Friday Squid Blogging: Squid as Prey

There's lots of video of squid as undersea predators. This is one of the few instances of squid as prey (from a deep submersible in the Pacific):

"We saw brittle stars capturing a squid from the water column while it was swimming. I didn't know that was possible. And then there was a tussle among the brittle stars to see who got to have the squid," says France.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on June 2, 2017 at 4:05 PM • 118 Comments

Comments

Ben A.June 2, 2017 4:10 PM

EternalBlue Exploit Spreading Gh0st RAT, Nitol

http://threatpost.com/eternalblue-exploit-spreading-gh0st-rat-nitol/126052/


WikiLeaks Dumps CIA Patient Zero Windows Implant

https://arstechnica.com/security/2017/06/wikileaks-says-cias-pandemic-implant-turns-servers-into-malware-carriers/

http://threatpost.com/wikileaks-dumps-cia-patient-zero-windows-implant/126036/


Crowdfunding Effort to Buy ShadowBrokers Exploits Shuts Down

http://threatpost.com/crowdfunding-effort-to-buy-shadowbrokers-exploits-shuts-down/126010/


Trump administration approves tougher visa vetting, including social media checks

http://www.reuters.com/article/us-usa-immigration-visa-idUSKBN18R3F8


Patches Available for Linux Sudo Vulnerability

https://threatpost.com/patches-available-for-linux-sudo-vulnerability/125985/


OneLogin suffers breach—customer data said to be exposed, decrypted

https://arstechnica.com/security/2017/06/onelogin-data-breach-compromised-decrypted/

https://www.theregister.co.uk/2017/06/01/onelogin_breached/


Security company finds unsecured bucket of US military images on AWS

https://www.theregister.co.uk/2017/06/01/us_national_geospatial_intelligence_agency_leak/

https://arstechnica.com/security/2017/05/defense-contractor-stored-intelligence-data-in-amazon-cloud-unprotected/


On the Mood Among My Former Colleagues at the FBI

https://www.lawfareblog.com/mood-among-my-former-colleagues-fbi


Maybe Skip SHA-3

https://www.imperialviolet.org/2017/05/31/skipsha3.html


Maybe we shouldn't skip SHA-3

https://www.cryptologie.net/article/400/maybe-dont-skip-sha-3/


Considering the Laptop Ban: Risks, Costs, Benefits, and Alternatives

http://www.heritage.org/sites/default/files/2017-06/IB4710_0.pdf

Google DominationJune 2, 2017 4:48 PM

Google in the Classroom
The NYT article told of an ‘innovative’ teacher selecting Google Classroom as it allows students to share documents. Impressive?
https://www.nytimes.com/2017/05/13/technology/google-education-chromebooks-schools.html?_r=0

16 Month Battle
Meanwhile Oregon state education attorneys 16 months to legally compel Google to respect students privacy.

EU Seven Year Battle
The EU European Competition Commissioner Margrethe Vestager, however, has shown no willingness to settle with Google who faces a record $9 billion fine for rigging search results.
http://www.independent.co.uk/news/business/news/google-eu-fine-search-9-billion-search-results-rigging-alphabet-shopping-service-a7768621.html

Government of Special Interests
In the USA, the Obama administration appointed hundreds of ex-Google employees to fill key technology positions. Alphabet CEO Eric Schmidt visited the White House over 200 times. The FCC then dropped its Google investigation.
Next the Department of Transportation gave American high-tech complete no holds barred control over driver-less cars with zero public debate on public highways.

Compulsory Auto Tracking
Intel’s CEO just stated these autos will be equipped with camera’s not for safety to scan license plates of adjacent private autos. His justification was to help find missing children. In reality your destinations meta-data will be added to your dossier for analysis and monetization.

IME is Not Enough
No doubt auto passenger facial recognition is next. Intel said Americans must get used to the increasing levels of invasive tracking (by corporate government agents). Will the captive passengers also be analyzed while watching advertising?
http://www.dailymail.co.uk/sciencetech/article-4564480/Self-driving-cars-double-security-cameras.html

Recon - View what Android Apps are Up-To
During his research, Choffnes’s team discovered various deceptive practices by Android apps. One such app, GrubHub was found to be unintentionally sending user passwords to Crashlytics, a Google-owned firm. (Google monitors most log-in pages Android or not).
ReCon has a web-based console, which allows users to block or revise the information. For example – users can block all the location data used by apps.
http://wccftech.com/can-now-track-apps-snooping-personal-data/

Seizing Internet Control through Chrome
‘Google also is working on scoring websites for their ad experiences, and would blacklist sites that fail, meaning the site would then be prevented from showing ads, a publishing source said.’
"If they blacklist you because of bad creative, Chrome will block ALL the ads on the site," said one publishing exec, not authorized to discuss the offering. "Google becomes the judge, jury and executioner. Next thing you know, you're making zero money."
Pot of Gold. The unstated benefit is Google will keep a log of EVERY web site Chrome users visit.‘Google did not respond to requests for a comment.’http://adage.com/article/digital/publishers-hope-google-s-ad-block-plan-hurts-bad-sites/308757/

Smart yes Very Smart
All this is overwhelming as Google moves into high-gear. There is zero American discussion, as if people are brain-dead. Educator recommendation:
“Every year, several million American students graduate from high school. And not only does Google make it easy for those who have SCHOOL Google accounts to upload their trove of school Gmail, Docs and other files to regular Google CONSUMER accounts — but schools encourage them to do so. This month, for instance, Chatfield Senior High School in Littleton, Colo., sent out a notice urging seniors to “make sure” they convert their school account “to a personal Gmail account.”

anonyJune 2, 2017 6:17 PM

RFID tags on the new Intel Skylake and Kobylake processors...

http://www.gamersnexus.net/news-pc/2936-intel-i9-7900x-delidding-cpu-package-thermal-paste

"There appears to be an RFID chip in the corner of the Intel i9-7900X that we looked at, which would lead us to believe that the chip is capable of storing user information. Der8auer’s theory is that this could be used to store user overclock data, e.g. maximum stable OC. Such a chip could also be used for RMA processes, theoretically."

also a german story on it out there...

ab praeceptisJune 2, 2017 11:45 PM

Ben A, all

I've read both pro- and anti SHA3 articles. Thanks for the links (from reddit and hn, I take).

I might say that I'm shocked because one of them simply hasn't understood security and the algorithms and the other one is even comparing apples with dogs. But I don't because I'm not (anymore) shocked.

I read imperial violet quite frequently for one simple reason: it's like a window into googles (and others like mozillas, etc) way of thinking.

What I'm not at all surprised about is Joes and Janes understanding. SHA3 came many years *after* SHA2 and SHA3 is officially supposed to be better than SHA3 - ergo Joe and Jane have their common (wo)mans answer. Which btw is OK in my opinion. Gazillions of end users need simple answers and guidelines.

What makes me really dislike the "discussion" between the two "experts" though isn't even their professional sloppiness (I try to avoid using the term "incompetence", in part because it's probably more about ignorance).
What I dislike is how they boil it down.

imperial violet, for instance, is not off with his desire for speed. And no, that's not simply because google and the likes care mostly about speed (as the other one indicates). Speed is important for many reasons, such as small MCUs (there are **way more** 430ies, even 8051s, a plethora of arm MCUs, etc out there that fast desktop or server cpus...) and - an important point - about acceptance and hence uptake. I hope I need not remind of the reason why even today many web user databases use md5 passphrase hashes...

If you run a web site or service with a significant amount of users, speed *is* of concern - and way more than many think. One reason for that is that one can't arbitrarily scale. Once you have your 16 or 48 or whatever xeon or power core busy you hit a quite hard wall; it's simply not good enough to add more servers as doing that opens another box of pandora.
Short: Doing something tens or hundreds of thousand times per second or otherwise massively, e.g. pumping out terabytes per hour, it makes a very major difference whether a core algorithm runs at 1 cycle/byte or at 15 cycles/byte.

But the decisive points are not limited to that and both miss that to a large degree. To name an example: state size of an algorithm isn't just performance relevant but also security relevant. On the other hand the possibility to extend an algorithm is (imo) next to irrelevant. Other quite important points were utterly ignored; keyability is an example.

In case anyone is interested: My personal preference is blake2. For Joe and Jane (who typically don't run massive scenarios) SHA3, the official thing, is a fine algorithm. For others who are more adventurous but still prefer to stay within a safe zone Skein, an algorithm which was co-designed by our host, Bruce Schneier, is a fine alternative, too.

Btw: Do we need 512 bit algos? No, we don't, except for very, very rare scenarios. In fact, even 256 are somewhat (but healthily) larger than 99.99% of all scenarios need. So let us stop that mundane and silly bigger-is-better hunt, which specifically in the crypto field is silly (because there it's much more about smarter is better).

Which brings me to my last point: Somehow we have become a society where only winners count. Just as if 2nd and 3rd places were without any value or merit. I consider that immature and unwise.
*All finalists* in a crypto competition have run through a merciless and hard parcour and "the winner" (like Keccak/SHA3) is usually not somehow superior but has been chosen based on a certain profile which happens to favour 1 algorithm over the other finalists which are *first class*, too, and usually in some respects even better (and slightly worse in others).

ThothJune 3, 2017 12:13 AM

@Ministry of Truth

It is one thing to list a link farm with all kinds of tools but it is another thing to give quality and proper assuring security tools than just a bunch of links.

It is like trying to use everything in the book against an adversary but the adversary can traverse every single defense you put in it's way, thus, what is the whole point of just putting a bunch of links that do not provide the security people actually need.

For email encryption, GPG is not good enough. GPG with smart cards to store the encryption keys via the OpenPGP Applet will be another step up but it is till not good enough either but better than just software keys which the Intel/AMD/ARM crap can intercept your software keys.

I don't think TAILS can make the cut for a secure anonymous browsing system due to the fact that it uses Linux and not OpenBSD as the OS and as I have mentioned for a long time, even OpenBSD is not to be considered anywhere close to a secure operating environment. TOR itself is known to have issues with whoever having the bigger view of the network can see the transactions of encrypted following through and this is enough to guess who is communicating with who.

There are just too much to be desired and the link farm is as good as giving very little in terms of actual security enhancement but something more like a desperate attempt to beef up defenses when the enemies are already at the gates.

Wouldn't it be better if you could make a fully functioning plan (i.e. how the parts of the systems are deployed securely with little compromise) instead of dumping a link farm since beginners would be excited upon seeing a link farm and would try their hands on but when they face the reality where these systems if used improperly can be very cumbersome and not contribute to security (or even harm security).

AnuraJune 3, 2017 12:13 AM

@ab praeceptis

Btw: Do we need 512 bit algos? No, we don't, except for very, very rare scenarios. In fact, even 256 are somewhat (but healthily) larger than 99.99% of all scenarios need. So let us stop that mundane and silly bigger-is-better hunt, which specifically in the crypto field is silly (because there it's much more about smarter is better).

In theory quantum collision attacks might be doable in O(n1/3) time, so 384-bits might be a more prudent minimum. It should also be noted that you can often get higher throughput with a larger block size if you design your algorithm to take advantage of CPU optimizations like pipelining, so there may be other considerations besides just security.

ab praeceptisJune 3, 2017 12:29 AM

Anura

Correct. That's why I said that there is much more than speed (and tag size) to consider. In reference to your example: people usually see speed as given by some source; that, however, is usually cycles per byte in a given scenario which usually is a large one (say hashing a GB).

Reason (which is often not seen): There isn't just the running phase; there's also the setup phase - which can be quite considerable.

Now what if you run something that has many, many connections but just a couple of bytes for each? Then suddenly the setup phase gains a lot of weight and a 256 bit tag is simply waste (possibly up to the point that you need to change your whole design).

My advice: Don't look just at the nice throughput numbers. Also compute them for a small packet, very frequent algo setup scenarios and suddenly the performance picture looks quite different and the "speed deamons" become snails.

So, again: We need both a Joe and Jane and everybody algorithm (like SHA3) and alternatives that are chosen wisely and knowledgably by professionals.

P.S. One the two on which I recurred in my other post actually compared x cycles/byte hashing algo and 25519 which is PK!!! If at least he had compared it with sym crypto. Truely a new peak of idiocy.

Slime Mold with MustardJune 3, 2017 6:19 AM

As I prepared to add my home's weekly junk mail to the burn bag, I noted six letters from law firms I had never heard of. Not the civil law outfits of my regular business. I read...

"In these difficult times, you want the best possible representation"

"it's not just yourself, but your family that stands accused"

..."My firm is comprised of attorneys with an abundance of knowledge in the area of felony criminal defense ..."

"My office has learned that you are facing felony criminal charges..."

"HIGHLY EXPERIENCED FELONY AND IMMIGRATION LAWYER"
(Damn, Trump has gone overboard. My mother's side of the family has been in the US more than 12k years)

I could not recall having been slapped in cuffs and tossed in the slammer. Or making bail. Then again, a lot of our best memories are a blur. (In the future, many people will be arrested via email, as a budgetary measure)

There is a fellow who lives three miles from me who shares a first and last name. He has a different middle name and his DOB is 674 days after mine. Our SSNs share only the first three digits. Due to Soundex style coding, our driver license numbers share the first four characters - and nothing else.

What really concerns me is that my street address is unique in my state. I don't mean when the street name is included. I mean "12345" (or whatever) is not repeated in my state and only a few times in the US.

I shall stop by the sheriff's office to ensure there are no pending charges, and let the real nightmare begin - trying to get this "digital scarlet letter" off my record. I did not go straight to Intellius etc, well aware that lookups breed yet more records.

I need not worry about employment, but would like my credit intact. I have those "correct the record links". https://info.publicintelligence.net/NJROIC-OptingOut.pdf

I at least hope I've been fingered for an armored car robbery, and not something lame like a DUI (drink - drive).

@ Clive Robinson

I've not given up on the SS Richard Montgomery. I've been swamped.

The 500 kt v 5 kt was reductio ad absurdum .


Ergo SumJune 3, 2017 7:17 AM

@Ben A....

EternalBlue Exploit Spreading Gh0st RAT, Nitol

I loved the graphic in that article, maybe the door should've had an MS logo...

Wait... Wasn't the SMBv1 vulnerability patched by Microsoft; in some cases, about two month ego?

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Quote from the above link:

The security update addresses the vulnerabilities by correcting how SMBv1 handles specially crafted requests.

Are there more "specially crafted requests" in SMBv1 that had not been patched?

I guess it's a good thing that SMBv1 had been disabled in both of my business and home networks a good while ego...

AndrewJune 3, 2017 7:23 AM

What key length should I use now if I want to keep a secret for 25 or 50 years?
What year's secrets can be decripted with current technology​?
Just some thoughts.

Ergo SumJune 3, 2017 8:30 AM

@Google Domination...

All this is overwhelming as Google moves into high-gear. There is zero American discussion, as if people are brain-dead.

I'd scream about antitrust laws, if we had a government that cared to enforce them. Instead, we have a government that creates regulations for legalizing monopolies, mafia style banking and health insurance, etc. You go ahead, scream "bloody murder" and talk to your representative suggesting alternatives. And the response is:

"The lobbyists would never allow that to pass"

In another word, our legislators care not for people. Yeah, you go ahead and discuss the company that does no Evil...

keinerJune 3, 2017 9:40 AM

@ Ergo Sum

The whole development is completely anti-democratic, as all of the control for these software/hardware monopolies is in the dark, the objectives of the companies are in the dark (if you don't want to joint the tinfoil hat faction) and nobody in politics is interested to give power back to the people.

