Friday Squid Blogging: Squid Empire Is a New Book

Regularly I receive mail from people wanting to advertise on, write for, or sponsor posts on my blog. My rule is that I say no to everyone. There is no amount of money or free stuff that will get me to write about your security product or service.

With regard to squid, however, I have no such compunctions. Send me any sort of squid anything, and I am happy to write about it. Earlier this week, for example, I received two -- not one -- copies of the new book Squid Empire: The Rise and Fall of Cephalopods. I haven't read it yet, but it looks good. It's the story of prehistoric squid.

Here's a review by someone who has read it.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on September 29, 2017 at 4:27 PM • 107 Comments

Comments

MarkHSeptember 29, 2017 6:05 PM

@Bruce:

It's a risky invitation! Perhaps you will be besieged by persons wanting to advertise a squid-ink based nostrum to enhance "male performance" or some such ...

Jared HallSeptember 29, 2017 11:56 PM

Jan: "What if it's a secure squid?". With it's ten arms, the squid provides robust 10DES, better known as 10-Decapodiform Encryption Squid. The NSA supposedly has a group dedicated to Kraken Encryption.

Clive RobinsonSeptember 30, 2017 1:16 AM

@ Jared Hall,

But what about the "Lovecraftian debizens of the deep and dark"?

Years ago one xmass in the UK the record worming it's way into peoples brains was "Grandma we Love You" from the St Winifred's Primary School Choir (or some such). Well we decided to change some of the words... Grandma became Cthulhu and I think you can guess some of the others. We sang it as a joke party piece. But it became a mini anthum, so various parts of "snooty London areas" in Chelsea and Sloan Squ, got treated to very loud out of tune inebriated reditions at two or three in the morning... Back then millionaires did not have panic rooms or sound proof sub-sub-basments to hide in so got the full benifit of our rendition, but further when we timed it right police cars on Blues and two's as well B-)

Our efforts were suitably recognised by "Major Disgruntled's letter to the editor, moaning about the youth of today" in the local rag. Which got pined to the office notice board as a badge of honour.

24th Arrondissement Squid CatchersSeptember 30, 2017 2:26 AM

Moscow officially turns on facial recognition for its city-wide camera network.

Like many cities, Moscow has an enormous network of CCTV cameras, but unlike many cities, thousands of those cameras are now hooked up to a powerful facial recognition system that can track criminals (and trash collectors) wherever they go. The privacy implications are serious, of course, but a large scale rollout like this will help make them part of the public discussion.

The facial recognition system, devised by Russian AI firm NTechLab (previously), has actually been in use since early this year as a pilot program, but is now in official use. I spoke with Artem Ermolaev, CIO of the city’s Department of Information Technologies, about the reasoning behind doing this.

He explained that with over 160,000 cameras in the city’s CCTV network, and five full days of video kept from them at all times, the sheer volume of footage is difficult to navigate.

https://techcrunch.com/2017/09/28/moscow-officially-turns-on-facial-recognition-for-its-city-wide-camera-network/

NTechLab is that firm behind Findface. I recall an interview with their investor or whoever else maybe. Name's Kabakov. He is full of shit-cough-interesting ideas how that kind of surveillance is good for you. Read as: police tracking you - for your safety; marketers tracking you - with "exquisite" offers, of course.

Sort of bellend, although Poe's law might apply. If I find the link, I'll re-post it - it had been posted here once already.

Clive RobinsonSeptember 30, 2017 4:31 AM

Is supply chain malware,the new black?

In the past few months malware has been sent out as part of official patches/updates.

Because the "code signing" process is implicitly trusted, the malware gets into many places it would not have otherwise done, and very quickly.

Which has been used as a political weapon because the a targeted government mandated a particular piece of software would be used[1] by the general population.

This attack vector has been discussed on this blog in the distant past, especially the fact that the code signing actually means nothing about the code other than it was in effect checksumed and signed by a private key at some point in the past. Which is realy not something that conveys any trust.

Anyway it's back in the news,

https://www.wired.com/story/ccleaner-malware-supply-chain-software-security/

https://dev.to/paragonie/supply-chain-attacks-and-secure-software-updates-ca0

[1] Mandating the use of a particular piece of software by a Government is the hight of idiocy for a multitude of reason. Not least because it creates a nation wide monopoly. With all the problems an political kick backs that brings with it.

TatütataSeptember 30, 2017 6:31 AM

This item in Politico, NSA warned White House against using personal email, meshes with the recent instalment on US border inspection of devices and social accounts:

Officials are told not to allow any of their phones or laptops out of their sight for fear they will be “ghosted,” or copied, and not to take them to countries including China where they can be accessed by cyberspies even if they’re turned off.

Do they know this because they develop this sort of technique themselves?

Then there was also this:

When it comes to email, cyberspies will research a potential victim, especially someone identified as being a key to understanding an incoming administration. Then they will send the victim “spearphishing” emails that appear to be from friends, urging them to click on something that secretly installs malware on their system.

Kushner could have asked Podesta, or his Russian friends.

HermanSeptember 30, 2017 7:47 AM

Squid security relies on an ink cloud. Therefore it is simple security by obscurity. However, given the situation and the threat actors, it is probably not bad.

Who?September 30, 2017 12:53 PM

@ Tatütata

Officials are told not to allow any of their phones or laptops out of their sight for fear they will be “ghosted,” or copied, and not to take them to countries including China where they can be accessed by cyberspies even if they’re turned off.
Do they know this because they develop this sort of technique themselves?

Thanks to the huge amount of leaks in the last years we know it happens. Let me be clear, there is no magic in this process—a device that is turned off cannot be accessed by cyberspies. However it is possible cheating the user, so a device that seems to be turned off is not really in that state. Think, for example, on the weeping angel program developed by the CIA or similar programs developed by FVEY for cell phones.

Another matter are devices that, under normal circumstances, are never fully turned off like desktops that have the Intel Management Engine technology. But these devices need a power source. Laptops are usually not running Intel ME when turned off (except when connected to a power outlet or Intel ME has been configured to be enabled when laptops are battery powered too).

Clive RobinsonSeptember 30, 2017 3:02 PM

@ Cassandra,

I think a good example of an unwise mandate is South Korea's requirement to use the SEED cipher to secure online transactions.

Dare one say they were sowing the SEED of their own failure.

The point is history shows there is no resilience in monocultures, which further means that across the nation state, the security is in effect binary. That is you are all waiting for the next breach to bring you all down...

Some while ago now the older "usual suspects" had an on/off/on about using multiple cipher algorithms in a standard interface. Thus if one algorithm, mode or method became suspect it was the work of moments to change a configuration file to avoid using it. I pointed out that ciphers could also be chained in various ways to render 'n of m' systems secure. That is contrary to the "weakest link failing" it would be the "strongest link remaining" that defined a crypto system. I thus mentioned the idea of developing a framework that algorithms, modes and methods could all be "plug-n-play". As an algorithm became suspect it could be phased out quickly and replaced with another existing algorithm. When the need for the old algorithm is passed it could be simply pulled. Likewise new algorithms easly pushed in.

Obviously there is still a common component, the framework, however it need not be complex or large thus the potential for vulnerabilities and other vectors reduced.

Dick VitaleSeptember 30, 2017 3:16 PM

At risk of diverting from a valid topic and accepting any moderation under those terms:

What is the ultimate "security" failure in our collective lives? In any sense.

I propose it is the disparity between those who are charged with a crime and those who are not, for xyz reasons of varying validity and scales. Galileo was not the first.

These decisions are the meta-rules by which laws affecting EVERYTHING ELSE, from backdoors to patents to science to industry to espionage to murder to treason to genocide, all are judged and promoted or demoted thus. Law is our definition of merit. Law is our decision on what will be allowed or not.

Right now the very rule of law is under attack. I will leave the hyperbole there.

If you worry about backdoors, if you worry about usurpation of encryption keys via backchannel attacks, if you worry about trusted computing as a paradigm in 2017, you ought to pay more attention to politics right now - not because politics are a noble focus of this or any forum, but because the very security of you discussing security in public is perhaps being challenged right now as well, realize this or don't.

Am I hyperbolic? At times absolutely. The concern I mention now seems to be reasonably founded by empirical observations, and I trust you all to make them for yourselves to the degree of effort or concern you think is warranted.

Realize your entire legal block chain stems from one document that is being corrupted by popular malware while we play games and are distracted by reality television.

We are the boiling frogs and we pass our time as we choose but should any of you so choose to jump out of the pot, your time is quickly drawing near.

Realize this as we discuss the deliberate "failures" of security that are laid around us, brick by brick, sealing us in. Enjoy the amontillado, friends.

Clive RobinsonSeptember 30, 2017 3:26 PM

@ Bruce,

Send me any sort of squid anything, and I am happy to write about it.

I'm assuming you mean those cuddly eight legged two tentacled Squid. Not those little chips attached to a quaint circuit of Josephson junctions all dipped in a cryostat? It's more than a few years since I played with "Superconducting QUantum Interference Device" but they did have their "15 minutes of fame" as the worlds most sensitive magnetometers. But bow have been superseded by believit or not a SURF that does not need to keep it's cool in a cryostat.

Spin Exchange Relaxation-Free (SERF) magnetometers were developed at Princeton University at the begining of this century.

They sound and actually look very SiFi with their lasers and vapour metal halides (of potassium). Interestingly they avoid many of the decohearence problems that other sensors have. Thus some in the field of Quantum Computing are looking at them.

So three subjects close to your heart SQIDs, SURFs and crypto breaking Quantum Computing. It's a shame the first two are cold technology not the biological entities you talk about from time. :-(

tyrSeptember 30, 2017 6:22 PM


@Dick Vitale

Someone once said law works by looking in
the rearview mirror while driving into
an unknown future. Politicians have for
centuries been drawn from the ranks of
lawyers. Most of the most disruptive of
technologies have been trying to project
a new future and mold it. When the two
crash together the politics becomes one
of fumbling ignorance quite painful to
see and you never get a reasonable law
out of the mess until there exists some
precedent that wiser heads can cite to
try and fix it.

Since human civilization is still in its
infancy stage the methods that worked a
bit in the days before technology are no
longer much use as wave after wave comes
out of the labs and science departments
to be viewed with alarum, media hyped and
legislated on by the ignorant. Wells
said it is a race between education (not
school learning) and catastrophe with no
clear end in sight. The outcome is hardly
guaranteed but it might be nice if tech
was listened to before law was ignorantly
shoved up everyones bum for their own good.

@Clive

Surfs up. There is nothing to make you respect
mother nature like having the ocean hold you
under too long and then let you go again.

Clive RobinsonOctober 1, 2017 9:29 AM

@ CallMe...,

"The Coming Software Apocalypse A small group of programmers wants to change how we code — before catastrophe strikes."

As you are probably aware I've been going on about this for years, it's why I talk about "code cutters" not being engineers.

The people making the quotes in that article have sadly come from a "code-cutter" not "engineering" back ground. It shows with the absurd aim of software developers developing tools to make software developers redundant...

To see why most people are aware of the absurdity of "turtles all the way down" now put in place a rule that says "If you are the turtle on top destroy yourself". That rule does not in any way change the absurdity of the "Turtles all the way down" premise underneath it...

The problem these people are missing is the difference between a fantasy artist and an architect. The fantasy artist has no problem drawing fany castles on clouds in the sky... An architect is justvas capable of drawing castles on clouds, but does not as an architect. As an architect what they draw is based on the realities of what can actually be built in the real world. It's learning about what the real world limits are and how you deal with them that is the tiny pinnacle at the top of engineering and materials science, which so far is an ever moving target.

