Schneier on Security

Clive Robinson • March 3, 2018 7:23 AM

@ Gooberman,

I am looking for software that I can use to symmetrically encrypt some tarballs prior to backup.

There are a number of ways you can do this.

Firstly check if the software you use for backup can do symmetric encryption or can “shell out” to a commandline utility or script that will encrypt via an Interprocess Communications Process such as “unix pipes”. If not see if you can find another backup program that will.

Secondly there are quite a few “command line” utilities out there that will do simple symmetric encryption. If your backup program can also be called from the command line, it would not be difficult to cut up a ten or twenty line shell script to first encrypt then backup files. Which you can when basically working add features to to your hearts content (ie if it makes life quicker then go for it).

Thirdly if you are a capable programmer there are quite a few libraries out there that you can write a simple front end for in any number of languages. But certainly both “ANSI C” and “Python 3.x” are well catered for.

That as they say is “the easy bit” the what at first looks easy but gets impossible real quick is Key Managment (KeyMan) doing this in a sustainable and secure way needs quite a bit of thinking. For instance how do you not only store keys securely, how do you recover them if something breaks, or securely deleate them. Then there is the generation (KeyGen) issues, auditing etc.

It’s definatly KeyMan that will bite you at some future point.

Clive Robinson • March 3, 2018 3:15 PM

@ D. Bronder,

Next time you post a link you might want to consider choping of the part that indirectly identifies you.

Clive Robinson • March 4, 2018 1:50 AM

@ Alyer Babtu,

Is the speculative out of order part actually necessary for the attacks, or could something like them work even when no speculation is allowed ?

It is not the speculative out of order part that is the real root of the problem.

The real problem is actually the speed of light. Which should give you a clue as to why it’s going to be tough to fix the root problem.

There is a well known formular that converts frequency to wavelength which is,

Wavelength = C / frequency

From this it can be seen that as frequency increases wavelength decreases. The formular is actually only true in a vacuum in most other cases due to dielectric effects the wavelength is reduced by a normalised version called the dielectric constant.

For digital signals to work in Printed Circuit Boards (PCB), you need to know a few other bits of information. In most PCB material used the dielectric constant is such that the wavelength is considerably reduced and digital signals require the odd harmonics of the clock frequency to have the fast rising edges that give low jitter performance. Which means that in practice you need PCB traces that are of considerably higher bandwidth than the clock signal.

Without going into all the messy details it means that either the memory has to be very very close to the CPU or it needs to have a much much slower clock speed than the CPU.

The current solution is registers and caching memory. That is you have very high speed memory built into the CPU (registers) and memory slightly further away (L1-cache) that work at the full clocks speed of the CPU or slightly slower. You then have have your core RAM working at maybe 1/10 of the CPU which is often called the Front Side Bus (FSB) clock speed in “Intel speak”. In practice the FSB in IAx86 is not directly connected to the memory but the memory control hub called the “Northbridge” as shown in this diagram,

https://en.m.wikipedia.org/wiki/File:Motherboard_diagram.svg

Ignoring for a moment the extra gate delays the northbridge adds there is another problem which is known by engineers as the “round trip delay”. Simplified it means that it takes twice as long to get a response as it does to send the request, which if you only request a single location from core memory it arives at half the FSB clock rate.

Part of the solution to this is to get more than one memory location per memory request. This is often called “burst mode” however it’s used as a generic term to cover a number of techniques to speed up memory fetching. Put simply the more memory locations you get for each request the more efficient it is (up to a point). But you have to put this fetched data somewhere and currently it ends up in the L3-Cache or further up the caching mechanism.

Where caching gets realy complicated is the use of the Memory Managment Unit (MMU) which is the fundamental security mechanism as well as providing Virtual Memory (VM) that is used via a “paging mechanism”. The L1-cache is actually two caches one for instructions and one for data as this alows the CPU core to run much faster, thus L1 is on the CPU side of the relatively slow MMU, the cache(s) holding the FSB fetched data are on the other side of the relatively slow MMU.

Thus “speculative fetching” is used as well as “speculative execution” due to differences in the size and location of page boundries these may not align with the boundries of speculative fetching of memory…

To get at this memory just requires a way around the relatively slow MMU security mechanism… I’ll leave you to guess what various CPU manufactures have done but if speculative execution gives a security breach mechanism, it is an odds on certainty that there is a speculative fetch security breach thus there may be other mechanisms by which the data can be accessed.