Deeply disturbing.

LOLJune 3, 2017 9:51 AM

Google domination?

Heh, looks like the company that does not produce much more than adverts and that survives mainly by feeding from people's personal data need people to sell themselves. I take that Google is afraid they will be forgotten by the public otherwise...bad news for the sentiment through which they pump the value of their stock...

The many failed Google projects that never took over the world nor even changed it are quietly buried like a diseased child out of wedlock.

So when it comes to Google and it's "achievements", they are never spoken of in past tense. That would probably not contribute to a positive sentiment. Sort of like the Iraq War...the US government was always "winning" but never "won".

Compare to Amazon who is actually winning market share and producing things. How many failed projects does Amazon have?

How many Amazon employees and shareholders promoting Amazon on the internet?

Baah MoooJune 3, 2017 11:53 AM

Too much focus on each new scary Vault 7 exploit distracts people from the real dirt: the use cases. The juiciest cases naturally involve CIA covering up its universal-jurisdiction crimes. So remember Buffalo Bamboo if you hear it in connection with an unexpected foreign host. And remember der Starke, next time some poor US bastard's computer makes the news.

albertJune 3, 2017 1:03 PM

@LOL,
From the git go, Google has been very successful with their Monetization Plan, unlike, for example, Facebook. Amazon, OTOH, has a long-term goal: total domination of the mail-order market.

Google, FB, etc. are called 'tech' companies, but they are only data collectors. Their 'products' are information. Amazon is the modern equivalent of Sears.

Why is Apple so successful? Because they make stuff; cool things you can hold in your hand, with their own software. This was Microsofts big mistake; they didn't enter the hardware market when they had the chance. Apple did.

Of course I'm over-simplifying, but is my opinion that a countries with only financial and service sectors with be buried by those that actually make stuff.

We've got to expand our manufacturing sector.

. .. . .. --- ....

Google Monopoly Blossoms With Zero RegulatorJune 3, 2017 2:02 PM

Great Products Don’t Need Advertising
Google has an insatiable need to push the privacy envelope as demanded by the paying advertisers.
Amazon has an insatiable need to sell world-class products many, of which are not available at local stores.
Costco also has many excellent products that also sell themselves. However they do send out monthly flyer's which of offer many genuine bargains. And then the nutritional samples!

Great Products Don’t Need Big-Data
I recently considered also making purchases through Walmart.com. However Walmart never made the software infrastructure investment. So they bought Jet then brought in virtually ALL the BIG guns of American Big-Data, who eavesdrop on every Walmart.com page.

Great Products Don’t Need Google Search
Google acknowledges that great products also don’t need Google Search. Which is why they play a major role at Wal-mart.com. They also partner to receive 70% of all purchase info in physical stores (unbeknown to customers).

Making an Informed Purchase
Rather than relying upon distorted advertising, people study Amazon and other sites reviews (knowing some are bogus).

Anti-Trust and Monopoly Issues
Google's Chrome accounts for almost 60% of the browser market, according to Net Market Share. Reminiscent of Microsoft Internet Explorer being fused into Windows.

Ad-Blockers Users Forced to Identify and Pay
Google plans to its own self-indulgent ad-blocker. Consumers must ID & pay extra to use other competing ad-blockers.

Google Toll Roads
Google anti-ad-block software will run on web-sites to detect if competing ad-blockers are in use.
If detected, the new Google ‘Funding Choice’ toll program will then pop-up forcing consumers to unmask themselves by paying to view content.
Of course those who have a all-knowing Google account will be identified and automatically charged.
Google gets a cut and can now track consumers who don’t even have a Google account. Just like a toll road or TSA screening? Your web surfing can then be sold to advertisers and the government (checked before you fly).
https://www.theverge.com/2017/6/1/15726778/chrome-ad-blocker-early-2018-announced-google

Google's Monopoly Is Blossoming in a Zero Regulator Environment. They must secretly worship Mr. Trump (in a world gone mad).

Ministry of TruthJune 3, 2017 3:49 PM

Here's a shorter version. Hopefully acceptable.

Firewalls, antiviruses, GPG/PGP[3], LiveJournal(warning! clicking this link classifies you as a Muslim extremist)[4], Tor[5], TAILS[6] and anything else that makes it harder for people to damage your computer or to steal your personal information is an offensive weapon, a cyber munition that causes mass destruction.

On the other hand, things such as network exploitation techniques[7], viruses[8], spyware[9], Denial of Service tools, sabotage of NIST security standards[10] (standards which must be secure to protect the secret service from being murdered[11]), preventing 0-day vulnerabilities from being fixed[12], and so on, factor into "defense". These defensive strategies do not put civilians at risk[13].

These things are for your protection[14]. It makes perfect sense for Anonymous to wear Guy Fawkes masks while DDoSing any dissidents/anyone else who is against Big Brother[15].

The government is above being hacked[16], so you should trust them with your mind body and soul. Failure to accept their mark will result in exclusion from all types of commerce[17], so accept it for your own good. Make sure to protect your children from peeping toms[18] and stalkers[19] by warning them not to use privacy software[20].

The US Government is doing everything it can to prevent Russian czars from having an easy to use, single point of attack (killswitch) that just takes one person to press it to instantly bring the entire US economy and all networked medical services to its knees[27].

The best way to catch terrorists and extremists is to look for groups that use fear to prevent discussing of opposing idealogies[28] instead of simply making a logical argument against their opponents' idealogies.

Also, it has recently been found that safety features in computers and cars can benefit terrorists, so all anti-viruses[34] and airbags (in Internet connected vehicles, which all new vehicles must be, "to protect the children") must have an easy, fast, sure way to be remotely disabled without alerting the occupants.

Ministry of TruthJune 3, 2017 4:08 PM

@Thoth
Good points.
I made a few assumptions in my post.

One, that there aren't too many newbies here, and that the ones that are here are probably security conscious enough to look up how to use Tor and whatnot safely.

Two, that the biggest obstacle to widespread liberty is a mindset that giving up liberty makes things more secure, so I tried to use satire to show what a bad argument it is to say "if you aren't a bad person you don't need privacy" or "unless you give up privacy you can't be safe".

Three, that even though Tor and TAILS can be broken, and Linux is not perfect, that these kinds of software need to become more popular, even if it is only newbies using them. That is because the zero-days against them probably won't be wasted on newbies, and the people who are selectively targeted should be able to work out more secure alternatives, such as GenodeOS, GNUNet, I2P, and so on. Apparently QubesOS is based on Linux like TAILS, but there is talk of making it support Dom0 besides Linux, and that many of the zero-days in Xen are mitigated in QubesOS. There is also SubgraphOS, and some really crazy super high EAL rated operating systems that are even less newbie friendly. It doesn't seem productive to write about them, since hardly anyone can use them, and the ones who can probably already know about them.

call girlJune 3, 2017 4:49 PM

@Google Monopoly Blossoms With Zero Regulator

Google Toll Roads

Google anti-ad-block software will run on web-sites to detect if competing ad-blockers are in use.

If detected, the new Google ‘Funding Choice’ toll program will then pop-up forcing consumers to unmask themselves by paying to view content.

The Seven Devils of the Internet

  1. VIRUSES
  2. WORMS
  3. TROJANS
  4. POP-UPS
  5. SPYWARE
  6. ADWARE
  7. MALWARE
>>> And I heard a great voice out of the temple, saying to the seven angels: Go, and pour out the seven vials of the wrath of God upon the earth. <<<

StemJune 3, 2017 7:25 PM

@Ben A.

Re: On the Mood Among My Former Colleagues at the FBI

"But here’s the thing: opinion on the subject within the Bureau is not, as far as I can glean anyway, diverse at all. I spoke about my concerns with a friend and former coworker, explaining that I was worried that if I were to write on the subject, the post would devolve into a weepy love letter to Director Comey. My friend’s response went a long way towards summing up what, I believe, is actually the overwhelmingly consistent reaction of FBI employees to the firing of the director: “But how could the post be anything except a weepy love letter?”"

"Lawfare"? o_0

Q: Was the sitting director of the FBI the bee's knees?
A: Hells ya!!!

...but of course their hearsay is conclusive, what other conclusion could one come to than that this is the most accurate portrayal of reality ever? I see no need to question this fact apparent in any way.

Having it AllJune 3, 2017 9:42 PM

Subj: Todays Humor

My hot team is renegotiation the very unfair Free and Open Internet:
First we have to remove the anonymous data rules of net-neutrality
Then dump the anonymous data of those who wish to evade detection
Then build collection plates at every site to instill obedience

Continue building walls which magnify these attributes:
Omnipresence - the property of being present everywhere
Omnipotence - the quality of having unlimited power
Omniscience - the capacity to know everything that there is to know

Then I can unmask anyone else at anytime anywhere

Dummies: The World IS Getting Hotter. Its because (redacted to prevent unmasking)

In the mean-time enjoy the chaos!

n/aJune 4, 2017 12:44 AM

blog.torproject.org got changed big and now needs JAVASCRIPT to comment. NSA took it over??

ab praeceptisJune 4, 2017 2:05 AM

Ministry of Truth

"super high EAL" etc. - Forget it. windows has eal. eal means nothing but "someone (usually a large corp) coughed up the major money for a golden "secure" sticker. Same with fips and others.

Let me tell you why we are where we are - and why we will stay there for quite a while.
First the latter: We will stay there for quite a while for 2 reasons: a) we don't understand why we are there, and b) to get out of that ugly hole we'll need to walk a 1000 step staircase up.

Now to the why. 2.5 main reasons:

a) computing was, from the first day on, mainly driven by greed and irresponsible playing. Listen around, the holy currency still is either money or "fun". Go to any developer conference and you can drown in "it's fun!", "we do it for fun!" statements.
The IT field, particularly software dev. is basically another "go west, get rich!" with disney park thrown in on top.

b) foss. Many will hate me but I'm absolutely sure about that. That's not to say that foss is only and always bad, it isn't, but in summary foss broke down the last few walls of reason plus, to make it worse, it damaged the whole field.
foss broke down the last walls of reason because you can't ask for *anything*. From a payed developer you can demand to work properly (not that many would do that, but one *could* demand it), from a foss dev. you can't ask anything. From a software vendor you could demand at least minimal standards, quality, compensation, foss very clearly states "f*ck you!"; you use that foss software without its developers standing for anything, not even formally. A company must fear negative reactions, foss need not care, there simply are no consequences at all.

c) universities and the grant system are rotten. What little useful outcome research produces is almost always either hidden away and/or abandoned or used to spin off a company.

So, forget those "crazy super eal" OSs. Yes, there are a few, *very* few, but they are either abandoned or spun off at a rather early stage or they are private corp stuff from the beginning. And, that's important, they usually are *not* secure OSs but rather "not rididulously f*cked up crap". An example would be what came out of Oberon.

As for the 1000 steps stair back to sanity: We are at a very early stage and acceptance, let alone uptake, is sadly low. C is cool and fun, Ada or Eiffel aren't (so they think), fuzzing is cool and fun, properly spec'ing and verifying isn't (so they say).

And just btw: Think a moment about the kind of money one could earn by being able to sell some actually reasonably secure OS! (And about the efforts and investment that would need). Do you really think that would be given away for free? I certainly don't. As for foss, forget it; they are about cool and fun and blabla.

And btw, I'm quite sure that Bruce Schneiers "theater" image does hold here, too. Most people do *not* (really) care about security; what they do care about is *feeling* secure and comfortably so (read: spending 29$/year is O.K., activating ones brain and acting reasonably is not).

Ergo SumJune 4, 2017 8:54 AM

@Ministry of Truth...

Three, that even though Tor and TAILS can be broken, and Linux is not perfect, that these kinds of software need to become more popular, even if it is only newbies using them. That is because the zero-days against them probably won't be wasted on newbies, and the people who are selectively targeted should be able to work out more secure alternatives, such as GenodeOS, GNUNet, I2P, and so on. Apparently QubesOS is based on Linux like TAILS, but there is talk of making it support Dom0 besides Linux, and that many of the zero-days in Xen are mitigated in QubesOS.

I found ironic that the QubeOS' introduction video shows Google Chrome browser for both the work and personal browsing and the narrating person also logs in to his Gmail account.

https://www.qubes-os.org/video-tours/

Admittedly, I have not installed QubeOS to see, if Chrome is the default browser, but it pretty much stopped me from trying it. Yes, I do know that I could remove/add browsers, once the installation has completed...

anonyJune 4, 2017 2:40 PM

A key exchanged comp to comp comm sys.

https://github.com/warner/magic-wormhole

"Get things from one computer to another, safely.

This package provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. The two endpoints are identified by using identical "wormhole codes": in general, the sending machine generates and displays the code, which must then be typed into the receiving machine.

The codes are short and human-pronounceable, using a phonetically-distinct wordlist. The receiving side offers tab-completion on the codewords, so usually only a few characters must be typed. Wormhole codes are single-use and do not need to be memorized."

call girlJune 4, 2017 3:43 PM

@JG4

as always, I appreciate the civil discourse on important matters

http://www.wnd.com/2017/06/jeff-bezos-amazon-washington-post-and-the-cia/

Sure thing. Except, ... we are not civil anymore.

Jeff Bezos' slaves are murdered by the cyber-mob bosses if they file for workers' compensation for repetitive stress injuries from heavy lifting in that awkward position on the loading chute or wherever they are stationed and not allowed to move.

Civil War II, World War III, whatever you want to call it.

Enough with the civility. These people are so vile that I never want to hear sirs, ma'ams, pleases, and thank yous out of their filthy mouths again.

Ministry of TruthJune 4, 2017 4:25 PM

@ab praeceptis

"mainly driven by greed and irresponsible playing. Listen around, the holy currency still is either money or "fun". Go to any developer conference and you can drown in "it's fun!", "we do it for fun!" statements.
The IT field, particularly software dev. is basically another "go west, get rich!" with disney park thrown in on top."
Mainly but not entirely. There is software with no purpose but to make computing safer. Software that offers no additional functionality, and whose developers give it away for free without adware or spyware in it.

"From a software vendor you could demand at least minimal standards, quality, compensation, foss very clearly states "f*ck you!"; you use that foss software without its developers standing for anything, not even formally. A company must fear negative reactions, foss need not care, there simply are no consequences at all."
Don't all shrinkwrap EULAs contain "f*ck you!", just with 10 times the pages of FOSS licenses, and additionally forbid you from modifying it or otherwise fixing the problems yourself? Or can you sue Microsoft every time there's a vulnerability in ActiveX or when Cortana sends all your WiFi passwords to everyone you friended on facebook?

"universities and the grant system are rotten. What little useful outcome research produces is almost always either hidden away and/or abandoned or used to spin off a company."
Almost always. Minix was made at a university by Tanenbaum, and it's proved useful in OS research, hasn't it? That's just one example, I don't think you really want a list of things that started at universities that have use in safer computing.

"As for the 1000 steps stair back to sanity: We are at a very early stage and acceptance, let alone uptake, is sadly low. C is cool and fun, Ada or Eiffel aren't (so they think)"
Can you write a dom0 in Ada or Eiffel?

"fuzzing is cool and fun, properly spec'ing and verifying isn't (so they say)"
Do you mean that FOSS projects never do extensive unit and integration tests?
Or that such tests are mutually exclusive with commercially available fuzzing products?