If software developers did not exist who would change these software tools to keep them upto date with the changing engineering and materials science?

There are somethings that do not follow the "ditch digger premise" of people only dig ditches because the tools to dig ditches without people does not exist, therefore somebody has to dig ditches untill such tools come along. The premise --which is also behind "robots for everything"-- is that there is no skill or useful skill involved with digging ditches. You can only get that idea if you have never seriously dug ditches...

Such people generaly hail from the "Make it so" managment philosophy that came from Science Fiction. You can not build fantasies as the real world will come and give you a bite of reality rather sooner than you would expect...

MartinOctober 1, 2017 9:54 AM

I would appreciate thoughts (comments) on the credibility of Veracrypt (current version is 1.21). Is it a useful and valid encryption tool for individual PCs and small organization use? How "tough" is it to crack if implemented per the provided documentation? Is it a real encryption tool? Many thanks.

Clive RobinsonOctober 1, 2017 2:50 PM

PRNGs made a little simpler

Pseudo Random Number/Bit Generators, should be easy to get your head around... But the reality there is a lot of sometimes apparently conflicting information out there.

Hopefully this will help those who have not been steeped in RNGs for what sometimes feels like an eternity.

http://hclarke.ca/prng-reference.html

If you still have questions after reading it you can ask here and hopefully we will be able to help ;-)

Douglas CoulterOctober 1, 2017 3:52 PM

@Dick Vitale

Not much more to say without being perceived as hyperbolic.
The transition to rule of men from the rule of law has almost fully completed, and it's not a partisan thing as much as it is a weakness of humans thing - and the setup we use that allows those who crave power to have it - elected, or in the current situation, mainly not. This is not just the USA, either.

The actually-wealthiest (in money and in my book money alone ain't riches) on earth are not "that 1%" - it's far fewer and they're not listed as such - they take care to not be.
Ditto the most powerful aren't the ones you see in official elected office, when it's obvious that no matter who is in power, the same agenda gets done. Just a matter of step by step creep, not direction.

I say this not as one who's been disadvantaged much by this situation - I've won a few to say the least. But looking at how it treats others who don't have the money and friends, insights, and ability to "work the system" I have...it's pretty bad out there. And only getting worse.

Clive RobinsonOctober 1, 2017 5:53 PM

@ CallMe...,

This might make you smile,

http://lamport.azurewebsites.net/pubs/state-the-problem.pdf

Written back in Jan 1978, the author says of his paper,

    The title says it all. This one-page note is as relevant today as when I wrote it. Replace "describing the solution" by "writing the program" and it becomes a practical recipe for improving software.

Which @Nick P will probably chime in with a comment that says in a more upto date way, something a French King once scratched in a pane of glass with a diamond ring,

"The more things change, the more they stay the same"

Clive RobinsonOctober 1, 2017 6:18 PM

@ Doug,

But looking at how it treats others who don't have the money and friends, insights, and ability to "work the system" I have...it's pretty bad out there.

Yes and I now suspect it is beyond a tripping point where it can be peacefully corrected.

Every day they steal another inch or so, whilst we occasionally win one and push them back a short distance, over time their gain is relentless.

If you look on "Representative Democracy" it is clear it is not democracy by any sensible definition, as you note it's the same old same old no matter the beast in power.

For a number of years I've said their needs to be changes in the system. The first is that all legislation, and I realy do mean ALL should have Sun Set Clauses of a relatively few years (say 7) whereby the elected members have to vote each and every part of a pirce of legislation back in. Secondly there should be no "Private Meetings" for people intending to stand to represent the people, those that actually represent the people and those that have represented the people with any lobbyists, interest groups or those who contribute to campaigns or other financial arangments (such as say a newspaper paying a child or other family member what is in effect "makework" etc). We also need a way to get rid of those in any kind of political office who have betrayed the trust of the voters.

But most importantly, we have to work out ways to take the money and other influencers that the 1% of the 1% use to their benifit, out of the political process.

In the case of the US you also certainly need to get rid of what is in effect a "two party system" where the parties are only there to delude the voters that there is actuall choice...

LPA-11KOctober 1, 2017 8:51 PM

Concerning the 2016 EDGAR breach: "The agency (SEC) detected the breach last year, but didn’t learn until last month that it could have been used for improper trading".

https://www.washingtonpost.com/news/business/wp/2017/09/20/sec-reveals-it-was-hacked-information-may-have-been-used-for-illegal-stock-trades/

Is the SEC a customer of Deloitte's "industry leading" IT Security consultancy? What about Equifax? None of these breaches have slowed the stock markets from hitting record highs and everyone thinks it's because of Trump. It's all legit, and that's a PROMIS.

65535October 1, 2017 10:55 PM

@ LPA-11K

The whole “stock market” sector is target rich for skiddies or pro-hackers. I am not surprised about the fake Avon take over filing in EDGAR.

I suspect the Stock Market will be hit again in various areas. These areas are anything from the Deloitte breach, brokerage houses trading desks, the market makers and on down the line.

Good hackers could make carding look like small change rip-offs. The folding money could be had with the proper knowledge…including some bad apples at the NSA/CIA/FBI using nation state malware/upstream-full takes/wiretapping and so on.

Death by populismOctober 2, 2017 2:13 AM

@Doug Coulter

"This is not just the USA, either."

Absolutely right. The US has no monopoly on democratic ideals nor would-be despot robber barons. Each of the host nations are simply that in the parasitic biology sense.

It's ironic how they each seem to appeal straight away to an undefined, toothless patriotism as they chip away at the local sovereignty of the people.

"But don't you poor folks want to work in the mines? Then we need to get rid of all protections for your health, such pesky regulations are keeping you down."
-Pretty much verbatim

It's a purpose-built pseudo-ideology that has the potential to kill us all globally.
They think they'll survive in luxury bunkers somewhere. These people are morons.

Imagine the world were run by the best and brightest instead of simply the oldest greed.

vas pupOctober 2, 2017 5:12 AM

@ Clive Robinson


PRNGs
...
If you still have questions after reading it you can ask here and hopefully we will be able to help ;-)

What do you think about PCG PRNGs?
The writing there says it's so good a PRNG that I wonder if there are any gotchas?

Non-AmericanOctober 2, 2017 6:39 AM

So, how secure am I, a non-American, to visit America, where the NRA strongly advocates for no changes (i.e. tightening) of gun laws, relative to just about every other nation on earth?

What excuse (madman? terrorist?) will they proffer this time?

Perhaps all those gun nuts could be sent off to say hello to one of the problematic countries that America has to deal with. All you have to do is build a reliable "gun nut" detector.

Seriously, where does risks/security concerns, caused by America's extraordinarily high gun violence rate, rank compared to risks/security topics more commonly discussed on this blog?

Quoting from an Al Jazeera news article on the mass shooting:

Sunday's attack is the deadliest mass shooting in the US since 1949.

So far in 2017, the watchdog group Gun Violence Archive has documented 273 mass shootings in the US.

The group also recorded 11,621 gun-related deaths and 23,433 firearm-related injuries during that period.

LPA-11KOctober 2, 2017 7:07 AM

@ Non-American

Some might consider your comment an opportunistic polemic posted to a blog trying to confine the subject matter to IT Security.

Clive RobinsonOctober 2, 2017 10:38 AM

@ vas pup,

What do you think about PCG PRNGs? The writing there says it's so good a PRNG that I wonder if there are any gotchas?

Read the top line of their table, then compare it with the line for RC4 which is just the "academic/assumed" Ron's Code four or RC4 as most call it.

ARC4 / RC4 used to be the "wunder kid" due to it's simplicity and low complexity in implemebtation (even code cutters can write it from memory). But it got used incorrectly in WiFi, and cracks started to be found relatively quickly. And the just kept coming, each crack got wedged and other cracks opened up. RC4 is now not approved for crypto use of all sorts of modes, and the general advice is "as it shows bias, be biased and walk away".

If you look at the table in the areas it counts for "crypto" they say that ARC4 is better... Which tends to suggest that PCG is not suitable for cryptographic applications.

Which brings us around to other things you would use PCG for... Well simulation in the likes of Monte Carlo methods and more. These have certain requirments and unlike crypto output predictability is not as high on the list of charecteristics as you might think. They are looking for vast quantities of output at very low CPU / Memory over head, as well as certain dimensional charecteristics. They also want repeatability to a very high level such that simulations can be run over and over with the same input numbers.

Thus based on the limited information I would suggest that PCG is aimed more at the simulation, than the crypto croud.

Hence showing one of the PRNG issues, what is "One man's meat is another man's poison". You need to know fairly intimately what use a PRNG is going to be put to ensure a good match to the requirments of the task.

And as you are probably aware "requirments" is a dirty word in large parts of the software industry where the desire to cut code frequently overrides the need to understand what is actually to be achived.

There is a historical example the Linear Feedback Shift Register (LFSR), passed all the early statistical tests with flying colours thus it was thought to be good. Then someone tried a new test and the LFSR failed badly worse in fact than other PRNGs that had not done well in the previous tests. We have the DIEHARD, DIEHARDER... And more tests, each bringing new statistical tests to the party.

It's got to the point where only seriously studed crypto algorithms are even worth considering... Then you need to remember RC4's history...

The correct thing to is get your specification requirment "ducks in a line" and make a suitable API for the PRNG to use. Then if the PRNG you are using gets to fail the next set of tests someone comes up with is simoly pull the old and plug in the new.

My view from history sofar is that crypto algorithms are good for maybe thirty years before they need either major changes or replacment.

Oh and one last thing to remember is "Crypto algorithms do not increase entropy"... That is you can have a simple counter that drives a crypto algorithm to use as a PRNG. If you don't have the key then the output looks to you as good as you are likely to get. However if somebody else has the key then they know exactly what is going on, what the next output is going to be etc. Not what you want for anytging involving security. But it gets worse, some PRNGs like the BBS are based on maths which has very high redundancy. If you know one of the primes then you can unravel the rest. If you look at the work of Adam Young and Moti yung they came up with cryptovirology, which in this case gave rise to kleptography which is in effect the art of stealing / leaking secret information like key bits etc, in a way that nobody else should be able to do. Hence the "NOBUS" idea which it appears the NSA tried to pull via the Dual-EC PRNG, which after a few backhanders to the likes of RSA caused a sufficient stink that NIST felt the only option was to drop the algorithm... Thus beware of men barring "better mouse traps" contrary to the old saying, you migh just want to beat a path from --not to-- their door at high speed ;-)

Have gun, will treasonOctober 2, 2017 10:54 AM

"All you have to do is build a reliable "gun nut" detector."

Unfortunately in post-Reagan America, if someone is "mentally ill" or going down that path it's almost always private information - there are no laws to compel someone to get help, there are few laws to compel states/Fed to help them significantly, and there are almost zero significant efforts by law enforcement to monitor mentally ill people and see if they are doing things like stockpiling weapons.

The only way the US as-is would be taking guns away from gun nuts is if they unzip their crazy fly in public, make a series of big threats, or kill some number of people.

We've got this insane conflict between the seriousness of prolific weapons in society and the "right" of any individual with a trigger finger to own any number of them, no questions asked. There are just too many guns - MORE THAN CITIZENS IN FACT - and this country does a piss-poor job of proactively dealing with problems. Heck, even after they're problems for DECADES this country can't deal with them in the slightest meaningful way.

And now? Our GOP congress is (until last night? We'll see) pushing 2 bills right now, one of which would allow anyone living in a state with loose gun laws to go to ANY STATE IN THE UNION and do what they want with their guns regardless of local state laws.