There are alternative architectutes where such issues do not arise but currently they are more or less theoretical. I’ve discussed one such system architecture in the past on this blog which I was investigating for other reasons. You can find it by searching for “Castles-v-Prisons” or it’s shortened forms C-v-P or CvP.

Clive Robinson • March 4, 2018 3:54 AM

@ 65535,

I am no expert on CPU and cache construction…

Nor would it appear are Intel and other CPU manufactures when it comes to security… Just “speed freeks”.

Both Spectre and Meltdown are in theory possible. Both hit low level performance enhancements by Intel that trade a bit of security for speed of execution.

What has happened becomes clear when you draw a diagram on a piece of paper.

Immagine the MMU as a wall for security, but it’s in effect a bottle neck. So you come up with the idea of having two data streams in parallel the slow traditional one through the MMU and a fast one that bypasses the MMU does some activity involving the cache and then there is another security wall after that at a faster data handeling part of the CPU.

In effect you have the two parellel streams each with a security wall thus from one view point –the wrong one– data can not get to the CPU other than through a security wall, thus everything is “A OK”. What their viewpoint has missed is the part between the two offset security walls is not in reality two parallel and sepetate streams, they share hardware such as cache memory. Thus unchecked data in the fast stream can cross over to the checked by the MMU slow stream via side channels thus missing both the security walls…

                 |

Fast——--—–/-CHK—\
| Shared | CPU
Slow—MMU-/——-——/
|

Whilst simple to see that way after the fact, it may not have been clear prior to the discovery of a viable side channel

The obvious but not wanted solution is to double up the “shared” resources and split them apart so they are neither shared nor have any side channels…

In the old TEMPEST / EmSec design days this would have been called “segregation” there would also have been other techniques put in place prior to the CPU to prevent other side channels.

The thing is such techniques have been known since the 1960’s but appear to have been forgoton or ignored in the quest for speed that the majority of customers realy don’t need.

Clive robinson • March 4, 2018 4:14 AM

Sorry the diagram got totaly snarled.

But does not look much better using the “pre” tag, as it is double lining

                     |
Fast-------\------/-CHK---\
        |   Shared   |     CPU
Slow---MMU-/------\-------/
        |

If anybody has suggestions as to a better way to display “monospaced” or “teletype” style text, I’m sure I won’t be the only person who would like to know.

Clive Robinson • March 4, 2018 8:57 AM

@ Spellucci,

I nested pre inside blockquote and got what may be a serviceable diagram.

That works well enough for me, I can’t say for others.

Thanks for that.

@ Gunter Königsmann,

Sorry I messed up the blockquotes on my reply to you, I guess I’m getting tired 🙁 and need some “beauty sleep”… Though how that will work for some one who is 6’6” and looks like a cross between a Klingon and Karl Marx having a bad hair day I don’t know 😉

Clive Robinson • March 5, 2018 4:10 PM

@ echo,

I guess we are going to have to wait and see with regards the powder. As I’ve mentioned befor Russia has a law that says they can go and execute people in other jurisdictions, thus if it was an execution and those who did it get back to Russia they are safe from penalty.

But Russia is not the only country that sends out executioners sadly the list is long and includes a number of Western Countries as well.

On another note, having read your link I see this link,

https://www.telegraph.co.uk/news/2018/03/05/trevor-baylis-inventor-wind-up-radio-dies-aged-80/

Back in the 1980’s there was a group of home inventors in Twickenham and Hampton near where I then lived, I and a few others used to go and help them out building prototypes, doing first product runs and manning stands at shows. Trevor was one I worked with from time to time, he appeared a but gruff at times but was actually quite good natured when he’d got to know you. His wind up radio also had a lamp and was kind of intended for sailors and the like originally but it got into other places and for some years was used in Africa in small villages so children could get some form of education. Others have copied the idea and you will find all sorts in Out-Door / Camping / Survivalist shops. It’s sad to think hes gone.

Clive Robinson • March 6, 2018 2:10 AM

@ Ares,

…is a variant of the tu quoque logical fallacy that attempts to discredit an opponent’s position by charging them with hypocrisy…

Unfortunately it can be misapplied as you have done and worse you pre distorted it with deliberate conflation to your view point by what is a strawman argument.

