Comments

Greg January 25, 2019 5:18 PM

Cuttlefish are cool – that display they put on is something else, hard to believe people eat them.

ChainiacManiac January 25, 2019 5:57 PM

Why don’t the GCHQ and other backdoor advocates come out and admit it is a mass surveillance measure? As the ex-GCHQ boss said recently (and Clive here will attest):

“The challenge for governments is how do you stop the abuse of that encryption by a tiny minority of people who want to do bad things, like terrorists and criminals. And you can’t un-invent end-to-end encryption … you can’t just do away with it, you can’t just legislate it away.” … “The way around encryption is to get to the endpoint the smartphone or the laptop that somebody who is abusing encryption is using. That’s the way to do it. Trying to weaken the system, trying to build in backdoors won’t work,” concluded Hannigan.

We have years of disclosures that the Stasi can break into any end-point they like, so they can save the daily crocodile tears that they are ‘going dark’. This is blatant propaganda – Project BullRun anyone?

Perhaps widescale Chainiac adoption is the final solution to BS government backdooring?

https://www.cyberscoop.com/chainiac-software-backdoor-mandates-nsa-gchq/

“Collective signing means that each time Apple, for example, released a new iOS update for all users, for a targeted individual or for a group, perhaps as the result of a secret court order the iOS device would not accept the update unless the code had been collectively signed by a threshold number of thousands of trusted witnesses attesting publicly that an update had been issued.

A collectively-signed software update might still contain backdoored code developers could be bribed, blackmailed, or threatened to insert a backdoor but Cothority, a component of Chainiac, would make it impossible to ship the update in secret.

Chainiac also integrates reproducible builds, a system which lets technical end users, or automated witness servers, to recompile the source code and get a byte-for-byte identical binary, ensuring the distributed binaries have not been tampered with.

“The essence of the idea is that [Chainiac] allows users, who just want the latest binary, to check this one collective signature,” Ford said, “and see that this signature shows that this group of Cothority servers has independently reproduced this binary, and tested that this is the one and only correct output corresponding to the source code that the developer has produced.”

maqp January 25, 2019 6:05 PM

@Nick P, @Clive Robinson, @Thoth, @Sancho_P, @All

TFC 1.19.01 is finally released. You can find the update log here. The highlights are as follows

  • Pidgin has been removed completely. TFC is now (more or less) standalone messaging system that uses Tor v3 Onion Service backend and is thus anonymous by default. No accounts need to be created: all you need is the self-authenticating TFC account which is the Onion Service’s URL (without the .onion suffix). There are no servers in the middle to tap and no possibility for downgrade attacks.
  • Installer now installs the program to /opt/tfc, and sets all file permissions to read/execute only. I should have done this long time ago.
  • TFC is now installed with even longer one-liner, but the good news is, the first thing it does is install Tor, and only then it installs TFC, anonymously. This means it’s much harder for attackers to compromise selected targets.
  • X448 key exchange means the user has to type in slightly longer public keys, but the 224-bit symmetric security is amazing, as is the fact’s it’s a safe curve. This wasn’t possible until this week.
  • XChaCha20-Poly1305 is a minor improvement over XSalsa20 as per djb’s conjecture.
  • The covert channel exfiltration via injected messages discussed earlier is now fixed to the extent I was able to.
  • The fingerprint verification during X448 can finally be skipped. This sets the key trust state as Unverified. /fingerprints command that used to just display them is now replaced with /verify command that allows users to change the trust level after the key exchange.
  • The new multi-casting file transmission is much faster.
  • Serial port settings are no longer encrypted. Instead, they are now in their own settings database which uses JSON to allow easy manual configuring. This prevents the user from locking themselves out if something goes wrong.
  • The serial port is now much much more stable. Previously I used to be able to send about a hundred messages at decent baud rate of 115,200 before seeing an error. After tweaking timeout settings etc. I was able to transfer thousands of packets at ten times the speed with no packet drops whatsoever.
  • Type annotations are now more extensive and so are tests that now use proper decorators.
  • Last but not least, I’ve put a lot of effort into making the wiki more thorough, and I added completely new set of renderings. This part is still a work in progress however.

(Side note: I forgot to add the terminator config file for the new dev environment installation configuration. This can be fixed by editing the $HOME/.config/terminator/config file and by replacing string “/opt” with “$HOME” after the installation completes.)

maqp January 25, 2019 6:12 PM

@65535

Back in Feb 2018 you were asking about the possibility to test the data diodes with local testing mode. That wasn’t possible because I wanted to make local testing completely free of additional HW. However, it turns out it is possible and in fact, really easy to setup the system for testing with the data diode hardware:

  1. Create three installations of Ubuntu 18.04 (or later) on Virtualbox. I recommend you make three separate installations and use distinct hostnames like Source, Networker and Destination.
  2. In the VirtualBox settings for each machine, go to Settings -> “Serial Ports” -> Port 1
    • Check “Enable Serial Port”
    • Port Number: COM1
    • Port Mode: Host Device
    • Path/Address: /dev/ttyUSB{0, 1, 2} (note: if your host OS is Windows it will be different).

Make sure each ttyUSB# is for the correct OS. E.g. plug Source Computer adapter first and then adjust settings for the machine to bridge ttyUSB0. Then plug Destination Computer device and adjust the machine’s settings to bridge ttyUSB1 to that etc.

  1. Install the “tcb” configuration of TFC on Source and Destination and “relay” configuration on Networker.
  2. When launching TFC on each computer, answer NO when asked about whether to use USB-to-TTL/Serial adapter. This is because Virtualbox does not expose the USB-to-TTL adapter as USB device to the Guest OS, it will show up as an integrated serial interface. Each OS will think a Host OS /dev/ttyUSB# is /dev/ttyS0.

A serious warning!

Mark each of the three testing TTL adapters as “Relay”. This is because if you end up building a functional setup for secure communications use, you probably want to avoid using HW that an attacker might have theoretically had plenty of time to reprogram via Relay Computer I’m assuming you’re testing the HW/SW with.

Source Computer is the most critical in this situation: You must have a dedicated TTL adapter for that Computer you won’t use before you have successfully set up TFC on the Source Computer for actual use. It might be a good idea to order a few extra TTL adapters while you’re at it.

Al January 26, 2019 1:17 AM

@Scott
“Mr. Zuckerberg has also ordered that the apps all incorporate end-to-end encryption,
That to me tells me that the conversation won’t be archived, if true. But there could be the separate issue of the tracking of who is talking to who. Now certainly if who#1 is receptive to a particular product, then maybe who#2 should be served up advertising to sell such product.

On the other hand, if who#1 is an insurance risk, then maybe we need to communicate to the insurance industry that who#2 has a ding that might require an increase in premiums. I just got dinged by insurance, turns out they have a credit agency that is not one of the big 3. Same with health care, although in that case, they told me “we don’t care about the bill”. BS, they had checked and knew I could handle deductibles and out-of-pockets.