The second law? To legalize SILENCERS for the general public. Great idea right?
Imagine a silencer involved last night - how many dozens more would be dead?
The ONLY reason anyone knew anything was going on was the sound of the shots.

So be sure to thank your "patriotic" NRA superpac lobbying mechanism for protecting their donors' profit margins and scaring/threatening the public into inaction on any level. Keeping guns out of the hands of dangerous mentally ill nutbars is, according to them, the greatest threat to Democracy ever and unAmerican.

Until they are checked by reality, America will be the land of mass shootings. If they could sell red hats and make money off these incidents, do you think they wouldn't?

They already do.

Clive RobinsonOctober 2, 2017 11:20 AM

@ Non-American,

So, how secure am I, a non-American, to visit America, where the NRA strongly advocates for no changes (i.e. tightening) of gun laws, relative to just about every other nation on earth?

From the pure security logic point of view if there are no guns, then you can not be shot by them. It's logic that is not open to political argument.

But guns exist therefore they will be used and the probability you will get shot goes up. Again it's logic. Thus the more guns there are the higher the probability people will get shot by accident or design.

The level of accidental shootings has a correlation with the level of training the legitimate owner has had. Again it's logic not political argument.

The politics starts with people shot by design. It is an area where logic still applies but there are way to many vested interests for the logic ti become clear.

It can for instance --and has been,-- be argued that the NRA is in effect a smoke screen for other agendas. For instance banning hand guns in the civilian population would have a major impact on the cost of production. This would have a knock on effect to the cost of weapons to "guard labour". That type of argument has it's oen branch of security thinking in "Security Economics". A part of which would include the effect on the private prison population. Where other countries have tighted up access to the likes of hand guns, crime by gun drops, which has a knock on effect in the number of criminals locked up and the length of their sentance. It can thus be argued that strong gun legislation would reduce not just the violence but profitavility of the prisons. It is not just an economic argument it has knock on effects in security.

The problem is few people will follow logic, they prefere emotion, which is easy for those with vested interests to manipulate. Hence the reason the host of this blog does not like discussions about gun control.

Yes the US has just seen an appaling act, calling it evil or anything else emotive does not help people to make rational judgments.

Most countries puplish some form of statistics about injuries and fatalities by shooting. Whilst they are very likely "massaged" in some way, they can be indicative of "normalised risk". The problem with that is "normalised" hides all sorts of variation. It is quite possible to have a significant fall in shootings on average, but serious "one off" events significantly altering the figures in any given time period.

However people remember with "emotion" not rationality and a serious one off event can have very significant knock on events.

Further when removing serious one offs which tend to "randomize" victim types, there is evidence that your chance of being shot relates not just to your socio-economic position but also your geo-location.

Both of which suggest a stratagie for a visitor to a country to follow to reduce their risk, not just of being shot but also subject to other kinds of event. As was once observed by an actuary assessing the cost of life policies, "You can not fall down a mountain if you are sunbathing on the beach, but you might die earlier of cancer". Life is a series of risk trade offs, the chances of getting them right by emotion is likely to be not as good as by logic.

Non-AmericanOctober 2, 2017 3:32 PM

Thank you to all who responded. I deliberately tried to get in early, before the rhetoric set in; my hope was that I could try to set up a discussion framework before rhetoric (at many different levels) became prominent, such that participants in the discussion might become more aware of how initial and subsequent responses used non-neutral terms.

---- (Begin mild digression) ----

For the record, I'm an Australian, and am very, very glad that the culture here is less gun-oriented (certain segments of the community, perhaps trading in marginally-legal or illicit areas, tend to have more guns, but they tend to fire on each other, with relatively little collateral damage, at least to date).

The most famous gun buyback scheme in Australia happened after the Port Arthur massacre; it was a massive success.

Right now, we are in the middle of the first gun amnesty since the Port Arthur event. Here's links to both a Western Australian, and a national perspective, on the amnesty:

WA firearms amnesty: More than 1,200 guns handed in, exceeding government expectations.

Nearly 26,000 guns handed in since July in first national firearms amnesty since Port Arthur.

Note that gun ownership is not illegal in Australia; however, holding an unregistered firearm is an offence, with significant penalties. This does not prevent ownership outright, but it brings in a framework where the suitability of the person to hold the gun is examined, the stated purposes of ownership are reviewed for legitimacy, and strong laws for safely securing guns are in place (so that inadvertent mishaps are less likely).

---- (End mild digression) ----

@LPA-11K: Your criticism of me being perhaps inflammatory in my posting is partially correct; my two answers to your criticism are:

  1. As mentioned above, rhetoric will enter the sphere quickly; I wanted to get in first; and
  2. Quite often, in the area of computer security, Bruce has suggested that companies be more strongly exposed to external market forces, or, alternatively, where there is a tragedy of the commons, and no one entity (or sets of entities) has the mandate, motivation and muscle to demand a strong profile, and to punish breaches, that Government regulation could step in to cover the breach. Crucially, he has, on several occasions, noted that an insurance model might be a sufficient motivator for a company's directors to act to mitigate risks in areas where high penalties apply -- and the direct forces for change come as part and parcel of the insurance contract.

Already, the rhetoric has started:


  1. "evil": 1. morally bad; wicked. 2. harmful or tending to harm, especially intentionally or characteristically. [...]

  2. "brutally murdered": ("brutal":1. savagely or coarsely cruel. 2. harsh, merciless. "murder": 1. kill (a human being) unlawfully, especially wickedly or inhumanely. 2. [law] kill (a human being) with certain kinds of intention or recklessness as to death or injury. [...]

Notice how "intent" is present in both the terms given above; the conversation is already being shaped to move in certain directions.

So, in closing, I tend to despair about the situation in USA improving, as the right to bear arms is so deeply entrenched in the national consciousness and Constitution; nevertheless, my suggestion is that, if accountability can be applied to certain entities at various levels, associated with sufficient punitive measures, market forces (such as the stock market movements noted in another post), or perhaps Government intervention (assuming the politics of the situation could be resolved) move the country towards what is the norm in almost all other first-world/Western societies.

Clive RobinsonOctober 2, 2017 4:23 PM

@ Non-American,

Already, the rhetoric has started

Yes and it will get worse before it gets better (if it ever does).

The problem is that from the news so far things do not line up.

The man found dead in the room was old enough to be retired. He apparently managed to get a considerable number of guns --one news item said 10-- into a hotel room on the 32nd floor where he shot from.

Now call me old fashioned but the last tine I was in that part of the world the hotel porters carried your bags upto your room (they needed the tips). You would have thought that somebody might have noticed. I suspect there are going to be quite a few other things people are going to pick up on in the next day or so.

I'm guessing this will grow legs with those of a conspiratorial nature, but these things tend to happen after major incidents.

Occam's conspiracy shaverOctober 2, 2017 4:41 PM

20 guns is a lot of guns. However, the man was there for 5 days at least.

Luggage exists. Bellboys are not (overtly) paid to open them and see what's inside.

Not in Vegas. The ones that do are not actually bellboys. Petty theft gets caught.

Clive RobinsonOctober 2, 2017 5:27 PM

@ Occam's conspiracy shaver,

Luggage exists. Bellboys are not (overtly) paid to open them and see what's inside.

I'm not sure how many guns or of what type, but from what's been said they must have weighed quite a bit.

Porters tend to be able to weigh up not just the guests but their lugage as well based on the length of their stay and other indicators.

I used to get the "traveling light" line because I've spent enough of my life carrying my food, water, change of clothes and often my shelter on my back, so realy do travel light (it's also why hotels have laundry services you can expense).

But as I said I expect to here more oddities of the next few days.


tyrOctober 2, 2017 5:35 PM


@Clive

You're not going to get much truth until
the dust settles. I'm betting that Paddock
was being heavily dosed with psychoactives
or some other prescription. Anyone hosing
a concert crowd with a machine gun is not
just an ordinary music critic.

There's not going to be any rationality
involved while the emotions have everyones
prejudices engaged full force.

One thing you will see is the Las Vegas
Mob tighten up hotel security on the Strip.
This kind of thing is bad for business and
they hate that. I recall being in a country
where you had to hand over your weapons to
the bouncer before you went into a bar to
drink. Amazing what people routinely carry
given the chance.

WaelOctober 2, 2017 6:41 PM

@Clive Robinson, @Occam's conspiracy shaver,

20 guns is a lot of guns. However, the man was there for 5 days at least.

Right! He may have brought them in one at a time. He had five days. Or he stuck them in a golf bag with some golf clubs, wore golf outfit, and Tiger Wood’s your uncle.

Tiger Woods is not high enough to be my uncleOctober 2, 2017 6:51 PM

Two bags can carry 20 guns.

An average male can handle that weight. The ammo is the heavier component.

JG4October 2, 2017 7:30 PM


had a spot of bad luck with electrolyte imbalance, likely involving a food-borne pathogen. doing better, but haven't seen the tab. my guess is that the unvarnished number is between $15 and $30K, but I hope that two waves of the magic wand each knock out 2/3 of the total. it made me realize again that on any given day I get nowhere near enough salt (Na) or other electrolytes. this time the bags were DEHP-free. making progress.

I did manage to write down a number of ideas, not that any of them are new. I finished the Shannon book finally, which is well worth the price of admission. it may not be brilliant writing, but decent enough and the story is compelling. AT&T today is a tragedy compared to its former glory. all of these companies peddle steaming piles of crap. I like the rigorous software story, but if the same rigor isn't applied to the hardware, you're not much better off. Nick P nailed it, but it isn't affordable even to engineers.

the gun debate doesn't hold much interest for me, but the whole problem of security for crowds of people is fascinating. someone sells a backpack with a bulletproof panel in it. if that folded out a little, and the bad guys iddn't have a serious machine gun, you might scrape by with less damage.

even though I turned down all of the pain meds (there wasn't enough pain this time to even be bothered, at least by the time I was in a hosptital), but morphine might have sharpened some of the insights. I realized that Shannon would be able to prove in a trice that a planet that already has some serious existential risks could afford to be a little less careful with risk budgeting for nuclear weapons.

threat models in the existential catalog (not intended to be complete, but a reasonable start)

gamma ray burst strips the atmosphere off (would like to know the odds)
Yellowstone-type eruptions (again, interesting to know odds)
comet / asteroid impact (average of 1 per 100 centuries?)
nuclear weapons accident (God help us)
natural pandemic (unknowable)
solar event throws climate badly out of balance (useful models exist, probably a very small risk)
man-made pandemic - well covered by Ken Alibek (near certainty it exists, but what the odds are of it getting loose?)
solar event damages global electric grid, civilization unwinds

Clive RobinsonOctober 2, 2017 7:51 PM

@ tyr,

Anyone hosing a concert crowd with a machine gun is not just an ordinary music critic.

The fact that it's been said he was on the 32nd floor again does not make him ordinary, it also suggests that it's not hand guns he was using. If the following[1] from the UK Telegraph is true,

    Stephen Paddock, 64, killed at least 59 people and injured a further 527 when he fired on concert-goers from the vantage point of a 32nd-floor hotel room in Las Vegas.

    Armed with as many as 20 weapons, including automatic and semi-automatic rifles, Paddock opened fire at 10.08pm on Sunday (5.08am UK time) in a shooting spree that lasted between five and 10 minutes.

    ~~~~

    Police said they found more than 19 rifles in the gunman’s room, according to The New York Times. They included two weapons mounted on tripods at the windows and hundreds of rounds of ammunition.

Further the range was given as 400yards, that kind of puts it well out of hand gun and light rifle range.