You are first making a false argument that @echo is an opponent in an argument.

Secondly you are falsely claiming I’m accusing @echo of hypocrisy.

Thirdly you are falsely claiming I am trying to excuse an entities actions.

So having disposed with your false “tu quoque” argument how about you actually correct your statment?

As for the facts of the event there are few given, but there is much speculation. However what we know is,

At the time of the press release the powder had not been identified (a point I noted). As both people were apparently alive at the time the report was put together it was not by definition an execution but at most attempted. Further the authorities have not yet made any claims as to what has happened, although most news outlets are speculating on what they think happened, then using that speculation for getting quotes from people who likewise do not know what has happened, only what the journalist have told them (such behaviour has caused issues in the past and as such is not regarded as good journalism).

As the powder has not yet been identified there is a small possability it may be inert. Atleast one hospital in England (Lewisham[1]) went into full lockdown when somebody threw a powder at people in the reception area. The powder was later found to be a harmless substance. I know this because I was visiting somebody in the hospital at the time. So despite the small posability it does happen.

The minimal description of the two peoples symptoms could be caused by a number of substances but it sounds like it is a central nervous system depressent with Hallucinogenic properties. They are signs seen in opioid overdoses particularly in some such as the “China White” variants of the opioid analogue Fentanyl which is rapidly becoming a very serious addictive drug issue in the West, especially with drug dealers mixing it in with other less dangerous opioids.

It is known that the Russians have performed experiments with such substances for supposadly “non-lethal” weapons also called incapacitating agents. They deployed one when hostages were taken in a Moscow theater back in Oct 2002[2]. That was belived to be a fentanyl in a halothane base. Because the authorities did not say what it was many people died of respiratory issues that could easily have been saved by the administration of an opioid blocker.

Fentanyl is a very potent drug[3] it’s various forms are quoted as being between 75 and 10,000 times that of morphine. It is also dangerous in that it is easily absorbed through the skin or by inhalation and acts within seconds. Accidental contact with used medications containing Fentanyl has killed quite a few people. There is a known opiate blocking drug Naloxone that can be sprayed into the nose to limit the effects of Fentanyl.

Thus Fentanyl can be used as a quick and effective incapacitating agent for kidnapping people.

Thus it might not have been an attempted execution but kidnapping, or something else possibly compleatly bizar involving illegal drug supply and usage. We just do not know, however as it happened in a public place video footage may come to light which could give more information.

Again at the time of the news report of the two people only information about the man is known not the woman who is apparently half his age. Thus we do not know if he is the only potential target for an attack.

Thus we don’t have sufficient information to make a valid assumption. Just some base facts that the authorities will consider in their investigations to uncover more facts and move to what probably happened.

Gathering facts and not jumping to conclusions via suposition is something I repeatedly say in various forms on this blog and have done so for years along with cautioning about claimed evidence.

Yet despite that a number of people behind what are anonymous handles since the US has been on it’s “existential threat” FUD fad, claim that I am pro-Russian or Anti-American despite long standing evidence I am neither pro or anti any nation, I make comment on the actions facts and evidence available.

I guess it realy says more about the anonymous commenters biases and message pushing actions and their inability to take responsability for their actions than it does anything else. Which is sad realy as it brings the quality of the blog down.

Oh and for the record with regards this incident I have made two factual statments about Russia that I susspect some readers will think makes me “anti-Russian”. Thus it can be seen what a stupid game claiming bias is, unless of course the desire of those claiming bias is to suppress free speech.

Are you of the anonymous handle @Ares trying to suppress free speech because of your biases?

Oh and is the @Ares handle in effect a sock puppet handle?

Perhaps you can point out other comments you have made under that handle from pre the US election?

[1] This is the same hospital who’s staff had a number one UK singles chart Xmas Charity record.

[2] https://en.m.wikipedia.org/wiki/Moscow_hostage_crisis_chemical_agent

[3] It has been reported that Fentanyl deaths in some areas are comparable to road deaths and are rising rapidly. So much so that there is an enquirey as to if Naloxone should be reduced from prescription status to effectively over the counter status.

Clive Robinson • March 6, 2018 10:46 PM

@ hmm,

Chris Steele is not a spy, Clive. He was not spying when he procured the facts in the dossier.

What a very curious statment for you to make.

