transfer the content through an air gap pc ( I am already out of my element talking about this so dont mention energy gap). Swap USB every 6 months or so.

Or just get the raspbian and call it a day. You can use the raspberry as an air-gapped-sort-of-pc.

PS Don you consider Math a hard science?

Who?April 15, 2017 1:37 PM

@ Big-Data Brain Hacking

You don’t pay for Facebook. Advertisers pay for Facebook. You get to use it for free because your eyeballs are what’s being sold there.'

Sadly you got it wrong here. What it is really being sold here is our PII.

Clive RobinsonApril 15, 2017 1:43 PM

@ Systate,

PS Don you consider Math a hard science?

No, and as far as I'm aware mathaticions don't consider it any more a science than theologians consider philosophy a science.

Math's is not "the actuality" of our physical universe, but a way to model it and draw conclusions about the physical universe as well as quite a bit of other things that are not nor ever will be part of our physical universe.

The hard sciences are all about the actuallity of our physical universe and maths is the tool they use to try and understand it.

To try and understand the difference consider something that is not actually part of our physical universe "information". Information exists without a physical actuality, however to communicate it stor it and process it, because we are physical creatures we encode information onto energy and matter which very much are part of our physical universe.

Which in turn gives rise to an interesting notion. We have good reason to believe our physical universe for all it's size is finite. You can encode information in the spaces between physical ovjects. Even though our physical universe is finite it's believed that the number of places physical objects can be is in effect infinite or atleast a number of magnitudes greater than the physical objects it is comprised of. From this you can see that at any instant the information in the universe id finite, but potentially the information that it can represent over time is effectively infinite...

Gun MortimerApril 15, 2017 1:55 PM

Someone very amiably pointed out the "features" of the Intel management engine, highlighted in a talk by A. Rutkowska

But then who would be interested in having the (Intel) keys to a backdoor in every computer ... As Rutkowska said, it makes making a secure OS pointless.



name.withheld.for.obvious.reasonsApril 15, 2017 3:12 PM

@ Clive Robinson

Does that answer the question for you or do you want the maths behind it?

Using my best "Bevis and Butthead imitation"; ' said "maths"!'.

Clive, you know that only anglophiles and UK persons are going to get the reference (and many from Bangladesh)?

Many of you may ask why I am commenting given the the status of Buck (or for that matter the vitriolic tenor that has invaded this blog) and the like...well let us just say I am bored.

John GaltApril 15, 2017 4:12 PM

@ Clive

[[[ Due to the fact all components including wire has bot capacitance and inductance, you've a lot of very small energy storage components. It you remember from school how an inductor produces a back EMF you have with a short to open circuit the very high voltage and energy to cause the multiple ionizations that your eye sees as a visable spark. ]]]

One word: Resonance.

I'm a ham radio operator, too. I have high power amps large coils and air capacitors with scorched plates, too.

Spark Gap Transmitter was what Tesla, Marconi, and Morse worked with.

I've even burned myself with RF trying to emulate some of Tesla's experiments.


FigureitoutApril 15, 2017 5:37 PM

Clive Robinson // Nick P
--Ever heard of uCOS II? It's an RTOS I got to play w/ a port for a 68K-based chip. They set us up w/ a "driver" file w/ tasklets that just blink LED's within while(true) loops. Cool to see the switching between tasks. Didn't really have an interest in my own (RT)OS until that. But a lot of it broke when I started adding in older code we had to write. I kinda want either that kernel or something like that for a PIC chip, porting it would be pretty tough I think though, or just a lot of work. I don't care if it's totally secure, just want to play w/ it. I dedicate chips to small tasks, make them hard to reprogram, no OS, various other physical and technical hardening techniques we've discussed over the years (the usual ones) if I want security.

What I really want is easy to use "tasklets" that can let anyone just drop in any code they want to execute "concurrently" w/ other tasks. This would allow a small computer system on an MCU by connecting a keyboard, screen, and other I/O. The port I was playing w/ broke when I started trying to read dipswitches, turn on watchdog, or use the ADC. Whenever I'd turn on a dipswitch it'd light up the proper LED but then the WDT would time out even after I put it back down. ADC wasn't working at all and I had to add in some global variables for it to even build.

Nick P RE: shenzhen
--Yeah I'd love to go there sometime. My dad has. I can order most any part I need these days though so I'm good on things to do. :p

RE: joke
--Lol, always nice finding little jokes somewhere.

One World One HackApril 15, 2017 7:47 PM

Don't have much more to say, as things become more coagulated ... one bank one hack.

JG4April 15, 2017 8:43 PM

A long time ago, I asked about ultrasonic microphones for monitoring undocumented features of consumer electronics, particularly cell phones. Not sure why I wasn't able to find this more easily and a lot sooner:

MEMS Microphones DIG MEMs Mic, BP, Multimode,Ultrasonic $1.98

speaking of energy gapping, this looks too expensive for my tastes

Adhesive Tapes MAGNETIC SHEET POLYMER FILM 2"X8" $10.01

Molex HOZOX™ HF2 EMI Noise Absorption Sheets
Molex HOZOX™ HF2 EMI (electromagnetic interference) Noise Absorption Sheets provide superior noise mitigation up to 40GHz for high-frequency data, computing, telecom, medical, and other applications. These EMI absorption sheets meet strict governmental electromagnetic compatibility (EMC) regulations.
HOZOX HF2 also offers the pliability to wrap easily around cable and other high-frequency devices. Single-layer silicone-based material used in Molex HOZOX HF2 noise absorption sheets provides added flexibility for wrapping and stretching.

approaching peak irony - mind the event horizon
But instead CIA Director Mike Pompeo threw a hissy fit Thursday and called Julian Assange “a fraud–a coward hiding behind a screen.”
Pompeo said, “Assange is a narcissist who has created nothing of value.”
But this is actually an interesting turn around for Pompeo. Last July Pompeo sent out a tweet, which has since been deleted, that gloated over the proof released by Wikileaks of corruption at the Democratic National Committee. He seemed to find their information valuable.
Wait, what? Is the former CIA director seriously complaining that he feels uncomfortable knowing his organization was being spied on? That seems like a big dose of his own medicine.
The CIA is basically whining, we were trying to be super secret and Wikileaks keeps ruining it!
And the media comes in with, okay guys, you had your fun, but we gotta let the CIA do their spying thing.
If the CIA doesn’t want leaks, it should be a better spy agency.
Depending on which side of the debate you are on, the leaks either confirm that the CIA is using tools they should not be using in a way that violates individual freedom, or that the CIA is properly doing its job… except for that whole issue about being too incompetent to keep its secrets… secret.
So what is Wikileaks?
Pompeo’s CIA considers it “a non-state hostile intelligence service often abetted by state actors like Russia.”
Or is Wikileaks simply another arm of the press that is guaranteed free speech in the Constitution?

Clive RobinsonApril 15, 2017 11:08 PM

@ Who?, Big-Data Brain Hacking,

You are both one third right the value item to be sold to the customer is,

1) Who/What you are (PII).
2) What you see (with your eyeballs).
3) What you say (your copyrighted statments).

Rember bad things always come in threes, so 'rape, pillage and plunder', by man's hand crafted '666'.

Importantly you don't have to "be a user or be logged in" for Facebook amongst others to collect data (think about what's behind those Facebook icons etc you see on webpages).

Thus the likes of Facebook get what you "see and say" on the web, with the marginaly hard part for them of identifing you as an entity with attributes and from those attributes working out Who you are in their database...

It's realy not just a case of "Big Brother is watching you" but "Big Corp is selling your soul" 'lock, stock and barrel'. Whilst this is scary enough it's now also all the self appointed "Custodions of Society" not just their "Guard Labour" wanting in on the act...

Dante and others thought hell was purgitory and eternal damnation in the after life by fire and brimstone, but man in his foolishness had to be better "than his gods"... Now mortal fear on earth from cradle to grave as well as eternal damnation are what the meek have inhereted, along with all those petty Richelieu's be they Cardinals or not.

Those Richelieu's scratching away with their modern quills at your very essence to meet the targets, their overlords set them. Thus they care not for justice, to which they pay the lip service of having it "be seen to be done" rather than actually ensuring it is done. As evidenced by their real soul search of,

    Give me six lines by the hand of the most honest man and within them I will find something with which to hang him

Hear endith the lesson for today

Happy Easter Sunday / Rights of Spring festival to you both, and all the other readers of this blog. Here's hopping you enjoy many more of them, whilst you can.

SpookyApril 15, 2017 11:22 PM

@ Clive,

The hard sciences are all about the actuality of our physical universe and maths is the tool they use to try and understand it.

Well put, although the process is occasionally turned on its head by doing the maths first and then inexplicably finding a correspondance in the physical world...

The amplituhedron:

You might also enjoy this nice discussion of Bell Inequality violations (on Scott Aaronson's blog):

I know that we understand the universe well enough to have a useful toolkit that reliably describes its behaviour most of the time but... there is so much more that remains to be explained (neutrino transitions, missing mass, broken symmetry, accelerating expansion of space-time, etc). I wish it were possible to live two standard lifetimes, just so I could still be around to hear about those future discoveries. Dying with unsatisfied curiosity seems to be the norm, unfortunately.

@ Figureitout,

What I really want is easy to use "tasklets" that can let anyone just drop in any code they want to execute "concurrently" w/ other tasks.

Sounds like you'd only need a simple (round-robin) scheduler and process format. Or depending on MCU-ness, a spartan Forth where each "tasklet" is a effectively a word that cooperatively yields the CPU after completing some fixed unit of work (otherwise it hangs the whole system, rolls over on its back and dumps core, lol--but it would be easy to implement). I'd be very interested to see just how much useful work you could actually squeeze out of a tiny, low-power MCU; judging from the specs of modern ones, probably a whole hell of a lot. Even if using an RTOS, servicing ISRs (for lots of i/o) will probably start to run up against any timing guarantees for a slower chip; then again, depending on the application and protocols, losing an occasional buffer is not necessarily the end of the world. :-)

The Motorola 68K was (is?) a fine chip. My memory is fuzzy, but wasn't it one of the first microprocessors with a proper MMU? A friend commented that there are quite a number of milspec 68Ks living in the control systems U.S. nuclear subs...


Markus OttelaApril 15, 2017 11:52 PM


TFC fingerprints:

I wanted to quickly explain one improvement in the latest version of TFC. Namely the fingerprints.

Traditionally public key fingerprint has been a hash of the public RSA key or larger finite field DH value. Signal seems to use a SHA512 based KDF to iterate public keys to get a few bits of extra security for fingerprints, but apparently nothing fancier.

With previous version of TFC I figured since I'm using X25519, the fingerprint can be the public key itself; This way user can manually exchange the key if network is under MITM attack.

However, TFC is designed with anonymity in mind and NH should be running Tails. The issue is that if OTR encryption is compromised or disabled during key exchange and fingerprints are verified via compromised fingerprint verification channel, entities such as NSA that have automated transcription of intercepted calls can create a lookup table that can be checked against the XMPP server logs if it also gets compromised at some point. This could then reveal real life identities of TFC.

So from this version onwards, keys are generated as follows:

tx_message_key = hash_chain(dh_ssk + rx_pk + b'message_key')
rx_message_key = hash_chain(dh_ssk + tx_pk + b'message_key')
tx_header_key = hash_chain(dh_ssk + rx_pk + b'header_key')
rx_header_key = hash_chain(dh_ssk + tx_pk + b'header_key')
tx_fingerprint = hash_chain(dh_ssk + tx_pk + b'fingerprint')
rx_fingerprint = hash_chain(dh_ssk + rx_pk + b'fingerprint')

Correlating public key with fingerprint by deriving fingerprint from public key requires knowledge of the X25519 shared secret, so attack is as hard as breaking the key exchange.

Correlating public key with fingerprint by deriving public key from fingerprint requires attacker to break the pre-image resistance of all three hash functions used in hash chain. This is secure against adversary with a universal QC. The preimage resistance also prevents attacker from calculating message and header keys from fingerprints.

Clive RobinsonApril 16, 2017 12:42 AM

@ John Gault,

One word: Resonance

Not in all cases if you think about not just transmission line theory, but the very real practical application of putting 600V via a suitable resistor on to the center of a length of coax with it's far end shorted to ground and letting it rip with an avalanch transistor or thyratron etc. It makes a very good pulse generator and with care can be your very own "mini-EMP generator" or to kick off the likes of a transmission line Marx generator[1]. It was a subject I was looking to avoid as it generally invites the wrong sort of curiosity[3] or experimentation[4] (which is why I've given more info below). Such kit is required for what you might call EMC+ testing for certain hostile environments.

You could look on such a system as being an "Ultra Wide Band (UWB) spark gap transmitter" ;-). But it has a low and somewhat unpredictable PRF.

Which brings us onto,

I've even burned myself with RF trying to emulate some of Tesla's experiments.

Yup been there when I was building a VHF PA with a couple of 4CX-250B valves. I have a scar on the side of my right index finger that nearly fourty years later is still quite visable, unlike other scars from other teenage activities that have long fadded away.

Speaking of RF burns, or more precisely diathermy, back in the 80's I was asked to do a re-design on a "beauty clinic" de-pil machine. They use a 1.5-2.0MHz free running power oscillator and the clients body acts as the "dummy load" with the hair follicle getting explosively destroyed by the RF current boiling the cell contents. The things women etc do for beauty quite frankly scares me sometimes. Worse still is the diathermy kit you find in an operating theater, not only does the RF get into all the medical electronics, you also get a sort of acrid greasy burnt smell...

[1] Esentially[2] what you do is use the shorted coax lines to replace the capacitors in a conventional Marx generator, and replace the resistors with suitable values of inductance. You select the values using transmission line theory to match your desired output impedence.

[2] The reality is such a Marx generator is way more precision engineering than electrical engineering. The last one I made [3] was connected to a LPDA antenna and driven from a 40,000V supply which in turn has it's own special engineering requirments.

[3] The generator was used in an OATS in an uninhabited valley with a lot of barbed wire to keep out the "suicidaly" curious, even if they did come fitted with their own homemade tinfoil underpants to match their hats.

[4] There will always be home experimenters wanting to play with Marx Generators, if for no other reason to play with lasers[5]. But with all fun there are things you need to learn before getting onto the big stuff such as how to avoid "arc-eye" (like welders goggles/visors) from the UV. So those who want to play at home, this is one you can build quite cheaply,

The only real difficulty will probably be sourcing the HV supply, these can be found second hand.

[5] The thought occured to me some time ago that it might be fun to build a home Marx generator and combine the spark gaps in such a way as to make a "pumped" UV air laser.

ab praeceptisApril 16, 2017 12:52 AM

Markus Ottela

Always interesting to read about the evolution of your work ;)

Maybe I'm too much KISS but I abhor unnecessary complexity. So, allow me to ask: Why not simply have the client send a (sufficiently large) random of his choice and use that as salt for the PK hash?
Assuming that the ID PK (as opposed to the session PK) is known to the client, i.e. that the Identity of the server is established, that same random (or the a.m. hash, if you prefer) could also be used to be priv_key encrypted so as to prove absence of mitm.