The numbers injured and killed sujests that he fired a minimum of 600, probably more like 900 shots in the 5-10 minutes suggest fully automatic weapons or modified semiautomatic weapons.

& @Wael, Tiger...,

That realy is a significant weight if 6Kg/weapon that's upwards of 120Kg, which is an eighth of a ton. Then the weight of the ammunition it's beyond the weight a single individual could carry without showing great effort, that should have raised eyebrows.

[1] http://www.telegraph.co.uk/news/2017/10/02/las-vegas-strip-shooting-multiple-casualties-reported-near-mandalay/

WaelOctober 2, 2017 8:03 PM

@Clive Robinson, @Tiger Woods is not high enough to be my uncle,

That realy is a significant weight if 6Kg/weapon that's upwards of 120Kg,

Especially for a 65-year-old nutter. I say he took them in a few at a time. Some hotels allow customers to use the bellhops’s cart to haul their own luggage. It’s not like the guy had to carry them all the way! This is an easy thing to do.

WellOctober 3, 2017 12:21 AM

anyone looking for rational motives for an indiscriminate mass murderer...

is fishing with no fish at all.

Bob PaddockOctober 3, 2017 7:32 AM

@JG4

"had a spot of bad luck with electrolyte imbalance ... solar event throws climate badly out of balance (useful models exist, probably a very small risk)"

The Sun has many cycles, the well known 11 year, and lesser known long term cycles 206/412, 2400, 11,000 years. Might want to stock up on Cold Weather Gear for LONG time...

Those that don't learn from history are doomed to repeat it. Those that do learn from history standby helplessly watching the doomed repeat it. :-(

Look up the recently published book "Weatherman's Guide to the Sun" by Ben Davidson.
His "Disaster Prediction App" gives Geomagnetic based Health Alerts among others, in near real time. Conference about all of this is in Albuquerque NM in February of 2018.

The security connection here is that the App may help correlate Single Event Upsets that make even correctly designed and constructed software fail (sadly few account for SEUs happening).

PetrOctober 3, 2017 9:51 AM

@Non-American:
The same rational principles need to be applied in all fields of security - i.e. all measures should start with risk analysis and should "end" by unbiased (!) evaluation of outcomes of the measures taken.

In Australia the murder rates have been steadily declining since 1990. Expensive gun buyback and changes of your gun laws in the last 20 years did not result in significant improvement of safety.
Proponents of your gun law updates love to show how suicides with firearms have declined, which is true. However, the total number of suicides did not significantly decline therefore even with the suicide data the benefits are non-existent.
If you look at the list of massacres in Australia I simply do not see any significant change.
https://en.wikipedia.org/wiki/List_of_massacres_in_Australia

In France they had quite strict gun laws and yet the Bataclan shooting has happened.

There are good and efficient security measures (including gun laws) and then there is a security theater. Quite a lot of gun control measures belong to the security theater category. There are no easy solutions both in the IT and in the physical world.

You may want to have a look at efficiency of various gun control measures - John R. Lott has published quite interesting analyses in his book "More Guns Less Crime". I live in a country where we have quite rational gun laws, we have quite a lot of legal guns among people and still we have quite low murder rates and very low murder rates by legal guns.
By the way, there is quite a good match between measures that were evaluated as safety-improving by J.R. Lott and our laws. Guns do not kill people. People kill people. If you want to improve security you have to fix the part that is broken and you have to apply measures that really improve safety not the measures that just look good on the paper.

RachelOctober 3, 2017 9:57 AM

JG4
backpack doesnt need to have built in panel. A bullet proof plate capable up to .50 (not including) can be carried in pack with other survival gear, stored correctly affords protection when pack is worn.more versatile than exclusive pack is my point.

I'm not convinced that, if something is on the tv news, it actually happened.

sorry about horsepiddle admission!
by salt i hope you mean real sea salt, not toxic refined table salt. even cardiologists- first to go last to know- now say a quarter teaspoon sea salt a day is essential for heart & kidney protection. check out kelp for similar benefits and more minerals.

Nick POctober 3, 2017 12:12 PM

@ Clive Robinson

CallMe's article was nice but turned into an ad for SCADE. That's a great product but it's like author did no research. There's all kinds of interesting stuff out there. Even if we're talking code, just applying Dijkstra's stuff to interfaces like Hamilton recommended gives you Meyer's Design-by-Contract. That plus OOP and safe language = Eiffel Method. Likewise, Smalltalk and LISP environments gave programmers ability to abstract away the mess with components that composed well and were easy to test. Ada did that in a rigorous way that wasn't easy. Most of the safety-critical code is currently written in C/C++ with a minority in Ada and Java. This hasn't led to mass failures. Likewise, the billions of lines of COBOL in Global 2000 companies have kept working well enough for decades to prevent global, economic meltdown. Obviously, author vastly understates what we can do with text-based methods on large systems.

Model-based development is a good thing. DSL's are a good thing. Tools like Processing and Scratch improve aspects of programming. Lots of embedded uses Stateflow and Simulink. There's languages that are closer to mathematics that are good for expressing that. So on and so forth. Closest thing I've seen recently to the vision of understanding programs with productivity is the Eve project. Far as robustness and native code, the Smalltalk or LISP environments modified with Design-by-Contract plus automated testing is where I'd start. I mean, the LISP OS's let you inspect, modify, or fix themselves while they were running. Everything in the stack was consistent being in the same language except for the lowest levels dealing with the raw hardware.

Note: I'm also looking into meta languages to see how their advantages might be merged into things like above.

Nick POctober 3, 2017 12:17 PM

@ Clive Robinson

Oh yeah, add REBOL and successor Red to that list if talking about powerful, composible languages. The Red programs and runtime are *tiny*. It's powerful enough to do a LISP machine equivalent with Red syntax not being as weird. There's a system dialect called Red/System documented here. The bootstrapping page is laid out nicely with a lot of work done by this small group of people.

Clive RobinsonOctober 3, 2017 4:37 PM

@ Nick P,

Tools like Processing and Scratch improve aspects of programming

You might want to amplify on that.

MarkHOctober 3, 2017 4:46 PM

@Martin:

I don't see that anybody responded yet to your question ...

Short answer: I would use it.

Longer answer: VeraCrypt is a successor to TrueCrypt (whose author stopped maintaining it). Both TrueCrypt and VeraCrypt show every sign of having been carefully designed to be as secure as is practical, given the ways they are intended to be used.

Some people assume that any software of this type has a malevolent "back door" built in. I think this very unlikely in the case of either TrueCrypt or VeraCrypt, but it's the kind of negative (there's no such door) that is practically impossible to prove.

VeraCrypt includes a number of security enhancements over its predecessor. At default settings, it's using algorithms that are probably infeasible to crack by anybody in the world today, but the user can select options that make it even stronger (at the cost of running slower).

MartinOctober 4, 2017 1:14 AM

@MarkH

I appreciate your thoughts and insights concerning VeraCrypt. Thank you and farewell.

Clive RobinsonOctober 4, 2017 5:48 AM

@ Edward Morbius, ALL,

With regards the Bloomberg article about the White House and the Equifax breach, giving rise to SSN replacment.

You have to read through most of it before you get to the bit about it not breaking existing business models... Those that built up because people got payed to look the other way over the use of SSNs for what they were never intended or designed for. They were not even supposed to be secret...

What I fear will come of this is the next stage of "compulsory papers" which happens along the path of most dictatorships for the past century. It will be painted as a "universal card" to "prevent crime", "stop terrorists" and will almost certainly become required to do things like connrct to the internet in quite a short while. Fairly quickly you will find all but your local sweet shop will require this ID card for cash transactions over say $50 just incase you are passing forged currency or money laundering or the like. Any item of value to the majority will get a serial number not as a lable, but as an embbeded RFID tag, this will get tied to your Credit Card or ID Card so that there will be a history of everything you purchase. Due to legislation in place such records will in effect be given to the Government. Who will use them one way or another to raise income or reduce expenditure. This will thus raise money for an incumbent government to "bribe the voters" give away taxes to the rich and further punnish the poor etc.

The sufficiently wealthy will avoid this quite easily by "not owning things" just the legal entities "that own things". Kind of like the old simple trick of the Corporate President's Corporate Jet, they are the sole user, but the company picks up the cost of use and ownership and then offset that by reclaiming the tax etc against any money the company makes. The modern tricks using Limited Liability Partnerships (LLPs) Offshore chains of ownership etc etc just make the rewards higher for those that can afford "the cost of entry" to set such things up.

But it's not all bad, they do after all have to give the politico's etc "back handers", "Nest feathering" and the like, just to ensure it's you that pay not them...

The problem is that not all politicians go along with this sort of issue. Some out of moral behaviour, some because of their desires for power etc. In small countries they are often military types in the senior ranks that in effect become Dictators, such people generaly hang onto power in very very unplesant ways. The likes of "National ID" makes this a lot lot simpler for them and you end up with a very strong "Police State" and many "disapeareds". You only have to look at the likes of the Chicago Police special detention center at "Homan Square" to see just how popular these ideas are with certain US leaders already.

The justification for such horrors is always "Think of the Children" or "Terrorists are amoungst us" including the good old "Reds Under the Bed". All at best half truths designed to keep the real intention from the voters. Thus we pass legislation and later speak of "prosecutorial over reach" or similar, but we don't change things to stop it, generaly just to make it worse in some other way.

All of this taken from the "George Orwell Playbook" written in the then leafy hamlet of Hampsted London in 1948. He set it in the near future by swapping the last two digits to get "1984". The book unfortunatly instead of giving warning about what was comming, gave less desirable people ideas they might not have had. Some in the Entertainments business, many in far more dangerous proffessions, where power is the drug of choice.

Speaking of Entertainment, most are aware of the "Terminator" films with the "evil technology from skynet" that want's to wipe out humanity. The thing is the film is wrong in a couple of ways...

Firstly SkyNet is not in space, it's in the corporate data banks setup by the likes of Peter Theil[2]. People need to keep an eye on the likes of "Cambridge analytica" and it's political arm SCL, then there is Palantir and Quid, all of which have had a fraction of what they get upto dragged into the light.

Secondly, the rise of the machines. It is unlikely that mechanoids, drones etc, even though they are here in various ways are going to get "self autonomy" in the near future. What is here and now, is rather more frightening. It's the "human minds" currently controling such devices, and they are way way worse than computers can be currently. This blog has mentioned several times the "We kill by metadata" comment and how it went terribly wrong, when those it was used against wised up to what was going on. Even Peter Theil and the other "Pay-Pal Mafia" know this. Peter Theil especially so, it's why he employes human analysts to over see what goes on at Palantir and Quid. The idea that computers are not enough has been given by Quid in what is effectively part of their mission statment.

No matter what you might think about the morals and ethics of the Pay-Pal Mafia, the simple fact is they can have their works taken away from them by others. Primarily "others" with morals and ethics most would disagree with quite strongly. History has taught us that as the old saying puts it "The road to disaster is oft paved with good intentions". Worse such "others" not only steal the works of those with more honest vision, they ensure that they are in effect untouchable by paying for the legislation they want to ensure their untouchability.

Thus any replacment for the SSN will be tainted by these "others" such the 1% of the 1%, will benifit strongly whilst the 99% will slowley but surely be ensnared in a moras that makes them pay many times over. If not directly by fines etc, but by being prejudiced against by the data in those corporate databases. We have seen China come up with the notion of "political" "credit rating" and other nations have committed countless abuses with National ID systems.

Thus I predict that whilst any replacment SSN will have superficial claims of improvment, the long term reality will be bad, very bad.