I’m hoping that IPv6 will eventually mean user to user communications without a 3rd party intermediator.

Ulrich January 26, 2019 5:48 AM

As far as I can tell, there has not been much press about this, but about a week ago, Nitrokey, producer of the eponymous USB 2FA/key storage device issued what basically boils down to a fairly complete product recall, by mail to their customers. It appears, from their mail, that with the latest round of Windows updates, multi-purpose USB devices are limited:

Microsoft has released the software update build 1809 for Windows 10, which can cause problems with Nitrokey Pro and Nitrokey Storage.

[…]

Nitrokey Pro with firmware version 0.9 or older requires a firmware update, which requires opening the device. The easiest way is to send us the Nitrokey for firmware updating. If this is not possible for you, please contact our support. If you are familiar with electronics, you could also install the firmware update yourself.

[…]

Background: Microsoft Windows 10 build 1809 blocks USB devices that identify as input devices among other functions. So far there is no known way to change this behavior in Windows. Until recently Nitrokey Pro and Nitrokey Storage identify as such devices to allow automatic insertion of one-time passwords by double pressing a special key such as caps lock. This function is deactivated in the latest Nitrokey firmware updates.

The mail-in comes with the usual disclaimer of “we’ll try not to break your device, but we can’t make promises”. Let’s hope you have backups, but if you generated your secrets on-chip, you by definition don’t. And of course, if the update is already installed, it’s too late to erase the internal password storage, key storage, etc.

Beyond serving as a reminder that encryption keys have different failure modes from authentication keys, it makes me wonder: should we want a physical, computer-independent, erase capability for our security tokens?

Incidentally, I’ve not heard of similar issues from Yubico, though I couldn’t really spot a big difference in what lsusb tells me about both devices. It may be a case of Microsoft whitelisting “known-good” vendor IDs? Of course, nothing stops an maldevice from claiming it’s made by vendor id 1050.

RGL January 26, 2019 5:56 AM

China Instantly Authors and Enforces its own GDPR:
‘In the notice, all app developers are to be responsible for the security of the personal information they collect, and they are barred from collecting personal information that is unrelated to the services they provide.
The new campaign follows another six-month content crackdown that aims to eradicate “vulgarity” from the domestic internet. More than 700 websites’
https://www.scmp.com/tech/article/2183627/chinas-cyber-police-launches-new-campaign-targeting-apps-obtain-personal

Meanwhile privacy challenged USA still moving in the opposite direction:
‘Facebook to integrate Instagram, Messenger and WhatsApp
Matthew Green, a cryptography professor at Johns Hopkins University, said the change “could be potentially be good or bad for security/privacy”.
He added: “But given recent history and financial motivations of Facebook, I wouldn’t bet my lunch money on ‘good’. Now is a great time to start moving important conversations off those services.”
Green wrote that his two major concerns were that the widespread rollout of E2E could result in WhatsApp getting comparatively less secure, rather than Facebook Messenger and Instagram becoming as secure as possible; and that WhatsApp users, who currently do not need to share much personal information at all with Facebook, may find their metadata co-mingled with their broader Facebook accounts.’
https://www.theguardian.com/technology/2019/jan/25/facebook-integrate-instagram-messenger-whatsapp-messaging-platforms

In making these new anti-privacy moves, Facebook must feel confident the big-data law they are sponsoring in Congress will supersede the more restrictive CA privacy law set to take effect in 2020. Once successful, Wall St analysts predict Facebook stock will soar.

Publicly Facebook states it supports increased privacy regulation. However they continue to fight ferociously against regulation in Europe:

‘Inside Facebook’s fight against European regulation
Dozens of Commission documents show how the tech giant pushed back against rules on issues ranging from copyright to privacy.’
https://www.politico.eu/article/inside-story-facebook-fight-against-european-regulation/

VinnyG January 26, 2019 8:46 AM

@RGL re: FB app integration “…could result in WhatsApp getting comparatively less secure, rather than Facebook Messenger and Instagram becoming as secure as possible; and that WhatsApp users, who currently do not need to share much personal information at all with Facebook, may find their metadata co-mingled with their broader Facebook accounts.’”
I have little doubt that is the entire motivation for FB to pursue this. It may hurt them (further) on other than privacy grounds. While they seem to be very good at exfiltrating PI, I have never been at all favorably impressed with their (evident) overall development and coding talents. The last time they re-architected Messenger (about 3 years ago iirc) it was badly broken for a large number of FB users for days, in some cases, weeks. This project appears to be even more demanding, and I expect that FB will muck it up even worse. I was only a FB lurker for about 8 years. I would use it to locate old friends and acquaintences with whom I had lost contact, then shoot them an email invitation to contact me at a non-FB email address. A few years ago, I became involved with organizing a reunion, and leveraged FB for this. Unfortunately it required more FB interaction than that previously described; equally unfortunately, I got sucked in personally into using more of its features (still not as most users, I believe.) I have disabled my mail profile. I do have two others that I use for lurking, similar to what I described. I may set up a third, exclusively for local on-line buying and selling (Craigslist has pretty much gone down the porcelain pipe for me.) FB it attempting to scrutinize new accounts to ensure that there is a real person applying. My first two attempts failed on submission of a picture “for identification purposes” as demanded by FB. The first time, I submitted a photo of Zuckerberg that I found at Google Images, with the red circle/slash “NO” symbol added. The second attempt used an image of “Charlie Brown” that had been 3D enhanced to look more like a photo of a live human. I guess I’ll need to use an actual photo of a real person the next time (certainly not me) but I’m confident of success…

Faustus January 26, 2019 11:00 AM

@ CallMeLateForSupper

This is mind boggling. It demonstrates that it is virtually impossible for a normal user to distinguish phishing emails and therefore ONE SHOULD NEVER click on an email link for any sort of important account, data or monetary operation. One should simply navigate to the website oneself and do the operation.

One should never download an attachment that one was not explicitly expecting.

What interest does google have in convincing people that it is fine to click on links for important operations under the assumption that someone has suddenly become a security genius from a short quiz? The quiz itself is proof that one should not use email links at all for anything important.

I can only assume that Google wants to mine the extra email data. This whole presentation is a scam and irresponsible.

Sed Contra January 26, 2019 11:10 AM

@CallMeLateForSupper

Jigsaw

Surely one were ill-advised to visit an Alphabet i.e. Google sponsored site to learn about phishing ?

I fear the Tech Lords even when they bear gifts.