John GoodwinApril 16, 2017 1:44 AM

@Clive Robinson

Transmission line theory is pretty interesting stuff (I'm a physicist by training) and crops up in big data.

If you try to do statistical mechanics on a two state system, starting from what 'Markov transitions' mean and writing down 'The Master Equation' the way it is usually derived, the 'telegraphers equations' pop out -- right their in the midst of your Big Data operation, you get binary popcorn noise. If you think about moar than two discrete states, you get a generalisation of the telegrapher's equation called Potts.

Fascinating stuff.

Here's another fun fact -- back when Fisher derived 'Mathematical Statistics' for the first time, he ended up face to face with a Fourier expansion (thing about big data being binned, and wanting to add up a million numbers, and having to do something like Simpson's rule...). This is the topic that goes by the name cumulants. We'll, he did what anyone would do, and noticed that he could keep the zeroth order term (the first order cosine like correction is 'well known' in statistics too...) and ignore the rest of the series expansion. Why, because the higher order terms were only significant if you get a million pieces of data, which wasn't practical and worth worrying about in the 19th century.

So guess what -- I've never met a 'Big Data' statistician yet who's gone back to 'Mathematical Statistics' and realised that what we call 'statistics' breaks down, as a Fourier expansion, when you get a million pieces of data or so... and well there's that bit about popcorn noise creeping in when the modes are right...

We do live in interesting times.

Clive RobinsonApril 16, 2017 2:14 AM

@ Figureitout, Nick P,

Ever heard of uCOS II? It's an RTOS

Yes I've got the book in the cave (not edifing reading). I made the mistake of "loaning it out" at work once and the CDROM in the back mysteriously disappeared. So I dropped the company an email to see if I could get a replacment as the book was out of print. Big mistake they ignored the request but spammed me with their marketing crap, so don't give them your Email address.

However they do now do the OS in an updated form for the PIC. Not sure if you know but the PIC even in the 24 family does not have a software interrupt. Which makes writting an OS a pain. I've seen various tricks but they kind of boil down to fritzing the actual hardware interupt, which is cludgy.

The big problem with people "dropping their code in" is the lack of MMU with smaller MCUs even the crap of 8088/6 segmentation would be a real help with multitasking.

The trick without an MMU is to make all code use relative or offset pointers to memory so relocating the various parts code/heap/stack is less of a hassel. However you will run into RAM allocation issues as you can not do virtual memory without an MMU.

Which is why as @Spooky points out above you need a stack based language. I know you looked in the past at Forth because I said you might find it interesting but from what I remember you did not like it.

But the acid question is "Do you need an RTOS or just an OS?" and if the latter do you need multi-tasking in the conventional sense or just to support lightweight tasks in a shared memmory map? Which further raises the question of control. That is do you want pre-emptive multi-tasking where the kernel has permanent control or cooperative multi-tasking where the tasks in turn take control? If you think the latter think back to Micro$hat's Mess Dross and just how much of a kick in the scrotum that was to multi-task, one error and the whole box died not even a blue screen of death.

If you want to get some sensible IO it needs to be interupt driven and you need your own select() or poll() equivalents. The best way I've found is to have what is in effect to interrupt types. That of the IO with "fast handelers" and a timer based System that does kernel and user activities.

Thus when you develop an IO driver you have a fast and slow handler. The fast driver just does RX/TX as fast as possible using short circular buffers. The slow handler does the transfer from the short circular buffers into the kernel or userspace linear buffers.

Each time the CPU timer kicks of a timer based interupt every 100 uS it updates the "tone generator" if you have one, then the system clock then checks if any fast interupt buffer flags are set, if there are it services one of them based on a priority schedular using a miss counter to move up in priority any IO that's of a lower priority that did not get serviced this time around. Then you run one slow handler again bassed on a priority schedular.

Yes with 10K timer interupts a second you will spend a lot of time in the interupt handlers but your IO will probably be sufficiently responsive that you may not need Real Time features.

As for a software tone generator as ROM was usually plentiful whilst RAM was not I used a DDS type synth. Basically you have a lookup table that has a sinewave stored in it[1], this is driven by a software counter value. If the count gets incremented by one it produces the lowest frequency, if by two then you get twice that, three three times and so on. The software counter can be arbitarily long so you can have very fine frequency steps. In the past I've made a PIC based software tone generator with a 64 bit counter and interupt rate of 10uS and a 5bit Walsh lookup table to give me two quadriture tones of very high purity and very fine frequency stepping and a LFSR to generate a white noise source as part of a homebrew system to do Multi Tone Shift Keying with controllable noise to test RF modem designs. Oh and the PIC was driven from a GPS derived high stability frequency refrence.

When I get a little free time and my son has passed his full licence I'll mod the design to make a portable PSK31 QRP transmitter for fox hunting and the like. Then think about the best way to make the RX modem so it will be a full QRP rig. I was involved with the design of a six tone Piccolo modem running both TX and RX on a Z80 so it should be fairly easy to do on a PIC24 etc.

[1] Actually it's only a quater of a sinewave because you can use the upper two bits of the counter to XOR either the address into the lookup table or the output from the lookup table you send to the D-A converter. You can also just write the upper bit out to a status bit if you want a squarewave. Or if you want to get realy clever dispense with a large lookup table and just take the upper three bits into a Walsh table and output to the correctly weighted resistor network.

Clive RobinsonApril 16, 2017 3:05 AM

@ Spooky,

The amplituhedron

Does it come with a pronunciation guide?

An unsettling thought occurs about has snuck up from the back of my mind...

What we call "random" as in "True Random Number Generator" is even at the human mechanical level influenced by quantum effects. True by not much but it's the edge cases that are always important in security.

Part of the fact we have random noise is locality, thus a model that removes it fundamentally is going to be of interest. Esspecially if it does produce several orders of magnitude improvment over existing techniques.

Einstein had problems with wether the universe was determanistic or not, I suspect he would have been intrigued.

From a security asspect though, could it be used to "better" predict the output of TRNGs and the like... I guess I'm going to have to get a headache and read the actual paper.

With regards,

Dying with unsatisfied curiosity seems to be the norm, unfortunately.

I suspect only for the eternally curious, of which there seem to be not very many :-(

It would appear that many people just live with no thought to anything outside of the basic wants which to me is their loss as there is a lot to be curious about.

But importantly curiosity is what makes humans realy different, not the opposable thumb (but it sure helps). Curiosity caused us to climb out of the swamp as it where, it's a shame to look around and see so many wanting to float by on at best neutral or worse slide back :-(

Patriot COMSECApril 16, 2017 3:11 AM

Chinese Military Massing on the North Korean Border?

Patriot COMSEC happens to be in China at the moment developing products and it is pretty interesting (not only because of the good treatment, genuine welcome, and professionalism). We are north of Nanjing, following the Chinese news. If you turn on a TV in a Chinese hotel room, it looks like WW II is still being fought-- it is 1943 all over again. The enemy is not the US in these movies. It is the Japanese (which is no wonder, especially if you know anything about Nanjing, Wuxi, Changsha, Unit 731, etc., or anything else about WW II in China). But how many different war dramas can you make about the Japanese invading China? And if you open the WeChat app you see Japanese missiles and rockets taking off. They have WeChat like Americans have Facebook.

Looks like the Chinese Army is massing on the North Korean border--that is according to the Western news. Isn't that supposed to be blocked in China? It is not. Stay in a five-star hotel in Shanghai or some other big city, and your connection is automatically routed through a VPN. It's Facebook and Google galore. Two nights ago we got several VPNs to work from Jiangsu Province. In other words, the Chinese are NOT blocking the internet to the degree that many people think. They are allowing VPNS, even good ones such as Expressvpn. It is a falsehood that the Chinese are absolutely blocking the internet for everyone. Don't try to use TOR though. One of our technicians got TOR to work here, but that took some effort.

One wonders if the assassination of Kim Jong Un's brother in Malaysia is linked to this buildup by the Yalu River. One wonders if the Chinese are going to cross, or, even more interesting, whether the US and China will go in together. Does not seem to be a good idea. It is not only nuclear weapons. The North Koreans have a lot of chemical weapons, and this could turn into a bloodbath.

RachelApril 16, 2017 5:04 AM

@ Clive Robinson

what a thoughtful response. One writes one paragraph and you don't just respond immediately - one gets a body of elegant prose embracing several spheres. How lucky we are to have someone like Clive dispense so generously and attentively. And, to act as benign patron for the manifest example dignity in the face of trolls, responding to the subject at hand regardless of the maturity or comprehensibility of the poster. Gratitude and respect for mentors and sage advice goes a long way, good to see the guests act accordingly here.
As for your resonse: you've given me a lovely gift to run with. I had to re-read to see why you felt me close to France - and indeed I picked up the linguistic giveaway you must have spotted a kilometere away :-)

Figureitout, didn't need anything from you, thanks, just acknowledged it was the sort of [cough] side channel you'd have on your radar given your attention to unusual(for some) details. As you noted, it's imaginably impossible to visually identify the IC, such is the advancement in tech and even increase in power hard to quantify. Hence GSM detection

My basic reason for posting the query was 1. no one has really proved this exists, and it's either ignored or written off 2. has any one done the obvious thing to prove it exists? Nick P? It seems like an elephant in the room.

And implicitly, the question, which is a seperate matter really - is anyone factoring this concept into their threat model, or do they feel energy gapping covers it sufficiently.

Who?April 16, 2017 5:33 AM

@ Clive Robinson, Big-Data Brain Hacking,

You are both one third right the value item to be sold to the customer is,

1) Who/What you are (PII).
2) What you see (with your eyeballs).
3) What you say (your copyrighted statments).

Rember bad things always come in threes, so 'rape, pillage and plunder', by man's hand crafted '666'.

...and aviation accidents. You are right, I was considering PII as both what we are and what we say, but it is good making this differentiation.

Importantly you don't have to "be a user or be logged in" for Facebook amongst others to collect data (think about what's behind those Facebook icons etc you see on webpages).

I never use these Facebook/Google icons, nor any "I like it" style buttons. When someone writes me using a gmail account I usually ask him to use another email, either a private email server or, at least, ProtonMail. Not really secure, it is not the goal of email at all, but at least I try to not sell my soul to big corporations. If they want my data they will need to work harder to get it.

Some people thinks the only dangers related with Google and other big "data miners" is they are making profiles to sell to advertisers. No, they are making profiles to sell to anyone willing to pay for this information (and, I would say, giving them to U.S. Government for free).

Happy Easter Sunday / Rights of Spring festival to you both, and all the other readers of this blog. Here's hopping you enjoy many more of them, whilst you can.

Happy Easter Sunday and rites of spring festival to you too, Clive.

And thanks a lot for sharing your knowledge with the rest of the community!

Who?April 16, 2017 6:00 AM

New CIA leaks

HIVE is a back-end infrastructure malware with a public-facing HTTPS interface which is used by CIA implants to transfer exfiltrated information from target machines to the CIA and to receive commands from its operators to execute specific tasks on the targets. HIVE is used across multiple malware implants and CIA operations. The public HTTPS interface utilizes unsuspicious-looking cover domains to hide its presence.

Clive RobinsonApril 16, 2017 7:09 AM

@ Who?,

The public HTTPS interface utilizes unsuspicious-looking cover domains to hide its presence.

Yes it's a point I've made from time to time in the past. I had the realisation of "who blocks google" back when I was figuring out how to go about hacking voting machines, to see what would be needed to defend against it. As part of that I worked out a way to implement a headless BotNet Command and Control Channel using google's servers and services. I also worked out a way to do the movment of payload and feedback data as well.

At the time I only mentioned one harder way to do the C&C channel using open blogs so that the BotNet hurder could not be easily traced. Since then it's been intresting to read the leaked data as it appears the US IC thought it a good idea one way or another.

So I guess I've now got to go and read up on HIVE to see if they have "infringed" on my ideas. After all IP theft is a serious crime they keep telling me ;-)

Who?April 16, 2017 8:53 AM

@ Clive Robinson

Good luck suing the CIA!

It would not be the first time a good idea is stolen from this forum.

Markus OttelaApril 16, 2017 9:33 AM

@ab praeceptis:

There is no separate session keypair. TFC uses single ephemeral X25519 to establish the shared secret, from which all the symmetric keys and fingerprints are derived from. Since shared key is derived on TxM, all received values must be manually copied on that. The purpose of this salting is to use something server doesn't have access to, so using random value sent over server wouldn't add security.

Session key pair isn't needed because the hash ratchet ensures per-message forward secrecy. Key exchange requires some manual labour: Having to manually copy a public key for each session would be painful and it would only provide per-session future secrecy, which is somewhat pointless because strong CSPRNG prevents weak keys, and HW layout prevents key compromise.

The previous post did not mention one aspect, why does fingerprint generation need to be more complex than hash_chain(b'fingerprint' + dh_ssk) where preimage resistance protects the X25519 shared secret and domain separation with the static byte string protects keys.

The reason is that while a fingerprint like that would more convenient and easier to compare by users, having both parties read the same fingerprint can lead to situation where one user reads the fingerprint and off-band MITM just replaces confirmation with a previously recorded "that was correct" phrase. It's much better to have both users read their own fingerprint (the program tells which is which and what to do) aloud every time.

So all in all, I think the key exchange can't get any less complex than it currently is. The only downside I see to current one is X25519 providing just 128 bits of symmetric security. So if X448 Goldilocks ever makes it to libsodium and PyNaCl, I'll have to update the key exchange algorithm. This will double the key size, but in Base58, 100 characters is still doable.

FigureitoutApril 16, 2017 9:53 AM

--Yep, it does round-robin scheduling. I don't have heavy-duty real-time and other scheduling requirements lol. MCU will be a PIC18F, PIC16F, or ATMEGA328. I don't want to mess w/ codewarrior's BS anymore, I'm used to its quirks and hoops I have to jump thru to compile but I keep having to use it and I'm tired of it lol. That and the dev board at our school, there's some "backdoor key" in the header file mapping all the ports, don't want that. Don't really like Forth, tried it and "4th". Rather C/C++ or assembly.

Not sure about MMU on MC68K, they do have different modes of operation, like "expanded mode" where you can add more ROM (up to 64K?). Normally it's just 16K, I think you can fiddle w/ a linker parameter file and add more pages easily, at least up to 32K. I never needed to though.

Clive Robinson
--Ok, lots of pitfalls to go thru. Don't *need* real-time, I don't have requirements. Pre-emptive multi-tasking would be cool though, all the other features you'd expect in a bare bones OS. Don't want to use 24 family, the 18 one. Guess what I ran into though? Silicon errata, especially on UART. Got it fixed but still...that why I freaked on a project and ordered some 16F's. When I said I wanted to switch our prof just blew me off "Oh's the hardware...uh huh sure..." and 9 times out of 10 it's software but, it really was hardware this time. An assembly code patch was needed to fix it. Don't really wanna use Forth, it's popularity these days shows I'm not alone...I'll find some kernel ported and make it work some day, will be a good exercise.