[1] http://m.nydailynews.com/news/national/chicago-cops-detained-7-000-secret-interrogation-center-article-1.2404256

https://www.theguardian.com/us-news/2015/oct/19/homan-square-chicago-police-disappeared-thousands

[2]

https://en.m.wikipedia.org/wiki/Palantir_Technologies

https://en.m.wikipedia.org/wiki/Cambridge_Analytica

https://www.bloomberg.com/news/articles/2010-09-16/quid-takes-the-lid-off-silicon-valley-ix13fv6p

https://www.bloomberg.com/news/articles/2017-02-24/peter-thiel-s-palantir-spreads-its-tentacles-throughout-europe

https://medium.com/@timtolka/russian-analyst-cambridge-analytica-palantir-and-quid-helped-trump-win-2016-election-44ecc577ee60

https://www.theguardian.com/technology/2017/may/07/the-great-british-brexit-robbery-hijacked-democracy

JG4October 4, 2017 8:03 AM


@Clive - another very nice tutorial on the human condition. Thanks

When government goes rogue, the going gets tough.

Thanks for the comments on electrolytes and solar activity and the continued excellent discussion. This has some good observations:

https://www.nakedcapitalism.com/2017/10/cryptos-fear-credit.html

I probably said before that Yves calls bitcoin and TOR "prosecution futures," which fits neatly into the Very Public Spectacle = "To make an example."

I had a moment of clarity this morning. One antidote to mischief with masks is to turn down clock speeds. This is affordable to the peasants, or it was until the controls all were locked inside black boxes. To first order, the effect of low-pass filtering by the CMOS vias and gate capacitances is 1/f. Another benefit of reduced clock speeds is less cross-coupling between circuits, e.g., rowhammer. The limits of down-clocking may be set by things like DRAM refresh cycles. A limited system identification can be run on the features of interest at different clocks speeds to produce figures of merit for reliability. I assume that someone sharper than I am already pointed this out, and I either missed or forgot it.

I stopped short of saying that one of the Shannon lectures was styled Reliable Systems From Unreliable Components, or something quite close. Which is spot on Nick P's paradigm. Shannon would be right at home in these discussions. His genius may have been in two parts. First, he was an excellent mathematician, so he brought rigor to problem definition and analysis. Not unlike Feynman's ability with path integrals. Beyond the math skills, Shannon had at least dual intuitions, one for paring problems down to their essence and the other for seeing the connections between the real world and the underlying math. Not so different from Feynman, who was very human. Shannon rubbed shoulders with von Neumann at Princeton. The 75 relays in Theseus's control unit didn't learn the maze, but did alter state to represent the location of the cheese. He had some wry comments about the connections to the human condition.

I realized in recent days that the smart card paradigm and variations on the theme will produce secure endpoints that open at least a couple of possibilities. Using cell phones, it becomes relatively easy to send and receive text messages that are robustly encrypted by OTPs and other sources of random encryption. There has to be a second display on the secure side of the data diode pair for the plaintext. On computers, it becomes relatively easy to send and receive secure email. A generalization of the data diode to optical USB cable would make a nice stand-alone product/building block. A small processor, like an Arduino, is much more feasible to put in a Faraday enclosure than an entire laptop or desktop machine. There should be a market in the maker movement to justify small scale production of the USB data diodes, enclosures and non-radiating displays.

SmartPhones can be FatalOctober 4, 2017 9:50 AM

Russia Targets NATO Soldier Smartphones, Western Officials Say

'Russia has opened a new battlefront with NATO, according to Western military officials, by exploiting a point of vulnerability for almost all allied soldiers: their personal smartphones.'

Dream On
One would hope that those in a sensitive positions would not carry a smartphone. Especually executives, officals and soldiers.
https://www.wsj.com/articles/russia-targets-soldier-smartphones-western-officials-say-1507109402

External Influences
Hopefully these facts won't cause too much toxicity...to render this site elementally bland & boring.
Secondary Effects
To wit an American multi-national now has more employees in India. All the while the stock is among the worst performers.
It's not enjoyable working under such circumstances!

Clive RobinsonOctober 4, 2017 10:33 AM

@ JG4,

Reliable Systems From Unreliable Components, or something quite close. Which is spot on Nick P's paradigm.

If you look back at the discussions that Nick P, Wael, several others and myself have had in the past it was interesting if not robust at times ;-)

It took a while to get Nick P on board with regards making systems from multiple insecure parts. His heart was in making trustable silicon and controling the whole process. But I think he's now realized that nice as that would be, you are not going to be able to keep state level attackers out that way :-(

If however you start with the idea they are already inside, it can be very dispiriting if not depressing. Most people still think a person is paranoid to take such a view. But I think that is a form of wish thinking / self denial on their behalf, and have done since the early 1990's.

Recent history however, shows that the "they are already inside" idea is anything but paranoid. Which sadly does not appear to have got through to the masses...

Thus even if these Ring -2 or -3 hypervisors inside CPUS[1] --like the Intel ME and AMD and ARM equivalents-- are not state level attacks, it would not take much for them to become so.

All of which is kind of depressing and would get worse if you brood on the negative side of the "impossible to stop supply chain poisoning". Which is why considerably more than a decade ago I started start to think about how you deal with it, which ended up in the Castles -v- Prisons or CvP you can search this blog for.

The important thing to realise is that even if it is impossible to stop, that is not game over, and thus your only option is to take mitigation steps. But that leaves the question of "what steps". Having worked to design not just safety systems but Hi-Availability Hi-Reliability systems the obvious thought to me is the way NASA achived such systems. They used an idea first used in electronics as far as I can tell of putting multiple systems in parallel and using a voting circuit on the outputs to decide if a system was faulty or not. NASA improved the idea by using "multiple different high end systems" that were designed by different teams (a luxury we are rapidly running out of with monocultures like Wintel).

Thus I looked not at high performance single CPU chips but how to get performance out of lower cost chips that were not just different in design but were multiply manufactured and sourced. Further thinking made me realise that the ancient tale of the liar riddle/paradox[2] could be used with voting circuits to catach out chip level supply chain poisoning. Further thinking about using the MMU under the control of an independent hypervisor circuit would give many other benifits, to numerous to mention in a single blog post (which is why there are many "with margins enough" ;-) Thus the idea about "jailed CPU's in Prison Cells" came to mind as did probablistic security. In short you were not giving external malware a place to hide either in memory or the CPU and importantly using the charecteristics of the CPU execution to detect any misbehaviour along with control of the "halt line" to kill of any temporal synchronization that could be used as a covert side channel.

Needless to say a number of people in academia and business have come forward with the same ideas since... they have apparently thought of them themselves. However they have not added anything original to my ideas which suggests shall we say a degree of coincidence you would not see in any other branch of science... Yet others on this blog have added originality, which makes the academic non originality "very odd" if not to say suspicious...

[1] https://www.darknet.org.uk/2016/06/intel-hidden-management-engine-x86-security-risk/

[2] The one about the two guards, not the other one[3]. You get only one question knowing that one guard never lies and the other never tells the truth. The solution is to ask one guard what the other guard would say, the answer logically has to be untrue thus you take the opposit action.

[3] The "I'm an elbonian, and all elbonian's lie" paradox which can be used in logic.

Bob PaddockOctober 4, 2017 2:17 PM

@JG4

"...put in a Faraday enclosure than an entire laptop or desktop machine. There should be a market in the maker movement to justify small scale production of the USB data diodes, enclosures and non-radiating displays."

Desktop Faraday Enclosures do exist now. Just added two to the collection here.
Would certainly like to see Makerspace price class equivalent.

"In 1997 Ramsey Electronics® took technicians out of large expensive shielded screen rooms and put RF shielding into the palms of their hands. Our patented portable benchtop RF Shielded Test Enclosure was a revolution in RF testing, providing unprecedented visual and hands-on access to equipment in a tightly controlled RF-free test environment. With tens of thousands of Ramsey Electronics® RF Shielded Test Enclosures now in service worldwide, our STE designs and technologies have become the industry standard for efficient and cost effective RF isolated device testing. "

Clive RobinsonOctober 4, 2017 7:33 PM

@ JG4, Bob Paddock,

There should be a market in the maker movement to justify small scale production [Faraday Enclosures]

They are not that difficult to make from the likes of IP67 diecast boxes...

The problem is how to communicate with the equipment inside in terms of power and signals.

In the past I've used different sized diecast boxes where I've used the base of the smaller box and screwed it onto the lid of the larger box. Giving you two or more screened boxes. It looks a little ugly but it does the job.

In the past I've had welded thin mild steel plate boxes with "press-fit" lids made. These have then been fitted inside a silver plated brass box. They are effective but far from cheep to make. The boxes were designed to hold VHF/UHF 5watt single chanbel Private Mobile Radio handsets with a small audio and control signals board in between the two to make a bassband transponder (repeater) for use with "extending the range" of small low power surveillance devices. With batteries small resonant cavity circulator and antenna the whole thing fit into an attache style briefcase.

You could do a lot better these days as you can get thin metal plate laser cut in both mild steel and brass by companies that make parts for scale railway trains etc.

WaelOctober 4, 2017 9:43 PM

@Clive Robinson,

A company called SiFive...

Definitely interesting. Will keep an eye on it and see if they have any development kits available. Time to “Request early access to the U54-MC Coreplex”.. Thanks for the link!

Wesley ParishOctober 5, 2017 6:04 AM

@usual suspects, subjects, dejects, rejects et alii

A few thoughts occurred to me about this Las Vegas shooting:

The killer managed to keep his intentions hidden from one and all right up to the time he pulled the trigger. By then it was much too late. But then we've seen people with much more visible signs of impending doom visit their deathwishes on others without anybody being the wiser until doom happens. There's something terribly wrong with the TLAs' understanding of human nature if they have been gathering "intelligence" on these people without using their own intelligence to spot the fractures.

Likewise the algorithms used - the TLAs need to publish their source code in full. If they don't understand human nature this lack of understanding will form the basis of their software. Incompetence will follow in due course.

Cui bono? I consider it strange that nobody has yet considered that the one person who stands to profit the most from this mass killing, is the US President, since if he says the right words in the right pauses on reality TV aka The News, he looks good. We know the killer was involved in the real estate business - and we've already seen that the US President considers mere association to be proof of guilt - his consistent attempts to override common sense with this "Muslim Ban" is proof of that. There's nothing in the common law or the various English-speaking constitutional traditions to prevent a Head of State from hoisting himself on his own petard.

And last but hardly least, "guns don't kill people - people kill people". Very true, but that's side-stepping the issue. The issue is what is wrong with a society where mass killings are a regular part of life? I know what most US Americans would say about the mass killing via home-made explosives in the Muslim-majority countries - I grown up with that sort of unconscious bigotry all my life.

I'm beginning to suspect the inability of most US Americans to transfer that sort of analysis to their own society, is a major part of the problem, if not the major part of the problem. Empathic incompetence - which seems to be a feature of the post-Reagan, post-Thatcher Western world - is a diminution of the central aspect of human nature. Read any serious primatologist or anthropologist discussing human evolution, and empathy is mentioned as one of the most central aspects of human evolution, on several counts: guessing what others' reactions will be, changing behaviour to suit, using empathic understanding to deceive, etc.

If mass killings using home-made explosive devices indicates something seriously wrong with Muslim-majority societies, doesn't mass killings using semi-automatic rifles indicate something seriously wrong with US society?