"And just btw: Think a moment about the kind of money one could earn by being able to sell some actually reasonably secure OS! (And about the efforts and investment that would need). Do you really think that would be given away for free? I certainly don't. As for foss, forget it; they are about cool and fun and blabla."
They wouldn't make any money. Every spy organization in every country would offer them more to backdoor it or to not release it than consumers would pay for it.
Releasing such an operating system could only be an act of philanthropy, not avarice.

"And btw, I'm quite sure that Bruce Schneiers "theater" image does hold here, too. Most people do *not* (really) care about security; what they do care about is *feeling* secure and comfortably so (read: spending 29$/year is O.K., activating ones brain and acting reasonably is not)."
Sad but true, which is why I think it's more important to publicize easy to understand arguments in favor of security than it is to wait until something perfectly secure exists before going public.

@Ergo Sum
"I found ironic that the QubeOS' introduction video shows Google Chrome browser for both the work and personal browsing and the narrating person also logs in to his Gmail account."
Thank God that people who do design and videos aren't people who package software or write code.
QubesOS dom0 has no browser, and the default installation image has an option for installing Whonix (which only has Tor Browser Bundle, based on Firefox).

Note that Chrome isn't FOSS, Chromium is. Chrome is more comparable to Internet Explorer and Microsoft Edge than it is to Mozilla Firefox. And it's far harder to audit Google Chrome than Chromium, due to the mystery meat BLOBs in it. Chromium is based on WebKit which is derived from KHTML, what's intrinsically bad about that?
There is no Google Chrome or Chromium included in any of the QubesOS installation images, but they can probably be installed in domU through yum or apt.

Nick PJune 4, 2017 5:26 PM

@ All

Microsoft Research and INRIA continue showing out on verifying crypto protocols. This report describes their new Low* language for implementing things such as crypto algorithms with proof of memory safety and side-channel resistance. That then gets translated into *readable* C for easy auditing. Then compiled with CompCert for verified production of assembly. Then, integrated into their ML-like language, F*, so the high-level stuff can be described and verified in a high-level way. They prove it out with an implementation of Bernstein et al's NaCl in Low*.

@ ab praeceptis

Being a separation logic fan, you might find VerCors interesting given they use a layered approach to verify concurrent, data structures. Another person doing verification, esp on distributed and concurrent stuff, said that's typically really hard where the tool is either a huge burden and/or can't prove a significant number of correct constructions. This tool improves on things in both directions. Will still be hard compared to non-formal methods since both correct concurrency and separation logic of anything not simple are hard. Still might be useful for specialists producing libraries of verified, concurrent structures for use by 3rd parties.

JG4June 4, 2017 6:12 PM


@call girl

Your point is well taken, although for the most part the discourse here at Mr. (Dr.?) Schneier's forum is quite civil. Your planet has been surprisingly violent for a long time and there is some hope that it is getting better, Mr. Bezos and his paymasters notwithstanding. See, for example,

https://www.scientificamerican.com/article/history-and-the-decline-of-human-violence/

Mr. Bezo's paymasters and business partners bankrolled a series of genocides in Asia that killed at least 4 millions. They have been quite diligent in the middle East as well. In the time since the Communist genocides (mostly) ended, the US has implemented a series of smaller ones. You may see the Philippines in the news from time to time. I thought it ironic that they are having a war on dealers and addicts, which is precisely what Mao did.

I am on the record as looking for a better country to support. I have identified a few, but they are surprisingly expensive.


ab praeceptisJune 5, 2017 1:39 AM

@n/a

blog.torproject.org got changed big and now needs JAVASCRIPT to comment. NSA took it over??

IF that was true I wouldn't be surprised at all. I personally consider tor as tainted since quite some time.


@Ministry of Truth

Of course there are pleasant exceptions, e.g. Minix which I myself talked about occasionally and in a quite positive way. But before we can repair a situation we must properly assess it and fact is that the whole field is rotten grosso modo.

Ad "you can repair foss software yourself" - Oh really, is that really so? I don't think so; I think that that's nice sounding blabla like so much with foss. IF that were true then why don't we just repair, say OpenSSL or linux? Maybe because we can't? Maybe because C is ambivalent and hence unverifiable, because fuzzing and all those other funny techniques don't really cut it, and, very importantly to repair something one needed a proper specification of what "working properly" as opposed to being a clusterf*ck means? Usually even that doesn't exist. So all them funny test are run against what reference?

"unit, integration and whatnot tests" - Well intended but worthless blabbering. See above. And keep Dijkstra in mind: Testing can prove the presence of bugs but not their absence.

Just like the 1000 eyes blabbering. Sounds nice and oh so convincing but it consistently fails. For heartbleed, for instance, not even the promised 4 eyes (connected to working brains) were available.

Do I *like* microsoft? Certainly not; hate them since decades. But, you see, this is no sympathy competition. Fact is that evil microsoft has sunk millions upon millions into research and if tomorrows programmers write more reliable software then it will to a major degree be due to microsoft sinking millions into research and development of better tools.
If in a dire situation like ours I have to choose between evil Microsoft having seen the problem and actually delivering vs. "fun! fun! and freedom as in speech!" shouting sectarians with an utterly bad track record I'll choose Microsoft. Trust me, I'm the last guy on this planet who likes microsoft, let alone to laud them, but we'll never achieve safety and security if we can not even recognize reality and prefer to cling to some sectarian creed.

And btw. my education wasn't cheaper than that of other engineers. You see, there is a major difference between a, say electrical engineer helping on in his won free will with some, say, school or town project vs. accusing all electrical engineers as somehow evil, if they charge a fee for their services.
What do you think you get with that foss model? Let me tell you: More often than not you'll get losers and lousy amateurs because the good professionals want and need to and can earn a living with their profession.

And you know what? I still follow the 3 step model; in fact I always suggest it by myself to my clients: downpayment, payment on delivery plus a considerable part, say 20%, only 4 - 6 weeks after delivery, i.e. when my work has been tested and shown to perform as agreed.
Which leads me to my final point: microsoft (and a few other companies) actually pay professionals for cleaning up and repairing what they messed up. foss ... oh well...

ab praeceptisJune 5, 2017 2:40 AM

Nick P

Well, VerCors is pretty much about new front ends (java, C) for the (excellent) Viper infrastructure. I personally will stay with verifast but would not hesitate to recommend VerCors/Viper for java and C people, particularly less experienced ones.

As for the problems with concurrent and or distributed mode I have my own theory and many won't like it. I'm under the impression that that whole problem zoo is largely hype; useful hype, of course, as it feeds many academic projects. Why do I say that? The answer should be obvious when asking "What exactly is the problem?". A closer look will reveal that all those concurrency problems are but a special case of memory (and, one might argue, temporal) safety. I'm somewhat smirking because it comes down to the fact that the software people are way behind the hardware people. The decisive difference that is behind that problem class boils down to "Oh! It's not just me running on this system/cpu!". Another reason for me smirking is that in the end it comes down to some hardware fencing like, say CAS - which is well expressible in logic.
A variable is about access and value. Usually the safety problem is about access. With concurrency sometimes value dependence (i.e. a temporal problem) is added. That's not something hard to understand or to deal with - iff one has achieved enlightenment; the problem is mindset, not registers, memory, or warp holes *g

As for microsofts low* I just sigh. Yet again they've ignored the law of readability. Functional concepts with gratuitously thrown in C notation might look cool and impressive but will have many developers ending up in non-acceptance or, if they are brave and try it, bad usage, problems, and pain.
But still, they should be lauded for their work and engagement, if alone for clearly demonstrating that formal design and verification is a *must*.
(Side note: the functional approach remind me of McKenna's "give me one miracle and I'll explain the universe" in another form ("Give me monads and I'll do everything side effect free") haha).

And I very much liked the name Kremlin for the compiler (actually more of a transpiler with lots of magic thrown in). Smiling there; I have reasons for being a big ETH and Inria fan...

Now to the really funny bit: I laughed out loud seeing their examples. Why? Because I can have almost all of that - and much simpler and more elegant - with sparked Ada, haha.

Who?June 5, 2017 3:56 AM

@ Ministry of Truth

I do not really trust EAL certification. Apple's OS X and Microsoft Windows 7 have EAL certification, OpenBSD doesn't. EAL certification is a way to move the worst disease of industry (if you pay us each time you release a new version of your product then it gets a sticker that shows it is appropriate for use in corporate environments) to security. It is not better than, we say, POSIX.

EAL establishes a first approach to security based on the willingness of developers to pay to get a certification. It is broken by design.

Who?June 5, 2017 4:12 AM

@ Ministry of Truth, ab praeceptis

I see @ab praeceptis commented on EAL certification too. Glad too see we share the same opinion about the certification process... I must not be so wrong after all.

Dirk PraetJune 5, 2017 5:04 AM

@ ab praeceptis

If in a dire situation like ours I have to choose between evil Microsoft having seen the problem and actually delivering vs. "fun! fun! and freedom as in speech!" shouting sectarians with an utterly bad track record I'll choose Microsoft.

While I concur that Microsoft, Apple, Google et al from an engineering vantage are way ahead of the FOSS community in terms of professional development and software life cycle management methodologies, the element you seem to overlook is that their carefully crafted end products are spying platforms by design, thus defeating the entire purpose.

Same thing in music: folks like Celine Dion, Mariah Carey, Whitney Houston and Christina Aguilera are highly accomplished sopranos. Steve Vai and Joe Satriani are brilliant guitar players with an amazing technique. But their music s*cks like an Elektrolux, and I still go with John Lydon and the Ramones any time, even if the former couldn't sing and the latter couldn't play for sh*t.

My current home infrastructure is entirely security hardened Linux- and BSD (all family members), FDE on every machine, and with only one (1) physical and highly locked down Microsoft workstation remaining. All other M/S stuff lives in carefully isolated VM's none of which I require for my daily activities. This setup will not protect me from poorly written FOSS code and neither will it keep the NSA out.

But at least I am feeling reasonably comfortable that none of these devices are deliberately leaking information and that they are FAR less vulnerable to activity monitoring and compromise by script kiddies, cyber criminals, thieves, my ISP, corporate and nation state spies as compared to the potential havoc that can be wreaked by even one Windows machine with a smartphone on the side.

ab praeceptisJune 5, 2017 5:19 AM

Dirk Praet

What I said was clearly in the context of software development and in that area, that's fact, microsoft is spending lots of money and working really hard - and in a credible way.

Would I buy (or use, even for free) ms windows or office? Certainly not, no way.

But that's today. Maybe in a not too far away future ms introduces and sells a (at least much more than windows) safe, reliable and sound OS.
Would I use it? Probably not, i.a. for the reasons you mentioned. But then, I'm not Joe or Jane.

The factors you mentioned are a different issue; an earnest one and one where we should be prudent (read mistrusting) but another one. And one that, unlike safe development, can (and certainly should) be solved politically/legally.

JG4June 5, 2017 6:56 AM


http://www.nakedcapitalism.com/2017/06/links-6517.html
...[deep state business as usual]
Police State Watch
Hiding the Ugly Business of Torture Consortium News (Sid S)
https://consortiumnews.com/2017/06/02/hiding-the-ugly-business-of-torture/
...
Farewell Walt Mossberg, the scourge of Silicon Valley
https://www.theguardian.com/commentisfree/2017/jun/04/farewell-walt-mossberg-scourge-of-silicon-valley
John Naughton
His pioneering journalism held the industry to the same standards as other manufacturing sectors
...
If the networked printer suddenly stopped working, then you were faced with the kind of knowledge gap that existed between Leibniz and his horse. And so on.
...
“If we are really going to turn over our homes, our cars, our health and more to private tech companies, on a scale never imagined,” he wrote, “we need much, much stronger standards for security and privacy than now exist. Especially in the US, it’s time to stop dancing around the privacy and security issues and pass real, binding laws.

ThothJune 5, 2017 9:11 AM

@FOSS vs. PAID et. al.

Both have their shortcomings and advantages. It should not boil down to whether FOSS is better than paid wares but more of the general outlook and mentalities and this have to be assessed by each project or product.

One example is safer OSes where most people typically place their trust that Linux to them are better choices than Windows because of the FOSS Linux label but the fact ia the mentality is important.

So far, Linux has been very bad in terms of safety and security mentality and as long as people are just contented with Linux sprinkled with some pixie dust to harden Linux, that wouldn't cut at all. For Linux to be truely security and safety centric, the mindset of Linus Torvalds of treating security and safety as typical second class has to change as he is the one with the power to change Linux and it's communities and even FOSS.

I doubt his attitudes would change any time soon and thus Linux et. al. would continue to not make the cut as a saferand more secure OS.

ab praeceptisJune 5, 2017 9:30 AM

Thoth

the mindset of Linus Torvalds of treating security and safety as typical second class has to change

Just a short remark: No.

I get your point but linux can not possibly be made secure. For one the linux bloat bubble consists of millions and millions of loc. Moreover, safety, reliability, and security have to be designed from the start. All attempts to somehow turn crap into something sound are bound to fail.

But my remarks were of a general nature, anyway. *Of course* there is also good or even high quality foss stuff (though typically not with gpl; little surprise there). OpenBSD is an obvious example (although compromised by its roots (posix)); those people do quite good work. That said, I've also seen really good and open sourced work come from companies.

Generally speaking, though, foss has rotten the whole field. One very regrettable symptom is the wide spread expectation that not only must software free (beer) but, in fact, foss software is better than commercial software - which, of course is utter bullsh*t.

Ergo SumJune 5, 2017 9:42 AM

@ Ministry of Truth..

Thank God that people who do design and videos aren't people who package software or write code. QubesOS dom0 has no browser, and the default installation image has an option for installing Whonix (which only has Tor Browser Bundle, based on Firefox).

Thanks for your statements, off to try QubesOS...

JG4June 5, 2017 10:17 AM


see also:

https://macro.economicblogs.org/naked-capitalism/2017/06/scofield-unsafe-speed-redux-pinto-takata-recalls/

It will be abundantly clear that the regulatory framework is light-years behind the needs of the day. Given a fixed regulatory/legislative lag time, combined with accelerating technology development/adoption, and the mismatch can only get worse over time. Somehow aviation came closer to getting safety by design and safety by feedback correct. There was a chapter in one of Petroski's books about the de Havilland Comet square windows. Different metal, different pressure regime, same scattered bodies and pieces, perhaps more finely divided.