VinnyG January 26, 2019 12:23 PM

@moderator – The unimaginative dullard Mr. Steele needs to be advised to deploy his “lorem ipsum” filler to fill some other space. I recommend the one he owns that is never illuminated by sunshine…

Faustus January 26, 2019 12:52 PM

@ Wael

Here is somebody looking at including Lottery in a democratic Social Policy Alternative. https://boingboing.net/2019/01/25/rebooting-democracy.html

I have been very busy, too busy to pursue the model, but the more they bounce around my head non-coercive applications of

Forgiveness, Apology, and Lottery

seem more effective and less expensive Social Policy Alternatives than

coercive and power-corruption prone alternatives like socialism, war/violence and imprisonment/punishment.

Sherman Jerrold January 26, 2019 1:01 PM

One: is the defacing idiot really Bruce Steele (could that be a jab at ‘stealing from Bruce’?) I hate to see this site vandalized by knuckle-dragging types.

Two: just reading the following:
Citizen Lab from a Canadian University attacked:
ht tps://www.truthdig.com/articles/undercover-agents-target-cybersecurity-watchdog/
(spaces added to link for security)

No good deed goes unpunished! Thugs everywhere emboldened by the thuglike behavior and encouragement of the fearful leader of the US.

Sherman Jerrold January 26, 2019 3:18 PM

Re to @wowow
the words with comma separation are a little cryptic
not knowing any specific field of context I can just relate the words individual meaning as my cousin and I know them:

eigen – Manfred Eigen – German Chemist b. 1927 worked on high speed chem. reactions
musick – Musik in German is just that: music
macht – makes or creates
conzept – Konzept in German means conceptual plan
alliance – allianz in German means alliance or bond or federation

I suppose that the phrase could refer to some sort of ‘composition’ by Eigen that created
a plan for some sort of organizational alliance.
OR
it might obliquely refer to some chemical idea that dealt with chemical bonds and the resultant compounds

I wonder if the words are of literal significance in some other Germanic language.

Faustus January 26, 2019 4:34 PM

@ Sherman Jerrold

“Eigen” means approximately “self” or “own” in German. Eigenwelt in existential psychology is one’s inner world.

Sherman Jerrold January 26, 2019 5:00 PM

Re to @wowow

I considered what eigen might be refering to in an alternate context:
eigene – in German also means to own, your own, or appropriate, as in:
eigene Wege – follow your own road or way/path

The actual correct context of a phrase can signifacantly alter the meaning a lot. Good luck finding out what that phrase means.

Wael January 26, 2019 5:29 PM

@Faustus,

Here is somebody looking at including Lottery in a democratic Social Policy Alternative.

I read the article, but not the book. Don’t want to do that in the Sonoran desert! The guy is doing a game simulation.

Forgiveness, Apology, and Lottery

Three out of many. Forgiveness won’t work with all. Also, there is a fine line between “forgiveness” and “cowardice”. In other words, there’s no one size fits all. For some people, forgiveness will be adequate and for others, nothing short of a 27 minute baptization session in a tub of Fluoroantimonic acid is adequate.

As for the lottery system, how would do we handle things when the chosen few are idiots, morons, scumbags, and nut cases? No criteria for who’s eligible for lottery?

Sherman Jerrold January 26, 2019 7:40 PM

@faustus,
Thanks for your insightful input on ‘eigen’. I was distracted and clicked submit for my reply before refreshing the page and seeing your input. Didn’t mean to be redundant.

Sherman Jerrold January 26, 2019 7:53 PM

@Faustus, @wael

I’ve studied forms of government. A democracy relies on a ‘well-informed electorate’. Often a democracy becomes a popularity contest of competing ideologies. And, poorly informed votes can derail excellent candidates and ballot measures. The ever-increasing tidal wave of propaganda pretending to be information is a real problem. The article is referring to a game. And, in that context it is not directly damaging to the security of human society. And, I may have missed some element of the argument, but I don’t see how a lottery helps in selecting optimal results in any democratic selection process.

I invite any comments that may enlighten me on this topic.

Faustus January 26, 2019 9:19 PM

@ Sherman Jerrold, @ Wael

To review the line of thinking that I am following, largely inspired by my genetic programming based ai system and its unique conceptualizations of things that we normally look at in rote ways:

Observations:
1. Humans are apex predators and we have minds adapted to that purpose
2. There are probably many good social policy options (with better meaning “most conducive to freedom, equality and happiness”) that don’t easily map into our predator minds and seem immediately to be unacceptable or nonsense, when in fact they would produce better results with judicious application
3. Our current predatory mindset social policy alternatives: coercion, violence, war, competition, imprisonment, punishment are really expensive to put into action and take up 40-60% of our resources. Alternate non-predatory options don’t have expenses at this scale, or if they do, the value is preserved rather than blown up or expended. (Bombs become debris, while education provides decades of benefit, as examples).
4. Most predatory systems are hierarchical and essential embody inequality and corruption. Systems involving randomness avoid corruption if they are run fairly, which is a simple and straightforward process compared to avoiding political corruption.

So I am trying to make an inventory of social policy alternatives that can have any possible applicability and just enumerate them. We postpone judging them or comparing them until all are enumerated. This is a strategy to prevent our habitual predator minds from censoring the “non-predator” ideas so fast that we can’t even list them. Because that is what is happening if our minds won’t even let them go on the list. Any option that could conceivably be a social policy option should go on the list at this point.

Then we can see if there is some metric we can use to compare these ideas rather than just relying on some gut level evaluation. Our current social policy approaches have led historically to much war, and currently, massive imprisonment and violence. The results of the status quo haven’t been so great that we shouldn’t try to find other options and objectively evaluate them.

The underlying question of whether our predatory natures make us blind or virtually so to a wide range of options is interesting philosophically. And then I wonder if an AI would have at least partial freedom from limitations our predator natures incline us toward. (Of course, vice versa, a predatory mind may see options that are invisible to a non-predatory mind. Pretty cool, at least to an AI researcher like myself.)

So far the social policy option list is:

  • Coerce
  • Compete
  • Kill (War/Violence)
  • Imprison
  • Take
  • Loan
  • Inquire
  • Apologize
  • Forgive
  • Share
  • Lottery

Submissions are welcome.

@ Wael, I think the nature of the lottery is open to discussion. And it’s not like the current system doesn’t have its share of idiots, morons and scumbags! Right now I see committees rather than individual executives, large enough to smooth out outliers and make corruption hard to execute.

@ Sherman Jerrold, A “well informed electorate” is getting hard to imagine because predators use truth as a weapon of war. And who knows who is exactly right? Every single person thinks their beliefs are the standard of truth.

We don’t optimize our choice of leaders. The system is set up to choose the worst, not the best. It is likely lottery’s regression to the mean would be an actual improvement in which Mr. Smith really does go to Washington.

But right now what I am looking for is more options.