A simple search of this page shows that of the two of us you are the only one to use the word “spy” or “spying” with refrence to Mr Steel.

So yet another of your unfounded allegations against me…

As I’ve worked my way slowely up the 100 latest comments I find them over and over even when I’ve repeatedly asked you to stop with your behaviour, yet you persist… You realy are a troubled individual.

Clive Robinson • March 7, 2018 2:09 PM

@ Hmm and others,

Well, shoot.

The Intercept article kind of also describes what people in industry were trying to do on a smaller independent basis. You might remember the time when talk of “hack back” and other digital vigilantism was rife because the open ICT community felt as though they had been abandond to their fate by the their Governments the USG in particular?

The small advantages the NSA had being mainly one of resources, and freedom from prosecution. But the FBI was rumoured to be getting into the act as well due to “hacker recruitment by plee bargin”… (apparently more myth than actuality).

Neither the NSA or FBI were of any real help to anybody and eventually various ICTsec companies started cooperating with each other, and due to lack of resources and fear of prosecution the only route legitimately open to them was analysis. What got them doing this was probably Stuxnet, it kind of made them realise they were never going to get help from governments so they had to get their acts together and also grab a bit of glory for themselves in the process. Out of that the APT numbering system started but as you can see from the Intercept article there are many problems you can not even get close to solving without “reaching out” but even that has it’s problems.

You asked a little while ago how I “know things” some of it is in part the way I look at problems and thus independent research, which I have been doing since the begining of the 1980’s. Quite a few engineers do this but they rarely talk openly and almost never publish papers because of legal issues.

So onwards as to why there are real problems with “reaching out” / “Hack Back”, thus digital attribution.

In the early 1930’s Kurt Gödel published two papers on mathematical systems limitations. They apply equally as well to logical systems that had at that time not been realy thought about.

On the history side a century before Kurt Gödel’s papers Charles Babbage had sadly been a statistical blip. That is a man well before his time which is why his lasting claims to fame would be that he caused standardized threads (Whitworth) to come to be and the penny post. However everything that needed to be in place to make more generalised computers was in place in terms of Boolian logic De morgans logical extensions and electro mechanical relays. But it would have to wait for the work of Alan Turing and slightly later Konrad Zuse to turn it into the first electro mechanical computer and Tommy Flowers who designed the first fully electronic switches that could opperate at a suitable speed and importantly with high reliability, No mater how many roadblocks the electro mechanical brigade threw up along his path.

What Kurt Gödel’s two works tell you is that there is no algorithmic system that can show it is consistent. By logical extension it tells you that no computer can tell you if it has malware on it or not… A point that is quite important to a person using unauthorised access to a computer. They can only see what the computer has been programed to show them, whilst it would be difficult to fake a computer within a computer and survive front pannel access, as virtual systems have shown, it can be done quite easily when people access via the network or serial ports etc (see the honeynet projects for simple versions of this).

The next point to understand is that you can only see as far as the next node in the system/network. That is if the node upstream of you sends you false data then you have know way of knowing that it is doing so with only that channle of communications to work with

The upshot is even if you get what you think is a toe hold on a computer you actually have low confidence about what it tells you. That is the computer could be an effective honeypot or tarpit you have no way of knowing without some kind of verifiable channel where every node in the path can be verified. Doing that is not only very difficult it’s very resource intensive which makes it very far from stealthy thus easily detected with moderate equipment by a defender.

But there is another issue, whilst you might be able to bounce a signal down the transmission line it will only give a reflection off of an incorrect termination (look uo Time Domain Reflexometery and “return loss” or VSWR). It is also possible to “vampire tap” a transmission line in such a way that the return loss from say a ditectional coupler is too low to be measured reliably, thus as an attacker you have absolutly no idea if what you are doing is being received on instrumentation in the communications channel or not. Having designed, made and tested such vampire taps and had them tested by customers with “exacting standards” I’m reasonably confident that they cannot be detected by either a down stream or upstream node without more specialised equipment. When used in a system correctly individual packets and streams can be switched into a tarpit or honeytrap and false returns generated etc. As the technology not just exists but has customers you can start seeing why I know that attribution on data on the network is actually a lot lower in accuracy than many including supposed experts think. You can chat to any reasonable comms engineer and have this confirmed, as for computer security experts, they generally know very little about communications technology other than there’s a socket in the wall with wires behind it that goes to a patch panel… The moral chose the right domain experts to ask questions

But lets say you have actually got to a node in a circuit from an attacker, how do you tell if it is just an inline node to another network node or an end point node?