This is spot on to Clive's comments about boilermakers back in the day:

Interview with Josh Hartung — Co-founder and CEO of Polysync
https://medium.com/mobility-entrepreneurship/interview-with-josh-hartung-co-founder-and-ceo-of-polysync-63ee75f6038b
...
This is one of a series of interviews with guests of Stanford’s ME302C: The Future of the Automobile — Mobility Entrepreneurship (see more here)
...
What is the biggest obstacle to widespread adoption?
“Safety is the biggest obstacle, and that’s why we’re focusing on it. There are massive gaps in the backend systems of AVs that would be considered safe enough to put members of the public in. One of the biggest contributors is
simply the sheer complexity of the system. It is so much more complex than anything that has been done before. These systems are a new form of computing. They have the processing of supercomputers, the connectivity of cell phones,
and require a critical safety level of a commercial airline or better.
While we develop AVs, everyone is focusing on the application stack: perception and AI. But without a solid platform, it’s a skyscraper built on fill. What happens when the back-end of these systems fails? The likelihood of failure will continue to rise as the technology becomes increasingly complex. This makes the industry’s current approach to safety insufficient. You can’t extend today’s standards of validation and verification to what will be required on a production AV.
As a comparison, when we first looked at the cloud, we wanted mission critical systems in place. As a result, we set up mainframes. They were very expensive, but they worked. It was crucial to have the right hardware. Now, those systems have been replaced by distributed systems in order to shift load and keep resources working. Netflix did this during the AWS shutdown. The car of today is becoming a bespoke mainframe. The car of tomorrow should look more like a central computing spine made up of a number of big computers that are used for all tasks.
If you look at car safety, there is a hierarchy of time. Decisions are taking place on different magnitudes of time. The longer it takes to make a decision, the less safety critical they become. In the higher frequency decisions, you cannot tolerate latency. Therefore, you have to stay local to a car and achieve high assurance within the car. This is why automotive is big for Intel and Nvidia. It’s the last place where their products will be needed in large quantities.


call girlJune 5, 2017 10:48 AM

White House formally backs plan to send 30,000 federal workers to private corporation

https://www.washingtonpost.com/local/trafficandcommuting/white-house-formally-backs-plan-to-send-30000-federal-workers-to-private-corporation/2017/06/05/b8ce5546-4987-11e7-9669-250d0b15f83b_story.html

Good for FAA! I can't believe these air traffic controllers are actually federal employees anyways. They stress out on the job a lot, and they smoke too much, and the docs give them meds for stomach ulcers and depression and all that crap, but when you think about it, to use a car analogy, this is basically like having a team of FBI Special Agents in orange vests with batons giving hand signals at a busy intersection with a broken-down traffic light.

Privatize them, yes! Next step, break up the "private corporation" so that each airport and/or airline is managing its own traffic.

The whole idea of having a bunch of chain-smoking dudes sitting in front of radar terminals in constant panic mode getting stomach ulcers over green dots on the screen for ordinary peacetime commercial air traffic is absolutely ridiculous.

AnuraJune 5, 2017 11:12 AM

@call girl

Step 1) Privatize Critical Infrastructure
Step 2) Profit
Step 3) ???

ab praeceptisJune 5, 2017 12:11 PM

@JG4, Who?, Ergo Sum, Ministry of Truth (et al.)

To show you a really funny example of golden stickerism (fips, eal, nist, etc):

There exists a formal requirement hierarchy defining what is acceptable as proof (in formal verification), called PAL. Goes from 1 (lowest) to 3 (highest). Now, guess what PAL 1 is?

(Answer: "Kind of seems, you know, like, a reasonable assumption". Only PAL 3 really requires full formal proof. 2 is a compromise). So, if any of you is willing and capable to wipe your a** when using the bathroom or grabbing a knife at the blunt end you're good for a golden "PAL 1 - totally formally verified and proven!!1!" sticker.

I guess I can spare us an examination which PAL level is usually used as the basis for a golden "bulletproof secure and verified!!" sticker ...


@Ministry of Truth

Sorry, forgotten in 1st response.

Can you write a dom0 in Ada or Eiffel?

In Eiffel, I guess yes but neither am I 100% sure nor would I want to try (doesn't mean much. Eiffel is for *applications*).

In Ada -> Yes, absolutely.

call girlJune 5, 2017 7:37 PM

>>>A federal contractor was arrested over the weekend and accused of leaking a classified report containing "Top Secret level" information on Russian hacking efforts during the 2016 presidential election.

>>>Reality Leigh Winner, 25, appeared in U.S. District Court in Augusta, Ga., to face one charge of removing classified material from a government facility and mailing it to a news outlet, the Justice Department said Monday.<<<

Some cute blonde girl with an obviously fake name....

call girlJune 5, 2017 7:55 PM

@Anura

@call girl

Step 1) Privatize Critical Infrastructure
Step 2) Profit
Step 3) ???

Stop criticalizing the wide-open skies. It doesn't help fight terrorism or prevent accidents if you get stomach ulcers poring over an ancient green screen and rattling off instructions to pilots for every change in altitude or attitude within 500 miles of an airport. Snuff those cigarettes out and take a fresh air break.

Nick PJune 5, 2017 11:22 PM

@ ab praeceptis

" A closer look will reveal that all those concurrency problems are but a special case of memory (and, one might argue, temporal) safety."

It's funny you say that given it's exactly what three, software languages did: a linear variant of ML, Cyclone, and then Rust. While hardware people did expensive model-checking and provers, those two languages just used affine types on references to do the same thing to get temporal safety. Rust did it with no runtime cost or GC. Then, it built several models of concurrency on it for Rust.

So, it's amusing you dismissed Rust so easily then claimed that software people need to be doing what hardware people are doing when Rust software is already doing better. So were Ravenscar for Ada and SCOOP for Eiffel which was correct-by-construction for data races at least.

"As for microsofts low* I just sigh. Yet again they've ignored the law of readability. Functional concepts with gratuitously thrown in C notation might look cool and impressive but will have many developers ending up in non-acceptance or, if they are brave and try it,"

This is true. However, it's not targeted at normal developers: it's a formal verification tool. Normal developers don't use any of those except lightweight methods such as type systems and model checkers. On latter, SPIN, ASM's, Alloy, and TLA+ specifically with TLA+ in lead. Far as verifiable languages, it's actually simpler than the C-like languages that came before it such as C0 or Clay.

"ETH"

Interestingly, I noted Russians particularly like to use tools from ETH more than most groups. Component Pascal especially. I'm not sure why even though I know it's a good thing. So, when I think mutually-untrusting components, I count the ETH stuff like Component Pascal as representing Russian side too since they put confidence in it and it's FOSS. Obviously, things like Moscow ML, too, but I don't know many robust, imperative, and fast languages coming out of Russia so my high-level schemes work with what I know they like.

"Why? Because I can have almost all of that - and much simpler and more elegant - with sparked Ada, haha."

Much of it. However, SPARK doesn't support pointers which are necessary in some software and good for some optimizations. Even Rust's model breaks down into unsafe on some of the most optimized algorithms since affine types can't handle them. Low* will be able to handle some of that albeit with more manual work along the lines of separation logic. It would probably take a theorem prover for SPARK like the SPARK-HOL work that just got done. That would be immature whereas Microsoft's VCC gives them a lot of experience and existing tooling to work with to reduce effort. So, although I agree SPARK is great competitor to Low*, I give the edge to Microsoft on the cases SPARK can't handle because (per Yannick) they straight-up just didn't put any labor on adding that. Their future plans that they're actively funding also will add only the tiniest subset of that functionality.

tyrJune 5, 2017 11:42 PM


@call girl

If you really wanted aviation safety you ground
at least two thirds of the flights. that would
take the load off ATC folk and make things a lot
safer. As long as the corporate mindset crams
more and more airborne cattle cars into the air
no one will ever be safe. Most large airports
look more like a mosquito swarm than they look
like reasonable commercial transport. If you've
never been the one responsible in front of a
green screen, then you need to do your homework
on the subject. Aviation is the safest transport
ever invented in terms of distance/deaths and
it will stay that way if responsible folk (pilot
and ATControllers) are not overloaded by bean
counting idiots who have no skin in the game.

@Clive

I cannot say how sorry I feel for the UK under
its current leadership if the public statements
of May and Rudd are to be taken seriously.
We on the other hand have a loon who just said
Qatar and Saudi are both our wonderful friends.
It's enough to make a feller choke on the popcorn.

ab praeceptisJune 6, 2017 4:01 AM

Nick P

Careful there, memory and temporal safety are easily - and frequently - mixed up. This happens quite usually in the context of concurrency. As for rust, I have my reason to not smear them (they are earnest and try hard) but to neither trust them.

Memory is hard, seriously hard and you are btw wrong when you think Ada doesn't help a lot because Spark doesn't support pointers yet. Such impressions derive from a biased perspective; Keep in mind that Ada often simply doesn't need pointers, at least not from the developers perspective. And Ada isn't alone in that, so let us be clear about the problem which is not pointers but *user* pointers, i.e. the wanton bastard type.

As long as the compiler is in charge problems are easy to handle; compilers are quite good at housekeeping. The problem is pointers created, assigned, etc. by users. And *that* is where rust enters the game. What rust does isn't really new but, yes, it's smart and they have done their homework and conceived a smart mechanism.
However, again, not having to juggle with pointers in the first place is an even better approach.

Generally speaking I'd say come again once you can show me a proper and verified spec and model along with verifiability.

Btw, I'm *very* happy that (not only) hardware people did expensive model checkers and proving. After all, software concepts are nice but at the end of the day it's hardware that gives us the mechanisms for safety, particularly the temporal kind.

It's not that math couldn't come up with ways to ensure safety (in fact it does, albeit on the hw level). The ugly beast on the board is complexity. Now, seeing the level of complexity of modern hardware it's hard to distinguish it from pure random. One simply can't account for all possible combinations and hence one needs some proof in the pudding mechanism such as CAS which then offers some solid ground for proving. Id est, having e.g. CAS I can reasonably make temporal (incl. not at same time which is alpha and omega for memory safety in concurrency) propositions that are guaranteed to hold.

"Rust software is already doing better" - Pardon me but that's BS. For a start, if at all, rust does better in 1 single problem case only. Moreover, again: Show me formal material, specs, models, proof.
In my mind you are making a grave error there by ignoring what rust set out to achieve, namely to get rid of a few of C's gravest abscesses. I laud and congratulate them for attempting and, so it seems, achieving quite something in that regard. That said, however, I think that rust has still may, many miles to go.

Right now and here, let's be clear on that, I'd rather use C and separation logic than rust.

"it's a formal verification tool. Normal developers don't use any of those except lightweight methods" - So, what are we talking about? I'm not interested in more and more tools for the exotic corner. I'm interested in tools that are actually used in development at least by a majority of professional developers.

And btw, I don't agree with tla+ being a lightweight tools. OK, granted, I myself don't use it and won't, but still tla+ is a serious and useful tool and not at all lightweight; you can go quite a distance with it. That that's quite easy is, in fact (imo) extremely valuable and nice.


"ETH - Russia"

There are many things in the dark with respect to Russia. Example: Some decades ago IBM actually spent lots of millions and bought russian hardware technology and designs and then sued another corp. for using similar technology, haha.
We have been fed tons ans tons of nonsense about them backwards Russkies and their rusted, always 20 years behind the west systems ...

I think the decisive factor is that Russia had an excellent academia with a solid emphasis on math and proper thinking. *Of course* they just had to love Wirth who ticked just like them. In fact, if I'm not mixing up people, Wirth has been lecturing in Russia multiple times. He was one of the *very few* westerners who had actually something to offer and to learn for them. Some time ago Russia started what could be called an early computer literacy program and it's based on Oberon. there would be lots more to talk about (e.g. the extremely interesting mcts 8s processors) but I'll cut it here.

But Wirth, of course also had tremendous influence on IT at the ETH who were smart enough to not give up on that. Hence (just like me) ETH is on the (very) short list of european universities whose work to follow.

Btw. the Russians very early on treated software development with adequate respect. Unlike most in the west they understood perfectly well what Dijkstra preached. As a result, most russian pre grads would easily "kill" most us american ivy league profs before breakfast.

"low* - Spark" - No, they are not really competitors. low* is an interesting puzzle piece in a mechanism that produces verfied C code. It's interesting work but a) rather exotic and b) worthless (for me) as C, no matter how well massaged, isn't the solution but the problem. What I would respect, though, were if the created C were seen only as meta assembler (I don't know, however, whether that's the case but I guess not).

Bob PaddockJune 6, 2017 12:36 PM

@ab praeceptis

"I think the decisive factor is that Russia had an excellent academia with a solid emphasis on math and proper thinking."

Compares US vs Russian Math Education (Russia wins):

"Guest View: Why public school math fails" - Aleksey Nudelman
http://sdtimes.com/guest-view-why-public-school-math-fails/


The math books by Danica McKellar, such as "Kiss my Math", aimed at young ladies are worth a look if you are trying to teach your children math concepts.

http://www.kissmymath.com/

Her whole series of math books here:

http://www.mckellarmath.com/

There is also the Trachtenberg Speed System of Basic Mathematics.


"NIST Releases Successor to Venerable Handbook of Math Functions"
https://www.nist.gov/news-events/news/2010/05/nist-releases-successor-venerable-handbook-math-functions in 2010 leads to this 2017 update: http://dlmf.nist.gov/


ab praeceptisJune 6, 2017 1:00 PM

Bob Paddock

Thank you but from what I know Nudelmans view is still strongly biased and painting the us of a system way too positive. That's also the reason for me to politely thank you for mentioning some books of us-american origin while being utterly desinterested.

In case that serves as a solace to us-americans: I'd react quite similarly (albeit very mildly less negative) to uk, german, and most other school books of western origin.

Btw, the russian education system has also been watered down and "westernized" (read: destructed) for many years. It's only during the last year that president Putin has replaced a "liberal" by a renowned and competent lady as minister in charge of education. The Russians were lucky because 20 or 25 years are not enough to completely destroy a really good education system and a solid socket of well educated people.
As per today I'd chose (not even Moscows Lomonossov but, say) Omsk university over every us of a ivy league "university". Gladly my kids can stay in western europe as some few islands of good education have survived (e.g. french elite universities; quite good math level, too).

mostly harmfulJune 7, 2017 12:18 AM

Bill Binney's June 6, 2017 reddit AMA: https://www.reddit.com/r/IAmA/comments/6fnibv/hi_reddit_bill_binney_here_to_answer_your/#content

One exchange begins like this:

u/Fliepke:

Hi Bill,


As a private citizen I'm well aware of my "privacy" on the internet, but I'm not using vpn, pgp, etc because it seems like a hassle. So I have two simple, practical questions:


What is one thing I should stop doing today, to protect my privacy a little bit better? And of course, what should I start doing from today on?

u/IamBillBinney:

Use Tor if you can, change your passwords frequently, and invent your own encryption for your community of friends.

u/marshal_mellow:

I've always heard that you should never "roll your own crypto"


Would you say it's more effective than using a known encryption method?

u/IamBillBinney:

Yes, it IS more effective, because then there would be millions of different encryption systems not solvable by mass machine attack. It would take human interactions to solve, taking months and even years. Not practical. If you use public encryption, governments can solve one or two or very few in order to enable a machine attack on millions of users.

To the surprise of nobody, the exchange does not end there.

The excerpted thread in full: https://www.reddit.com/r/IAmA/comments/6fnibv/hi_reddit_bill_binney_here_to_answer_your/dijm2dk/#content

mostly harmfulJune 7, 2017 12:30 AM

PS: Not that anyone should care in the slightest what I think, but just to be clear: my chosen pseudonym is not an editorial comment on IamBillBinney's advice.

tyrJune 7, 2017 12:33 AM


@Rachel

Try this one if you liked Syriana.

https://www.youtube.com/watch?v=aAlaRdrcQcY

You might want to ask the Old Man of the
Mountain what happens if you do political
assassinaton on the wrong people. As a tool
it has to be used correctly and kept hidden
broadcasting your deeds in public is called
hubris. A sin the gods hate and will go out
of their way to punish.

A cynic might even call such things an
Intelligence test as a pun Clive might like.