Wael January 26, 2019 10:15 PM

@Faustus,

We postpone judging them or comparing them until all are enumerated. […] But right now what I am looking for is more options.

Ok, ordered and structured thinking. Give me some time to sort things out. A few weeks, I won’t forget.

@Sherman Jerrold,

I invite any comments that may enlighten me on this topic.

I have the same disposition so far, unless @Faustus convinces me to change my mind.

Sherman Jerrold January 26, 2019 10:29 PM

@Faustus, @wael

Faustus, Thank you. I admire your astute insights. If I understand you correctly, you are entertaining exploration and discussion of the various alternatives to the predatory nature of human character as it has manifested itself throughout history. And, you seem to be expressing that you have a sense that in many cases we can find more positive alternatives that would enhance the security of society by abandoning or nullifying the predominent thugish power-hungry mindset extant. Hence, your search for viable options. Your writing is fascinating and I must take some time to read it more carefully/thoughtfully so I may understand it more fully.

And, while many will consider it naive, for many years I have been wrestling with how greed and selfishness has manifested itself in the voracious attempts of some individuals to control the course or society for their own benefit. And, how that has (always) been at the expense of the safety and security of the populace. Security, both physical and as it applies to our digital computational world.

65535 January 26, 2019 10:38 PM

@ maqp

@65535 “Back in Feb 2018 you were asking about the possibility to test the data diodes with local testing mode. That wasn’t possible because I wanted to make local testing completely free of additional HW. However, it turns out it is possible and in fact, really easy to setup the system for testing with the data diode hardware…”maqp

Good going!

I am currently using VMware on my test rig but I can switch to VirtualBox.

Thanks!

Clive Robinson January 27, 2019 4:10 AM

@ Faustus,

Submissions are welcome.

    Altruism

With regards “education”, as far as I am aware politicians interfering in education usually produces worse results…

Put simply “bad/poor education” leads to “bad/poor citizens”. Various “experiments” have been run over the years, and “early social learning with strong role models from both sexes” generaly produces the best outcomes.

One concluded that every dollar spent on such education saved around two thousand dollars down the line. Personally I think their claim of a 2000:1 ratio was actually a little on the light side and it’s more likely to be five-ten times that when you include other factors such as “sinkhole non-careers” in the likes of the millitary and simillar “makework jobs” in administration and guard labour roles.

As we know most political interference in education is “cosy saving” or more correctly diverting resources to those who are shall we say not very deserving because of their existing wealth, that enables them to lobby for more at the expense of the other 99% of society.

If US MSM press can be believed the US has many vacant job positions yet very high rates of unemployment or employment in below living standard zero hour contract work. If this is true then there has to be a reason for it, which I’ve yet to read an honest appraisal of from a US house level politician…

Who lets be honest squawk their “Be hard on Crime” mantra policies endlessly… but they appear to have done nothing socially productive, only enriched a few in the now privatised prisons business, where they are used as what is in reality slave labour…

Oh a friend pointed out the other day that as it takes atleast a billion dollars to become US President these days, with a sensible rate of return over four years you’ld need to be pulling in over a million a day every day including Sundays and holidays to come out ahead… Throw in those other hands of Senators and Congressman and their helpers and that’s one heck of a pile of cash to think about, especially when you consider it’s been said Nixon’s war chest was only 30million…

roberts robot double January 27, 2019 9:20 AM

@Faustus

The fundamental understanding one must have when designing the operating principles for a secure society is that (a) we must not give others a legitimate reason to be our enemy, and (b) we must not allow illegitimate enemies to undermine our security. This, of course, as with all things human, hinges upon the nature of the society’s morality, for a person or group who seeks to impinge upon a person’s free will (to seek their own happiness without harming others) is acting immorally and may be legitimately physically prevented from causing such harm and misery to others. This scale determines whether or not a conflict is legitimate or not.

Now, given this definition, the next question is, “How do we tailor our designed society’s attitudes and behaviors such that no group has a legitimate gripe against us?” Only by establishing our own policies under such moral conviction can we then hope to establish what I will term ‘natural security’ by knowing that anyone bringing war to us is doing so illegitimately. Note that such a moral society will take all claims of injustice with open-minded seriousness; this must be an automatic tenet of the nature of such a society, i.e. closed-mindedness can never get us there or allow us to remain there. This automatic willingness to entertain potentially self-critical viewpoints allows negotiation and peaceful adaptation of policy to effect dispute resolution before force of arms is assumed to be necessary.

Faustus, you have hit upon the foundation of such a perfect society, albeit somewhat obliquely: to eschew competition (predatory behavior) in lieu of cooperative behavior. In fact, your ordered list of social policy options contains a natural polarity where competition is at the top (least desirable) and cooperation is at the bottom (most desirable). What you have missed, however, is that there is a deeper parallel polarity: selfish greed verses selfless compassion. The key to establishing such an optimal society is that each person must first personally subscribe to a universally compassionate personal morality before we can build the larger compassionate structures around and with them.

Of course, the most difficult part of this entire design endeavor is to find people willing to give up the trappings of selfish power inherent in competitive systems such as that which we live within. That the vast bulk of our entertainment media is built upon such greed, both personally and for the super-ego of whichever group, is indicative of the depth to which the mentality of callous competition has pervaded our society.

Artificial intelligence is no replacement for intelligence, my friend, as an intellect without a compassionate heart is nothing more than a vehicle without steering. It is not called a ‘moral compass’ without reason, even though it is brutally obvious in 2019 that many claims to morality are little more than divisive, empty hypocritical words used to justify their own excesses and abuses.

Note also that having a selfless, compassionate heart means that we must fight in defense of the oppressed irrespective of their group identity being more or less like our own. That is a sign of a heart endowed with true justice, and it is a very difficult level to reach without going within and making an internal connection to our Creator. Even more importantly, such a person also has the ability see the seeds of hatred and unrighteous enmity taking root in other cultures as this is a direct quality of a respectful, compassionate person in that only a compassionate heart can see a person for what they truly are, for compassion has no prejudices and is not goal-seeking to justify persecution or callous treatment. Few people are even aware that such faculties exist within the human being, but it is absolutely necessary to cleanse our doors of perception before we can establish justice and natural security within any society on this Earth.

Regardless, no matter which form of religion (including none at all), we must all band together and unite to create such a compassionate, cooperative society of equals. It is the only foundation upon which lasting security can be built.

[Note that my URL is a link to my Kinja post where I actually constructed my reply.]

albert January 27, 2019 10:37 AM

@VinnyG,
You might try mug shots. Just edit out the height markers.
..

@Clive,
Nixons 30 mil would be worth a lot more today. I heard that half of the Congress-critters are millionaires. Interesting, considering that only 1.4% of US ‘working’ folks make more than $250,000 a year.

. .. . .. — ….