RE: priority scheduler
--Ah ok what you did sounds exactly like "aging" the processes to avoid "starvation". Nice.

--Ok, yes it is/was a concern. I never truly needed it for my purposes, I would get around it, but still it would be annoying to get hacked at work or home outside of a shield room. When they start encapsulating the radios into other aspects of the system, it'll be hard to remove w/o destroying other important we need to just block the communication w/ a shield, at least that's the simplest most sure way to cut off RF channels. The phrase "chasing shadows" comes to mind too, you can cut-off one channel but maybe there's others? Shield room pretty much takes care of that. And you'd need a metal can to hold it in while you open the door to get out of the shield room lol.

Really what we should be looking to is other open architectures (like RISC-V) where we can at least design-wise know there isn't this hardware in the chip when we send files off to manufacture, but yes we do need some test equipment to verify (probably a VNA). It's expertise I don't have yet, most likely won't ever have.

If I see something that may be what you want I'll post it here. Here's something: which listed this nifty part: Holy cow that's cool, damnit Rachel, look what you've done! Now I wanna try this... :p

antoniaApril 16, 2017 10:18 AM

Ben. A re: Certificate Authority Authorization:

It looks somewhat useful, but still only a partial fix for the biggest obvious problem with CAs. Baseline Req. 1.4.4 says "CAs are permitted to treat a record lookup failure as permission to issue if: the failure is outside the CA's infrastructure; the lookup has been retried at least once; and the domain's zone does not have a DNSSEC validation chain to the ICANN root."

They wrote that last part backwards, I'd say. "Does not have a DNSSEC validation chain"? Shouldn't it be "has a DNSSEC opt-out record with verified signature"? And that's literally the only reference to DNSSEC I found in the document. Why is it okay to issue a cert simply because someone can publish to a certain path on an unsecured web server, if there's a cryptographically secured channel that could be used? The whole point of a TLS is to protect against passive and active network attacks, but anyone who can mount an active attack while the CA is doing its authentication check can totally bypass the security. If a domain has not opted out of DNSSEC, no CA should be allowed to issue for it without verifying control of the DNSSEC key.

My InfoApril 16, 2017 10:30 AM


It's broken. Defective by design. That's what happens when you allow locker-room jocks to have access to computers and the Internet, let alone sit on IETF standards committees.

name.withheld.for.obvious.reasonsApril 16, 2017 10:54 AM

@ Clive Robinson

[2] The reality is such a Marx generator is way more precision engineering than electrical engineering. The last one I made [3] was connected to a LPDA antenna and driven from a 40,000V supply which in turn has it's own special engineering requirments.

Knew it would only be a matter of T[n] before Marx made it into the thread...

And, would have guessed it to be you.

Regards old chap

rApril 16, 2017 12:34 PM

There was no stopping the conceptual sword during the early age of iron Clive, in the age of information?

The wedge is again king.

Curiosity opportunity are the only two people working at uber that I know.

Insert another layer here.

Where Have All the Children Gone?April 16, 2017 2:07 PM

The personality traits of the Big-Data Brain-Hacking Product Managers:

Ethical engineers would NEVER use these hugely powerful techniques on our younger generations still developing brains. Big-data is in effect creating zombie addicts.

As Microsoft states in their (no holds) privacy policy ‘only in the USA’. The excess only gets more ludicrous as American ISP's are salivating in their new god position to eavesdrop on parents and children. But they too 'take our privacy (away) seriously'.

Maybe after a couple of generations are proven crippled, society will awaken. Its either that or ruling robots and basic income.

Here's the first salvo:
American Journal of Epidemiology, "Association of Facebook Use With Compromised Well-Being:
‘The use of Facebook was negatively associated with overall well-being. These results were particularly strong for mental health; most measures of Facebook use in one year predicted a decrease in mental health in a later year."
And, significantly: "We found consistently that both liking others' content and clicking links significantly predicted a subsequent reduction in self-reported physical health, mental health, and life satisfaction."

Clive RobinsonApril 16, 2017 3:04 PM

@ Figureitout, Rachel,

Holy cow that's cool, damnit Rachel, look what you've done! Now I wanna try this... :p

A couple of things to know about the LTC 5505. Firstly it's as deaf as the proverbial post, because it's not designed to be used as a receiver put a power output monitor. So it needs a little help with a front end, the easiest thing to use would be a RF Mod Amp which you can by through DigiKey they come in the same frequency range in various gains from 6dB to 30dB as a rough rule of thumb ever 6dB doubles the range.

So if you used the patch type antenna given in the experiment report it would give you a around a 2m to 32m range which would be about right for a normal 500 SqM enclosed area you might use for a server room and techsup desks.

However if the GSM antenna is in a typical server tin can the GSM signal could well be weaker which means you would have problems with ordinary phones on desks abd in pockets.

A way around this is to use a directional antenna, it just so happens that you can make with a couple of FR4 PCBs a Log Periodic Dipole Array with the required bandwidth that would have a good front to back ratio and minimal side lobes (you can find design calculators on line on various Ham sites). An omnidirectional sense antenna with sufficient bandwidth wold be a discone antenna again design formulas are online or in RSGB or ARRL books.

ab praeceptisApril 16, 2017 6:21 PM


"Good luck suing the CIA!"

Suing isn't the only remedy available ...

And someone smart enough to have his ideas stolen by the cia might find interesting ways to make them pay in very painful ways.

Clive RobinsonApril 16, 2017 6:30 PM

An Ad blocker to end all...

Princeton has developed an Ad-blocker that some think will be the end of the Ad-blocker counter/counter measures battle,

But there is an elephant in the room, that is Ad-less revenue of the likes of Google/Facebook.

The real money is in identifying the "Who/see/say" of internet users and linking it to other databases, and giving it all for free to Uncle Sam...

supersaurusApril 16, 2017 6:38 PM

@ all

@Ben A posted this interesting link amid a forest of other stuff: windows 10 enterprise setup for HIPAA.

maybe the easy thing to do is just give up and post all of one's medical records somewhere public, because the likelihood of your garden variety doctor or hospital being able to make that work is approximately zero. network security left as an exercise for the student.

ab praeceptisApril 16, 2017 7:29 PM

Markus Ottela

Granted, I didn't look profoundly into it and so it might well be possible that I just fail to see the beauty of it.

As I highly value actual work being done (rather than the common day dreaming) and done with a dead serious attitude regarding security I'm interested in your work and hence make some comments (which I will stop without bad feelings in case they are not welcome by you).

Some remarks:

Maybe I'm stubborn but I *strongly* suggest to use one (more or less) standing pub_key (or pair, depending on your protocol) only for identity and possibly for warm start (as opposed to plain text "cold startup") plus an ephemeral pair per session, e.g. for DH.

Maybe I just misunderstand you but saying that there is no separate session key pair and using ephemeral X25519 looks contradictory to me. After all X25519 (i.e. Curve25519 plus DH mechanism) *is* about (typically ephemeral) pubkey crypto to establish a shared secret (which then is typically used for sym. crypto).

X25519 providing just 128 bits of security? You see me bewildered. ECC allows for quite arbitrary bits of security; it's just that code, pre-canned for programmers consumption, comes with standard size q = 128. There is absolutely nothing keeping you away from extending the field to e.g. q = 196 as long as you stay within ca. 254 bits (due to the prime field being defined by 2 ^ 255 − 19).

Plus: No matter anyway as 128 bits is considered as "secure incl. reserve" as long as the opponent is pre-quantum. So, iff you worry then you might want to go to pq-crypto rather than waiting for much-more-bits crypto (whose pq resistance is doubtful and whose current value is doubtful, too).

Also keep in mind that you don't save anything significant (in terms of computation/performance/time) shaving off one pub_key as Montgomery curve based PK crypto offers excellent performance. Montgomery curves (and Edwards even more so) are *very significantly* faster than weierstrass computation.

Plus: "holy rule". Keep the user out of the game if any possible. Having users to manually copy keys and the like in my minds eye is asking for trouble.

Don't get me wrong, I *do* like your ratchet constructs; in fact I use some myself since I've finally become fully paranoid (re. security) but also keep in mind that the irreversability of (good) hash functions is as much a blessing as it is a curse. Example in case: there are really beautiful pq hash based signature algorithms. Really, really lovely and elegant. And bloody limited to signing; no encryption, no decryption, nada zilch (which leaves us with mostly half-cooked pq crypto like sidh).

Base58? Cooool! Reminds me of a (very fruitful) phase when I used 6 bit based strings rather than "wasteful" hex strings.

Again, please take my remarks as constructive and if I should shut up, just let me know!

Markus OttelaApril 16, 2017 10:46 PM

I hope my writing doesn't give an impression I'm somehow hostile. English is my second language so the vocabulary is what it is and people might interpreted it in a wrong way. I come here for advice and to share what I come up with and I highly appreciate your (and everyone else's) thoughts, comments and ideas!

If I understood you correctly, warm start is about using previously established identity-key pair to e.g. encrypt then sign the public key, that will be used to generate the keys for communication. This might work, but I'm not sure if adds complexity without providing meaningful security. Bear in mind public keys are already wrapped around OTR and TLS, and the software prompts user to verify fingerprint every time.

One stepping stone I see here is a situation where same identity key is used for all contacts (e.g. OTR does this, Signal apparently not). In the past this has lead to people asking me to send the fingerprint of some common buddy over E2EE OTR-session. Generally this works because it's hard for me to spoof someone's XMPP login credentials, but if we'd be using Ricochet where fingerprint is the account name, MITM attacking my buddies would be trivial.

So the long term public keys are useful if users want to renegotiate keys often, but it might also deter them away from verifying fingerprints off-band every time, they might actually be less safe.

I've also played with an idea that users could chain key exchanges (MITM in any key exchange would cause keys to get out of sync), but since there are four computers that need to share a state for multiple keys because there's the possibility of packet loss, I feel there's less complexity if each key exchange is entirely new. This way I also don't have to add two different key exchanges -- one for existing keys, another for bootstrapping and error recovery.

Saying there is no session key is not very clear I admit. So maybe it's easier to think TFC has one session that lasts as long as users want, and where the fingerprint is the public identity key. What I meant by saying it has no session key, was when you start the program, the hash ratchet will continue where it left off, and no X25519 key exchange is needed.

IANAC. But quoting wikipedia, "the fastest known algorithms that allow one to solve the ECDLP (baby-step giant-step, Pollard's rho, etc.), need O(sqrt(n)) steps, it follows that the size of the underlying field should be roughly twice the security parameter. For example, for 128-bit security one needs a curve over F_q where q ≈ 2^256. Curve25519 would appear to have q=255 so security should be about 128 bits. With this reasoning, X448 should have symmetric security of about 224 bits, so it's closer to 256-bit XSalsa20. Now obviously if this was a huge problem it would've never been implemented. Key expansion works. But I'd still rather have all the security that's available in reasonable effort for user. (I recall a branch I created for 1536-bit? DH that had something between 5 and 15 separate checksummed sections users had to write in order. ECC has been a huge jump in convenience and security.)

PQ key exchange would be useful but I'm afraid it's better to sit and wait until a usable library for some algorithm is written. Code-based crypto like McEliece is AFAIK currently the only one proven to be secure against Shor's algorithm, but the keys are ridiculous. Saying typing 1 MB public keys in Base58 (that has 73% efficiency) is inconvenient is quite an understatement. So unless something comes out of e.g. lattice based crypto, I don't see PQ key exchange choices for TFC outside the PSK. Just in case, I've improved PSK functionality over time as much as I can.

"Having users to manually copy keys and the like in my minds eye is asking for trouble."

This is unfortunate, but I see not malware-proof method of automating public key input from RxM to TxM. (The issue is, if RxM that receives possibly malicious data from network compromises TxM, that device can covertly output all keys to network.) IIRC Nick P warned me about OCR having history of vulnerabilities, and any automated protocol over serial, QR codes are impossible to audit. But I've tried to make it as easy as possible.

Proper encoding has been a small journey in itself. It's actually not Base58 alone, but a slightly modified version of Bitcoin WIF, that is Base58(message + SHA256(SHA256(message))).
The latter part is just a checksum but I swapped it to hash chain just for the sake of completeness. If user makes a typo, the program will notify about it, and readline library allows user to reload invalid input by pressing the up arrow. All B58 keys are sliced into smaller chunks in normal use (local testing shows key in one long string to make copying it between terminals quick and easy when I demo the tool).

John GaltApril 16, 2017 11:33 PM

@ Clive

@ John Gault,

One word: Resonance

Not in all cases if you think about not just transmission line theory, but the very real practical application of putting 600V via a suitable resistor on to the center of a length of coax with it's far end shorted to ground and letting it rip with an avalanch transistor or thyratron etc.

Yes it is.

Parasitic oscillations are caused by from PHYSICAL resonance of the affected charged components. Simply put, that's why it CAN be easy to fry a vacuum tube, too. And every effort must be made to keep the oscillations at a minimum at all times.

If you don't ,... there's ozone, smoke, and sometimes even fire.

ab praeceptisApril 17, 2017 12:43 AM

Markus Ottela

(assuming that was mainly a response to my post)

First, no, no, you did not all give the impression of being hostile. It's just that I didn't want to push anything and to assure you that you could stop me if you disliked my involvement. After all it's *your* project and you have demonstrated that you are quite knowledgable yourself.

Ad ID by PK: I did, indeed presume that you wanted to make sure that the endpoints can be sure about each other and also that there is no Eve playing games in the middle.
And yes, one way would be to use that for both to sign their session pub_keys, although I personally wouldn't like that but rather to keep the ID keys separate from the session establishment.

"Bear in mind public keys are already wrapped around OTR and TLS..." - I would think that over again. It may be me being a little slow and stubborn here but I would strictly separate the "what do I want" (e.g. OTR messaging) from the how to do that, particularly concerning the "common way to do it" (prticularly as most have produced broken (and/or tainted?) stuff ...).

Whatever you want to do (in your case OTR messaging) will need a secure channel. You also want PFS if I got you correctly (and I hope so). My advice would be to forget all the "common ways to do that" (like e.g. signal) and to start from a clean slate asking the necessary questions.
1) What is PFS, how can it be implemented? It boils down to not using "static" PK pairs, i.e. to establish (random enough) session keys for each session. You already chose an excellent way to do that (X25519) along with a good library (NaCl/sodium).

2) At the same time - and I find that attractive to show the aeon old trade-off so often seen in engineering - you *need* static PK to verify ID (and also to avoid Eve in the middle). Hence my proposal to use them both, each for its purpose and ideally not in any way linked. The price to pay is very low anyway and you are rewarded with a clean design.

3) Et voilà, there you are having all the desired properties (unless you make stupid errors like, e.g. with a semi static nonces).

"ECC, Pollard Rho, etc." - Yes and no. All that is *today*, i.e. not yet pq. pq will dramatically change things to far, far worse than O(sqrt(n)), namely to polynomial.
That issue has many traps in it and is often misunderstood or mixed up. *sym* crypto is assumed to stay "only" sqrt(n) secure (which is still exponential) in a pq world, hence Bernsteins (et al.) good advice to prefer 256 bit *sym* crypto to be prepared for pq.