RachelJune 7, 2017 1:16 AM

new podcast interview with Nick Szabo 'the quiet master of cryptocurrency'

"trusted third parties are security holes"


We cover a lot, including:

What is Bitcoin, what are cryptocurrencies, and what problem do they solve?
What is “social scalability?”
What is Ethereum and what makes it unique? Strengths and weaknesses?
How will smart contracts actually get adopted or go mainstream?
What are ICOs (Initial Coin Offerings)?
Blockchain governance — is there any existential risk?
“Wet” versus “dry” code
Pascal’s scams
Quantum thought
What fields will you be working on in the future?


http://tim.blog/2017/06/04/nick-szabo/

RachelJune 7, 2017 1:18 AM

PS if you don't listen to it, do have a read of the Selected Links from the episode - links to all the topics and books etc he refers to

IvoryttowerclasmJune 7, 2017 8:08 AM

Mostly harmful, thanks much for the easy-to-miss Binney reddit. It makes a point that gets intently ignored here: diversity makes mass surveillance harder to scale up. The synthetic consensus here is that privacy protection has to be done correctly, in some notional Manhattan Project of impregnable perfection. Wrong. Multitudinous imperfect projects are better, because each one consumes state resources. For the perfectionists here, Qubes vulnerabilities and Tor vulnerabilities and OpenBSD vulnerabilities and Mirage OS and Freenet and portspoof vulnerabilities are parallel systems: break any one and state surveillance wins. But from the point of view of an overreaching state, the vulnerabilities are serial. Civil society combines them and switches among them, and to repress it, the state has to tamper with them all and not get caught.

So here's a Barret Brown reddit.

https://www.reddit.com/r/IAmA/comments/6foom3/iama_barrett_brown_journalist_and_activist_who/

ab praeceptisJune 7, 2017 8:24 AM

mostly harmful

Besides question about the players (not every jar with a "Binney" label on it actually contains Binney ...) ...

"Roll your own crypto" - Pardon me but that's a grave lack of realism.

How would Joe and Jane who are hardly capable to understand that windows and cloud storage for their secrets isn't exactly the smartest thing to do, or, for that matter, "professionals" who hardly ever heard about math or crypto (beyond library calls), how would those people roll their own crypto?

Sure, Binney (or whoever wrote there) is right in saying that cia/fbi/nsa/ghcq/etc life is very considerably more comfortable being confronted with only a rather limited assortment of extremely widely used crypto (and than usually badly implemented). On the other hand all that personally rolled crypto must come from somewhere - and I don't see that somewhere, simple as that.

Also, one would be well advised that bad crypto is far worse than no crypto because it doesn't offer much in security but paints a big fat target on ones head.

IvoryttowerclasmJune 7, 2017 8:44 AM

Try my proprietary secret ROT-12 Piglatinator®. Provably more secure than NIST-approved cryptography with new and improved Dual_EC_DRBG!

ThothJune 7, 2017 1:43 PM

@ab praeceptis

Do an XOR and ROTL 13 of the magic keyword 'BillBinney' with a session symmetric secret and send them to e olde buddy and then all is safe and secure with an NSA approved secret key exchange ;) .

ab praeceptisJune 7, 2017 1:56 PM

Thoth

Sounds almost perfect - but I want a third party cloud server in between. For real 100% bulletproof sakkurity!
(Note: This construct meets pal 1 and eal 4. Maybe we should get a patent)

JG4June 7, 2017 5:07 PM


A couple of years ago, I may have linked a clever hack that used colored dots to prevent copying of documents. US paper money has certain patterns of dots and color printers are keyed to not copy documents with those patterns.

http://www.nakedcapitalism.com/2017/06/200pm-water-cooler-672017.html
...
Big Brother Is Watching You Watch

“Why printers add secret tracking dots” [BBC]. “Microdots have existed for many years. The Electronic Frontier Foundation (EFF) maintains a list of colour printers known to use them…. Based on their positions when plotted against a grid, they denote specific hours, minutes, dates and numbers. … There is a long-running debate over whether it is ethical for printers to be attaching this information to documents without users knowing. In fact, there has even been a suggestion that it is a violation of human rights and one MIT project has tracked more than 45,000 complaints to printer companies about the technology.” Oddly, or not, the article doesn’t explain “why.” At least I read it twice, and couldn’t find the answer.

http://www.bbc.com/future/story/20170607-why-printers-add-secret-tracking-dots
https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots
https://www.eff.org/deeplinks/2008/02/eu-printer-tracking-dots-may-violate-human-rights
http://seeingyellow.com/

...

News of the Wired

“Specially-designed malware installed on a router or a switch can take control over the device’s LEDs and use them to transmit data in a binary format to a nearby attacker, who can capture it using simple video recording equipment” [Bleeping Computer].

https://www.bleepingcomputer.com/news/security/malware-uses-router-leds-to-steal-data-from-secure-networks/

“Blockchains are the new Linux, not the new internet” [TechCrunch]. “Decentralized blockchain solutions are vastly more democratic, and more technically compelling, than the hermetically sealed, walled-garden, Stack-ruled internet of today. Similarly, open-source Linux was vastly more democratic, and more technically compelling, than the Microsoft and Apple OSes that ruled computing at the time. But nobody used it except a tiny coterie of hackers. It was too clunky; too complicated; too counterintuitive; required jumping through too many hoops — and Linux’s dirty secret was that the mainstream solutions were, in fact, actually fine, for most people. Sound familiar?”

https://techcrunch.com/2017/05/28/double-double-cryptocoin-bubble

“I’m Irish and I spent a year traveling the US — here are the 17 things that surprised me about day to day life” [Insider]. “3. Smiles mean NOTHING…. When I meet Americans abroad, one of their biggest complaints are along the lines of ‘nobody smiles on Prague’s trams!’ ‘That waitress was so rude to me! She didn’t even smile!’ America – I have the opposite complaint for you. You guys smile way too much.” This guy needs to come to Maine (except for the coast in the tourist season…).

http://www.thisisinsider.com/17-cultural-clashes-this-european-had-in-america-2017-6

Ministry of TruthJune 7, 2017 5:56 PM

@ab praeceptis June 5, 2017 1:39 AM
Of course there are pleasant exceptions, e.g. Minix which I myself talked about occasionally and in a quite positive way. But before we can repair a situation we must properly assess it and fact is that the whole field is rotten grosso modo."
Is it actually more rotten than the commercial alternative? That said I agree that it's broken, but what is your suggestion to fix it? Besides convincing people to care about security?

Ad "you can repair foss software yourself" - Oh really, is that really so? I don't think so; I think that that's nice sounding blabla like so much with foss. IF that were true then why don't we just repair, say OpenSSL or linux?
I didn't say it was always easy for someone to fix FOSS software themselves.
I said that it's at least legal to, and doesn't require working in assembly with all of the comments and names stripped out like Windows and other commercial software.
It's also a lot easier to share your fixes, by means of pull request, where as to share a fix for Windows you'd have to be a full time Microsoft employee.
Some fixes are very easy to make, some are even provided with the vulnerability report, allowing everyone to apply them on day zero instead of waiting for patch Tuesday.

Maybe because we can't? Maybe because C is ambivalent and hence unverifiable, because fuzzing and all those other funny techniques don't really cut it, and, very importantly to repair something one needed a proper specification of what "working properly" as opposed to being a clusterf*ck means? Usually even that doesn't exist. So all them funny test are run against what reference?
FOSS developers might not have a monetary incentive to follow good coding practices (such as making the specification before writing the code), but they have other incentives. If they code for fame, they'll get more fame. If they code for philanthropy, they'll do more good. If they code for practice, they'll be practicing better habits. There's no need for something to be closed source to prototype it or to write tests before writing implementation.

"unit, integration and whatnot tests" - Well intended but worthless blabbering. See above. And keep Dijkstra in mind: Testing can prove the presence of bugs but not their absence.
I didn't say that those tests resulted in 100% perfection. I was simply responding to your assertion that all FOSS QA is limited to fuzzing.

Just like the 1000 eyes blabbering. Sounds nice and oh so convincing but it consistently fails. For heartbleed, for instance, not even the promised 4 eyes (connected to working brains) were available.
I didn't mean that having access to the source makes it guaranteed that you'll find bugs, only that it makes it easier than not having the source.

Do I *like* microsoft? Certainly not; hate them since decades. But, you see, this is no sympathy competition. Fact is that evil microsoft has sunk millions upon millions into research and if tomorrows programmers write more reliable software then it will to a major degree be due to microsoft sinking millions into research and development of better tools.
If in a dire situation like ours I have to choose between evil Microsoft having seen the problem and actually delivering vs. "fun! fun! and freedom as in speech!" shouting sectarians with an utterly bad track record I'll choose Microsoft. Trust me, I'm the last guy on this planet who likes microsoft, let alone to laud them, but we'll never achieve safety and security if we can not even recognize reality and prefer to cling to some sectarian creed.

Never once have I said that the problem with closed source is that some kind of moral "evil", nor have I said that the primary advantage of FOSS is that it's "fun". If anything, Windows is more useful for playing video games, whereas Linux is more useful for practical things such as running servers and doing IT work. FOSS developers work too you know. There are countless ways for FOSS devs to make money, such as donations, support, bounties, and grants.

You see, there is a major difference between a, say electrical engineer helping on in his won free will with some, say, school or town project vs. accusing all electrical engineers as somehow evil, if they charge a fee for their services.
What do you think you get with that foss model? Let me tell you: More often than not you'll get losers and lousy amateurs because the good professionals want and need to and can earn a living with their profession.

I don't think it's evil for FOSS developers to get paid for their work. I think it's good.

Which leads me to my final point: microsoft (and a few other companies) actually pay professionals for cleaning up and repairing what they messed up. foss ... oh well...
Microsoft pays professionals to backdoor their products. FOSS companies could do the same but it would be more difficult to hide it and easier to find out who did it.

@ab praeceptis
microsoft is spending lots of money and working really hard - and in a credible way.
This doesn't require the source to be closed.

@Thoth
One example is safer OSes where most people typically place their trust that Linux to them are better choices than Windows because of the FOSS Linux label but the fact ia the mentality is important.
I don't think that open source is better for having a label. I think it's better because it's easier to audit it, and to attribute things. It's also easier to avoid vendor lockin. It implies that the API is public, which makes interoperability much easier and doesn't require clean room reverse engineering to legally interoperate with it. With closed source when you find a backdoor the company can just say "no no that's a maintenance feature, it's by design. it's so we can remotely help you with tech issues, and it makes you safer since law enforcers can use it".

So far, Linux has been very bad in terms of safety and security mentality
I think that the mentality of uploading all your passwords to the cloud and auto-sharing them with everyone you friend is worse mentality than FOSS has.
I think that not allowing people to disable metrics and analytics is worse than FOSS. If a FOSS project tried to pull that someone would just fork it.

people are just contented with Linux sprinkled with some pixie dust to harden Linux
No they aren't. It would be far more fitting to say that almost everyone is contented to settle for mystery meat BLOBs sprinkled with backdoors as long as it gives them 10% better FPS in CoD69 than WINE does.

For Linux to be truely security and safety centric, the mindset of Linus Torvalds of treating security and safety as typical second class has to change as he is the one with the power to change Linux and it's communities and even FOSS.
If Linus insisted on practices as bad as Microsoft, Linux would be forked and ISOs with the backdoors removed would be published in hours if not minutes.

I doubt his attitudes would change any time soon and thus Linux et. al. would continue to not make the cut as a saferand more secure OS.
That might be true with Microsoft, but with Linux you aren't forced to do anything. If a leader in a FOSS community insists on such things, the project gets forked.

@ab praeceptis
I get your point but linux can not possibly be made secure. For one the linux bloat bubble consists of millions and millions of loc.
Isn't it the same with Windows and OSX? Oh wait you can't even find out because they're closed source.

Moreover, safety, reliability, and security have to be designed from the start. All attempts to somehow turn crap into something sound are bound to fail.
What do you think is sprinkled on the vegetables that you eat or that the lifestock you eat eats? Following your logic everyone is made of crap.
The unsoundness of such analogies aside, wouldn't you agree that FOSS products are far easier to decrappify than mystery meat BLOBs?

Generally speaking, though, foss has rotten the whole field. One very regrettable symptom is the wide spread expectation that not only must software free (beer) but, in fact, foss software is better than commercial software - which, of course is utter bullsh*t.
No, avarice and authoritarianism have rotten the whole field.
Closed source implies that the only purpose is gaining money and power.
FOSS by it's very definition can't exist for any reason but to help people.
If you want to further the police state, you write closed source, since it's harder to hide backdoors in public view.
FOSS allows anyone to decide a project is doing bad things and to fork it. Good luck trying that with Windows.
Also, if FOSS was so bad why would so many commercial entities use FOSS? What do you think WebKit evolved from? What do you think OSX Darwin evolved from? What do you think Linksys and Cisco base their routers on?

@JG4
It will be abundantly clear that the regulatory framework is light-years behind the needs of the day. Given a fixed regulatory/legislative lag time, combined with accelerating technology development/adoption, and the mismatch can only get worse over time.
Another reason to prefer FOSS. Closed source companies only protect their customers as much as they are legally required to, unless there is a situation bad enough that even the masses (who care very little about security) start boycotting Windows, Microsoft will never shape up.
Security in FOSS is done for the point of security.

@line noise
Don't do the crime if you're not willing or able to do the time.
I don't know what loopback wrote here(it never existed or was deleted), but I know that CEOs and government officials rarely are held accountable for sabotage(BULLRUN), espionage(Optic Nerve) or perjury(lying to parliament/congress/etc).

@ab praeceptis
Roll your own crypto" - Pardon me but that's a grave lack of realism.
How would Joe and Jane who are hardly capable to understand that windows and cloud storage for their secrets isn't exactly the smartest thing to do, or, for that matter, "professionals" who hardly ever heard about math or crypto (beyond library calls), how would those people roll their own crypto?
Just because there is diversity in the FOSS ecosystem doesn't mean that there is one distro per person. You don't have to make your own OS or your own crypto library to benefit from there being many of them. It's harder to hack them all when there are more of them and when they are under public scrutiny.

Also, one would be well advised that bad crypto is far worse than no crypto because it doesn't offer much in security but paints a big fat target on ones head.
Just reading LinuxJournal or witnessing crimes committed by those in power(sorry, can't find the leak. It's probably in the Snowden archives somewhere but who knows) is enough to paint a big fat target on your head. Better to have seatbelts limited to 200lb people than no seatbelts at all.
The shear amount of defeatism and pessimism is far more dangerous than taking at least some decent steps to be safe. Should cars have no locks on the doors or the ignition just because it's possible for criminals to subvert these security measures?

ab praeceptisJune 7, 2017 6:47 PM

Ministry of Truth

"Is it actually more rotten than the commercial alternative?" - It might be entertaining but it's of little value to again and again judge foss by comparing it to commercial software. The often implied frame of either foss or commercial doesn't make sense. The true alternative is to make *better* foss (and commercial).

"to repair foss is easier" - So what? That's theory, i.a. because repairing something implies a problem in the first place. How about building software that doesn't need to be repaired.

"FOSS developers might not have a monetary incentive to follow good coding practices (such as making the specification before writing the code), but they have other incentives." - I suggest you read that sentence of yours again and think.

I'm not set against their incentive. I *value* if someone acts driven by non-monetary incentive. That said, in the end it's the result we're interested in, no? I mean it's not like nsa/cia/fbi would say "let's not abuse those attack surfaces because they've been created with non-monetary incentives!"

"I was simply responding to your assertion that all FOSS QA is limited to fuzzing." - I didn't say that. I just used fuzzing as one example of *post* faktum approaches. See above. How about creating software right in the first place?