Clive Robinson January 27, 2019 10:44 AM

@ Robert’s…, Faustus,

Artificial intelligence is no replacement for intelligence, my friend, as an intellect without a compassionate heart is nothing more than a vehicle without steering.

You have given two assumptions and a description there,

1, “Artificial intelligence is no replacement for intelligence”

2, “an intellect without a compassionate heart is nothing”

What you call a “compassionate heart” is actually nothing more than a state of “mind”. That might or might not have been arived at by a set of rules for living we chose to call “morals” (which can and do become codified rules of existance via legislation.

So far there is no difference between a lump of fat mixture and neurons in a skull and a bunch of computer chips in a protective case. The former runs on fays and sugars, the latter on electricity. As far as we can tell neurons like electronic logic circuits both run on electricity in one form or another.

The main difference appears to be that neurons are sufficiently multi-valued to be assumed to work in an analog fashion whilst most logic gates tend to be bi-valued or binary in nature.

However there is another difference that although blindingly obvious when pointed out often gets ignored. Human beings have “physical agency” and can independently partialy interact with the environment they are in. Computer chip based systems very rarely have any physical agency, which based on the number of SNAFUs we humans make is probably just as well 😉

But what is “mind” some talk about it being the sum of our histories or if you prefer “existance”. Few computers stay on more than hours so their quite limited inexperience due to lack of physical agency is even less when you consider down time into the equation. Thus for most collections of chips, circuits and semi-mechanical recording devices their life experience would be less than that of a one year old child in a highly restricted environment.

Further humans apparently have the inate ability to learn, most computer programs don’t even get close.. Part of this might be that we realy don’t yet realy have a clue how humans learn or don’t under varying conditions.

For instance a database stores large amounts of data in various ways that alow it not just to be searched but be also be used to infer some further level of information. But the database learns nothing, it can not form it’s own queries based on anything it holds within. It is plainly and simply a fast version of the old “drop card” process which children have made with roledex cards, sticks and a “drop frame” used to select the cards wirh certain features recorded on them.

Back in the 1980’s I was involved with work on what became a commercial product called HULK (Helps Uncover Latent Knowledge). Put simply it was a simple statistical rules testing front end to a database. But again it had no ability to come up with the rules to test.

Today we have “soft AI systems” that appear to be better clinicians than doctors. But “lift the lid” and all you find is an extensive list of lists process, it looks clever, but it’s not. An untrained human could “follow the list” and arive at the same diagnosis. That is as a program it has no idea of how to find anomalies in data and compile them into useful lists of questions.

Yes we do have AI systems that can formulate questions, but lets be honest in many cases we can not explain how the rules the AI builds are derived. Thus we have no idea if we can trust them or not. Or more importantly they are just learning to amplify differences in data that humans have effectively “preselected”.

So no mater how apparently clever an AI gets, it is in effect usless to us unless we can understand the mechanism behind the choices.

Cassandra January 27, 2019 10:47 AM

Re: Google’s phishing quiz.

Data from how people have answered the quiz would be really useful to people designing phishing approaches.

The key thing for me is to make sure one understands how domain names are structured, and how to verify who controls a domain. Anything that is obfuscated and/or goes through a URL shortening service should be an immediate [delete]. A nasty mode of attack not covered is people using international character sets to produce domain lookalikes, otherwise known as the internationalized domain name homograph attack.

e.g. secure.gооgle.com vs secure.google.com

In my browser, both look similar enough to regarded as identical (there might be some small font differences), but if you copy and paste the test into a text file and examine it with a hexadecimal editor, you will see the differences.

While defences exist in the most popular browsers, not all client software has similar mitigations e.g. many PDF renderers. It is unreasonable to expect non-technically competent end-users to be required to inspect URLs with a hex editor to check if they are ‘safe’ or not. Domains that use a mixture of character sets really ought to be programmatically inhibited from working. I might be suffering from a failure of imagination, but I can’t see a compelling legitimate use for mixing character sets in a domain name.

Cassandra

Wael January 27, 2019 10:51 AM

@roberts robot double, @Faustus, @Clive Robinson,

Dang! You guys won’t leave me look at the mountains, cacti, and the beautiful Arizona desert!

Well thought out, and well-written piece. All of it. But the following is noteworthy, as it struck a cord with me:

The key to establishing such an optimal society is that each person must first personally subscribe to a universally compassionate personal morality before we can build the larger compassionate structures around and with them.

Plus

Artificial intelligence is no replacement for intelligence, my friend, as an intellect without a compassionate heart is nothing more than a vehicle without steering. It is not called a ‘moral compass’ without reason

And

and it is a very difficult level to reach without going within and making an internal connection to our Creator.

Agreed. However, I’ll continue with @Faustus’s endeavor to see where it goes. I’m kind of curious myself.

The other topic that I have interest in is Consciousness. I wonder what’s the latest on that from an AI standpoint. My guess is we still don’t even know where to start from.

bttb January 27, 2019 11:36 AM

1) https://newrepublic.com/article/152941/trump-suborns-perjury
2) https://www.theatlantic.com/politics/archive/2019/01/roger-stone-indicted-mueller/581338/

from 1): “How Trump Suborns Perjury
Even without BuzzFeed’s explosive report about Michael Cohen, the evidence shows that the president has persuaded his associates to lie to Congress and the feds.”

from 2): “Decades of Dirty Tricks Finally Catch Up to Roger Stone
Trump’s longtime adviser said after appearing in federal court, “The only thing worse than being talked about is not being talked about.”

VinnyG January 27, 2019 11:45 AM

@albert re: FB id – Nope. I set-up a new account yesterday. It seemed to be successful, but I did notice that I didn’t have immediate access to Marketplace (the entire purpose of establishing the profile is to sell items I no longer need without divulging a ton of personal detains to dog & world.) This morning when I logged in I received the ubiquitous (and typically bogus) “we noticed some unusual activity on your account” warning. I had to acknowledge a numeric string sent as SMS to the phone number of record. That’s fine with me, I have an anonymous Tracfone number expressly for such uses. Then FB demanded that I upload a copy of a valid photo ID. They didn’t exactly state that this was restricted to a driver’s license, or passport, but it is pretty clear to me from the photos they rejected that those are the types of documents are required. They claimed they would delete all records of the accepted document after 30 days. Yes, I believe they will do exactly that – not! Who would be naive enough to trust FB with an exact copy of their driver’s license or other legally acceptable photo id, after all of the abuses for which they have been responsible that have surfaced over the past few years? I was able to create an anonymous profile in 2017 with any such identification proof, and that profile remains active and usable. I actually find that encouraging, in a way. IMO by greatly increasing the difficulty for new user sign-ups among those who have any regard for their own privacy (i.s. refuse to furnish valid photo id), while not taking any action against existing users who have not been required to meet that standard, FB increases its risk of becoming more and more insular, and failing sooner, rather than later.