Here, however, we talk PK and there the pq problem boils down to both current basic security reductions/basic models being more or less dramatically broken.
It might be noteworthy that that is the very horror scenario we're talking about re. nsa and pq: If they saved what they collected (say messaging collection) then in the pq world they would be capable to crack all the (former) PKE and hence get at the sym. key used (established through PK) which btw. also means that, while using, say, aes 256 vs aes 128 *today* it will be quite meangless then (because they won't crack, say, aes, i.e. the cipher, but rather the PK used to negotiate the key used for sym. crypto).

So, you *could* use e.g. 224 bit 25519 but pq that would neither be needed nor help you a lot and today it would more or less be a waste of resources (in other words: dj, Lange, et al. are absolutely right).

Summary: Don't worry *today*. Sodium is good stuff with very reasonable reserves.
And the solution to pq is anyway outside the realm of ECC (and RSA).

"pq zoo" - Nope, there is more than McEliece (which, however, seems to be the cool trend). The problem is that none of the alternatives offers *all* desired properties (like performance, key size, and - important - being well researched, understood, and extensively tested). sidh, for instance, looks very promising but is quite immature. ntru (lattice based) is available since many years (albeit patent tainted) but has somehow managed to be quite vulnerable, which is in a way funny because lattice based algorithms per se are extremely attractive (security reduction CVP/SVP and well computable).
All in all the current trend seems to favour McEliece. Afaik there is no production grade and halfway established library for any except ntru (which might not be the wisest choice).

Do you need to include and prepare for a pq scenario? That's a rather religious question I guess. All in all it seems that it's somewhat too early for 99,9+% of developers.
I mentioned it anyway because I feel that while a good tool (like the one you're working on) must not necessarily implement pq protection, it definitely *should be prepared* to add it later. In other words: Be sure that your design allows for inserting that once it's available (or necessary).

Finally as for the key problem (no ocr, maybe optical transmission, whatever) it might be worthwhile to think about something hash ratchet based (*g). Why? Because we humans are lousy remembering or entering long chains of meaningless bytes; we are quite good, however, remembering and entering *meaningful* phrases. What's the trick? A hash ratchet and e.g. modulo addition a difference which you can pre compute.

So: user remembers well "apples and a small gallic village" (which is 's'). U = hash(s). R is real key, say a public key. So, you precompute V such that (e.g.) R = U + V (% some prime that fits your needs.
- user remembers and enters "human comfortable passphrase"
- V is stored but worthless without U.
- R can either be stored or computed.
- can be applied to priv_key, too. Such, if device is stolen, nothing valuable is gained.
and everyone is happy ;)

Hoo-MeeApril 17, 2017 2:06 AM

@Clive Robinson

Re: An Ad blocker to end all...

Certainly sounds interesting, but alas as it stands now it's vaporware:

From the link, "A proof of concept is now available for Chrome, but is not fully functional (as in, it only detects ads, it doesn't block them)..."

Meanwhile, I cannot imagine Google et al would let them publish this software if it did work. There's simply too much money involved to allow some real smart kids fix the internet of ads. The app would get tied up in court for years and/or might get bought out and buried.

Sure does sound good though.

RachelApril 17, 2017 2:09 AM

@ Who?

[Importantly you don't have to "be a user or be logged in" for Facebook amongst others to collect data (think about what's behind those Facebook icons etc you see on webpages).]

'I never use these Facebook/Google icons, nor any "I like it" style buttons'

Many people don't either. It doesn't matter. Their mere existence is one layer of the tracking technology facebook relies on.
Good news is, something as simple as the add on U Block Origin strips and blocks those pixels, also blocking ads containing similar spyware. it's a small thing
but it contributes

One beautiful thing about this site, as Clive has regularly commended, is the lack of scripting. Thats the major issue missed by everyone suggesting ways to censor, moderate, add voting, or otherwise complicate the comments section with additional code. This site MUST remain as elegant and as uncluttered as we presently enjoy.

Bruce is one of those rare individuls who understands the need for basic clean simple websites. Put aside all the security implications of client side code for a moment. Essential educational websites should be accessible to anyone with the most minimal data capacity possible. Not everyone lives in a 1st world country with unlimited highspeed broad band and fast computers. I don't want flashing graphics, photos, videos, big banners and all the rest

Who?April 17, 2017 4:01 AM

@ Rachel

Yes, I know what tracking pixels are and that there are too many layers in most sites that can be used to track people. To me, one of the most dangerous ones is Google Analytics.

I try to run a few trusted add-ons on my browser (whatever "trusted" means here), but I understand this one is a battle we cannot win. I have my browser configured in permanent private browsing mode, rejecting third-party cookies. Not to say, browsing and email cannot be used for serious work right now.

Thanks a lot, Rachel, for the tips. I really appreciate them and, indeed, as you I enjoy this site too. There are only a few sites that do not (ab)use scripting.

Who?April 17, 2017 4:15 AM

A random though on the CIA NOD Cryptographic Requirements

Odd classification, this document is TS//SI//NOFORN. Whishing to know why... most paragraphs are (U), (C//NF) or, at most, (S//NF) except these ones related to RC4 hardening:

f. (TS//SI) 5.9: Added additional information about proper use of RC4.

9. (TS//SI) Further than stated above, if RC4 is used the first 3072 bytes of the cryptostream must be discarded and may not be used.

Why so high classification for a tip about securely using this stream cipher? It does have enough vulnerabilities right now as to be considered insecure. The Fluhrer, Mantin and Shamir attack is not exactly "unknown" to the research community.

In any case, it is a good document that provides valuable advice.

Who?April 17, 2017 4:23 AM

In general, my though is that this document is a bit "overclassified":

4. (S//NF) All asymmetric keys used in this suite must have a length of at least 2048 bits (256 bits for elliptic curve prime moduli).xxii
(S//NF) Note that there are two key pairs for a total of four asymmetric keys utilized in this Suite: ServerPublic (utilized and stored on the target), ServerPrivate (utilized and stored only on classified CIA networks), TargetPublic (utilized by server, no copy needed on the target), and TargetPrivate (utilized and stored on the target).
Not exactly what I would call "secret," it is more like cryptography 101 course.

RachelApril 17, 2017 4:40 AM

@ Who ?

thanks for your words. You may also like the FOSS Spybot anti-beacon, which is mostly the os telemetry side of things - particularly relevant for those under duress to use WinDoze$haft 10
i am sure the regulars roll their eyes at such suggestions but, nonetheless it's good to share. Okay, perhaps rolling the eyes is reserved for investing sole faith in @ Ab Praeceptis's famous golden stickers. Which, as we recall, were found in chocolate bars allowing unprecedented access to Willy Wonkas land of the oompah loompas

ab praeceptisApril 17, 2017 5:19 AM


Ts, ts ... what's there to roll ones eyes? My golden stickers rule is the quint essence of the combined Symerski security technology after all!

And thanks to Thot's beautiful card with the most important security stickers I have something to show, too.

Also, kindly note that golden stickers security is no worse than windoze security or even the cia supreme-cyber-whatever.


Google Analytics Privacy SettingsApril 17, 2017 5:31 AM

Google states up to the web site owner to determine how much customer data is collected by Google.

'Only in the USA' do many taxpayer funded government websites allow Google Analytics to eavesdrop. The worlds largest advertiser permeates our public libraries, schools and now the doctors office. The customer level staff are clueless.

American Sense of Fair Play
The current perverse political solution is to 'level the playing field' by allowing ISPs to also data-mine captive customers. Now everyones 'wires are tapped' continuously. Impressive?

Collateral Damage
My informal survey indicates many women can't sleep so they surf Facebook in bed at 4am.
Being chronically tired and irritable, medical issues develop. But not to worry Microsoft is there to share their non-personal (Big-Data induced) medical affections with the pharmaceutical industry (who have already worked the doctors office).
Quite an impressive system?

Dirk PraetApril 17, 2017 6:43 AM

@ Rachel

You may also like the FOSS Spybot anti-beacon, which is mostly the os telemetry side of things - particularly relevant for those under duress to use WinDoze$haft 10

Also works on Windows 7-8.x . From the same vendor: Shutup10.

@ Who

Thanks for the advice but I do not use Windows, only OpenBSD.

Unless you're in the very comfortable position that none of your relatives, employers or customers has Windows, you still may wish to take a note. It's just one of many tools with which you can at least mitigate the amount of PID you're leaking to MSFT et al. It would be kinda cool if we could finally differentiate between "securing" a machine (which in the case of Windows and most other COTS OS'es indeed is a lost cause), and trying to limit the damage.

It's really great if you can get everything done with OpenBSD, TrueOS and the like, but the fact of the matter remains that they are beyond the average user, especially because they tend to blow up in your face with every major upgrade, even if you know what you're doing. I've lost count of how many times it has happened to me and that I would have completely lost systems if it weren't for backups, VM snapshots and separate boot environments. The latest 20170331 TrueOS release, for example, has a borked Intel video driver that causes your system to freeze during start-up, but let's just not go there before someone accuses me of badmouthing *BSD and recommending we all stay on Windows, MacOS and Linux.

Bob PaddockApril 17, 2017 8:24 AM


'What I really want is easy to use "tasklets" that can let anyone just drop in any code they want to execute "concurrently" w/ other tasks.'

'Sounds like you'd only need a simple (round-robin) scheduler and process format.'

What you may be looking for is Protothreds, which is the cooperative task management core of the Contiki OS.

Protothreds is only a couple of C files pt.c and pt.h.
It works most efficiently with GCC that allows for computed GOTO, which is all hidden from the end user.

'anyone just drop in any code'

'Anyone' that understands the difference between concurrency and simultaneous and all the other race conditions that a RTOS can bring about.

Most RTOS problems can be broken down to Run To Completion State Machines. At that level the RTOS can be replaced with some simple cooperative scheduler such as Protothreads where it is far easier to prove correctness.

I went from using uCOS-II (You'll find my name in the credits of the first edition of the uCOS-II book for help validating it), to using Protothreads, to Run To Completion State Machines in simple C.

"(...) all languages such as C, Java, C++, and so on, have the notion that there is this stuff called state and that we can change it. This is fine as long as you have only one process doing the changing. If you have multiple processes sharing and modifying the same memory, you have a recipe for disaster — madness lies here." - Joe Armstrong creator of Erlang on using message passing instead of threads, locks and mutable states.

War GeekApril 17, 2017 9:16 AM

@Clive Anderson

"A resonant frequency of 2.6 GHz with a reflection coefficient of -8.3 dB was found for the Intel P4 CPU heat sink"

Dated, but they cover a test process that is useful. And point to the much the same concerns you raise.

If true though, this getting publicized probably prompted the interested parties to start including ways to selectively, switchably, ground parts of the heat sink base in order to make it resonate with more innocent looking frequencies when not actively needed to sense or transmit.

Therefore I'd suggest a test rig be used against older CPUs just to get build some happy/shiny feelings before tackling the the CPUs that almost certainly have gotten more wily about hiding RF characteristics.

Nick PApril 17, 2017 10:47 AM

@ Bob Paddock

re Armstrong quote

It's a myth that proved out in practice by tons of bad implementations. There's been ways to do safer concurrency at language level since Concurrent Pascal. Later, there was Ada Ravenscar, Eiffel SCOOP, and Rust's model. SCOOP has had lots of optimizations from Meyer's group. Many others in CompSci as prototypes but those are industrial. This doesn't include library or modeling level stuff like with SPIN. There's also techniques for analyzing multi-threaded code by looking at it as a series of sequential computations then choosing the worst of them for WCETS or something.

So, harder, should be avoided if possible, and still doable race/deadlock free if necessary.

MikeAApril 17, 2017 11:42 AM


That capacitor (well, "condenser") across the ignition points is not just to reduce RFI. It helps prolong the life of the points. Not perfectly of course, so I have a couple "points files" for use on the five vehicles I own that lack "electronic ignition" (as if old school points are exactly equivalent to hot-tubes). The plug wires with distributed resistance now, those are mostly for RFI.

As for the free-air laser, perhaps you would be interested in:

SpookyApril 17, 2017 3:47 PM

@ Figureitout,

Yep, it does round-robin scheduling. I don't have heavy-duty real-time and other scheduling requirements lol. MCU will be a PIC18F, PIC16F, or ATMEGA328.
Don't really like Forth, tried it and "4th". Rather C/C++ or assembly.

What a nice chip. I'd never heard of the PIC18F (not an engineer, obviously; just a software weenie well past his sell-by date). It barely sips the power, depending on your application. Looks like it could practically run forever on fresh air, sunshine and a spare lantern battery. Working RAM is somewhat constrained (1K/1K) but you have lots of storage (32K) and the ability to shuffle data across serial/USB. 12 MIPS! Plenty of capability for a portable text processing device doing serial comms. Very cool. If you decide to actually build this thing, I hope you'll share the outcome here. I'd be very interested to hear how it turns out.

Yeah, Forth (like everything else) is just a handy tool and probably not the best tool for every job. I've never used it for paid work. If I were trying to operate in such a tiny environment, I'd probably do an initial quick pass in C or assembler, just to see if the minimal working set for your UI and algos can reasonably be made to fit (the usual time/space trade-offs) and what the actual overhead is like when paging to/from on-chip storage. I was wondering if you were planning to attempt the key setup + ops on the MCU itself (slowly...) or offload the heavier lifting to an on-board accelerator, USB armoury, etc.? Either way, I look really forward to seeing where you go with all of this.

@ Bob Paddock,

Thanks for the helpful input, esp. re: Contiki + protothreds. Contiki is a project I've been watching for a very long time, it is quite an amazing body of work. I was (and remain) very impressed by uIP. I'll give protothreds a close look, thanks!


rApril 17, 2017 5:39 PM

@Dirk Praet,

I've never once seen OpenBSD 'blow up' during an 'upgrade'.

Now, trueos and the others?

Post- true hobbyist os era, i dabble considerably less in the current era than i did in years passed.

Nick PApril 17, 2017 6:13 PM

@ Spooky

Check out the most advanced open one: PULP. Their research group is doing amazing things on low-power and speed front. They'll be in next version that's on 28nm SOI. The last one I looked at was on 65nm with 1.2x1.2mm, 1.2V, and 32mW when at 400MHz. It was 3-15 micro-watts / MHz at 0.9V with 14-71 micro-watts / MHz at 1.2V. Results were 1.2 MIPS per MHz. So, at its max of 500MHz, it would theoretically be peak 600MIPS at max 35.5 milli-watts. Neat, eh?

Nick PApril 17, 2017 6:18 PM

@ r

I haven't seen OpenBSD blow up but did see four others. The two from the 80's did several times better than Windows or UNIXen. The one OpenBSD folks hate the mere sound of did better than the one with custom hardware. I wonder how OpenBSD would've faired. Cool advertisement, though, as we don't get to watch datacenters blow up every day. I mean, that's a good thing. Just not as visually appealing.

HP Blows Up Datacenter to Test High-Availability

ab praeceptisApril 17, 2017 6:50 PM

Nick P

And as that just came up: I don't remember the details but there is a group working on tagged memory for Risc-V.