"I didn't mean that having access to the source makes it guaranteed that you'll find bugs, only that it makes it easier than not having the source." - Don't you get it?
Yes, it's easier; you are right with that, BUT: How about building software properly so as to not need finding bugs?

"nor have I said that the primary advantage of FOSS is that it's "fun"." - Misunderstanding. My point was the mindset and "fun!" is a very important part of the foss mindset. That statement is supported by blabbering about "fun" is one of their favourites.

Let me but it brutally clear: Millions of victims - because that's what most software users are, victims - have to suffer pain, have to pay with utter loss of privacy and safety for the "fun" of those immature foss idiots (I'd like to mention that there are positive exceptions. OpenBSD comes to mind).

"I don't think it's evil for FOSS developers to get paid for their work. I think it's good." - Depends. All them large corps (plus some agencies) playing nice guy and paying (while de facto taking over foss projects) has been part of the mechanism that brought us to where we are.

"Microsoft pays professionals to backdoor their products." - Yes, probably, but that's not the point (in this context). microsoft spent millions and millions for safety related research, much of which is kind-of-open. Moreover they pay hundreds (thousands?) of sw engineers to repair their stuff.

My point isn't "commercial software is great!" neither is it "I'm against foss de principe". My point is that software should be of reasonably good quality, no metter whether commercial or foss. A related point that you seem to completely ignore is that foss is the worst contributor to ruining and poisoning the whole industry and creating the impression that a "talented" teen can pretty much do the same a mature sw engineer can do.

I want responsibility - for both. If a company sells crap they should be legally required to bleed/pay for all damage if the problem arose out of bad engineering. Same for foss.
Now, many will say that that would kill 90+% of all foss and my response is "Yes, probably - and that would be *great* because the few grown up engineers in foss would continue while all the losers would turn to another and less harmful hobby. Why would the grown engineers continue? Because they had no reason to be afraid as they work properly anyway.
And maybe some 10% or 20% of the foss amateurs would finally learn how to properly design and implement software.
At the same time the management of microsoft and colleagues would be shaken by fear and would very, very quickly realize that spending a billion or so on getting their act together is so much cheaper than paying tens of billions in compensations.

Philly BlustererererJune 7, 2017 7:04 PM

@ministry of truth,

Au contraire, politicians fall under the 'able' categorically. May I find your support here in?

Substitution cipher says mov ariana grande loyalty, support.

I wear chaps.

nameJune 7, 2017 9:55 PM

ab praeceptis says IF that was true I wouldn't be surprised at all. I personally consider tor as tainted since quite some time.

tor is not the best yes. search up freenet and gnunet and i2p for more secure

Nick PJune 7, 2017 10:00 PM

@ ab praeceptis

"you are btw wrong when you think Ada doesn't help a lot because Spark doesn't support pointers yet. Such impressions derive from a biased perspective; "

Like hell. It's Ada developers that told me. A lot of them far as a low-use language come. Two significant ones were one that worked on the proprietary compiler in college and Yannick who does SPARK. I mean, why wouldn't they know whether it could do temporal safety without a GC? This is a basic, language feature where people almost always know the answer to regardless of language. Your implication is most Ada developers are idiots about the basic features of their language.

So far, Ada doesn't have any evidence of temporal safety without a garbage collector. Also, I asked if it has a low-latency, concurrent, FOSS GC like Go does which would work in tons of situations. I haven't heard one but I do keep asking. So, they don't have temporal safety. Also, with temporal safety, the concurrency safety can be done with two keywords on code that's not super-limited. The explanation is a few pages. Ravenscar has a pile of restrictions with the last copy I had being 40+ pages. A world of difference.

"Pardon me but that's BS. For a start, if at all, rust does better in 1 single problem case only. Moreover, again: Show me formal material, specs, models, proof."

You say you do formal verification but don't know about Girard's work or affine types that extend them? It's decades old and quite influential. There's a bunch of proof out there of what they do. Far as Rust, its safe core has already been formally verified to be so. Academics are now working on more interesting stuff with it.

" I'd rather use C and separation logic than rust."

There's advantages. The primary two are tooling and talent: there are piles of great instances of both for medium-to-high assunce software. At least on C with sepration logic one tool among many. Rust has little to no tooling outside its language-related benefits. So, I still tell people I recommend C, SPARK, or (if unavoidable) a safety-critical Java. Especially for C and Java, there's just tons of tools that can catch every problem under the sun.

"Some time ago Russia started what could be called an early computer literacy program and it's based on Oberon. "

Do you have a reference to that? It could be the single, biggest reason for Oberon-like tech having popularity.

"low* is an interesting puzzle piece in a mechanism that produces verfied C code."

Fair enough. I at least get why you'd say that. Happens with a lot of verification tools that exist in the middle of others.

"I mean it's not like nsa/cia/fbi would say "let's not abuse those attack surfaces because they've been created with non-monetary incentives!"

Funny shit lol.

Ministry of TruthJune 8, 2017 1:46 AM

@ab praeceptis
"Is it actually more rotten than the commercial alternative?" - It might be entertaining but it's of little value to again and again judge foss by comparing it to commercial software. The often implied frame of either foss or commercial doesn't make sense. The true alternative is to make *better* foss (and commercial).
I'm sorry, I mistook you for another poster. I thought that you were the one saying that FOSS poisoned the software industry and that only non-FOSS (commercial) software should exist.

"to repair foss is easier" - So what? That's theory, i.a. because repairing something implies a problem in the first place. How about building software that doesn't need to be repaired.
If you really believe that making a new operating system (or browser, or whatever) from scratch, perfect the first time, is easier than making incremental improvements to existing ones, I guess we'll just have to agree to disagree.

"FOSS developers might not have a monetary incentive to follow good coding practices (such as making the specification before writing the code), but they have other incentives." - I suggest you read that sentence of yours again and think.
That sentence was in response to -- what I perceived to be -- an argument that FOSS fails because only commercial developers get paid and that therefor FOSS developers don't take their work seriously.

I'm not set against their incentive. I *value* if someone acts driven by non-monetary incentive. That said, in the end it's the result we're interested in, no? I mean it's not like nsa/cia/fbi would say "let's not abuse those attack surfaces because they've been created with non-monetary incentives!"
I really mis-represented myself, sorry. I didn't mean that FOSS was better because it had incentives besides money. I meant that it was better in spite of money not being the main incentive.

"I was simply responding to your assertion that all FOSS QA is limited to fuzzing." - I didn't say that. I just used fuzzing as one example of *post* faktum approaches. See above. How about creating software right in the first place?
Nobody has ever been able to do that for anything non-trivial.
It would be awesome to, but it's easier said than done. You're right about this being the same for FOSS and non-FOSS. No free or commercial software of any real size was written perfectly from the beginning.

"I didn't mean that having access to the source makes it guaranteed that you'll find bugs, only that it makes it easier than not having the source." - Don't you get it?
Yes, it's easier; you are right with that, BUT: How about building software properly so as to not need finding bugs?

Again, much easier said than done. Perfection being out, we seem to agree that FOSS is the best-bet.

"nor have I said that the primary advantage of FOSS is that it's "fun"." - Misunderstanding. My point was the mindset and "fun!" is a very important part of the foss mindset. That statement is supported by blabbering about "fun" is one of their favourites.
There probably has been somebody, somewhere, that said that using FOSS is fun. But there are probably people who have said that Windows is fun, too. Or even that OpenBSD is fun. I'm not sure what the relevance of this is. Are you saying that FOSS is less suited to real-world tasks because somebody called it fun? Or that it's less secure because of that?

Let me but it brutally clear: Millions of victims - because that's what most software users are, victims - have to suffer pain, have to pay with utter loss of privacy and safety for the "fun" of those immature foss idiots (I'd like to mention that there are positive exceptions. OpenBSD comes to mind).
I'm sure there are FOSS developers and FOSS users who are idiots, but don't you agree that there are Windows and OpenBSD users and developers that are also idiots? Of course, OpenBSD is FOSS, so I guess you're calling the OpenBSD developers idiots?

"I don't think it's evil for FOSS developers to get paid for their work. I think it's good." - Depends. All them large corps (plus some agencies) playing nice guy and paying (while de facto taking over foss projects) has been part of the mechanism that brought us to where we are.
Are you referring to events such as Mr. Shuttlesworth funding Ubuntu and then having it send search queries to Canonical servers? I know that FOSS companies have done bad things, but other companies usually are worse. Windows sends your passwords to Microsoft servers, and to everyone you friend on Facebook, for example.

"Microsoft pays professionals to backdoor their products." - Yes, probably, but that's not the point (in this context). microsoft spent millions and millions for safety related research, much of which is kind-of-open. Moreover they pay hundreds (thousands?) of sw engineers to repair their stuff.
FOSS developers are paid to repair things also, through bug bounties and in other ways. They are also incentivized in non-monetary ways. My point is simply that FOSS doesn't exclude having developers to research and fix security issues.

My point isn't "commercial software is great!" neither is it "I'm against foss de principe". My point is that software should be of reasonably good quality, no metter whether commercial or foss. A related point that you seem to completely ignore is that foss is the worst contributor to ruining and poisoning the whole industry and creating the impression that a "talented" teen can pretty much do the same a mature sw engineer can do.
I'm not so much ignoring it as politely disagreeing. For the reasons above, I simply don't believe that FOSS is responsible for most of the bad things in the whole industry. I agree with you that older people have had the opportunity, due to being alive longer, to have written code longer and therefor be more experienced than younger people. I don't believe that FOSS companies have a preference for younger members than commercial companies, however.

I want responsibility - for both. If a company sells crap they should be legally required to bleed/pay for all damage if the problem arose out of bad engineering. Same for foss.
Now, many will say that that would kill 90+% of all foss and my response is "Yes, probably - and that would be *great* because the few grown up engineers in foss would continue while all the losers would turn to another and less harmful hobby. Why would the grown engineers continue? Because they had no reason to be afraid as they work properly anyway.
And maybe some 10% or 20% of the foss amateurs would finally learn how to properly design and implement software.
At the same time the management of microsoft and colleagues would be shaken by fear and would very, very quickly realize that spending a billion or so on getting their act together is so much cheaper than paying tens of billions in compensations.

Agreed. I believe that making it illegal to remove liability would kill most FOSS projects, in a way that would get rid of a lot of bad FOSS software. I believe that it would do the same to commercial software.

Dirk PraetJune 8, 2017 4:23 AM

@ ab praeceptis, @ Ministry of Truth, @ Thoth

Let me but it brutally clear: Millions of victims - because that's what most software users are, victims - have to suffer pain, have to pay with utter loss of privacy and safety for the "fun" of those immature foss idiots

There are with absolute certainty more victims out there suffering loss of safety and privacy at the hand of COTS operating systems designed to do just that than there are folks suffering the same because of poorly written FOSS code.

I get your point but linux can not possibly be made secure.

Neither can Windows, MacOS, OpenBSD or anything else with a monolithic kernel. The only thing you can do is mitigate as much as possible. Which is what Theo & co. have been zealously doing for years. So yes, Linux would benefit from a similar attitude by Torvalds. Arguably, this would imply a major overhaul and a rewrite from scratch of major parts of the OS. But which is not impossible.

I'd just like to add one more element to the FOSS v. Commercial debate: is anyone aware of even one commercial general purpose OS you can run on older hardware? Just speaking for myself, but I've got latest release versions of OpenBSD and Linux running comfortably on 15+ year old hardware with single core processors and 256Mb. of RAM only. With lightweight display managers like XFCE and Openbox/LXDE. Admittedly, Firefox and Libre Office are no-no's, but they can be replaced by less resource intensive alternatives. I've also got a couple of dedicated purpose machines with X-less Linux and NetBSD on even older hardware with 64Mb. of RAM and less.

JacobJune 8, 2017 4:55 AM

Today in The Guardian:

"Amid increased concern over the BBC’s vulnerability to hacking, cybersecurity has been strengthened around the corporation’s general election programming, while measures such as sniffer dogs have also been brought in across the corporation."

Is there a research paper showing the efficacy of using sniffer dogs to thwart cyber attacks?

Vichy Fields SlumlordsJune 8, 2017 4:57 AM

@Nick P


Interestingly, I noted Russians particularly like to use tools from ETH more than most groups. Component Pascal especially.

Easy one. Turbo Pascal and Delphi used to be really popular 'round there. Still a fair share of people who remain fond of Pascal and derived PLs (despite those not being used much).

Dirk PraetJune 8, 2017 5:26 AM

@ Jacob

Is there a research paper showing the efficacy of using sniffer dogs to thwart cyber attacks?

I imagine they will used to smell out the steer manure brought in by a Mexican army of expensive cyber consultants and their snake oil products.

ab praeceptisJune 8, 2017 8:17 AM

Nick P

You need to understand one point to properly judge: For Ada programmers wanton pointers are *by far* less important than for the C family. For one, pointers are almost always by far better defined than in C; In C it is, for instance, a common idiom to just wanton cast. Many std. lib. items even expressly return 'void *', so a call like 'myvar = (int *) malloc(size);' not only is common but even standard practice. In Ada, a pointer points to a properly defined variable, so the compiler knows a lot more.
Moreover the need for pointers is much, much lower as one can pass pretty much everything as an argument. Arrays, structures (records), you name it, no need for pointers.

Of course, Ada can't do miracles and ignore e.g. context given by hardware, and so it often passes those entities as pointers internally but that is of little concern as it's done correctly and as the compiler knows at any point in time with what it deals (e.g. with a pointer to an array of exactly n elements of a well known type, say unsigned integers with values between 0 and 32).

So, you are in way right and in a way wrong. You are right in stating that pointers can create trouble anyway and you are wrong in that Ada knows much more about the entities it deals with and because pointers are relatively rarely used in Ada (compared to the C family) and because the really dangerous pointer types (the wanton ones) are between very rare and absent in Ada code.

As for GC, again: GC is not mandated and, in fact, most common compilers/runtimes don't include one. One important reason is that Ada deals differently with memory, namely, it deletes anything that leaves scope, which is an elegant and very effective mechanism that takes care of many cases. Just think of it as similar in concept to C local variables.

There are, of course, allocation and pointers of the wanton type, too, and that's when one enters the danger zone. Those are frowned upon in Ada for a good reason and Ada developers go to some length to avoid them.

So, in summary, the kind of problem you are focused on, is rather rare in Ada while in the C family it's very common and "normal". So what Yannick told you is that, yes, the Ada people are looking for even better solutions for that relatively exotic (in Ada) problem field and that rusts approach is one among others under consideration and examination.

In a way you may compare that to country A being utterly snake infested while in country B snakes do exist but only in quite remote regions. True, both must take care of the problem but for A it's vital while for B it's rather low priority (especially as in A the snakes tend to be very venomous while in B they are rarely very venomous).

As for Girard, of course I know about structural type systems. It is, however, quite irrelevant in this context as Ada *does have* temporal safety since many years. It uses another approach but then it also is in a rather different position. For the C family, however, affine types are indeed in the group of approaches that make sense. One reason for me to like that approach is that it matches well the follow up SSA approach used i.a. in clang but also quite some solver backends.
That said kindly note that affines types are *not* proof; quite the contrary, they create a need for proof namely the proof that what Rust is doing does indeed meet the specification of affine typing. You assert that i.a. that proof has been done for rust. That's good to hear; can you provide a link (to other formal spec and verif as well)?