Faustus January 27, 2019 12:41 PM

@Clive @Wael @Faustus @Sherman

I do not have time to fully respond to all of your comments, so I will cherry pick. I deeply appreciate your contributions.

@ Clive

I chose “Sharing” to cover altruism. Originally I was thinking of “Giving” but giving has a weird power dynamic. Sharing seems to recognize more that we all are benefiting from a common pool rather than me making and the recipient taking. When I was younger I happily received a lot from people. Now I am able to give (I prefer “share”) but many people will not receive for fear of being beholden. I think a gift is absolute and confers no obligation on the receiver’s part, but others differ.

@ Roberts

I think this is very well said: ” (a) we must not give others a legitimate reason to be our enemy, and (b) we must not allow illegitimate enemies to undermine our security.” But our cultures have varying ideas of legitimacy that make it hard to put into practice. Conflicts abound, a) abortion and b) rights of women under Islam/fundamentalist Christianity vs religious freedom just the first two coming to mind.

I can’t disagree with compassion, but it is a recurrent idea in our society and it doesn’t stop us from hurting each other. I blame our predatory inheritance. So I seek an external process we can agree on that would approximate the results of compassion without requiring any particular inner state. I don’t totally abjure predatory options where they work. I think competition often does lead to improved results for all, for example. But I want to examine all the alternatives and hopefully find a mix that we can all accept without coercion that goes in the direction of optimizing freedom, equality and happiness.

@ Clive

“Yes we do have AI systems that can formulate questions, but lets be honest in many cases we can not explain how the rules the AI builds are derived.” Conceptual transparency is an objective in my AI but it may always be limited. Remember: Most of the time human intelligence can’t fully explain the rules it uses, visual recognition being an extreme example.

We used to think that computers can only do what they are explicitly told to do, but we have gotten beyond that. My AI creates totally unanticipated solutions, as do others. I think we will continue to find AI overcoming such apparent limitations. As for learning, AIs can have persistent and shared “memories”. Re agency, many AI researchers agree the a general intelligence will have to be embodied, as in a robot or such. I’m not sure myself.

@ Wael

Consciousness still seems a matter for philosophers. Is it simply an illusion, or just a stream of images like a search engine moving through youtube? My strategy has been to focus on external results rather than internal states.

roberts robot double January 27, 2019 12:41 PM

@Clive, @Bruce et al

So no mater how apparently clever an AI gets, it is in effect usless to us unless we can understand the mechanism behind the choices.

Indeed, but I will take this much further as I am a lifelong systems guy, from operating systems to desktop utilities to database systems, both medium and large, to entire multi-layer information management systems for municipal system information processing with a web front end and discrete middle service tiers and multiple kinds of dbs on the back-end.

I look at all computer systems as Information Tools, and that includes AIs, NNs and all their modern variants. From my little black book db program I wrote on my C64 in middle school (no contacts to put in, though 😉 I divined select, add, update, and delete being the primary operations of information management systems in general. All the modern stuff just has more complex information going in and much, much more complex processing happening in the middle, which results in much more complex output. Like you said, if you don’t understand the how and why of the generated output, it is useless to a sensible person, except in a very limited domain such as Go or Chess. Of course, that does not stop the irresponsible MBAs of the world (no compassion in those cold money equation solvers) and their CEOs from risking the use of such complex black boxes.

When we look at these systems as Information Tools we can then ask the important questions, such as “What is the purpose of this tool?”, “How can this tool be misused?” and “Is this tool an overall benefit to our world society?” People are so enamoured with shiny technology that they have lost sight of the necessity of asking such questions, and that is precisely why we have been blindly destroying our ecosystems and letting these corporations effectively enslave the vast majority of humankind, noting that the entire “Cult of the MBA” is its own technology/ideology that has legalized compassionless management of human beings. The terminology shift from ‘Personnel’ to ‘Human Resources’ is an affront to human dignity and is indicative of our descent into what we see today in, e.g., FB’s attitudes and behavior.

So far there is no difference between a lump of fat mixture and neurons in a skull and a bunch of computer chips in a protective case.

Mr. Robinson, as a longtime lurker here, I am deeply respectful and thankful for your contributions to this blog and really enjoy reading your insights into tech and privacy issues, for I love to learn, though not as much about the details of tech as I approach a half century of life. I understand your heart to be in the right place with respect to our societal problems with privacy and the abuses of our governments and the corporations they are behoven to.

If you wish for me to explain how the brain is merely the 3D tuner for a much higher dimensional universal mind, I will do my best to explain the bit that I understand, but let’s take that over to my Kinja account (or anywhere else you can point me to that you would prefer) that serves as my link.

Such differences in our subtle understandings of the universe really have no bearing on this blog’s purpose to help utilize technology to help people be more secure and free and I know that you are a leader in the field, both with great intellect and experience as well as a selfless heart.

As such, I had an Archimedes revelation some many years ago on how to design a perfect information design system that has obvious beauty and elegance and is yet ultimately practical from my hard graft of coding standpoint. I have held my cards close to my chest up until now and would desperately like some help and guidance in how I should move forward. I am really just winging this post here but have been frustrated by abject poverty for over five years now as it is obvious to every HR person on Earth that I’m not a good corporate soldier so that avenue has shut.

I guess the most important help I can get is to find someone I can trust to talk about how to move forward. I am purely technical so I am ill-suited to navigating the world of money-lovers. The other problem is that my solution will be kindof obvious (yet still tantalizingly difficult to manifest) once it’s been explained.

Its architecture is required for the development of perfect information systems.

It is elegant and beautiful and insidiously difficult to wrap one’s brain around.

Its fundamental idea can be described in one single scientific term that is the name of a scholarly book.

It is provably the technological singularity for literal, comprehensible reasons. At some point, this architecture will become the foundation for all information processing tools, from hardware to software.

It is also a formal defintion of artificial life in a microprocessor environment and is directly analogous to life on many levels.

I want to use it to create a cooperative society of equals.

I’ve been on the internet since 1988 and have never heard anyone speak of my system design idea, but reading Brooks’ “No Silver Bullet” makes me chuckle. It’s best that that’s what people believe.

Soooo, I’m sick of being poor a f so how do I go about sharing this information without having to continue living in these projects where two people have been gunned down within 100m of my door within the past year?

I love you all and am appreciative of this community, regardless of what comes of this humble, honest request.

I just read the beginning of Freeman Dyson’s “Why is Maxwell’s Theory So Hard to understand?” and it begins with the section entitled “Modesty is not always a virtue” and I see its applicability to my life. It is perhaps time for that to change.

Faustus January 27, 2019 1:40 PM

@ Roberts

Concerning how to move forward with your innovation, my suggestion is:

START PROGRAMMING!! Or, if it solely a system design methodology: START WRITING!!