The simple answer is you can not as a simple example will show. You’ve got into a *nix box, and you see a “suspect process” you need to find how it is being controled. There are various ways it can be done ranging from a tty device, via one of several IPC methods including “unix pipes” or via files in the file system that can be on the *nix box or brought in from some other box across a network. Lets say that after sluthing around, the *nix box indicates to you it’s via a real tty device. Assuming the *nix box is reporting honestly, you then have a problem of working out what is on the other end of the “serial line”. The simple answer is if it goes into an appropriate issolating device you will find only that it speaks some form of VT52 etc protocol which if it’s in an appropriate mode will not give you any timing information you can use (which is the principle way to find distance). For instance I could put a simple store and forward device in the line that gives a near instantanious hardware flow control indicating that that device is very local but a higher level signalling protocol gives a time delay of say two seconds which implies that the next node is anything upto 300,000Km away which is of no use what so ever because any point on the earth would be within ~40,000Km… But again that store and forward device could have response scripts etc that could be set to any response time from uS to close to a timeout period of another protocol. Thus you only see what the defender wants you to see. In a modern computer system a USB to RS232 converter is at most 10USD, and you can get microcontroler development boards from 10-100USD that you can program in about a week to do a VT52 protocol with a store and forward back end. As there is no OS to hack and you can instrument the RS232 connection you can “mandate the channel protocols” and anything you do not alow will raise an alarm that will cause a shutdown or other change of behaviour. Which means that an attacker is very limited in what they can do beyond passively listening. Again if you look back on this blog you will find I’ve developed and built such devices for providing a strongly mandated communications path to a gapped computer.

Thus even the NSA get stuck in that tar-pit and their only way around it is via a very resource expensive process –black bag job– that won’t get them much of anything at all if the defender has abticipated it.

Thus electronic attribution of code, data etc is very far from what people are led to believe by so called experts. Likewise falsification of the real end point location is almost trivial. It’s well within the abilities of that proverbial 400lb teenager sitting at home on their bed, if they had the sense to get off of their backside and do a little work in somebodies void space such as that in hotels, guest houses and even toilets in shopping malls and cafes. As they say “been there done that” had some fun.

It’s why I point out the work of the Dutch and Isreali SigInt entities is very important to take note of. They know that such data based attribution tells them little or nothing of worth unless they are surveilling the unwary. Thus they go after the next best thing which is “HumInt across the wire” by going for the Human Computer Interface where possible on what they believe is the end point. The Intercept article mentions it a couple of times but unfortunatly they do not follow it up which is quite remiss of them (and the “experts” they talked to). But then you have to know the right questions to ask to get the right answers.

The thing is the wary know that old school terminals don’t do video and audio only cadence of typing and display, and a store and forward device kills those channels dead for HumInt purposes. So the attackers try for the next best thing which is other devices on the same subnet or on other subnets that are payed for by those who pay for the suspect subnet. Hence the incorrectly issolated IP-Cams assumed to be in the same building. But hears the rub the IP protocol only goes down to the layer above the “physical layer” as anyone who has worked with older telecomms equipment knows the IP network may well be sitting on top of a circuit switched network that has routing protocols of it’s own. Thus there is actually on the technical side low confidence that two adjacent IP addresses are even in the same zip code let alone building or room…

That’s were as the attacker you have to start using the equivalent of traffic analysis on what little HumInt you have and over a period of time build up an association diagram. This was highly classified information untill recently. It might take you a year or more to build up the analysis but if those being attacked are not sufficiently wary it will give you a degree of circumstantial evidence. Which is fine for intel work but insufficient to use as primary evidence for court action.

These sort of techniques were classified as above secret for obvious reasons until the US burnt both the Dutch and Israeli “methods and sources” for political reasons… Now even that 400lb teenager sitting on the bed knows they have to up their game a little bit. So what was a very valuable intel tool is now not much more than a pile of cinders in the fire place of history. I’m guessing the various intel agencies will still keep looking though, because whilst individuals can be smart, even the 1% of geniuses collectively can do some quite dumb things.