As for the bigger picture, I stand with what I said. Rust is but "C with one ugly problem solved". Granted, that's a really grave prove they solved there (I assume trusting in your reports) but the difference between Ada and C family go *far beyond* that problem class.
My personal view is that I simply ignore rust. I use Ada and am done. For the increasingly rare cases where I need C I use C,d add heavy guarding to it and verify it. In other words: I know the C universe well but I have left it for good and hence have no need for a "better C".

"Russia - Oberon" - Sorry, Nick, but I didn't save the link. It was on a russian web site which I reached through another russian web site about Oberon or Object Pascal. When I find a little time, I'll try to find it again for you. I remember, though, that there was official governmental support for it, that there were centers in multiple (or even many?) russian cities and schools and that a couple of IT and math teachers gave very positive testimony.

Don't Forget the Popcorn; and follow the moneyJune 8, 2017 8:30 AM

Jim Comey to testify at 10 am est for 3 hours. Available on cbs, nbc, abc and no doubt elsewhere.

ps.
I hope the election in the United Kingdom today goes well for its' citizens and the world in general. Since Brexit and the Trump election we probably shouldn't underestimate how big money can control politics.

https://www.theguardian.com/technology/2017/may/14/robert-mercer-cambridge-analytica-leave-eu-referendum-brexit-campaigns
http://www.newyorker.com/magazine/2017/03/27/the-reclusive-hedge-fund-tycoon-behind-the-trump-presidency

ab praeceptisJune 8, 2017 8:54 AM

@Ministry of Truth

I think I'll end that non-discussion with you because it seems to me that you are just blindly evangelizing pro foss.

The funny thing is that I actually *did* give away software for free, even way before the term [f]oss was widely used. So, I'm certainly not again [f]oss (and have, indeed, quite probably given away more code than you for that matter. Experience tells me that evangelists love to talk but rarely produce code ...).

One reason for me to end the discussion is that you stubbornly paint commercial providers as somehow evil and foss as the good guys and that you strongly tend to argue along the line of foss sh*t at least being free.

You may evangelize all day long but the facts speak for themselves and quite clearly, too. Some of the worst and most wide spread insecurity abcesses are open source, in part sponsored or even produced by companies btw.

In the end it's simple: I'm interested in safe software and in a more safe world where the spooks can't simply trample on our constitutions. If such an OS happened to be commercialized I wouldn't have a problem with that just like I have no problem with paying doctors or architects or car makers for good work.
You, however, seem to be engaged in a private evangelic war. No matter how many dead bodies your beloved foss creates, you'll just continue preaching.


@Dirk Praet

"There are with absolute certainty more victims out there suffering loss of safety and privacy at the hand of COTS operating systems" - Don't confuse me with the truth ministery.
I don't care whether cots or foss. If I seem to be hammering foss then for the simple reason that they don't do better than cots. Don't we all know the horror stories of developers in companies who would love to do better but can't because management drives them to implement yet more crap? Well, one should assume that foss projects are not suffering from those managers, yet they produce crap, too, albeit for different reasons.

"anything ... with a monolithic kernel" - Yes and no. I guess the correct statement would be that OSs with monolithic kernels are much harder to get right. It can be done, theoretically, but from what I can see we should first concentrate on micro kernels as it's much easier to get them right.

But NO, linux (and even OpenBSD) is beyond repair. In the case of OpenBSD it's not even their fault but based in the very task description, namely to build a safe Posix OS.

The problem quite some seem not to get is the mindset problem, both in design and conception. That statement is btw not even meaning to smear Unix/Posix. At the time Unix was designed the world was quite different. It seemed reasonable then, for instance, to assume that computers would pretty much exclusively be used in companies, gov. agencies, and universities and the idea that someone would malevolently abuse them seemed absurd (which is funny considering how deeply the military was involved; but that's another story.
In summary we can't blame the unix designers for being utterly unprepared for problems they could hardly imagine.

That's also a major reason why I think "repairing" or bringing up to par ancient OSs is an unreasonable approach. In a world where computers *are* abused and malevolently exploited and where some countries even openly plan to fight cyber wars, OSs must be conceived and designed quite differently from the start.

As for your last point: Yes that's true. The reason is simple: companies, of course, need to keep the wheel spinning and hence to eternally create new versions; to sell them, not anymore supporting old versions seems just logic in the utterly rotten ultra-capitalistic model.
A secondary reason is bloat and featuritis which usually requires ever increasing hardware resources.

Funny side remark: I use a commercial office product called softmaker office and it *does* run on quite old hardware (and both on linux and windows (and I think on mac)). The complete suite (text, spreadsheet, presentation) is a little less than 350 MB and the programs are quite fast and fast starting, too. And it's about as ms office compatible as it gets. Nice little product, cheap too (about 70$ for 3 systems iirc ) and a nice slap in microsofts plundering scheme, hehe.

ThothJune 8, 2017 11:53 AM

@Nick P
Re: Karsten Nohl paper

Thanks. The essence of the paper is probably about bad practices for using weak algorithm (DES cipher for crypto and MAC) and other smart card programming bad practices. I use 128 bit and above keys for HMAC-SHA_256 and I use my own secure channel protocol with possibe ability to use certificate/pubkey pinning or symmetric keyed session establishment to circumvent problems with forged SIM card commands.

To prevent unauthorized installation of applets onto smartcards, the ISD key (2DES keyed session) is required for most cards but the newer ones will support the AES-128 based SCP03 protocol to provide a secure session to assert identity before installing appl8ets to card.

Regarding PIN and PUK login to card, depending on complexity and cost and othet constraints, I would typically allow the choice of plain comparison of card PIN/PUK to more secure schemes of secret derivations and attestion on the fly.

In fact, most of what the paper have mentioned is known and I have put layers in my applets that aready can handle most of them other than a buggy Card VM or hardware bugs.

Also, the secure channel protocol I built sends and received on fixed packet length regardless of packet size and Command Header encryption thus avoid most of what Karsten Kohl have brought up.

Those are issues we see on generally how most crypto security fail and then the same failures are repeated on phones. The reason is people just dont learn and is a human issue for most of the case.

Rin Tin TinJune 8, 2017 12:15 PM

@Ivoryttowerclasm

This is an excellent point and one I have made on this blog in the past. The problem with this point is that it is difficult to get end-users to think in this type of big picture way. Users tend to see their security as an individualistic problem rather than a cultural problem. They think of the costs and benefits to themselves and not the cost and benefits to the system as a whole. And, for the record, they are not wrong to think like that because there are real costs to security diversity. Fragmented OS might mean that security attacks don't scale but it also means that it more difficult to get help, the documentation when it exists at all is lower quality, and so on. It is a tough problem. One is effectively asking the end users to bear costs "for the greater good," a greater good that in security terms is amorphous and hard to see.

Nick PJune 8, 2017 11:53 PM

@ Thoth

Good to know you're on top of the known attacks. Even so...

"Those are issues we see on generally how most crypto security fail and then the same failures are repeated on phones. The reason is people just dont learn and is a human issue for most of the case."

...I figured it might make good marketing material for you if you were. Reason being it illustrates what mass-market competition is doing vs your offering in simple claims, charts, and so on. You might find some of it useful.

JG4June 9, 2017 7:04 AM


http://www.nakedcapitalism.com/2017/06/links-6917.html
...
Big Brother is Watching You Watch

Facebook wants to spy on people through their smartphone camera and analyse the emotions on their face The Sun (Chuck L). Another reason not to have smartphone.

...

Black Injustice Tipping Point

In Trump’s America, Black Lives Matter activists grow wary of their smartphones Washington Post


Ministry of TruthJune 15, 2017 8:32 AM

@ab praeceptis
All I did was explain why most of your assertions were incorrect.
Most of your posts were nothing more than straw man arguments, such as accusing anyone who supports of open source of having no logical reason for their stance and only caring about how "fun" FOSS is or how "evil" Microsoft is, and having retarded grammar.
I'm sorry that factually countering your ad hominem attacks offended you.
Since you didn't respond to any of my points and instead just started calling me names, there isn't really much more to discuss.
I explained how every single bad character attribute that you assumed to apply to me was entire off base, I logically refuted all of your pro-COTS and anti-FOSS arguments, and all you do now is call me names. I guess the discussion really is over then. I'm sorry for wasting time trying to have a rational discussion when all you want to do is insult anyone who points out any of the advantages of FOSS or disadvantages of COTS.

ab praeceptisJune 15, 2017 9:32 AM

Ministry of Truth

As I, who actually wrote and shared open source code already decades ago and before the term, let alone the sectarian movement existed, clearly told you June 8, 2017 8:54 AM, you have disqualified yourself from having any further discussion on that matter with me.
Not that it was needed but thank you for clearly demonstrating yet again that my decision was well based.

Have a nice day.

Ministry of TruthJune 20, 2017 10:04 PM

@ab praeceptis
The discussion didn't end because of your self-proclaimed status as a contributor of more code making all of your assertions automatically true.
It ended because you stopped discussing the merits/demerits of various development processes and changed the subject to the merits/demerits of me and you as individuals.
I'm sorry that not honoring your Appeal To Authority has made you wrongfully assume that all of your assertions were true, and that you will go on living holding so many false beliefs.

Clive RobinsonJune 21, 2017 12:27 PM

@ Ministry of Truth,

I know some people feel having the last word is important but it's actually quite childish behaviour. when people do not grow out of it and it becomes "part of the culture" you end up with the idea of "slitting throats is honorable" which is just one of the reasons the Middle East is in the mess it's in.

You lost any argument you had with,

    There's no need for something to be closed source to prototype it or to write tests before writing implementation.

Whilst people can chew the fat over Closed-v-Open endlessly, you very much do need to write a specification from which you come up with operating procedures by testing the specification and all points down.

Logically you can not write a proffesional implementation of an idea without first framing the idea by what are essentialy very high level tests.

That is to say "I want to write a game as good as Tetris" is not an ide but an ambition and has no testability. As you say "my game should do this" or "it should not do that" then you have tests by which you can define an idea and further test for consistancy.

To just sit and write code hoping something good will come out of it is an excercise in procrastination. It's what you might expect from a self taught teenager in their first few practices at cutting code. The one thing it is most defiantly not is engineering.

By far the majority of --supposadly-- FOSS aplications fail to even make as far as one or two entries in a public GIT repository. Of those that do few ever get further than a few more entries before they either stop or rip-up and effectivly start again.

It's the same sort of behaviour you'd expect from an artisan wheel wright, not an engineer. The engineer applies testing at every stage or uses that which has been tested and has reliable test results that give component specifications. The artisan however finds nice bits of wood and metal bangs them together either as they feel or based on some pattern they have had handed down to them. Thus they have no way of knowing what their product can do. So they end up using the "P for Plenty" idea and thus over make something and cross their fingers it won't fail to soon. Worse when things do fail they invariably don't ask why they "just bolt a bit on" and cross their fingers yet again. Over time their wheels will stop breaking and thus they have a new "trade secret" or "pattern" they can pass on to other apprentice wheel wrights and thus call themselves "Masters".

Most people assumed that artisanal behaviour went out with the birth of science/engineering in the 1800's. But no it can be found alive and crawling in 95% or more of FOSS projects as well as god alone knows how many startups that burn through somebodies cash never to produce product or product the market can either stomach or can live with let alone like.

With time hopefully you will get to realise that the supposed "strengths and weakness" given in the "Closed-v-Open" source are actually quite pointless for 99.999% of computer users. Like car drivers they just want to "sit and go" and have a comfortable time whilst doing it, that's realy their only ambition when it comes to computers.

And the smarter people know this which is why you have FCSS with all it's telemetry and other PII stealing from Facebook, Google et al. To them it's the best of all worlds 'the user is the product" which means absolutly no "fit for purpose liability" nor under US law absolutly no liability for collecting peoples PII and selling it on for as much as the marketing mad world[1] will pay for it.

[1] Marketing is without doubt the biggest business sector in the world. If you considered it an industry then it's "value added" chain would be to turn guesses into rubbish but at a very lucrative price. Something the banking industry is nodoubt envious of.

AnuraJune 21, 2017 1:09 PM

@Clive Robinson

It should be noted that none of the stated advantages of closed source are specific to being closed source. In other words, the open vs closed debate is missing the point; open source is inherently better than closed source because it gives you more power, and organized development of structured software is inherently better than haphazard development. Open and closed source are both irrelevant to the quality of the code itself.

The two are both achievable and complementary; the professional development allows you to have well-engineered software developed with proper procedures to ensure quality, while the open source nature allows you to ensure none of your infrastructure is dependent on one single company for any support or development. Really, the main difference is how you pay for it; in open source, you would likely pay for the cost of the development through service contracts (i.e. your service contract includes the cost bug fixes and development on top of the normal service and support), and closed source it's paid for primarily by licensing the software itself.

Of course, software companies usually prefer both closed source and haphazard development...

ab praeceptisJune 21, 2017 4:49 PM

Anura et al.

Can we please stop the fairy tales and base ourselves on halfway reasonable observations?

For a start: oss != foss. What I said was clearly about foss as in "gpl infested, brainless evangelizing, '1000 eyes'" crap.

Moreover, the "open source is naturally superior by providing the source" credo is not even half-cooked. I'll explain: for Joe and Jane the sources worth is close to zero; for them source is "stuff you don't need to run the software". But even for professionals having the source does *not* equate to power. One reason for that is that contrary to sectarian believe having the source is *not* the most important property of software; that property is "is working properly and is well usable". *THAT* is what we need most of all in a software.

Another reason that explains a certain aggressivity level on my side is all the brainless blablabla of the sectarian. They *blabber* about being able to change code themselves - well, the reality is usually very different and shows that most are hardly able to even just build the code from source, let alone changing it.

If those sectarian really did what they are blabbering about they'd know that many (f)oss projects are quite hard to build, have insane build dependencies, work with version x but not with version y of the compiler or some library, are insanely dependant on some not at all standard gnu stuff, etc, etc.
And don't get me started on poor (usually pretty much non existant) documentation ...

Does all that make commercial software somehow superior? No. But so what, I didn't evangelize commercial software in the first place. What I did was to criticize (f)oss software - but somehow the foss sectarians tend to automatically react to criticism of foss as if one did preach commercial software.

foss is to a large degree a blob of sectarian belief, sorry. Now, there *is* some quite good (f)oss, no doubts, but there's also quite good commercial software. One important piece of the foss sectarian blobb is the "1000 eyes". It has been shown to be nonsensical and far from realistic. For gods sake, the crown jewels, OpenSSL, have been clusterf*cked *because not even 4 eyes did properly look*, let alone 1000.

Another aspect that seems to be utterly ignored quite often is the fact that paying someone for his work is not somehow evil, anti-social, or otherwise bad or even just uncommon.

Look, a good software developer usually has a very considerable investment in his education, be that formally or not. Now, if one wants people who invested heavily in their education and needed many years to gain experience, to work for us, we have to pay them. Simple as that. Be it a doctor, a lawyer, a civil engineer, etc - we pay them.

At the same time - and to quite some degree due to foss - we want things for free. Even companies often want things for free; leaves them more profit. Trust me, you do not want to know the billions in damage that have been created by lousy foss software usage ...

Another hammer: Why do you think companies like intel or google or even apple give away software for free? Because they are so social and nice? Certainly not. Let me tell you one very, probably the important reason: No responsability/liability.

That's a wet dream and a very hard nut to crack. Most legal systems see companies, who give or do something for money in some liability assumption. Now, everyone has seen plenty of those funny "no liability whatsoever" remarks in license "agreements", right. Problem is that many jurisdictions don't accept that; they say that when you get money for something, then you have at least some reasonable liability, period. After all, business is based on that.
Not so with foss, however. Finally the wet dream of utterly greedy billion$ corporation has become a reality; there is a way out of liability: foss.