If it is large, start with a prototype. If it is complex, simplify the problem space that you initially address. The key is to start building assets.

Consider building a demo if you seek investors or collaborators.

Don’t let protecting the idea make it come to nothing. Identify an outline that you can share. Or consider open sourcing it and making your money from being the world’s expert on that technology and thereby earning grand consulting fees.

I am not a lawyer. My understanding is that protecting IP beyond the automatic copyright some things get is an expensive and complicated proposition. Find somebody who does know how it works.

My AI system started from my interest in automatic theorem proving. I made a prototype in python for ease of programming, in order to understand the architectural issues that arise, and then started again in golang with that knowledge. I did it originally simply out of curiosity. I never expected it to work so well. But now I have an incredible foundation of 5 years of work in golang inspired by a couple of years of python.

This is a great asset that lets me move quickly into any problem space I want. I can add features knowing the core functionality is tested and in place.

The key is starting.

Sherman Jerrold January 27, 2019 1:41 PM

@Clive @Wael @Faustus @roberts robot double @Bruce et. al.:

WOW, all this excellent material you are contributing is rather overwhelming to my slow, old mind. (I’ve never been able to upgrade my cerebral processor from an i486) I need to take some more time to absorb it and more time to understand it fully.

However, some other things came to mind:
MMORPGs are probably and good ‘modelling’ tool for societal values/motivations/actions analysis, since they so intimately involve the human element. And, if the participants are not aware they are ‘part of the experiment’ their actions won’t be influenced. Of course, whenever humans are involved in an experiment, massive unpredictability of responses is the result.

And, most of what I’m reading here does seem to have an underlying intent of finding ways of making concepts involving altruism into practical solutions. Correct me if I’m wrong.

Security in our current society has been almost totally compromised on a digital level, which has resulted in great physical insecurity both financially and personally. I see so many people around me who are just gulping down the social media and mainstream media koolaid without reading the ingredients, it scares me.

roberts robot double January 27, 2019 1:58 PM

@Faustus

Thanks for the constructive ideas. They are quite excellent but I have a problem with open source only with respect to the idea that Shell/Mobile or whoever are using it to run this Earth into the ground. I am likewise nonplussed to imagine that Microsoft or some eavesdropping company would utilize my methodology to create something more abhorrent than that which they already have. As a lover of cooperation, I love the idea of open source but its execution in our predatory capitalistic environment is problematic for the selfless in the face of those who are more than happy to capitalize on someone else’s life’s work.

This is a one-shot. It is how to achieve logical perfection. As I mentioned, it is relatively easy to comprehend given enough programming/systems experience, even if the execution of the idea is certainly non-trivial.

And I do have 18ish major versions of my newest incarnation of the idea, spread across the past 3-4 years of work. My current “writer’s block” is about how to approach the levelling up to v19. Larry Wall is quoted of having said that “Porting a shell is easier than porting a shell script.” That is simultaneously true, hilarious and maddening as I am now moving from OpenBSD’s pdksh to modern Bash and the root of my system is in two shell scripts. Whereever else the devil is in this universe, one devil is certainly in the details there, my friend 😉

Thanks for the encouragement and inspiration! As with anything meaningful in life, we must just buckle down, stop complaining and put even more, better work in. Maybe I’ll report some concrete progress (either actually coding or just meta-writing) next week.

Faustus January 27, 2019 2:10 PM

@ Sherman Jerrold

MMORPGs sound like a good test bed for Social Policy Alternatives, although people complained about such a test bed in response to my earlier post! Maybe tying in real world incentives would make the play more representative of the real world.

I think you understand what I am after: a better (defined previously) social world yielded by investigating options contrary to our genetic predator programming. Furthermore:

a) I am interested in how our genetics may be skewing our cognition, and
b) how our genetics and conditioning can make all sorts of ideas virtually invisible to us. And
c) can AIs help?

maqp January 27, 2019 4:31 PM

@65535

Great! Let me hear how it works for you. Things worth noting:

The Ubuntu’s background update mechanism can get in the way during TFC installation if you re-use days/weeks old virtual machines. You can either wait it out or kill the background installer process. Linux Mint should also work and it uses different update mechanism so I’ve had less problems on that.

I’ve had quite a bit of problems with the PGP keyservers (or gpg’s –recv-keys might be buggy) so that might cause the one-liner to terminate at an early phase. I think this can also happen at later phase of the installation when TFC installer gets Tor Project’s signing key so it can download Tor 0.3.5. For some reason this throws errors less often: maybe those keys are more available in the server pool. There’s a good chance Ubuntu 19.04 will already default to the new LTS version of Tor so the installer will get more stable and simple with time.

65535 January 27, 2019 6:19 PM

@maqp

Noted.

I can use mint but I am more familiar with Ubuntu. We will see and I will comment more when it is setup.

Thanks

JG4 January 27, 2019 10:12 PM

Another one for Clive and Rach El

https://www.techrepublic.com/article/inside-the-raspberry-pi-the-story-of-the-35-computer-that-changed-the-world/

Thanks for the tutorial. You probably know that duPont brought an advanced version of the fermentation technology to the US, including wet milling. We’ve touched on the fact that 2/3 of the nitrogen in humans can be traced to fossil fuels. Recycling nitrogen a lot more efficiently, like when it was civic duty, could make a material difference in energy and food security. Not to stray too far off topic.

Clive Robinson January 28, 2019 12:05 AM

@ JG4,

Recycling nitrogen a lot more efficiently, like when it was civic duty, could make a material difference in energy and food security. Not to stray too far off topic.

I don’t think you are straying off topic in the “security” sense.

There are only four other more important security requirments than “food security”. The first two,

1, Breathable air security,
2, Potable water security,

Most will accept and not immediately realise there are others, that are perhaps even more important.

Those seeking out new planets importantly are also looking at signs of or potential for life thus they also look to see if they are,

In the Goldilocks zone.

That is being able to be in an environment where water is not just liquid but in the safe range below which protiens will work. So maintaining our external body temprature such that our internal body temprature is just below 37 degrees C. Which means as we don’t have fur being able to maintan an adjacent habitat temprature range between 25-35 degrees C. So,

3, Temprature control security,

But it’s not just thermal energy that counts, there are all those other energies and forces that have to be in the right range for us. We need various components of the EM spectrum for Vitimin D to be made. However we also don’t want high voltage fields likewise magnetic fields and most defiantly not high levels of ionising and particle radiation.

4, EM and other radiation security

In short whilst not quite being “hot house flowers” our survival depends on the security of much we don’t even normally consider. Because in the last century to century and a half science and engineering have worked on giving us such security over our environment that we only notice it by it’s rare absence in modern city and urban environments.