Nick POctober 5, 2017 11:36 AM

@ All

Vale: Verifying High-Performance, Cryptographic, Assembly Code (2017)

Microsoft's prior work included separation logic on assembly and a macro-assembler in Coq prover. This one uses a SMT solver with manual analyses possible for what it can't cover. Unlike others, it's also on GitHub here.

From Lobsters:

Measuring Correctness of State in a Distributed System

That's about a production platform from the guy working on Pony language. Goes deep into what considerations and mitigations one might use.

Another Flip in the Wall of Rowhammer Defenses

As I predicted, the Rowhammer defenses would fail since this is really a problem that must be solved by analog engineers at the RAM companies or a new startup. One can't cheat around problems in stuff that low-level if one is also relying on that same stuff.

Clive RobinsonOctober 5, 2017 1:36 PM

@ Wesley Parish,

If mass killings using home-made explosive devices indicates something seriously wrong with Muslim-majority societies, doesn't mass killings using semi-automatic rifles indicate something seriously wrong with US society?

Err probably not in either case, other than the societies are getting old and pedestrian.

History kind of shows that a higher density population needs a war or equivalent to thin out certain aspects of society, before they harm society.

That is yesterdays war hero, would today be somebodies freedom fighter or terrorist.

For some reason that frankly horrifies me it appears conflict brings out all sorts of emotions both high and low that get needed amplification through blood, guts, mutilation and death. Art and science both advance rapidly and the population gets reset to lower parenthood ages. Would we otherwise have had the works of Wilfred Owen and the science that put man into space and made global communications so easy it's effectively invisable. The technology and science almost certainly would have arrived without war but probably not for a century or three.

Whilst it is clearly almost incalculably destructive this also encorages society to build anew like a Phoenix from the ashes. The old swept away like the clinker under the grate, the new like the kindling and firewood laid anew across the grate.

What the two societies you mention tell me is from the historical perspective that they are old withering and need the blood of the young to refresh them, to give them meaning and purpose again.

In the past, those in society, the current crop of plutocrats have replaced, would have been first on the battle field, to have entire family lines cut from history their goods and chatles and other wealth freed up for new generations.

It is scary, it's not what I want for society, but as I said history shows that the old has to go to make way for the new...

Clive RobinsonOctober 5, 2017 2:28 PM

@ Nick P,

From the improved RowHammer paper,

Finally, we abuse Intel SGX to hide the attack entirely from the user and the operating system, making any inspection or detection of the attack infeasible.

That as they say is a bit of a show stopper if true...

The question is thus "How well can that code hide and survive?".

tyrOctober 5, 2017 10:55 PM


The more details about the Las Vegas shooter
come out the nuttier he seems. He was mixing
Valium and alcohol. He has been lurking around
other music festivals in the US. This was the
worst kind a completely premeditated act. The
rifles were modified to function as machine
guns with a device that slipped by the federal
boys while they were painting National security
done here too on their office doors.

The mental health conditions in the US do not
hold out any hope for fixing this kind of thing
since it would impact the bottom line of pharma
who has already shown that they consider the
casualties from their drug tests to be acceptable
as a margin of profit.

Clive RobinsonOctober 5, 2017 11:58 PM

@ Kaspersky software, not alice or bob,

I would advise caution, the WSJ article is full of the usuall "unnamed source" nonsense which can be twisted any which way by both the source and the journalist.

The bones of the story are,

1, A person might or might not have been found,

2, taking files home from the NSA.

3, that person might have used Kaspersky software.

From this a very shabby attempt at implying Kaspersky is working as an intel source for Russia is made, without facts. It's not what you would call journalism.

What it does raise are several different but not related points that are perhaps more important.

Firstly, The article implies that NSA contractors are under pressure and feel the need to take home work to keep their jobs.

Secondly, that the NSA does not use Kaspersky software for reasons unknown but alowed other USG agencies to carry on using it.

Thirdly, that Kaspersky has built into it's software the equivalent of what CarrierIQ had in it's software.

Also, that from what is said it is believed that the Russian's have NSA secrets that could stop the NSA detecting them...

There are other points that could be made but those four are rather more important than what the journalist and unnamed sources are trying to imply for the sake of a bit of headline grabbing, or "click bate".

It's fairly obvious that there are few if any facts in the story by not just the lack of them given but by the way the journalist put the story together.

It's kind of a rule that you present your facts and evidence then an analysis and finally a conclusion. You dont give a breathy conclusion first, no analysis of how you arived at it. Likewise you do not leave out your supporting evidence or facts.

The whole article thus reads like a PR Campaign piece, which it probably is. After all why let real facts and evidence get in the way of a bit of useful grandstanding.

Clive RobinsonOctober 6, 2017 12:20 AM

@ tyr,

The more details about the Las Vegas shooter come out the nuttier he seems.

Whilst that might be true, you have to ask other questions.

He had twenty automatic rifles, tripods, and hundreds if not thousands of rounds of amunition in either "belt feed" or tens if not a hundred magazines. As I've already indicated you would have expected the hotel staff to notice a quater of a ton of arms and anmunition getting upto his room or by the cleaning staff of his room on the thirty second floor...

Then your point about the modifications to weapons that apparently the federal agencies did not... Was the guy some kind of magic mechanical engineer as well...

It sounds less and less likely.

There is still a lot we don't know so making a judgment currently will be unwise.

As for the US big Phama issue, yes it's a major issue but it might be unrelated in this case.

AnuraOctober 6, 2017 1:26 AM

Bump stocks just have a spring and a piece to push the trigger back into the forward position when the gun recoils. You hold the gun by the forearm, hold your trigger finger still, and pull forward on the forearm to pull the trigger, causing you to repeatedly release and pull the trigger as the gun recoils. You can accomplish the same thing with rubber bands.

Bump firing is even less accurate than proper full auto fire, but when you are talking about shooting into a gigantic crowd then it doesn't matter much. The only possible legitimate use is for when you have $15 to burn but only three seconds to spare.

Clive RobinsonOctober 6, 2017 2:44 AM

@ not alice or bob,

The second article you link to from the NYTimes is better written than the WSJ piece.

Thay atleast acknowledge that the Kaspersky link is problematic evidence wise.

If you hunt back through this blog you will find refrence a few years ago to a company callef CarrierIQ that had a software product that telco suppliers installed on the phones they gave users.

In theory the CarrierIQ software was a Tech Support assistance tool. It "instrumented" the users phone and sent back data to CarrierIQs servers. The telco suppliers tech support staff only had to login and pull down the data, which was just about everything you did with the phone...

From what was said at the time CarrierIQ did not realy take any security measures for the data and sent what sounded like plaintext back of all the users key presses etc.

As I noted at the time it must have been seen as a "gift from the gods" to the likes of the NSA who just had to sit at the up stream router and hoover up all the data...

If I was asked to guess then I would have suggested that CarrierIQs staff were not as stupid as that, but unfortunatly many organisations are that stupid. It comes about because things get compartmentalised. One guy writes code to log data on the phone, it's not considered a risk because the log is on the phone. At another time or place some one is asked to write a file transfer program. Again its not much of a problem if you assume it's under the users control. However link the two together by a script or what ever and all of a sudden off go those logs in plain text, to whoever is watching them....

The same could be happening to Kaspersky, then again it might not, it might deliberatly send back information in a plaintext or weakly obsficated way to allow one or more Russian SigInt agencies a way to get at files whilst also giving "Plausible Deniability" Cover for Kaspersky and the agencies. Unless you watch carefully for a while you will not be able to tell...

Clive RobinsonOctober 6, 2017 3:07 AM

@ Anura,

I've just read up on "Bump stocks", as I'd not come across them before, what can I say...

They were obviiusly designed to get around legislation on "full auto" weapons and in the process of using turns the weapon from something that could be fired accurately into something that at best could be described as "Spray-n-Pray" whilst also potentially injuring the operator is an incorectly chambered round goes off.

All I can say is it must have been designed by some one who only saw dollars not functionality or safety... They must have realised that the only sort of people who would buy such a device, are not the sort of people you would want holding a gun in the first place.

RachelOctober 6, 2017 3:52 AM

Clive

The Vegas guy was also on a ' high rollers' floor with far more security and general staff than lower floors. Which also, being a floor with far more cash and resources- has tempered/ reinforced windows being very difficult to break.
I did see a link somewhere '16 things the media is not reporting about the incident' but i didnt need to read it

JG4October 6, 2017 8:07 AM


Thanks for the helpful comments and discussion. I commented some time ago about my experience with the die cast boxes. They don't connect well along the seam, but after packing with copper braid, the performance was good. That needs to be reliable and the decoupling of unwanted signals from the feedthroughs has to be done well.

@Nick P - the Wallaroo labs bit about managing and monitoring state is spot on. it is a short step to displaying state, which is a hypervisor

what is being proposed is worse than what has gone before

https://www.nakedcapitalism.com/2017/10/biometric-id-fairy-misguided-response-equifax-mess-will-enrich-cybersecurity-grifters-strengthen-surveillance-state.html

once your attack surface is completely mapped, you're done as a viable economic entity

https://www.nakedcapitalism.com/2017/10/will-retailers-switch-price-tag-system-screws-customers-every-opportunity.html
...
https://www.theguardian.com/technology/2017/jun/04/surge-pricing-comes-to-the-supermarket-dynamic-personal-data

Clive RobinsonOctober 6, 2017 9:52 AM

@ Rachel,

I did see a link somewhere '16 things the media is not reporting about the incident' but i didnt need to read it.

Yeh, I get the feeling there is a stack load we are not getting told one way or another, and other bits are coming out in drips and drops.

I guess the question is not "were the lights on" over this but "where the lights were on"... I suspect a lot of CPU cycles are getting burnt on this.

Clive RobinsonOctober 6, 2017 10:30 AM

@ JG4,

[Die-cast boxes] don't connect well along the seam, but after packing with copper braid, the performance was good.

I think I've mentioned before that replacing the "O ring" with something like RG174 coax with the outer plastic removed generally works quite well for doing the rf connection across the gap.

RachelOctober 6, 2017 2:24 PM

Clive
I owe you some replies but wifi keeps bumping me after I compose them.
First up - your story about the english forensic telco having their works shared and inferior copies made, and etc. Simply staggerring. I was and am speechless. Amazed Bruce and others havent discussed more.
I did note at the end of piece it said the company itself was established by police

RachelOctober 6, 2017 2:33 PM

Clive

Intelligence tests tangentially relate to some components of discussions here esp. JG4 & Nick P ( more recently anyway)

i have always ignored them as, at least, I consider them arbritrary and inconclusive, and further - irrelevant and just a label promoting an ego trip ( or an unnecessary blow to esteem)

do you a) feel they have inherent value or utility
b) recommend any on line?

Sancho_POctober 6, 2017 5:17 PM

@Clive Robinson, Wesley Parish re “the old has to go to make way for the young”

Whilst this old saying ist true it is not at the core of the acute American (= western) issue.
The issue is with our modern (asymmetric) warfare.
In the past, war was the cleaning force of mankind, only the best survived (bold, smart, brave, straight, diligent, bright, … mostly good character set),
and the (RWA [1]) followers died in masses.

WWII likely was the last of these wars in the western world, hence the (not only) German uprise then in so many fields.

Nowadays with modern warfare the authoritarian followers not only survive (at the joystick) and come home but even advance, outnumbering and outpowering (by lobbying) the smart, critical thinking and cautious ones. Who can survive to say “No, we can’t do that” to their boss? Only “Yes, Sir” is appropriate, and with modern controlling (surveillance) one can’t escape as we/they could in the old days.