Does that mean that foss is evil and bad? No, certainly not. But that wasn't my point anyway. My point was that foss is not the holy grail of eternal happiness. Some basic rules that everyone with a brain and some reason knows still hold. Like "Whenever people interact there is a trade-off" or "quality can not be achieved or balanced by quantity" (read: 20 sectarian idiots do *not* make up for 1 professional).

Finally: What are you talking about anyway? Pretty much every not insignificant foss project has been broken, failed, shown to be a clusterf*ck more than once. *OBVIOUSLY* the solution is not more sectarian evangelizing but introducing some reason and professionality.

AnuraJune 21, 2017 5:03 PM

@ab praeceptis

One reason for that is that contrary to sectarian believe having the source is *not* the most important property of software; that property is "is working properly and is well usable". *THAT* is what we need most of all in a software.

My entire point is that that is completely independent of having the source code. Have you ever used software from a company that went defunct? You are screwed; with open source software, if you have a problem there are generally many many people you can pay to fix it.

Finally: What are you talking about anyway? Pretty much every not insignificant foss project has been broken, failed, shown to be a clusterf*ck more than once. *OBVIOUSLY* the solution is not more sectarian evangelizing but introducing some reason and professionality.

You are missing the point; that is completely irrelevant to FOSS. It's a matter of design and engineering - if you want to pay to have good software developed, the process is exactly the same no matter what license you put it under; GPL is a software license, not a set of development standards. You are conflating two completely different issues - open source has nothing, whatsoever, to do with the problem of shitty software development practices; however, it is useful in that it gives you the ability to have problems fixed when the original creator inevitably stops developing it.

There is good open source software, there is good closed source software; but on both sides the vast majority is crap and poorly engineered by developers who are poorly trained and with development practices designed to be low cost and fast rather than well-structured and pragmatic.

ab praeceptisJune 21, 2017 5:39 PM

Anura

I'm glad to see you at least somewhat differentiating "how to make good software" and "one desriable point (among others) is to have the source".

But there is a but and I know that bloody well from ugly experience: The very moment I want or need to sell software I'm f*cked with open source. Reason: there *will* be some ignorant socially retarded a**hole who will compile my sources and basically give away my work for free. Which might lead to me (or my client) having invested a considerable amount of money and sitting on debts.

The problem related to the foss sectarians there is that they intentionally create the impression that software must be free that anyone wanting money for software must be a greedy despicable being who just deserves to get f*cked.

Sometimes foss proponents argue that *every* software can be cracked and stolen. And yes, that's true but a) very many potential customers don't want software from very dubious sources ("warez") and b) it's still *a lot more* effort to crack binaries than to simply recompile source.

There are other problems, too. To name one: What if one "smart" customer edits my source with the intention to make it "better" or to extend functionality, or ...? If there are problems later, chances are he'll call my clients support and such creates a burden that is based only on his fumbling.

There are other solutions that are better. To name one for a problem you also mentioned (and which often comes up from the foss side): what if the software company ceases to exist or simply doesn't support a product anymore? Simple: Sources go to a notary along with the (published) direction that should company cease to exist or stop product support, notary is to make the source available to clients.

I also like this example as it underlines a very important fact: Usually neither extreme is the best solution but a reasonable and well conceived compromise is.
Neither "source? Only over my dead body and an army of lawyers!" nor "foss! foss! everything must be (f)oss!" is a good solution.

AnuraJune 21, 2017 6:36 PM

@ab praeceptis

Well, I'll argue that all products, not just software, should be required to have their specifications published, and also that every copyrighted work should enter public domain the instant it's published... So I'm not going to bother debating that further because I have other reasons, namely that closed source, for-profit software is always going to have corners cut by management, because that's what happens with pretty much every corporation.

There are other problems, too. To name one: What if one "smart" customer edits my source with the intention to make it "better" or to extend functionality, or ...? If there are problems later, chances are he'll call my clients support and such creates a burden that is based only on his fumbling.

Make it clear that altering the code voids the contract. Really, if they are doing this it probably means that the software doesn't meet their needs. The vast majority of software should probably be lightweight, modular platforms designed to be extended with plugins to meet the customer's needs. The problem with the monolithic products that companies inevitably make (as features are the selling point, and the more you bundle the more people you can sell it to) is that they are always "intended" to be used a certain way, as determined by the people who aren't going to be using it, which inevitably means users spend a ton of time finding workarounds to make the products work for their needs.

ab praeceptisJune 21, 2017 7:33 PM

Anura

You will probably continue to fail understanding that but I'm actually not a big fan of the status quo. To show what I mean using an example with high contrast, patents, I'd very much love to see a much better solution. Patents, in my view, should have much shorter expiration times and there should be a much better balance between commercial and social interests. I do understand that privately financed research needs a certain protection period to recover costs, but I also clearly see the need of society to profit from research; therefore patents should expire *much sooner*.

Very similarly I would see a solution that could satisfy everyone in the software field in rules along the line that any software must be open sourced after a certain period of time, maybe in the range of 3 years, after market entry.

On the other hand I also see the immense harm that has been created by foss and particularly gpl fanatics. Largely due to them many in society consider software as somehow free by nature and any and all interests of software creators to protect their work as somehow unethical or even criminal.

"Really, if they are doing this [editing source code] it probably means that the software doesn't meet their needs."

Pardon me but that very clearly shows that you lack any concrete insight into or experience in the field and are purely "politically" driven.

For a start, *NO* software meets *everyones* needs, neither does it need to. Software needs to do what it says it does, period.

But there is more: Your statement also clearly shows that you have a deranged and utterly questionable understanding of *both* sides involved. You clearly see any source code given to the user as *his* to do with whatever he f*cking pleases.
That is gravely mistaken! If a commercial entity hands out source code then that is with a clear purpose, namely to be independant and safe - just as the oss sectarians always demand (knowing well that they are spreading a lie). That source code is *not* yours and it is not for you to do with it whatever you want.

I'm quite hesitant nowadays to hand out any source code (after quite liberally putting out loads of it for many years). And you and other sectarians and foss fanatics just convince me again and again to *not* give my work away anymore.

And now I'll look whether there are legal ways to have a license that explicitly and bindingly prohibits to have ones code infested with gpl tainted code.

AnuraJune 21, 2017 8:35 PM

@ab praeceptis

I'm not sure of a convincing argument for patents outside of pharmaceuticals, and for that I would say that you can do it with copyright using the aforementioned system of it becoming public domain when it is published. Basically, require that a drug information sheet (conditions treated, side effects, possible interactions, etc.) be included with the drug, and require that sheet to be approved by a regulator (e.g. FDA). In order for the regulator to approve the information sheet, they need to show all the drug trial studies and whatever else the regulator requires. Then they sell this information sheet to the highest bidder (likely a purchasing cooperative made up of health insurers, hospitals, pharmacies, etc.), and it becomes public domain and anyone can purchase the drug.

The same works with products - make it so you have to publish a specification if you want to sell a product, but once you publish it anyone can make it. You can sell the specification on the open market, likely by a purchasing cooperative made up of the retailers, or simply pay for R&D through other means (crowdsourcing, service charges on existing business). The point is to make all costs about the scarcity actual resources that are involved (labor, natural resources) and not about things that have no real cost (patents, copyright) which allow you to make others dependent on you and inject artificial scarcity.


Back to FOSS
----

I think if you don't like anything about any of the products that anyone makes, you should be able to contract out to any company you want to make it for you. But do it yourself? If you want to shoot yourelf in the foot, go ahead, but that shouldn't even be worth it. I think every single company should be specialized in a single domain, and outsource all business not in their domain to other specialized companies. As an individual, you would never do your own plumbing, clean your own house, cook your own food, or build your own patio would you? Of course not! Because then you would have to spend a ton of money on the equipment, requiring more space for all the stuff, you would take more time doing it, and you wouldn't do as good of a job because that's not what you specialized in! So train people to focus on becoming more knowledgeable and productive and doing better quality work in whatever field they specialize in, and sharing their knowledge and experience with others in their field, and leave everything else to the respective professionals.

ab praeceptisJune 21, 2017 9:07 PM

Anura

In some theoretical weirdly communist world that might work. In the world we live in, however, what you suggest makes little sense.

If any party, usually a company, invests considerable resources of diverse kind (money, know-how, etc) into the development of something, be that some medizine, a more efficient engine, an office building, or software, they *deserve* to earn the money to recover their investments and to make a profit. There is nothing wrong with that nor is it in any way evil.

There is, of course, other parties, too, particularly society and the idea that any development and designs should serve for the well being of society *too* - as opposed to serving the companies *only* - is one I sympathize with. That's why I think that, for instance, software should become open source after some reasonable period of time.

I am opposed, however, to weird models which largely boil down to keep the utterly biased one-sided model but to exchange who has all the rights. Because that's what most (f)oss sectarians basically want (and what you argued for, too). The difference would simply be that then the companies would be basically without rights and "the people" would hold all power and rights over software.

As is probably not surprising in my field I actually usually have to hand over source code. And I do that - after I'm payed in full and after the other side signs an NDA about whose enforcement I'm quite bellicose.

The reason is simple. It is my education, my know-how and knowledge, my experience, and my work. I live from that, not unlike an architect or a naval designer. Usually the deal is that you get what I have built, as it is (i.e. as a product), and for the purpose it was built for (I do, for instance, frequently expressly exclude any kind of even remotely military use by nato countries). Other rights for you? Nope, forget it.
You don't like that? Go and find someone who is capable and willing to do it on your terms. Good luck with that.

And the more I'm getting molested by weirdo communist or gpl taliban approaches which utterly ignore me and my interests, and btw. often are very disrespecting, just make me harden my position and stance.
Given that I actually know how to - and do - design and build safe and secure systems/software I'm quite cool and confident about the outcome of that game some try to play here.

Btw: I hear demands, demands, demands from your side. A bad approach, a seriously bad approach. Let's talk about what you have to offer for a change ...

RatioJune 21, 2017 9:32 PM

@Clive Robinson,

I know some people feel having the last word is important but it's actually quite childish behaviour. when people do not grow out of it and it becomes "part of the culture" you end up with the idea of "slitting throats is honorable" which is just one of the reasons the Middle East is in the mess it's in.

Please keep the patronizing talk to yourself. Thank you.

ab praeceptisJune 21, 2017 9:50 PM

Ratio

Please, refrain from attempting to limit the free speech of Clive Robinson whose status here, btw., as well as his contributions are by far above yours. Thank you.

AnuraJune 21, 2017 10:08 PM

@ab praeceptis

Just think of the market differently - you aren't building stuff with the hope that people will like it, you are being hired by the customers to build stuff for them - it's work for hire, thus your work belongs to the customers. As a work for hire, the person who did the work has absolutely no rights, whatsoever since they've already been paid. So, no, it's not their money, it's the customer's money - they are the ones paying for it, they are the ones who it is being developed for.

All the business owner is doing is getting in the way and making the products worse simply because they have their own goals independent of the work itself - remember, it was the executives who were behind humans = batteries in The Matrix and if the fans want, they should be able to pay to reshoot everything related to that to make it not stupid. Not providing the means to profit doesn't mean it doesn't get done, it just means that spending is done based on benefit rather than potential to exploit market inefficiencies or make people dependent on you. The customers should be the most important people in the economy, not people who have no concern for the actual outcomes, just some profit margin representing nothing of real value.

As for how much someone deserves in return for their money: on average, there is absolutely no good reason, whatsoever, that returns should ever exceed the rate of inflation (thus lending is not about profits, it's about the fact that if you don't lend you will lose your money).

If there is nothing in the law that allows you to profit, economic decisions are necessarily left to be made based on the needs of the consumers. And no, this is not a fantasy; the idea that the profit motive leads to decisions that have a net benefit to society is a fantasy. You just have beliefs about what you think people deserve - of course, you are not paying the people based on the utility of their labor, you are mostly not even paying the people who do the actual work, you are paying the people who have a title to a piece of artificial property that says that they have absolute decision making power over that piece of artificial property, and saying they have absolutely no responsibility to the people that depend on them, and as a result need a minimum of two companies (but probably more) to sell any one product, regardless of personal preferences, to reduce the amount consumers will get screwed over. How is that in any way, shape, or form a sane system?

And honestly, no one at all gets paid proportional to the utility of their labor; they are paid based on how much they can negotiate for which is dependent on both the scarcity of the labor that can do the work and the utility of the output of that labor, as well as the non-labor costs of the product. In a perfectly efficient labor market where every worker has equal job preference and every job has equal training costs, regardless of utility you should expect all jobs to pay exactly the same amount regardless of the benefit they provide. In reality, personal preference and training costs should not make a difference of millions. To make more than that, you must create an inefficient market which is what our property laws do.

Why is it that you think some people should be paid wages, regardless of the benefit they provide, while others should be paid for the ongoing benefit their work provides anyway? Shouldn't we first be compensating sanitation workers for their past work based on how much we are benefiting by not being diseased? Or teachers for the wages earned by their students?

ab praeceptisJune 22, 2017 12:42 AM

Anura

Let's end that. You are arguing from an unrealistic politically driven perspective.

In real life companies usually *do* create software hoping the people will like it. And there it's a vital difference whether it's 5, 5000, or 5 mio customers who buy that software.

And no, those customers do *not* hire you to build that software. They are just people who do or don't buy your software *once it's completed*. It's you, the builder, who carries the whole risk and who invests, not the customers.

IF customers created a customer-pool and did finance the whole development, then they would indeed be the owner of that software and I would just be someone rendering a service and being payed for it.

Which leads us to what I occasionally mentioned: There is loads and loads of BS and lies in the (f)oss sectarian movement. What it's really about (besides some few politically driven people like you) is free as in beer.

"funny" btw (or not at all) that neither (f)oss nor commercial software producers address the real problem. Both usually produce crap albeit for different reasons.

As for the Matrix, sorry, I'm not us-american, I'm not used to thinking in terms of movie scenes or comics.

AnuraJune 22, 2017 1:40 AM

@ab praeceptis

Okay, you were making suggestions about hypothetical solutions, so please don't pull this stupid bullshit distraction "Oh, you are suggesting things that aren't in place today, you are an idiot". No, you are the one refusing to engage in rational debate and make arguments based on merits, you are the one blowing off things for purely political reasons. Dismissing the arguments is just showing you aren't bothering to think about them; it doesn't make you seem smart.

You keep complaining about the crap open source and crap closed source, but have you failed to notice that the only thing that seems to motivate any company to make a product to your standard is if lives are on the line? Does that tell you that maybe trying to rely on companies to produce good software is probably a bad idea to begin with? Why would any company or individual voluntarily make themselves dependent on a single company who has absolutely no legal responsibility to ensure their product is suitable for any task in the first place? The fact that they allow this, the fact that we have all these horror-show EULAs is because the customers do not have power in the market. It's purely because the consumers are not organized, and because we are dependent on them because of our property laws that they can get away with it.

The same is true for the entire economy - there is absolutely no industry in which the customers, when given a choice, would choose to pay a company they have no real power over instead of organizing and creating their own business. But we don't, because we have this aristocratic idea that the ultimate goal in life is to acquire wealth and status that's been sold to us over the years by lifestyle magazines and politicians (charlatans, the lot of them).

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.