(And yes, Pulp is a very attractive thing. Seems hard though to get at ASICs. Someone called HiFive has done a batch of Risc-V ASICs called SiFive (or the other was round or similar. Sorry, I always mix that up)).

SpookyApril 17, 2017 8:27 PM

@ Nick P,

Wow... (mind blown). That is insane. I'm having a hard time believing it, actually. 600 MIPS at 35 mW... That's on par with a Pentium Pro, IIRC, at nearly three orders of magnitude lower power consumption! That's crazy talk. I've grabbed the manual and datasheet to have a good read tonight. I would love to get my hands on a PULPino dev board. So, it's nearly all open IP, that's pretty cool. The design is capable of being fully audited. And multi-core is coming soon. Once they reach that next milestone, I'd expect everyone to be falling over themselves to do a big fabrication run of these things. We can hope!


Singularity InstituteApril 18, 2017 3:35 AM

Would sabotage of a general artificial intelligence constitute deicide?

Dirk PraetApril 18, 2017 3:39 AM

@ r, @ Nick P

I've never once seen OpenBSD 'blow up' during an 'upgrade'.

It's happened to me a couple of times, but in all fairness much less than with certain others like PC-BSD/TrueOS and other FreeBSD variants. However much I prefer *BSD over Linux, I have learned to take my precautions before doing any major upgrades. The point being that it's still not something you can easily promote as a user-friendly desktop/laptop alternative to the average consumer. Which is a shame, because it is relatively easy to emulate a Windows/MacOS look and feel with a properly themed KDE desktop. But I guess they'll get there sooner or later.

Check out the most advanced open one: PULP.

Interesting. I didn't know that one.

Nick PApril 18, 2017 4:21 AM

@ ab praeceptis

You're probably thinking of LowRISC given they're brought up in most discussions wiht a mention they'll do tagging of some sort. However, there is a company trying to merge RISC-V with tech at to build an ecosystem. I can't recall name off top of head. And, yes, ASIC's are hard to come by since most of the players are just doing small batches of proven designs on shuttle runs then publishing them. Smart move given people talk FOSS hardware more than they buy. Groups could go bankrupt trying to produce massive amounts of ASIC's in today's market. That's why I always advocated selling them, at least masks, at a loss with some kind of other product that's profitable.

ab praeceptisApril 18, 2017 5:03 AM

Nick P

Yes, it's a sadly long path to reasonable batch sizes of ASIC (and please not in 180nm ...) plus some first halfway useable basis (boards and BSPs). Which is another reason to laud the swiss Pulp project.

A while ago (maybe 2 years) I had some hope for loongson but that somehow turned out to be a flop, it seems.

Now, with lots of academia and some first companies support in its back we might finally have an architecture alternative that isn't tainted and/rotten like x86.

As for the diverse ideas being thought about or tried, like tagged memory, it's of course still somewhat early for major expectations but I take it as a very positive omen that one or the other project with security in mind is active anyway.

Let's keep out eyes open and update each other when there is any interesting progress.

JG4April 18, 2017 6:46 AM

Thanks for the continued excellent discussion. I can't recall seeing a compendium of the top ten and top one hundred most useful books. I'd like a handful of Linux books so that I can be smart again. Has anyone seen the brilliant documentary "They Live"? It will make the hair on the back of your neck stand up.

Police use drone with public address system to speak directly to trouble makers - from the skies
The use of the 'spy-in-the-sky' cameras is part of an initiative to crack down on crime that has seen hundreds of police officers get extra training

JG4April 18, 2017 7:50 AM

"on the 18th of April in '75, hardly a man is now alive"

If I recall correctly, there was a deconstruction here of the Boston Tea Party and Boston Massacre. It was pointed out that the troops were enjoying a friendly snowball fight with the local kids when provocateurs showed up. Then the predecessors of Edward Bernays printed up tracts to inflame the locals. The outcome has been an interesting experiment, but as Zhou Enlai said to Nixon, "too early to say."

Paul Revere's Ride Henry Wadsworth Longfellow Listen my children and you shall hear Of the midnight ride of Paul Revere, On the eighteenth of April, in Seventy-five;

Hizzoner John Brennan, Mayor of BostonApril 18, 2017 9:28 AM

Boston is still the testbed for plotters lie Bernays. Take the Boston Marathon Bombing, yet another scary Mooslim minstrel show. FBI gloms onto some poor wetback - they're all over him like a cheap suit, bugging him, frogmarching him through corny informant stunts and provocateur stunts, dangling citizenship in front of his nose like a carrot on stick. Then, again, for like the fiftieth time, Oops! The sad sack gets away and blows shit up. Yeah, right.

CIA blew your town up. But your town's full of smart people paid to act dumb, so they will get away with it. Again.

Bong-Smoking Primitive Monkey-Brained SpookApril 18, 2017 1:46 PM

@Hizzoner John Brennan, Mayor of Boston,

Love your style! Had a good laugh. Par for the course with the level of sarcasm today. Actually a bit elevated!

All over him like a cheap suite! Mua hahaha.


John GaltApril 18, 2017 4:17 PM

@ JG4

"They Live"... I love Carpenter.

Another one of his documentaries that I really like: Escape from New York. Landing his glider on the WTC.


last days of solitaryApril 18, 2017 8:00 PM

Last Days of Solitary starts on pbs, 9 pm ect, in a few minutes; about solitary confinement on Frontline

RachelApril 18, 2017 8:42 PM

@ John Galt

i declare and name you a profesional, gainfully employed troll. It's so transparent.
i am frankly surprised the more erudite members of this forum such as @ Ab Praeceptis, @ Anura et al engaged you for as long as they did. I spotted you weeks ago as a poster not worth lingering my mouse nor eyes on.

Nick PApril 18, 2017 9:09 PM

@ Rachel

Most of his comments are noise clogging up the forum distracting from technical discussions. I did counter a bit for sake of other readers on the C++ thread.

ab praeceptisApril 18, 2017 9:30 PM


This is Bruce Schneiers blog. While I certainly agree with you re. payed or psycho trolls spamming, poisoning, and bringing down this blog, I accept that Bruce Schneier has a different view and that his view is the relevant one here.

Experience demonstrates that it's easy to get loads of trolls and blabberers but it's hard to attract and keep knowledgeable users. Similarly it's easy to ruin a blogs reputation but it's hard to build and earn it.

I'm not concerned about the purely personal attacks on me; the noise of those trolls is meaningless to me. I was concerned about this blog as it was one of just a few of good quality.

But again, that's just my view; the relevant one is that of Mr. Schneier who chose - once more - to allow trolls to do have their ugly party here.

RatioApril 18, 2017 9:45 PM

@Nick P,

Most of his comments are noise clogging up the forum distracting from technical discussions.

Hadn't noticed. Luckily you're only talking about 26 of the last 100 comments (as of now).

John GaltApril 18, 2017 10:28 PM

@ Rachel

First, I haven't been here "for weeks". You might check your brain circuits. I think my first post here was week before last, somewhere around then.

@ ab "by the rules" (I love that Latin)... Nick... and a few others of you.

Lots of totalitarian communists around this website.

My family has been in this country since before it was a country. It was a colony belonging King George. We're a family of farmers, ranchers, engineers, and doctors... and even a couple plumbers. One even was an engineer who worked on the Space Shuttle and hung out in Mission Control.

We never owned any slaves, either. But, a couple of my relative died trying to save a few of those ingrates.

@ Rachel again...

"Erudite"... I used to "talk" like you dweebs. I woke up one day and said, BS. As a group, you remind me of a group of sharks I encountered while deep sea fishing a few years ago.

How about this, when I described a really nice wine.

Opaque, dark ruby color introduces this wine that expresses dark fruit aroma and flavors. With spicy sweet oak complexity, the wine exudes dark fruit such as blackberry, black currant, blueberry and dark cherry. There are nuances of dark chocolate, chocolate berry truffle dusted with cocoa powder, cola, aromatic cedar, cinnamon, clove, graham crackers and a hint of tobacco. The body is very full with a soft entry, coupled with dark cherry/berry flavors that develop from start to finish. With great texture and mouth feel, this cabernet is full bodied, rich and opulent. In one word…. delicious.

Wanna know what it really is? Sour grapes, mashed with athletes foot fungus infected feet, fermented in an oil drum with a few wood chips, and laced with a little fermented cigarette butt water.

I invented it.


With all the "security experts" around here... and the de facto state of computer "security and spying.... I'd bet that America is doomed.

See ya'll down the pike.

Good luck.

Nick PApril 18, 2017 11:37 PM

@ Ratio

"Hadn't noticed. Luckily you're only talking about 26 of the last 100 comments (as of now)."

What did you mean by that? It could be interpreted a few ways.

tyrApril 18, 2017 11:56 PM

@ Nick P

That was a great set of lecture notes on real time.


The points capacitor is an arc quencher to solve
the real world divide by zero problem when you
open a circuit under load. Once in awhile you can
generate a nice plasma fireball if you're passing
enough current and open the circuit. (Not in the
usual comp gear unless it's a datacenter master
breaker. Most of the RF I played with wasn't safe
to touch at all. A 40K plate final turned into
RF will burn 1/4 inch worm tracks through teflon.


What's May up to ? Has she decided to opt out of
the PM job while the getting out is good.

Clive RobinsonApril 19, 2017 1:29 AM

@ Tyr,

What's May up to ? Has she decided to opt out of the PM job while the getting out is good.

It depends on your view point...

Some think that nobody including herself has either a plan or a clue.

Others think she is a four faced individual that is a political surviver by ensuring there is always someone abover her to take the fall etc.

Either way she has ensured herself a form of immortality much like Ted Heath did when finaly getting us into the EEC (now EU)[1]. Only for her it will be for selling the UK down the river, on a raft of deluded buffoonery.

The problem is that the "Yes to leave" politico's made factually inacurate statments over and over again and had no plan of what to do if they succeeded. The remain campaign was noticable more by it's near invisability and failure to put across it's message, let alone challenge the leave campaign. And once they had the vote they wanted the leavers said "job done" and walked away from the mess they left behind. One of their number then tried to interfere in US politics at a time many in the US are claiming was a critical time.

Of course in PM May's head there will be some objective --I hope-- and I suspect it is to try and capitalize on the apparent disarray in one of the opposition parties.

However there is considerable disquiet over the EU Referendum vote, and I can see many "Voting to punish" especially in Scotland and Northern Ireland and probably Wales as well. Thus Mrs May PM may well gain extra infamy to be remembered by as the "Woman who destroyed the United Kingdom". Which would make those "Little Englander's" even more happy in their delusion of making it Great Again...

What I don't know is if the Artical 50 Letter can be stopped by a following PM if there is a backlash.

However as I've mentioned before take a carefull look at her Special Advisors and their relationships past and present to the UK IC. Likewise I've mentioned in the past how those National IC agencies that form the Five-Eyes, regard themselves "Above Politics" but not in the sense of impartiality or disdain, but in that of "The power behind the throne". They nodoubt will see not just Brexit but the potential result of the up coming General Election as a significant opportunity to gain further advantage.


JG4April 19, 2017 7:11 AM

please note that this is not an endorsement of Tor; I believe that Clive and others are correct that it is intentionally flawed by design. it may accomplish my purpose of defeating some commercial surveillance, at the expense of increased attention from Spookwerks East. is Spookwerks Utah online yet?

Links 4/19/17 | naked capitalism - Tor Browser

The Nerve Agent Attack that Did Not Occur: Analysis of the Times and Locations of Critical Events in the Alleged Nerve Agent Attack at 7 AM on April 4, 2017 in Khan Sheikhoun, Syria Theodore Postal, Washington’s Blog. Important! And, as usual, you’ve got to read the small, independent blogs if you want to keep up.

US seeks political solution to Yemen conflict: Pentagon chief Press TV (Furzy Mouse). Note the source.
New Cold War

FBI used dossier allegations to bolster Trump-Russia investigation CNN

Class Warfare
Poverty, open sewers and parasites: ‘America’s dirty shame’ FT. Under the topic heading: “Neglected tropical diseases.” Because America is already great. I mean, at least in the wealthy suburbs with access to clean water.

...[implicitly uncategorized; some links were exchanged here late summer last year]

Our cult of “genius” is blinding us to true genius all around, say Leonardo da Vinci’s biographers Quartz

ScissorsApril 19, 2017 8:56 AM

Did you notice the proposed solution for tropical parasites in the FT article? Step 1: Increased government surveillance to understand he scope of the problem (I'm not joking).
So surveillance is the new cure-all. Hum. Maybe it could help with obesity and ADHD too.

FigureitoutApril 19, 2017 9:01 AM

Clive Robinson
--Thanks for the tips, I'll give that a go eventually.

RE: mikeos
--Yeah I read it just before you posted, for x86. Pretty interesting, thanks.

Bob Paddock
--Nice, yeah I recognized that guys name. I'll check that out sometime. True about "anyone" recognizing those differences.

--Yeah it's a fun chip once you get the silicon errata taken care of. :p It only manifested itself w/ trying to send a string via a UART, the errata went deeper into how variables were handled in memory...pretty nasty bug but I like seeing these so I can add that to potential diagnoses in future. I've got a bug right now kicking my ass but we've been able to isolate to a part giving me consistent headaches.

Yeah I like reading others projects too. I'll post it w/ a reflection paper/essay going over what I think I did right/wrong if I do something like that, just for my own education though. Just want it on MCU's if possible. If I'm tasked w/ creating the most secure devices possible, I still go to low power MCU's, best ciphers supported, w/ dedicated functions and comms w/ serial data diodes.

Dirk PraetApril 19, 2017 9:20 AM

@ John Galt

Lots of totalitarian communists around this website.

Please do not confuse social democrats with totalitarian communists or libertarians. As @Anura already tried to explain, communism as implemented in the former USSR (or in the DPRK, for that matter) was never quite what Karl Marx or Friedrich Engels had in mind and eventually leads to the same kind of slavery as unbridled capitalism does by concentrating control over all resources with a small elite, plunging everyone else into ignorance, submission, poverty and debt.

Nick PApril 19, 2017 10:13 AM

@ tyr

"That was a great set of lecture notes on real time."

Glad you enjoyed them. :)

My InfoApril 19, 2017 10:21 AM

@Dirk Praet

Lots of totalitarian communists around this website.

A true statement, regardless of whom it is attributed to.

Please do not confuse social democrats with totalitarian communists or libertarians.

The social democrat philosophy is all about taxing society's resources and concentrating them in the hands of a small elite. And I'm sorry. Social democrat taxes fall most heavily on the so-called "middle class," that is, those just barely getting by off public assistance. The wealthy elite continue to concentrate their wealth well out of reach of social democrat taxes.

As @Anura already tried to explain, communism as implemented in the former USSR (or in the DPRK, for that matter) was never quite what Karl Marx or Friedrich Engels had in mind and eventually leads to the same kind of slavery as unbridled capitalism does by concentrating control over all resources with a small elite, plunging everyone else into ignorance, submission, poverty and debt.