This is cancer in western civilization and can’t be beaten by inhaling some of their (the enemy’s) bright chaps (refugees of all kind), because the asymmetric warfare will reduce mostly their cannon fodder, the brighter ones will remain, whilst we are strangled by our own returnees.


[1]
Dr. Bob Altemeyer’s Right Wing Authoritarian followers
New website: https://theauthoritarians.org
Read his article from July 18, 2016 re Trump and (RW)AF!

Nick POctober 6, 2017 10:49 PM

@ Clive Robinson

re "Tools like Processing and Scratch improve aspects of programming. You might want to amplify on that."

Processing has a community of people who aren't programming experts. What they do is akin to the flowcharting that people do when dealing with their domain. Bringing the implementation closer to their experience improves their ability to get the job done. The Scratch language was interesting in breaking with the text-only metaphor to turn the code into Lego blocks. They're actually designed to not visually fit together unless you're supposed to combine such things. Knocks out some kinds of errors in an intuitive way. That environment was so effective that kids under 10 years old were using it successfully even starting businesses in some cases. There's probably things to learn for adults in robust software from such things.

re trusted silicon vs multiple parts

"It took a while to get Nick P on board with regards making systems from multiple insecure parts. His heart was in making trustable silicon and controling the whole process. But I think he's now realized that nice as that would be, you are not going to be able to keep state level attackers out that way :-("

It's a good description but I have doubts about *both* styles. The analog/RF side of the problem means multiple IP's from multiple mask companies or fabs that are integrated onto one die will still have side-channels at the least. We're back to old-school EMSEC but not just for emanations: for analog-style attacks and possible digital ones on esoteric stuff. That so many university students are pulling stuff like this off means the situation is bad for defense against nation-states. We're talking pencil and paper.

re SiFive

I'm mostly ignoring that stuff until I see boards I can buy. I tire of the speculative hardware and I.P.-only offerings. I know nobody is crowdfunding ASIC's for now. So, it shouldn't even have hit Hacker News unless it was a group of pro's actually building it. Now, if it becomes available RasPi-style, then that would be interesting.

Clive RobinsonOctober 7, 2017 3:23 AM

@ Rachel,

I owe you some replies but wifi keeps bumping me after I compose them.

I only connect to the Internet socialy via a mobile phone, often when on Public Transport, and yes things like dropout can make your hair shorter in tufts ;-)

The trouble with public transport is it brings the worst out of self centered Napoleon syndrom types. Who for some reason think it must be my fault that I'm standing desperatly trying to stay upright on crutches thus taking up what they see as "their space". One bad tempered one actually slaped the phone out of my hand, and much to my supprise a young lady with a French accent realy gave him the verbal works. So it also can bring the best out of people as well. The thing is it's nearly alway young ladies who offer me their seat or give assistance.

As for the forensics company, it did have a lot of ex police officers working for it including some of the best in their field. But there was no reason why the South Yorkshire Police did what they did it was wrong and a court said as much but by the time that happened it was all over for the company, and the expertise they had built up was dissolved and thus disipated. Another opportunity was thus wasted.

As for "Intelligence tests" they have a long history of abuse. The first IQ tests can and have been shown to have been racialy biased. Later tests are likewise biased due to the way the person(s) formulating the test see intelligence.

To see why think of it this way many are based on language skills, and emotional responses. It's now accepted that the language you learn when you are transitioning from a baby to a toddler will effect the way your neural paths develop. Likewise your emotional outlook. This also has physiological results. It's known that some languages do not have all the phonems in them and thus after a certain age the missing phonems will cause the speaker to not make them naturaly. My name in particular has this problem for many people who are not native English Speakers. Likewise the incidence of "pitch perfect" hearing. Most germanic and latin origin languages do not use pitch to communicate direct information, but indirect such as emotion. Where as oriental languages do use pitch to communicate information. Thus perception of pitch is markedly different and this comes through when it comes to music. There are other less obvious effects as well like the use of an abacus effects the way you think about and use numbers.

This has an effect in learning, that was investigated in the 1950's onwards (when the politicos finally realised brains not brawn-n-bullets win wars). Very broadly some people think in words, some in pictures and some in formulars. Further that matching a brains nature to the nurture you give it causes the best crop of inteligence. The problem was and still is finding out which brain type you start with...

Thus most intelligence tests are biased as is the whole notion of intelligence measuring.

Which if you think further gives you an unpalatable thought. It's not just social nurture it's also hard environment that gets at our brains in the transition phase, but also hard environment has had an evolutionary effect. One example of this is the cross sectional shape of the femur / thigh bone as well as it's length. Because it's the bone that does most of the work in the terrain we live in, certain shapes favour the main movments we make. Thus those living in mountains tend to have squarer shapes that favour certain ligament attachment points (vertical movment) and shorter lengths to avoid leverage injuries. Whilst those from flat environments that depend on catching fast moving game have longer bones to get a speed (horizontal) advantage. Thus the thought that the brain and thus the definition of intelligence is effected by "selection of the fittest" for the environment of their ancestors...

Clive RobinsonOctober 7, 2017 3:39 AM

@ Sancho_P,

I suspect there is a degree of truth in what you say, especially with the effect environment has had on evoloution.

I suspect that it is thus time the "Hawks and Doves" model gets a revisit.

One thing Bob has avoided talking about in the past is "the number of children" issue of authoritarian followers. Put simply they tend to start breeding younger and have a higher proportion of children than non authoritarian followers.

It's also noticable that those many would regard as of better than average intelligence and of more independent mind tend to have children in later life and less of them. One study a few years ago based on scientists and engineers suggested that the breeding rate of this group is dropping and is now down as low as 1.1 children per couple which is not sustainable.

Clive RobinsonOctober 7, 2017 3:42 AM

@ EvilKiru,

A good question, and one I suspect many do not want answered.

Clive RobinsonOctober 7, 2017 5:18 AM

@ Nick P,

Thanks for the amplification, I was not sure if people would have enough background to understand why. Especially with MIT's Scratch, most see it as "for children" and thus "as a toy", and actually don't realise it's a much improved version of colour highlighting in their IDEs. Evidence is starting to show that programmers think visually not verbally. That is pictures rather than sentences, as they abstract into blocks and move these blocks around in their heads. It might account for why Perl has a rather different set of followers.

With regards,

We're back to old-school EMSEC but not just for emanations: for analog-style attacks and possible digital ones on esoteric stuff. That so many university students are pulling stuff like this off means the situation is bad for defense against nation-states. We're talking pencil and paper.

There are three things we do with information,

1, Communicate it.
2, Store it.
3, Process it.

We've both arrived at the same conclusion for communications "pencil-n-paper" and a good match/fire and sheet of glass to solve the inadvertant but inherant storage problem.

Which brings us around to the second problem with information storage, both intended and unintended. At it's simplest to understand "pencil-n-paper" is a good example of storage. We tend to write any and all information down and make certain incorrect assumptions about erasing it. If you write on a piece of paper, it does not have much in the way of strength, so you in effect write on the surface below the paper as well. If this surface is insufficiently hard (most things are) then an impression will be left, as will traces of the underside of the paper you are writing on. Which is demonstrated more vividly by the old "carbon paper" used in manual typewrighters to make upto three copies of a typed document. In effect the process of writing leaves traces in both directions as Locard's exchange principle[1] of physical objects indicates. Whilst it can not be stopped it can be reduced or made usless. With paper writing on a single sheet of paper only on one side and on top of a very hard surface like a sheet of glass will not leave a sufficient impression. If then wiped down with a soft cloth any trace from the paper will in effect be randomized. Most of us have also seen that an impression is related to the time pressure was applied, most often in carpets and soft furnishings when something heavy that has been there a while is moved.

Although the physics is sometimes head warping the same is true for any physical storage medium. Hence we broadly understand that we have to "randomize" information for secure storage and continuously wipe that which can not be randomized because it is in use for processing. However real randomization is not desirable so we use encryption.

Which brings us to the current major problem processing in clear text. As processing is "work" it takes energy and by definition is inefficient, so we know there is going to be leakage. As information is impressed on that energy we know it to is going to leak unless we take precautions.

Whilst we know it is possible to process what appears to an outside observer as randomized data, processing data whilst encrypted is still problematic hence we do it in clear or plain text.

Whilst we can seperate a processing and storage device from an observer by "energy-gapping" there are two problems. Firstly the purpose of processing information is to produce new information that to be usefull needs to be communicated across the energy gap. Secondly keeping an attacker from puting a probe of some kind across the energy gap is difficult to stop and requires near continuous observation. And it's this environment Castles-v-Prisons were thought about.

That is it applies the process of randomising information processing and making attempts at probe insertion obvious.

So it's a technique that is for "inside the box" of all the other practical measures that EmSec provides, and adds protection against their potential failure in design or operation.

Oh one last thing about pencil and paper is "end run attacks" still exist for it, like a hidden CCTV or those "see movment through walls" radar systems.

Those radar systems work because of a basic laws of physics. All substances have a frequency response to EM radiation, thus there are frequencies where they are more transparant than others. Whilst we can not see through plaster board in an office wall or partition because visable light gets blocked, we know that infra red does thus a person can be seen by their own body heat sufficiently well that what they are doing can be seen to a correctly equiped observer. Thus even pencil and paper is vulnarable to observation by state level attackers if you don't take suitable precautions thst old school Op-Sec gives us.

As we occasionaly point out security is hard, very hard. However even older advice about playing to your strengths and the enemies weaknesses apply. It's what op-sec gives us because surveillance in the tangible world is not just very hard but very resource expensive. Even state level attackers have economic considerations due to this, thus we can see the hard push at SigInt is there way to use their strengths against our weaknesses.

We also know from asymetric warefare that playing your strengths against what appears a very powerful if not omnipotent adversary works, because even the strongest of foes has Achilles tendons.

[1] Locard's exchange principle. From Forensic science, is based on physical object examination and is stated as, "A perpetrator of a crime will bring something into the crime scene and go away with something of the crime scene". Thus both objects that touched can be used for forensic examination, to produce as what is often called "trace evidence".

RachelOctober 7, 2017 10:25 AM

JG4 Your query about Schneier on Security offline eg CD.
you could write a small script that would access and organise every page into a searchable directory. Email Mr Schneier and ask him if he'd mind running it. He may even value it

RachelOctober 7, 2017 10:31 AM

Clive
what strange behaviour - i've heard the Tube decivilises the English. I've done exactly what your french acquaintance did :-) apparently London is friendler generally now though
the forensics telco- so now recompense for the company, but beyond that what about all the fallout from copying the software? its such an epic catastrophe I cant believe more has not been made of it
Thanks for great response about the brain :)

RachelOctober 7, 2017 10:35 AM

Clive
i meant -no- ( not 'now') recompense for company. Maybe it was halfway to a Yorkshire 'nowt' :-)

JG4October 7, 2017 12:27 PM


I had a few more moments of lucidity. I am guilty of thought-crimes. the Mobile-ITX footprint single-board computers (75 mm x 100 mm, ~$200 to $300) are all but perfect for implementing the audio encryption that I suggested a couple of months ago. I assume that PGPfone ploughed a lot of helpful ground back in the day. small boards can be completely isolated from the environment in robust Faraday enclosures, with tightly filtered power supply and data diode i/o. only audio signals would pass through the boundary. in some implementations, it could be only ASCII that passes the boundary. the news about $1.5M of crowdsourced funding gives me hope that my much simpler add-on for cell phones could be funded.

@Subreece - I put in the comments a couple of months ago a concept for complete security of cell phone content and metadata, with mitigation of location data. I have extended it since then to include channel figures of merit and a robust error correction scheme.