Doing a false flag with additional “HumInt” decoying is actually possible but it ends up a bit like those old spy TV programs with the CCTV tape loops. If an attacker is observant they will notice identical frames and the like and know they are being had. CCTV from a university however can be used providing you have some measure over course control. That is you can make students appear at certain times and places and if the video feed is outside of a computer lab you can use facial recognition systems to identify students automaticaly. A few years ago there was someone working at Kingston University developing facial recognition tracking systems for Transport for London to amongst other things identify people loitering in underground stations. TfL were looking for beggers and other undesirables automatically to alert platform staff etc. The last time I looked at the system it was more than capable of being used to do such video false flag operations provided you added a 10-15 second delay to the video feed an attacker can see.

But there are also semi-old school techniques that uses some quaint names like “Pole Jobs” I’ve mentioned some of them on this blog before, along with discussing how to make your own long distance private network using the likes of raspberry pi computers WiFi and Mobile Broad Band dongles and HF through to UHF and beyond transceivers some of which can be purchased for 20USD ready to go from Chinese manufactures. These you can then put on the likes of municiple high rise car park lift shaft motor rooms. You use an appropriate metal box stick an appropriate engraved contact information plate on the front cable it in neatly and the chances are good nobody will give it a second look and if they do the chances are very high they will just ring the contact number and take it no further if you talk to them in the right way. Because in the main humans are helpfull not suspicious. As for getting a valid but untracable phone number that is no more difficult than it is a server or IP address in another country.

You can also do the equivalent of “a rock that talks” it has been reported by the Russian’s that they had found a plastic rock in a Moscow park that “British Inteligence” was using as a high tech version of a “Dead letter drop” to communicate with spys they had recruited in Russia.

Obviously nobody is confirming or denying the story but you can build your own for not much more than 150USD I’ve built a couple of such devices for “geo-tag” players, it’s a cross between amateur radio “fox hunting” and “orienteering” using low power ISM Band equipment and WiFi enabled smart phones with GPS. You can build your own talking rock using the OpenWrt software on an appropriate WiFi AP and a “gell-cell” batery” in a plastic “Tupperware” type lunch box with airtight seal for around 100USD and the time it takes you to write a few shell scripts.

The list of things you can do for under 200USD will suprise many people. For instance you can build an amateur radio QRP rig for 80m band and a magnetic loop antenna like an Alexloop and a Raspberry Pi running PSK31 / RTTY software that will give you upto 500Km radius coverage which is good to cover most countries. If you make minor modifications so it works slightly out of the 80m Band you can hide it in amongst commercial traffic. If you want to use the Marine Band and a NVIS mode antenna from “a hole in the ground” it will be quite difficult to DF and in quite a few countries there is a distinct lacking in skills and resources in the authorities to do anything about it…

The point is the technology is out there at quite low cost to make the real end point almost impossible to find or attribute to anyone. It’s also fairly easy to get hold of quite a few hacking tools from the Internet so that you can hide further behind those.

As I’ve said because this stuff is all doable by an individual at modest cost if they have the knowledge it blows the standard Internet attribution out of the water. Which is why the smarter SigInt entites are trying to do HumInt, and it was working for them before the US burnt their “methods and sources” so publically… So all it takes now is the time required to find a few bits of information on the Internet that have been around for years on this blog and other places…

I hope that answers some of your questions.

Clive Robinson • March 9, 2018 3:07 PM

@ ShavedMyWhiskers,

Q: Where does this check box remember data?

Because I don’t have Javascript enabled I do not see the check box. Therefore I assume that part of any activity involving that checkbox is “local” to your computer or more correctly your browser.

As you might have noticed I have a very poor oppinion of the security of both Javascript and the newer HTML and way way less confidence in browser developers to implement them either correctly or securely.

Therefore I would assume that such information that is kept localy is in a way that is most convenient way for a browser developer. That is as “plain-text” in a well known location with easy access to the code running an individual browser tab/window…

Further even if it is not currently insecure it will be in the near future when code gets refactored for some reason. Because refactoring is most frequently “for utility not security”. People tend to forget that technical debt has two sides lost opportunity due to lack of utility and lost reputation due to lack of security. The emphasis is almost always on the short term “utility” view, as reputation loss apparently counts for nix in the software industry currently.

So I would both assume and plan for the worst, that way you will not get hurt the painful way.