No. This is exactly what Karl Marx and his cohorts intended. The "dictatorship of the proletariat" and the forever incomplete transition to a mock "true" ideal.

AnuraApril 19, 2017 11:41 AM

@My Info

I'm going to make a distinction between social democrat and democratic socialist here, where the former refers to a capitalist who believes in using regulation and redistribution to mitigate the social cost of capitalist, and the second is someone who believes in democratic control over the means of production, whether centralized or decentralized.

Your complaint is that social democrats don't go far enough in redistribution? That's not their fault, they are limited to what the public can support, and the vast majority of the public sees growing private wealth as the ultimate goal of economic policy. However, you should be happy to know that the movement for an unconditional basic income is gaining traction. It doesn't eliminate the concentration of wealth, of course, as that's inherent in capitalism, but it makes sure no one falls through the cracks.

Now, as a democratic socialist, I agree that redistribution is far from ideal - I would much prefer we actually distribute wealth evenly in the first place, and change the the entire legal structure/ownership model for our economic system that allows wealth to get concentrated in the first place. Personally, I don't want taxes at all.

SystateApril 19, 2017 12:37 PM

@Nick P
I was looking into Qubes. The support list is pretty small. And Openbsd seems like it is going to be quite a LEAP ( i understand that you said that it has been battle tested but i have learned from you and the usual suspects that monolothic kernels are a big no no.). I might as well just use Qubes even though i wouldnt get the full protection.

P.S I was reading the Tanenbaum–Torvalds debate. Ouch. Somebody was clearly wrong in that debate.

Clive RobinsonApril 19, 2017 2:59 PM

@ Systate,

I was reading the Tanenbaum–Torvalds debate. Ouch. Somebody was clearly wrong in that debate.

Actually they were both wrong in some respects, and both right in others.

For instance,

A microkernel has advantages when it comes to securiry because it has less of an attack surface and less complexity when compared A monolithic kernal.

But a monolithic kernal provides not just more services, it does it in a "richer experiance" way, as well as doing each in a more efficient or effective way.

However as we now know both are crap on throughput when compared to user space IO etc.

Historically GNU dropped the ball on delivering even a prototype kernel, USL killed BSD for something like three years with a pointless law suit that resulted in a "cleaned BSD" followed shortly afterwards with the close down of the group. Minix cost money and although it could run on an 8088 it was problematical. Microsoft had similar problems with Xenix on the 286 which eventually became SCO on 386.

All of which gave linux a fairly Uncontested run at things. The problem though was that Linux needed to be all things to all people, and this caused a chuck everytging into the pot attitude. Thus like Topsy's cat the Linux kernel grew and grew. And has since had to be pruned in various ways, but even so keeps growing. Which makes it similar to comercial offerings.

At the end of the day you have choices, a microkernel offers less or more basic services than a monolithic kernel which can offer a rich environment with many options some being almost duplicates. But the kernels in both cases are a bottle neck these days, thus the whole idea of kernel and user space and the context switching involved is just seen as inefficient.

We are moving away to a different rational. One thread per core gets rid of slow context switching per user process, user space IO removes double and tripple buffering as well as context switching, thus giving an order of magnitude improvment.

vas pupApril 19, 2017 3:50 PM

@Anura • April 19, 2017 11:41 AM.
I guess you pointed to 'socialism with human face'. That was not working because key is production and some income/wealth inequality based on merits is stimulus to produce more (quality and quantity), i.e. progress.
I don't know what is fair distribution because it is not pure math problem, and in society you always have members who can't be productive enough to even support their own needs (I am not talking about 'free-riders' using system to suck benefits and not provide anything in return - there were in USSR, they are in USA as well) real disable, old, etc.
My guess is that in order to society prosper and be stable distribution of wealth should be bell-shaped(about 67%- middle class with good living condition and productive activity), not skewed(1%versus 99%). Inequality could be stimulus factor to particular point, then just generate tension inside society which could blow up at particular point as bloody revolt. Good social benefits were invented not by Karl Marx(socialist), but by Bismarck(capitalist). Sorry - comment is out of main stream of blog.

AnuraApril 19, 2017 5:01 PM

@vas pup

I guess you pointed to 'socialism with human face'. That was not working because key is production and some income/wealth inequality based on merits is stimulus to produce more (quality and quantity), i.e. progress.

That's not an argument for capitalism vs socialism, that's an argument for market vs non-market economics. But here's the thing, income and wealth are NOT based on merit in a market economy, they are based on power. As a worker, your power is based on two things: the supply and demand for your skill set, and your ability to walk away from the deal. If you want to eat, you either need to be independently wealthy or you need to work. CEOs are often independently wealthy, and thus can sit around and wait for a good enough offer.

Wealth itself is an expression of power - and the more wealth you have, the more you can manipulate the markets to your own end. Thus, wages themselves are based on wealth inequality, with the more unequal the wealth the more unequal the wages by necessity. I would suggest that the more equal the ownership of wealth, the more wages are based on merit within a market economy. On top of that, the more prices represent actual usage of limited resources the more efficiently we will tend to allocate our resources.

Tell me, why is it that a large corporation with nothing close to a majority shareholder can function? Because they organize it however they have to to make it function. In this case, they vote plutocratically. Would the company cease to function if you made that vote democratic? Absolutely not. This is the point of a consumer cooperative - it is a company owned democratically by the consumers, and ran to provide the goods and services the customers want at the price and quality dictated by the customers. This is the backbone of the economy I want, which is a form of market socialism.

A consumer cooperative is owned equally by its members and controlled democratically. If all of the businesses were consumer cooperatives, then there are no profits. The payment for all goods and services represents the cost of providing them plus the cost of debt (which I would argue should equal risk + inflation, so that the average real return on debt is 0%). If all natural resources and fixed infrastructure is publicly owned, we can rent this out to make sure everyone pays a fair market value on our natural resources, including land via rent. This compensation for the usage of our natural resources I suggest should be the sole source of government revenue. It is a lot more efficient in terms of management. We should not control prices, but quantities (aka rationing), while renting land or selling quotas to drill oil or whatnot to the highest bidder. Anything beyond the cost of government is paid out to the members of the public, equally as a citizen's dividend.

With an unconditional basic income/citizen's dividend that ensures everyone has the income to meet their basic needs including food, clothing, and shelter, paid for by the rationing of resources, workers have the ability to walk away from a deal. This means that they have the ability to weigh whether the income is actually worth working. For each worker, they have the ability to determine what's fair, and that's going to be based primarily on the supply and demand for their labor.

Thus, what is fair is having our natural resources owned equally and paid out equally, having ownership of business being as equal democratic as possible, and then giving the people the freedom to choose whether or not they want to work.

onionskinApril 19, 2017 6:17 PM

@systate, you can have your cake and eat it too with Qubes, combining microkernels and monolithic kernels. An obvious first step is the firewall:

xen is no panacea, of course,

But the yara rules, such as the one for anti-debug/anti-vm, continue to evolve. Serial barriers and parallel sensors reduce the chance of a successful attack, and that's all you can ask for in the actual world.

ab praeceptisApril 19, 2017 7:23 PM

Ad "qubes" (i.a. onionskin)

Virtualization is only of value IFF it can be *proven* safe and iff it's assumed properties can be verified - which is *not* the case with almost all available virt.
(also note that verif of code != verif of safety/security)

Moreover, seen from the security perspective a combination of (i.a.) microkernel and monolith must be assumed to be the *sum of their weaknesses*.

@Clive Robinson

"richer experience" - it seems to me that "experience" both as a criterion and a term went hand in hand with bad engineering or, in other words, it grew proportionally to marketing taking the steering wheel away from engineers. Today there are even "user experience engineers" (who may be lots of things, incl. dumb ***, but certainly not engineers).
In a way "fun and speed", along with "brains not required for usage" became the guiding star (obviously imposed by marketing and sales), rather than "well understood, well designed, well engineered".

Any yes, evidently I always took the smart professor (Tanenbaum) to be right and the intelligent, adventurous but lacking experience and hence clueless student to be wrong.
Today, I'm milder and thinking that some important functionality (e.g. vitality manager) and even some basic - and extensively checked drivers (read, perfectly well engineered and exhaustively verified ones) might be allowed to exist in ring 0.

What we got with Linus' path is well known: crap. Same, albeit somewhat less so, with other monoliths incl. OpenBSD.
Well noted, I do not intend to attack the people behind those efforts which, e.g. in case of OpenBSD are quite seriously trying hard (neither do I want to attack Linus, who after all still was more a boy than a man in those days).

The few OSs which achieved at least some decent reliability, safety and even security had some factors in common: They were small (at least compared to what was common) and they were solidly engineered.

One I always liked and continue to like is Oberon, which was so well designed that some of the properties we desire so much today came almost as a side effect. From what I know, Wirth didn't target a "highly secure OS" but rather a "reasonable and solid" one, both simple and "rich" enough; of course, Wirth being Wirth, "reasonable and solid" pretty much meant "well and rigorously designed and engineered".

JG4April 19, 2017 7:36 PM

this should make the hair on the back of your neck stand up

2:00 PM Water Cooler 4/19/2017 | naked capitalism - Tor Browser
Big Brother Is Watching You Watch

“[T]ens of thousands of individuals around the world are unwitting targets of powerful, relatively cheap spyware that anyone can buy. Ordinary people—lawyers, teachers, construction workers, parents, jealous lovers—have bought malware to monitor mobile phones or computers, according to a large cache of hacked files from Retina-X and FlexiSpy, another spyware company” [Motherboard].

see also:

Obama, Comey Relied On Discredited Dossier To Obtain FISA Warrant On Trump Campaign

New documentary gives an insight into the thankless task of moderating the internet ThaiVisa (furzy)

RachelApril 19, 2017 7:56 PM

@ All mature human beings on this website which includes Sysop Sensai Bruce &
@ Esteemed Mod.

Regarding @John Falt,
'This is my last post at this website'

see what happens when you call out a professional troll.
No rebuttal, no defense, they just tap out and depart.
Please take note for future reference

WaelApril 19, 2017 8:22 PM

@Clive Robinson,

Some of you may know that NIST has turned password policy on it's head...

Strange set of "policies".

No more periodic password changes.

I disagree with that for the simple reason that the study I expect to validate this decision hadn't been conducted or shared. I'm aware @Bruce is a proponent of this directive, and maybe he pushed or influenced NISTS's decision. This topic has been discussed extensivley here over the past few years. My position has not changed. Unless someone (credible) conducts such a study, then, to me, this is just an opinion supported at best by some hueristic arguments - mostly subjective.

Despite the desperate attempts of many security startups to introduce new authentication methods, passwords are here to stay for awhile, if not forever

Right! Can't replace "something you know" with anything else. Each factor serves a specific purpose and has a different security posture. Early attempts at limericks back in the day supported my view.

Some say passwords are out of style
But passwords will remain for a while
If you insist to say otherwise
Then for you I have this advise
Your forcast is but a crap pile

No more imposed password complexity

Unless other mechanisms are placed to harden weak password choices -- and they are numerous in classes, this is simply a stupid directive, considering the variety of published password attack methods that were discussed here in the past as well.

Mandatory validation of newly created passwords

Sounds good. However, this directive doesn't offset the problems the previous directive introduces.

Second, we’ve seen a widespread introduction of MFA (multi factor authentication), also known as two factor authentication, which supposedly pushes the password problem to the background

It does mitigate many weaknesses, but it still looks at the problem with a one dimensional lense. Attacks these days are more sophisticated. So called "Defense in Depth" is so yesterday. We need "Defense in depth, width, and height", as I always say. Multi-factor authentication is a step in the right direction. "Multi-entity authentication" (I made that up, if memory hasn't failed me) is another needed control. Multi-channel and out of band authentication is another thing to consider in conjunction with these weekend password policies. I guess we talked about that in the past, too.

AnuraApril 19, 2017 8:51 PM


Sounds good. However, this directive doesn't offset the problems the previous directive introduces.

Actually, I would argue they both work towards fixing the same problem: increasing the average time to perform an offline attack against a database of properly hashed passwords. In practice, you want to maximize the number of distinct passwords that people are actually using on any given site, or worldwide for that matter.

Restrictive password policies limit the range of possible passwords, reducing attack time. Personally, I would recommend some password requirements but with flexible rules that allow you to substitute character requirements for length. The problem is trying to communicate that password policy to the user.

RachelApril 19, 2017 8:57 PM

@ Bruce

I just saw (again) your link to posting 'guidelines' at the top of this page.
May I suggest you rephrase this. 'Guidelines' are merely suggestions. The word 'rules' is more aligned with your (I hope) intention in this instance.
However ''rules' has less pleasant, inflexible connotations. Although, indeed, rules are what is implied. What about 'Directives' 'Requirements' 'Expectations' 'Responsiblities' 'Obligations' . As some examples to replace the word guidelines.

I note your final sentence in your blog post about Guidelines and expected behaviour from your guests:

'I'm not going to let that happen here.'

onionskinApril 19, 2017 9:28 PM

@ab proboscis, you're back, with more silly academic angels on heads of pins. Your axiom is all wet, and repeating it over and over doesn't make it any more convincing. Here's why - not for you but for people who score higher on the 'O' trait in OCEAN.

Search consumes resources. Multiplicity and diversity increase resource demands in a non-linear and often non-polynomial way.

Let us posit, speaking hypothetically, that one is, or has been, in possession of the most sensitive national security secrets. That means, of course, probative evidence of universal-jurisdiction crimes by senior US officials. Like, say, I dunno, superior-orders documentation painstakingly compiled by Charlie Wise, or somebody like that - not because it's a defense, it's not, but so that Charlie can sink a lot of BMDs if anybody tries to pin it all on him.

Let us say that TAO's task is to keep that material out of Fatou Bensouda's hands. Can they do it? No. Of course not. They can't even find it. That is due in part to uncertainty regarding any nonstandard operating system or network. TAO, like muggers and rapists, prey on natural victims. The halt and the lame of the cyber sphere are the people who trust Microsoft or Apple, people who don't have recourse to idiosyncratic compilation or networks of different systems or versions, or custom sensor ensembles, or any of the things that crush the delicate hothouse flowers we call malware. More importantly, network topology works against them. Because the network is the subject population.

Now let's say that TAO not only has to find the incriminating information and suppress it, they have to find Me. Where Me is any one of hundreds of persons in positions of trust increasingly disgusted with a criminal state. Their problem is what we call N-P Hopeless. When the Soviet Union lost legitimacy, it was a big joke to pass out Особой важности to enemy agents over drinks. With Shadowbrokers and Snowden and all the others in the pipeline, the US regime has entered that agonal phase. TAO is as helpless to stop Me(i), or Us(ij), as you are.

WaelApril 19, 2017 10:25 PM


Actually, I would argue they both work towards fixing the same problem

I can see that and thought about it too. I forgot to bold-text the previous directive in reference. What I'm saying is this:

"Mandatory validation of newly created passwords" does not completely offset the weaknesses introduced by "No more imposed password complexity"

Come to think of it, they could actually be doing the same thing. One is explicit; the other is implicit. Meaning the "unadvertised" password policy of the first directive can be used to enforce a proper choice of passwords, even if the user isn't explicitly asked to conform to a specific policy. The upside is that policies can be updated transparently without informing the user.