@Rachel - if I weren't cognitively impaired, it would be easy. I usually compose off-line to avoid losing data.

@AlanS - "our minds can be hacked/hijacked" = Bernays, Goebbels, Rove, and others of that unethical ilk. in the before time, the message had to be tailored for the entire swath of newspaper, radio and TV, but now the individual's feed can be tailored to a very narrow view. vastly more powerful, because there always have been people who can see through mass propaganda. it may be that no individual cannot be blinded by a tailored feed. with the level of identify theft now in the hands of the powers that be, they could make your dear departed grandparents appear in your dreams to brainwash you to worship Big Brother. it is much cheaper than breaking your kneecaps.

@Clive, Sancho_P - I'm OK with the coax and braid solutions for proof of concept, but it has got to be more elegant to be a minimum viable product in the maker space. "as low as 1.1 children per couple which is not sustainable." according to my crude anti-eugenic model, "there are no bad genes, only favorable and unfavorable combinations of otherwise good genes," so it doesn't matter. the next generation, to first order, always will have the standard proportion of promising scientists and engineers, as well as the same proportion of budding torturers and psychopaths, as the population that preceded it. I'll concede that there are second-order effects, including the greater proportion of autistic children amongst the offspring of engineers and scientists. it will be a while before they sort out how much of that is genetic damage from age vs. old-fashioned Mendelian genetics. not many people realize that Shannon worked briefly in the tainted US eugenics program. there are a few other brain types than pictures and formulas. at some point, I will post a link to some of the stunning wordcraft from one of Google's privacy attorneys who has anaphasia, the inability to see pictures in the mind. because of weak vision, his visual cortex was repurposed to some of the finest wordcraft on your planet, now in the service of the deep state. we have touched on Matthew Weigman's brain. there must be other repurposings of the visual cortex as well. the shape of Asian hips is adapted for thousands of hours per year of hard labor in rice paddies, as they have done for much of the 35,000 years since the Caucasians and Asian races diverged. the successive waves of migration of the Malay peoples are well documented. the Filipinos and much of Thailand are populated by Malay peoples, who do very well with marine navigation in Oceania. not sure how much genetic overlap the Pacific islanders have to the Malay peoples, but I've always been impressed by their ability to navigate hundreds of miles of open ocean with a canoe and paddle. their stone gods and stone money are equally impressive.

@Nick P - I see some hope that a suitable RF-front end could be built from simple components and isolated from the environment. from the small business point of view, you'd like to be able to group that into a series of minimum viable products, so that revenue and survival didn't hinge on providing a complete solution. the maker movement is creating a novel marketing opportunity where small numbers of customers can be reached very directly, e.g., the regulars here. I stopped short of saying that unmixed RF up to 40 GHz bandwidth can be taken off an antenna, amplified linearly and fed into a single-mode VCSEL to produce an optical signal in a single-mode fiber. that can be the feedthrough to a very tight Faraday enclosure with >120 dB of isolation for whatever stages follow. the resulting laser signal could be directly detected and passed into an ADC, or converted back to RF and mixed, with essentially no leakage of local oscillator signal.

@the old has to go to make way for the new - it has been a feature of the replicators from the beginning, at least since they filled the extent of the petri dish. I posted a link to advance reading material on food security. it turns out that deprivation of food causes a type of hyperactivity, as it has for billions of years. humans in particular, and primates in general, are different in that the replicators beyond their prime (breeding years) still perform a useful function of teaching what the days never knew. maybe that is the source of sadness when they run out of time.

for auld lang syne

https://www.nakedcapitalism.com/2017/10/links-10717.html
...
Big Brother is Watching You Watch

US Intelligence Unit Accused Of Illegally Spying On Americans’ Financial Records BuzzFeed

The Ever More Orwellian Definition of Terrorism Counterpunch

How to stop Google tracking your every move Thai Tech (furzy). This works only if you are not an official Person of Interest.

RachelOctober 7, 2017 3:01 PM

JG4
Sorry to know some things are difficult for you. Whilst Mr Schneier is obviously very busy; you have specific and cwide ranging reasons for needing to peruse the archives at length and offline. Not least because of your challenges ( I am guessing) i encourage you to take up the idea of a CD archiv via email with Mr Schneier. Who knows he may find it easy to mass press like a shellac45 and relish the idea of them selling like pancakes at 10 euro-pesos each

Sancho_POctober 7, 2017 6:23 PM

@Clive Robinson

Indeed, “the[ir] number [and time] of children” is a serious issue, especially when seen globally, it is the most effective weapon they use against mankind.
He Wa’a He Moku,
He Moku He Wa’a
A principle only we islanders can understand. But aren’t we all islanders?
Where are we going to? This is (inter)national security.
Pls read the point “Irreality” (and probably read the rest) of
http://idlewords.com/talks/notes_from_an_emergency.htm

Clive RobinsonOctober 8, 2017 1:36 AM

@ Rachel,

i meant -no- ( not 'now') recompense for company. Maybe it was halfway to a Yorkshire 'nowt' :-)

They have a number of sayings in Yorkshire that have merit ;-)

Two that stick in my mind are

It's a lazy wind today...

With the unsaid part being,

    ... to lazy to go around you, so it just cuts through.

The second which always gives a wry smile,

All the worlds mad except for you and me...
    ... And the's not looking so good today.

But one that comes from a little ways away from Yorkshire, I'll let you work out :-)

There's nowt wot aills yer like a stubbon boot...

Clive RobinsonOctober 8, 2017 2:41 AM

@ JG4,

... the audio encryption that I suggested a couple of months ago

Whilst audio encryption can be moderately easy to do in a linear system with out bandwidth restrictions, it gets very difficult in systems that are not linear or have restricted bandwidth or worse both which is the case with mobile phones.

I identified this problem from the get go with the "jack pair" mobile phone back in mid 2014 when it started it's crowdsource funding (I don't know if they ever shipped product or not, I kind of stopped looking after a year).

The problem is that in a mobile phone the audio gets put into a codec that does some quite nonlinear things to not just the audio levels but phase and frequency as well. These distortions are based around a model of the human vocal tract and reduce the data content to get the bandwidth down. As the human voice is far from random, there is a lot of redundancy that can in effect be compressed out. With the GSN codec the more you take out the more it sounds like a Germanic Robot at the far end as that is what the codec is optimised for.

The design of most encryption modems untill a few years ago was for analog mobile radio systems, where at the least a linear response with amplitude and frequency is preserved. Because the modem output is very random almost by definition, you have to have the linearity or "fake a non random output" somehow, that is not going to be easy to get working.

As for screaning and faraday cages you might find this an interesting read,

http://www.w8ji.com/skindepth.htm

Oh and lastly but most importantly stay well and as unstressed as you can.

Clive RobinsonOctober 8, 2017 3:52 AM

@ Sancho_P,

A principle only we islanders can understand

Sadly few islanders understand it today, go chat to people in Manhattan for instance, they "don't see the sea" as it were.

But there is another point of view or two, during the 1980's cold war, it was of first "An island is an unsinkable aircraft carrier" then when people living on the,island actually thought further they started to realise that unlike a canoe or aircraft carrier, an island pays a price for it's unsinkability, and that's unmonoverability. An island is a fixed target, so you heard people talk of London as "ash city" from the fact that both the USSR and USA would deploy nukes over Londoners heads. And some would actually fall on us.

Which is kind of what the article you link to is about, technology makes a nonsense of what we think of as the "natural order". It's almost as bad in reality as the "elemental fire" is in fantasy stories.

Thus most have lost or never had the understanding of canoes and islands and what they have in common. Oddly even though they use expressions such as "riding out a storm".

During WWII the fundemental difference in viewpoint about islands and the waters around them became clear at Dunkirk. The head of the german forces saw the sea as a baricade to drive people against, those in Britain however saw the seas as a highway to ride out on thus no baricade at all, just a matter of organising scarce resources. Hence a flotilla of small ships, scarcely larger than a Hawaiian Canoe, set sail on high seas "to bring the boys back home".

Nick POctober 8, 2017 9:55 AM

@ Clive Robinson

"Locard's exchange principle. From Forensic science, is based on physical object examination and is stated as, "A perpetrator of a crime will bring something into the crime scene and go away with something of the crime scene". Thus both objects that touched can be used for forensic examination, to produce as what is often called "trace evidence"."

That's pretty neat concept. I hadn't heard about it.

Nick POctober 8, 2017 10:23 AM

@ Clive, Wael

Remember me telling you guys I thought we could use neutrinos for an expensive medium for secure communications? Guess what just happened. It's a bit slow but so was dial-up starting out. ;)

Clive RobinsonOctober 8, 2017 4:40 PM

@ Nick P, Wael,

Guess what just happened. It's a bit slow

With a hundred plus authors, that's either a very big paper or they only get a couple of sentances each ;-)

I'll give it a read tommorow I've got incipient brain fog developing as I yawn tonight.

Sancho_POctober 8, 2017 5:24 PM

@Clive Robinson

”… just a matter of organising scarce resources.”
That’s my point.
During the first days people on a canoe do understand how small the place is. All resources they have are the canoe and it’s load, whatever they use is wasted. Hawaiians realized a canoe is somehow similar to their island.
It would have been our turn to realize it’s somehow similar to our spaceship.

WaelOctober 9, 2017 12:06 AM

@Nick P, @Clive Robinson,

Remember me telling you guys I thought we could use neutrinos for an expensive medium for secure communications? Guess what just happened. It's a bit slow but so was dial-up starting out. ;)

Guess what just happened.... Hmm. Nothing since 2013? You mentioned it here! I remember looking at the paper back in 2013. Same link, bro! Second link of the first link you have in the 2013 post!

Seems you hit the Zipf limit 18:15...
You know where the medicine is, or do I need to prescribe a stronger variant? LOL

The idea of sharing an encryption key sounds like good usage.

Clive RobinsonOctober 9, 2017 4:09 AM

@ JG4,

A little light bulb lit up on re-reading my reply to you above,

    Whilst audio encryption can be moderately easy to do in a linear system with out bandwidth restrictions, it gets very difficult in systems that are not linear or have restricted bandwidth or worse both which is the case with mobile phones.

The NSA developed and released via Federal Standard 1016, the CELP speech coder at 4800 bps algorithm on which those GSM codecs work. In the past, people have suggested that the algorithms are somehow "back doored" but nobody has yet found any smoke, let alone a gun it could have come from.

How about "flipping it over" rather than containing a back-door to "enable" surveillance the algorithms were relrased to "stop the use of voice encryptors" (which they do rather effectively).

Thus the NSA might have realised they could not stop mobile phones, but what they could do was control the way they were designed. RF bandwidth has become a very scarce commodity this century and will get more scarece more rapidly in the near future as our need for bandwidth for "kitty pics" appears insatiable.

As we now know the NSA had already decided that bulk gathering on the unencrypted "back haul" was the way to do mass surveillance thus they were not worried about over the air encryption, just any encryption that effected the back haul.

The NSA would also have known that miniaturisation of electronic components would have put "getting at a phones internals" beyond just about everyone. We know they thought like this because it was one of their arguments they used about letting DES exist that came out in Crypto Wars I and Capstone etc.

They would have realised that giving the CELP algorithms at that low data bandwidth a seal of approval via a fedral standard would make it very attractive to those comming up with mobile phone standards. Thus spread their use throughout the various mobile phone standards world wide.

Thus the net result would be that audio level voice encryptors would be rendered fairly usless on mobile phones due to having the CELP codec in the audio path... Bingo "problem solved" from their point of view...

As I said just a thought.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.