From the link you have:

8 characters exactly

Exactly? That's weakening of passwords, you are right. Limits the sample space. There is such a thing called "Security by expansion of the search space". This policy violates it.

Password policies are problematic, as a stricter password policy results in fewer possible passwords

That's correct. But doesn't the benefit outweigh the harm? Think of the excluded passwords as the weak ones. The set S of secure passwords union the set of weak passwords equals the set of all passwords. Does it really cause much harm to remove weak passwords out of S, while acknowledging that it shrinks the search space for an attacker? That, of course, assumes the policy is "perfect".

ab praeceptisApril 19, 2017 10:44 PM

No matter under how many names the plague appears - it still stays the plague.
And no matter how frequent, loud, and obstrusive noise won't turn into music but will stay just meaningless noise.

(btw, to be back would necessitate being gone ...)


What exactly leads you to believe that the guidelines here are meant to be rules, or, being at that, to have any significance at all?
I sure would like to agree with you but looking at what happens here that seems to be quite unreasonable.

RachelApril 19, 2017 11:50 PM

@ Ab Praceptis

I comprehend. Only one person has an answer. But they seldom chime in, mostly owing to professional engagements, deadlines etc

RachelApril 19, 2017 11:59 PM

@ Ab Praeceptis

& that angels on a pin hypothesis is actually rather a good one; I'd be flattered

Clive RobinsonApril 20, 2017 12:06 AM

@ Rachel,

The word 'rules' is more aligned with your (I hope) intention in this instance.

The problem with words is that they have a power of their own, that gives rise to the "law of unintended consequences".

I'm guessing you might not be in the US judicial area, where "Terms and Conditions" that are not subject to criminal sanctions in anu other walk of life are made so due to poor legislation and over zealous federal prosecutors. Where atleast one person has been pushed over the edge by a Presidentialy set policy.

RachelApril 20, 2017 12:09 AM

@ Dirk Praet

well said in response to Who? about the unavoidable encounters with Windows, As I also indicated sometimes one is under duress and needs to lock down a sub adequate situation. Provided one has administrator access anyway. Seperate to some of the FOSS programs like Anti-Beacon, as you know there are some good Windows hardening guides out there. It's a bit like learning advanced/hazardous conditions driving techniques. Expect to need them the most when one only has access to a clapped out mini minor with bald tyres, no spare and 1st gear missing. It's not a 'all-terrain vehicle/i'm walking' equation

ThothApril 20, 2017 12:16 AM

@ab praeceptis

I was too busy with work (esp. starting up a company all on my own) that I missed Easter 2017 holiday card creation.

About time to find another holiday to make the holiday card.

Some pretty logos to add for the decos:
- Qubes
- ARM TrustZone
- Intel SGX
- OpenSSL
- OpenSSH

Those are what I can think off for now. List of pretty logos will be updated as more wonderful events occur and hopefully I will have some time off from managing my newly launched security project.

WaelApril 20, 2017 12:35 AM


American, Australian, Armenian, Albanian, Austrian Anti Acronym And Abbreviations Abuse Alliance And Association

Don't be guilty of your own pet peeve! Get it?

ab praeceptisApril 20, 2017 12:49 AM


Wonderful! I'm very much looking forward to that card.

The more golden stickers for the x86 linux box (with systemd, of course!) the more "bullet proof security".

I'd like to see ssl/tls added, too if any possible. It would be well deserved as tls 1.3, the most recent in a series of cruel jokes, has been analysed (with tamarin, but still) and found to have flaws as befits a ssl/tls version. We wouldn't like to be surprised by a ssl/tls version that actually was properly designed, wouldn't we.
As an added bonus they have finally included PSK - of course in a not exactly smart way.

If there was a way to create a 3-D (as in "incapable to the cube") golden sticker for that, I would be very pleased and hurry to put it on my box.

Thanks a lot, Thoth!

ThothApril 20, 2017 12:53 AM

@ab praeceptis

I will add one more ... Linux, SELinux ..etc.. Linux Mint 18.1 ... to the list of logos.

I am toying with Linux Mint 18.1 and a bug caused the lock screen to blacken out but NOT LOCK THE DAMN SCREEN. Anybody moving the mouse or keyboard would immediately unlock the screen without needing password at all.

Link to CVE below. Horrendous bug and what do we expect from Linux. For those who love to hype up security of anything based off Linux, think harder next time.


ab praeceptisApril 20, 2017 1:39 AM


That's what you get when you use an OS without a golden sticker!

I assume the screen locker problem will be solved in the modern linux way, i.e. by putting that functionality into systemd. Of course, it will not work then either but it will then 'not work in a proper way' (TM) and it will not work *faster* thanks to diligent linux hackers working on providing GPU accelerated not-work.

But don't you worry, there is still the principle of 1000 eyes (And don't you be picky and complain! Nobody said that there are brains behind those eyeballs!)

Btw: Do you know the difference between bitcoin blackmailers ("Pay 1 bitcoin to have your system work again") and linux hackzors?
Well, paying that bitcoin might actually leave you with a working system ...


I politely demand that you show some respect for golden stickers providing bullet proof security!

After all, quite some companies earn billions of $ by selling canned crap with golden stickers on the can, and some of that income actually ends up in diverse research which again occasionally and accidentially leads to some unintended low bug density code.

golden stickers are also very helpful in securing wireless communication! Just put a golden sticker on your wireless dongle and smash it with a hammer - et voilà secure wireless communications (@ 0Hz, 0V).

Dirk PraetApril 20, 2017 4:18 AM

@ Thoth

Horrendous bug and what do we expect from Linux. For those who love to hype up security of anything based off Linux, think harder next time.

Hardly a Linux- or Mint-only problem. A quick search reveals similar issues on Windows, iOS, OS X, xscreensaver, gnome-screensaver etc. etc.

Bugs happen on every platform, even on the "secure" ones, which - at least over here - no one is claiming Linux is. Do you have the same problem switching from Cinnamon to MATE?

@ ab praeceptis

Don't you ever get tired of this ranting? Almost everything we ourselves and our customers use is horribly insecure. Which gives us several options. 1: we give up and keep whining like there's no tomorrow. 2: we implement obscure exotic systems many of which aren't ready for prime time, unusable by the average user and in a business context supported only by the one person who implemented them. 3: we mitigate issues either by working around them or coming up with workable solutions of our own we discuss on forums like this one. Like @Clive, @Thoth, @Markus Ottela and @Figureitout do.

ThothApril 20, 2017 5:20 AM

@Dirk Praet

"Hardly a Linux- or Mint-only problem. A quick search reveals similar issues on Windows, iOS, OS X, xscreensaver, gnome-screensaver etc. etc."

Context is Linux have never been bothered to improve security beyond what it thinks is necessary. Has always been dragging it's feets when it comes to security improvements.

"Bugs happen on every platform, even on the "secure" ones, which - at least over here - no one is claiming Linux is. Do you have the same problem switching from Cinnamon to MATE?"

I have written a few login programs for some platforms that are hardly known and mostly obsolete projects. Whenever I write such login systems, I make damn sure they do not do the unexpected as per my habit. Funny thing is when I turn over the control of the login systems I have created to other people to maintain, the quality starts to become less than desired. I guess end of the day the person handling the maintaining and coding of the login system has to do due diligence. Too bad I don't really have the time on hand to meddle in these projects.

It's not security critical for the deployment since it's just something experimental. Once I am done with it, i might just wipe it and find something else to experiment with and it's not doing anything security critical.

ab praeceptisApril 20, 2017 5:27 AM

Dirk Praet

a) nice try to paint me outside of the "good group" (and to paint yourself as close to them).
b) Funny. I'm reading and writing here in short pauses while I develop secure software for concrete security relevant problems in Spark 2014, properly spec'd and modelled and verified. I'm glad to report that I'm very happy with my progress, to a major degree due to Ada/Spark.
c) What safety and security properties can you show for your "oh well, let's not rant but believe that somehow magically OpenBSD (or whatever) will solve our problems and/or protect us" approach?

And, of course - your post invites that question:
d) what exactly is it that you contribute here, other than ranting and completely out of topic posts? Plus, of course, the occasional "I'm in a position to scold you" attempt.

Thanks but thanks no.

Clive RobinsonApril 20, 2017 5:37 AM

@ ab praeceptis,

In a way "fun and speed", along with "brains not required for usage" became the guiding star (obviously imposed by marketing and sales), rather than "well understood, well designed, well engineered".

"fun and speed" is a problem in many places, think jet skis in places where people swim, drunk drivers, the list is nearly endless. Hence "brains not required for usage" is what you might call "a human trait" to disaster in anything that might be seen as "fun".

As I've remarked in the past, few people that drive know what goes on under the hood, or for that matter care, they just want to "get in and go". Similar with telephones, but...due to technology they don't even want to dial these days just want to say "Cortina get Mike"[1].

That is they want to live the awful "Make it so" life style[2] where whim replaces actual thought, and of "being the center" of their own petty universe, where tantrums follow non acquiescence from the "technology minion".

Thus you get the "S'not fair" response or worse a diva hissy fit and flying technology. Where the users intrinsic failings hide behind the Dunning-Krueger delusion and they fail to take responsability, thus blaim anything or anyone when they don't get instant gratification.

It's a mindset that comes naturally to the "Marketing Types" and they use the excuse of "customer needs" for their often perverse demands. Thus we get "what they want" inflicted on the rest of us, not what we may like or actually need. Which might account for why so many products fail not just in use but in the market as well.

The thing is that few appreciate why both cars and phones developed the near identical interface world wide. History shows that the history of "power driven" transportation was fraught with conflicting interfaces and that it was finally mass production that forced the issue as well as legislation to ensure "competance behind the wheel" via licencing.

The thing is Marketing people take little or no responsibility for their demands, as it's always somebody elses fault when things go wrong, and quick to claim credit for others hard work.

Engineers mechanical / electronic / civil / etc however do take responsability for what they do because they have been taught the hard way what happens when they do not...

Microsoft for instance was a classic example of marketing driven design. You only have to look at their Office product to see a problem of trying to be "all things to all people". Few people use more than a very small percentage of the features available, and much time is wasted by users and managment alike as they strive for style over substance...

Microsoft spent much time hyping vapourware and practicing anti-competative practices for years. Untill the point the industry insider jokes became "common parlance" and painful to the founder, who had to step back in and "clean the stables".

[1] The original Ford "Cortina" was not exactly a safe or reliable car. And there were jokes about "Courtina crash", "Cortina tin can" etc where Cortina was pronounced as "Caught in a".

[2] Whilst "Make it so" might have existed prior to "Startrek" it became a "managment style" in the 80's and 90's because of it. It was when all was said and done a disaster due to lack of understanding by those issuing the "Make it so's". Especially when it came to Politico's and those drafting legislation. Tempting though it might be to say "Make it so" you have to be aware of what the consequences can be, if you are not then disaster is sure to follow in short order.

Clive RobinsonApril 20, 2017 6:23 AM

@ Wael,

ilst not disagreeing with you I can see where the logic of not changing passwords comes from.

It kind of assumes that users will with practice develop "muscle memory" for a complex password. Thus limit shoulder surfing etc due to the assumed speed of typing. Further it assumes the user will select a long password thus reducing guessing attacks effectivness.

The first problem is few users will actually align with those assumptions. Secondly the human mind is fairly hopless at remembering anything long and complex unless it can shift into a learned domain. So whilst a password may be long it's actuall entropy is low, it's also easy to guess.

Thus if I ask you to finish this long password,


I'm reasonadly certain you will get it within three attempts even though it's seventeen letters long. In fact it's probably less secure than,


When it comes to shoulder surffing.

As for the longevity of passwords, I fully expect them to still be around long after the worms have turned me to fertilizer, and likewise all those reading these words.

I think it can safely be said that of the normal "three factors",

1, Something you are (biometrics).
2, Something you have (token).
3, Something you know (password).

The first two are now a bust and waste of time when the main threat is an LEO with a bit of paper.

The third is not much more of a defence against the piece of paper as it's backed by a usually maliciously imposed system of imprisonment without trial (contempt) that could last for a decade or so.

Thus "something you know" at the very least needs to be rapidly aged such that after say 24hours it becomes suspended.

However that would in all likely hood become accidently triggered, thus there needs to be a way that it can be cleared that involves extra knowledge for say two or three days then beyond judicial or other compulsion.

We have discussed this in the past using two or more secret holders outside of the jurisdiction and extra "something you know" that is not a password, such as a time and place.

Dirk PraetApril 20, 2017 7:28 AM

@ Thoth

Context is Linux have never been bothered to improve security beyond what it thinks is necessary.

Well, we do kinda know that, and which Linus himself is to blame for. Contrary to Theo, security was never high on his priority list, assuming it was an issue that would just sort itself. He still believes that.

@ ab praeceptis

what exactly is it that you contribute here, other than ranting and completely out of topic posts?

@Thoth hit a bug. You replied with a rant. I suggested a work-around.

As to your secure software development, nobody here can quite judge that since you're not particularly open about it. Just having to take your word for it in my world is the equivalent of the self-certified golden stickers you so rail against. @Nick P in the past has received flak for being overly academic too, but - unlike you - doesn't deal in absolutes, the links and accompanying insights he provides being as valuable as they are verifiable. Which makes all the difference between an informative post and a pointless diatribe.

May I suggest taking up a musical instrument? Not only is it a friend for life, but also - next to physical exercise - one of the more graceful ways to channel one's anger and frustration.

ab praeceptisApril 20, 2017 9:11 AM

Threat Model Bozo

Cute story. But either it's made up or heavily changed or some involved people incl. Laura Poitras and Edward Snowden are plain stupid.

Laura arrived back in the United States on May 15. It was late at night, but she came straight to my apartment from the airport to get the box.

Reminder: We talk about the Laura that was stalked pretty every time she flew in or out. If that Laura really came straight from the very airport full of federal agents of all sorts to pick up the snowden mail she must be stupid to the cube.

Or (presumably) Snowden writing "B. Manning" as the sender of the very packet. Maybe in some rural parts of Tansania that's not true but in the us of a postal items are scanned and ocr'd - and you bet that the spooks are hooked up, too.

Or the jabber, pidgin, OTR plugin thing. Yeah, right, that's what experienced hardcore IT geeks at cia do ...

Knowing the thread model. Uhum ...

Always Laugh, Never FrownApril 20, 2017 9:34 AM

Hardcore IT geeks at CIA? With diabolical cleverness they have disguised their actions with frantic clowns stampeding out of the Volkswagen in blind panic because they're leaking like a Granny with twelve kids.

But CIA knows what to do:

Sounds like you never leaked anything, a.p. It's not the Day of the Condor drama that you fretfully imagine.

Nick PApril 20, 2017 9:47 AM

@ Thoth

I'd stay away from Mint. It has excellent usability to the point I was using it. Then, they got subverted to distribute malicious binaries. I think it happened twice with about no security on their web apps. Better to run either a mainstream one that gets more attention or a security-focused one.

SystateApril 20, 2017 10:23 AM

Time to switch to the secret, LEA proof OS: paper and the best encrypion possible: fire
But theres a catch you need the fire by your side at all times.

vas pupApril 20, 2017 10:27 AM

@Anura • April 19, 2017 5:01 PM
Thank you for clarification of your point.
I just want to add that having experience living under socialism, I did not developed hate to the wealth itself. If behind wealth are personal merits(by the way Founding Fathers put into Constitution protection of intellectual property - Wow! They were really smart and understood value of brain power for prosperity of this country- no Internet, no genetics, no rocket science, but they see forward for many years), development, manufacturing, distribution and providing good products and services to the population, then I appreciate their wealth (e.g. Tesla motors, Apple products, effective(including cost effective feature) prescription drugs, etc.). When wealth is created out of hedge fund activity like stock speculations which does not create neither goods or products for other members of society - just pure enrichment of speculators and creating bubbles which burst into crisis OR casino, then I guess their profits should be taxed by substantially high rate, meaning 1 million $ of productive profit should be taxed substantially low than same amount out of speculation (see above).

JG4April 20, 2017 11:00 AM

@Always Laugh

nice find on the food fight. you may recall the scene from Charlie Wilson's War where there was some office angst that led to a broken window

I had meant to post the leak article this morning. This should make the hair on the back of your neck stand up:
Bose Corp spies on its wireless headphone customers by using an app that tracks the music, podcasts and other audio they listen to, and violates their privacy rights by selling the information without permission, a lawsuit charged.

WaelApril 20, 2017 1:59 PM

@Clive Robinson,

So whilst a password may be long it's actuall entropy is low, it's also easy to guess.

True. Once upon a time we had a critical issue. I needed to change some settings on the BIOS on one of the server, but the manager who owned it wasn't available. The BIOS setup was password protected. Only one guess, and I got it right. Password was "BlueSky". I knew the guy very well, knew his habits, what he likes and doesn't like. I got lucky, but I guessed it right.

Thus "something you know" at the very least needs to be rapidly aged such that after say 24hours it becomes suspended.

It's a possibility. PW manegment will need to be built in and transparent to the user, and must work on any device. There are some ideas - let's keep it there.

Clive RobinsonApril 20, 2017 6:07 PM

News of another Paris terror attack

One policeman has been shot dead and two others wounded on a police transport in the Champs-Elysees area of Paris. The suspected lone gunman was killed by security forces as he attempted to flee the area according to French police.

There are reports from a French news channel that the gunman was known to French security services and had talked of wanting to kill police officers via the Telegram messaging service.

ThothApril 20, 2017 6:31 PM

@Nick P, Dirk Praet

Re: Linux Mint

I disabled the cinnamon-screensaver and installed xscreensaver which settled the lock screen issue for now. Once I saw the screensaver bug, it is an indicator to fully ditch Linux Mint once my experiments with it are done.

Since the installation is for experimental purposes, I do keep it away from all my security critical applications.

As per usual, anything security related to be at least air-gapped at the very least and running on OpenBSD for now until either Genode or Redox have something stable and usable.

Dirk PraetApril 20, 2017 7:20 PM

@ Thoth, @ Nick P

As per usual, anything security related to be at least air-gapped at the very least and running on OpenBSD for now until either Genode or Redox have something stable and usable.

I installed a fresh OpenBSD 6.1 with XFCE 4 on a very old HP Pavilion laptop with only 512Mb of RAM today. Works like a charm, even the USB Wifi. Just ran into an issue where for some unknown reason it keeps complaining about cbb0/cbb1 cardbus and cardslot0 being disabled.

Clive RobinsonApril 21, 2017 4:25 AM

Potential new weaponisation opportunity

As a few here know you can make "directed energy weapons" out of home "white goods".

Specifically you can with care turn a microwave oven components into a High Energy Radio Frequency (HERF) weapon. Which will cook a persons extremities causing significant damage to flesh and nerves.

The big point about microwave ovens was not the speed of heating/cooking but the efficiency of energy utilisation.

Well for the same reason there is significant interest in using ultrasonics for drying cloths,

Nice idea but...

Both RF and Ultrasonics are already used not just for industrial drying / heating, they are also used for welding the likes of plastics.

Audible range sound is known to cause the likes of "Miners White Finger" and medium levels of ultrasound are used medically to warm joints, muscles etc for physiotherapy etc. High levels of ultrasound are known to cause "bubbles" in liquids by the process of cavitation, thus can cause similar problems to Caison Disease also called the "bends" by divers.

Both RF and Ultrasound heating work by vibrating molecules in a target, some are more easily vibrated than others. For drying cloths you would obviously want to pick frequencies that work best on water.

As most know humans can as far as Radiological energy is concerbed be regarded as bags of salty water...

Thus how long do readers hear think it will take some enterprising hardware Maker/Hacker to make the first home made version of a High Energy Ultra Sound (HEUS) weapon and put the designs up on the Internet?

RatioApril 21, 2017 4:44 AM

@Nick P,

What did you mean by that?

You'd commented that most of [John Galt's] comments are noise and I just put an upper bound on the size of that particular nuisance: 26 of the last 100 comments were his.


What's May up to ? Has she decided to opt out of the PM job while the getting out is good.

Polling data would suggest otherwise: her party has a ~20% lead over Her Majesty's Most Loyal Opposition and a whopping ~40% more people favor her as Prime Minister over said Opposition's leader. (The terms "opposition" and "leader" are used loosely, as anyone who's even remotely aware of UK politics will understand.)

JG4April 21, 2017 6:40 AM

Links 4/21/17 | naked capitalism - Tor Browser

How and when will Americans give up on Afghanistan? The Week (Sid S)

West does not want to investigate incident in Idlib, Russian diplomat says TASS (Chuck L)

Assad: West Blocks Probe as It Would Show Idlib ‘Attack’, US Strike ‘False Flag’ Sputnik News (Chuck L)

Big Brother is Watching You Watch

Move over Touch ID—Mastercard is building fingerprint scanners directly into their cards Fast Company (Chuck L). No more MasterCards for me if this happens. And what happens to people whose fingerprints are so shallow that they can’t be ink printed reliably? Lambert tells me this would be a “lossy” format and so would carry only limited data. Do we have any forensics nerds in the house?

Ambient Light Sensors Can Be Used to Steal Browser Data Bleeping Computer

Imperial Collapse Watch

America Is the World’s Biggest Terrorist Organization—Why Is That So Hard to Understand? Alternet (Sid S)

another_linux_mintApril 21, 2017 4:56 PM

@Thoth wrote:
"I disabled the cinnamon-screensaver and installed xscreensaver which settled the lock screen issue for now. Once I saw the screensaver bug, it is an indicator to fully ditch Linux Mint once my experiments with it are done."

Another linuxmint, as you may know, is linux mint debian edition (LMDE 2)
I have limited experience with senior citizens using the "Mate" version ok on older hardware

Dirk Praet wrote:
"I installed a fresh OpenBSD 6.1 with XFCE 4 on a very old HP Pavilion laptop with only 512Mb of RAM today. Works like a charm, even the USB Wifi. Just ran into an issue where for some unknown reason it keeps complaining about cbb0/cbb1 cardbus and cardslot0 being disabled."

I sort-of got OpenBSD running as a VirtualBox Guest. Do you recommend any installation instructions website or youtube videos for an OpenBSD installation like the one you described?

I have installed LMDE 2 Mate on at least one older laptop with 512 Mb of RAM (may have needed to fiddle with PAE during the installation, however). It was relatively responsive.

If either of you have time to take LMDE 2 Mate for a spin, or if others on this blog have experience with LMDE 2 Mate version, I would be interested in your thoughts.

My target audience is senior citizens, used to Windows, who don't want to spend much money; either up front or on support. Currently I am leaning towards OpenBSD with XFCE or LMDE 2 "Mate".

Dirk PraetApril 22, 2017 7:19 AM

@ another_linux_mint

Do you recommend any installation instructions website or youtube videos for an OpenBSD installation like the one you described?

A simple install is pretty straight-forward. You start with downloading and verifying the installer (with file sets), which you then put on CD (installXX.iso) or flash drive (installXX.fs). When using the .fs image, write to RAW disk device with dd. Make sure you download the one for the machine architecture needed. It's kinda good practice to verify the download with BSD's signify. It's available on Linux (look for signify-openbsd) and on MacOS (through ports). I never found it for Windows, so I compiled one myself. Just let me know if you need it.

After that, boot the target machine from CD or USB. If you want FDE (recommended), follow the guidelines here. Choose your keyboard lay-out and accept the suggested partitioning, although I recommend making /usr/local a bit bigger than the proposed 5Gb, and depending on the amount of additional software you're going to install. Install all filesets, perhaps omitting the mp set if you have an older machine with just one CPU. Configure the ethernet connection only for now. Set up root and additional users when prompted for. Enable X. If everything goes well, you should have a working base system in under 10 minutes.

After reboot, you have a reasonably useless (desktop) system. In a root console, or GUI xconsole (you su to root in; GUI don't let you log in as root), download wifi driver firmwares with fw_update. If your wifi hardware is supported, it will now show up in ifconfig after reboot. Make a note of the interface name, then download the handy wiconn script from Github. Make the DOAS modifications as pointed out in the .MD file. If you get it to work, set it up to start at boot time.

Now set up your display manager. If you're on an older machine with limited RAM, go for XFCE instead of KDE. As root, do a "pkg_info -Q xfce", and install the xfce packages with pkg_add. All dependencies will be installed automatically. Install additional software as needed, i.e. consolekit2, firefox, thunderbird, enigmail, pidgin, pidgin-otr, libre-office, evince, xscreensaver, tor, tor-browser, torsocks, filezilla, vlc etc. If you need a torrent client too, you'll have to go with ktorrent, which will require KDE runtime libraries. Enable APM, graphical login and user mounting of external usb devices like flash drives.

After reboot, you have an ugly graphical system your Windows users will run away from screaming. Assuming your intended audience is used to Windows XP and Windows 7, take it to, download and install the necessary Windows themes, wallpapers and icon sets. I kinda like Windows 7SE. You can do the same for a Windows 8 or 10 look and feel. You will probably want the windows fonts msttcorefonts package too (available through ports).

Which only leaves the kinda unattractive default OpenBSD GUI login screen which you will need to customize through the xenodm resource files.

That's about it. I have probably forgotten about a few things left and right, but this should pretty much get you started. One last thing: no more Linux support, so no emulating of native Windows apps either.


cypherpunksApril 23, 2017 8:37 PM

Apologies in advance if any of my questions seem daft, I'm very new to computers.

'please note that this is not an endorsement of Tor; I believe that Clive and others are correct that it is intentionally flawed by design. it may accomplish my purpose of defeating some commercial surveillance, at the expense of increased attention from Spookwerks East. is Spookwerks Utah online yet?'

So what you recommend to replace Tor with? I2P or Freenet? Surely not VPNs which are equivalent to 1-hop Tor circuits or proxies which offer nothing at all against illegal eavesdropping&wiretapping?

'As per usual, anything security related to be at least air-gapped at the very least and running on OpenBSD for now until either Genode or Redox have something stable and usable.'
Why not SubgraphOS or QubesOS?

@Clive Robinson
'A microkernel has advantages when it comes to securiry because it has less of an attack surface and less complexity when compared A monolithic kernal.

But a monolithic kernal provides not just more services, it does it in a "richer experiance" way, as well as doing each in a more efficient or effective way.'
What kind of richness are you talking about, that can be made for monolithic kernels but not for microkernels? Something like that is impossible isn't it? The current implementations might require more resources to implement in microkernels but shouldn't be monolithic kernel only...

'However as we now know both are crap on throughput when compared to user space IO etc.'
How is putting everything in ring3 different than putting everything in ring0? Isn't it still a monolithic kernel for all practical purposes?

Dirk PraetApril 24, 2017 7:08 AM

@ cypherpunks

Why not SubgraphOS or QubesOS?

Despite some impressive security hardening (grsecurity, PaX, RAP, Oz sandbox framwork, AppArmor, Tor, Golang based apps etc.), SubgraphOS is built on Linux, which does not have the most secure of foundations. It's also still in alpha. While conceptually sound, Qubes OS very much depends on the security of the Xen hypervisor, hardware compatibility being a bit of a challenge too. Both require a 64bit architecture and a minimum of 4Gb of RAM to run somewhat comfortably. TAILS and Whonix are in the same play field, based on Linux too, the next versions of which equally requiring 64bit because they're based on Debian which is discontinuing 32bit support. There's also IprediaOS for I2P afficionados having to cope with I2P being dropped in the latest TAILS version 2.12 .

OpenBSD on the other hand is built specifically with security in mind, and in this area has a long and proven track record. You can run it on a variety of platforms, even on very old i386 hardware with 512Mb or less. Which makes it quite suitable to refurbish an old laptop with. I refer to my quick installation guide here. (Caveat: does not cover pf firewall, dnscrypt-proxy, Tor or other advanced security configuration.)

The main drawback for both platforms are their monolithic kernels, which we are kinda stuck with until - like @Thoth said - the availability of a microkernel based OS that is both stable and usable, or @ab praeceptis publishes the specifications of his personal high security set-up. Another disadvantage is that with the exception of TAILS none of it is quite user-friendly, thus ill-suited for mere mortals used to Windows or MacOS.

In the end, whatever you choose is a function of risk profile, budget and proficiency. An ordinary user concerned with corporate tracking only is probably best off with TBB on a somewhat privacy and security hardened COTS OS, for which there are plenty of online guidelines. Those who've had it with Apple and Microsoft, familiar with Linux or willing to put in the effort to learn it, can start with Tor centric stuff like TAILS, Whonix or Ipredia, but which will still not protect them against resourceful state actors.

More advanced users with a budget can move up to Qubes or Subgraph, which from a security vantage IMO offer superior features than the previous three. And then finally, for the Unix experts among us, there is TrueOS (FreeBSD) and OpenBSD. Their foundations are arguably more secure than anything Linux-based (especially OpenBSD). Driver support and ease of installation has also significantly improved over the years. But the bottom line remains that - like a .357 Magnum - they are only suitable for people who really know what they're doing.

Irrespective of the chosen platform, the single most important rule to keep in mind is to physically separate (i.e. air/energy gap) your encryption and communication devices when up against state level adversaries.

So what you recommend to replace Tor with? I2P or Freenet? Surely not VPNs ...

That's not the right question. There is no such thing as a one-size-fits-all bullet proof solution, especially on inherently insecure hardware (think Intel ME and the like). You combine a series of different solutions with matching OPSEC, depending on your risk profile, budget and computer security proficiency as explained above.

Consider this: a crash course in self-defense and a pepper spray are quite useful when up against a common street thug, but will leave you sh*t out of luck against Jason Bourne or a guy with a gun. It doesn't mean the self-defense course or the pepper spray are useless, only that they're not fit to deal with any kind of situation, the more extreme of which will require additional resources and skill sets on your behalf.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.