Unfortunately that science and engineering has a flip side, it’s two core components being resource input and polution output. Ultimately mankinds survival very much depends on the control of both such that they are kept within quite limited bounds. Currently we are not doing that and the cracks are starting to appear, thus the security of that control longterm is what will decide our fate…

Thoth January 28, 2019 4:41 AM

@Clive Robinson

What could go wrong if ARM et. al. together with GCHQ and 5Eyes were to implement “Digital Security by Design” in hardware ?

Excerpt from article: “Arm has declared that it feels the “weight of our responsibility” as it jumps on board with UK.gov’s £70m plans to influence “hardware and chip designs” to enhance security.”

Not gonna bother about the details and let’s quickly duck our heads down … you know what I mean.

Link: https://www.theregister.co.uk/2019/01/28/ukgov_secure_by_design_70m_arm_cambridge/

Thoth January 28, 2019 4:58 AM

@maqp

Will look into the latest TFC designs once my work has been cleared.

I am wondering if the TFC designs can be more compact for easy portability when traveling via reducing the NH side to a RPi Zero W that has built in WiFi as the NH and then solder it to the bread board via GPIO access or even tape the entire RPi Zero W to a bread board with GPIO pins on the bread board.

That would mean the user only needs to carry a bread board with the equipped RPi Zero W solder for NH, the data diode optocoupler units soldered also on the board and the Tx and Rx USB-to-TTL untis also all solder and taped onto a single bread board.

Of course the bread board gotta have a nice rugged casing using 3D plastic printing to create a plastic container to hold the entire bread board and the equipment units with cutouts for the mini-USB cables and power.

That would be a compact single ‘TFC Network Shield’ unit and the personnel would carry 2 pieces of tablet computers for lightweight computing (i.e. Samsung tablets) since it is common for travellers to bring multiple tablets for general purpose computing due to their lightweight.

Linux emulators can be installed on the tablet devices and hopefully the software works with converter USB units to the mini-USB ports. This would make it less attractive when traveling through international borders and a spare emulator software can be kept in a microSD card somewhere with the image encrypted and checksummed or even signed.

Once the traveler reaches the hotel, they could easily deploy both tablets connected to the TFC Network Shield and boot it up and connect to the hotel’s WiFi network or to a personal traveler’s WiFi network for network access.

Clive Robinson January 28, 2019 6:24 AM

@ Thoth,

What could go wrong if ARM et. al. together with GCHQ and 5Eyes were to implement “Digital Security by Design” in hardware ?

A lot, but a couple of things to note first,

The UK Gov ill advisably let ARM be sold to SoftBank in the Far East. Where it has subsequently sold off at a very low price a significant part of ARM to in effect become under the influance of the Chinese Gov,

https://www.theregister.co.uk/2018/06/06/softbank_offloads_51_per_cent_of_arm_china_for_a_bargain_7752m/

What the continued relationship will be with regards “chip internals” is yet to be seen, but China is certainly interested in getting further “ins” into SoftBank via various routes. Which perhaps is not surprising as Softbank has significant holdings not just in the UK but US, Indonesian, India, China and South Korea as well as it’s home market Japan.

Thus there must be a quite serious Five-Eye concern that any additions to ARM cores are going to end up in China one way or another… So good or bad for individuals privacy it’s a concern, which I’m not sure can be resolved (it could also be a Trojan horse operation but…).

Personally I don’t like the idea of any Government Intelligence or Signals Intelligence agency getting involved with commercial organisations, standards bodies etc. The issue with NIST and the Dual Eliptic Curve Digital RNG should be a warning to all,

https://www.nist.gov/news-events/news/2014/04/nist-removes-cryptography-algorithm-random-number-generator-recommendations

However the only tech talked about was the Cambridge Computer Labs tagged memory. Which whilst it might limit some attacks is not of necessity going to fix the likes of RowHammer.

The tagging is an inline addition to but not implicit to the actuall storage cell arrays in memory. Thus it only comes into effect when the computer makes an explicit read or write to a given memory location. That is you can change the energy held in memory cells and the tagging will not detect the actuall changing. So as with simple parity where one bit change would produce an error on read but two bit changes would not, there is a window of opportunity for attacks that can “reach around” any inline security between the memory cells and the CPU.

Thus the need for a way to protect memory cell arrays in a way that an attacker can not predict or see. One way could be by encryption with a random key and data hashing. Overly simplistically you hash an entire block of data for a cell array append the hash then encrypt it via a key that can not be read by an attacker prior to being stored in the cell array. Whilst in theory there could be a probability of a “lucky guess” by an attacker it would be very small, potentially to small to be a realisable attack.

What is realy needed is some way to build the cell array checking as part of the cell such that it detects it’s energy levels being changed and throws an immediate interrupt etc.

maqp January 28, 2019 8:04 AM

@Thoth

All three computers should have display available to ensure you see warnings about packet drops in case it happens. Also, as per earlier discussion on the covert exfiltration channel (now also in the the security design article), it’s important to show random looking data like public keys and TFC accounts obtained via contact requests or as part of group member list, on Networked Computer (NH). This reduces attack surface when remotely compromised RxM can’t fool the user to add a sensitive key as contact, that would then leak to Networked Computer.

Since you’re probably going to bring one laptop you use for normal work anyway, use that as the NH. You can then plug in two small form factor computers as Source/Destination Computer (TxM/RxM).

As for tables running emulators, it’s less likely you find removable Wi-Fi cards inside so it might not be practical. Unfortuantely I’m not in the position to just buy and try hardware that might suit the project. 10″ Netbooks with Atom dual-core I bought years ago run Ubuntu and TFC reasonably well even today. One good option is GDP pocket 2 that seems to have removable Wi-Fi card.

So ideally, I think you’d want two of those and then the dongle-thing with datadiode in the middle (two optocouplers and the capacitors can be soldered to the size of a large dice), and the three TTL adapters can be hidden in the USB-connectors directly. Once I can spare time I’ll make a simple 3D rendering of this idea.

You’d of course want a nice packet for that since anything unusual that has three cables and electricity tape wrapped around can raise suspicion. You’d probably want to make it look like a USB splitter, and you might even be able to hide how the devices are supposed to be wired by arranging your belongings so that you need to know the order of the proper subset of adapters you carry with you.

Clive Robinson January 28, 2019 8:39 AM

@ Bruce and the usual suspects,

Attempts to test security updates for BGP run into problems,

https://www.zdnet.com/article/internet-experiment-goes-wrong-takes-down-a-bunch-of-linux-routers/

OK it went wrong twice, but to be honest how else is much needed security going to get put in place other than by causing pain to those who’s negligence has and will continue to cause pain to others.

Ubuntu Core in a striped down form is to be availabe for IoT device development and deployment. Importantly it has an update mechanism that will be supported for a decade,

https://www.zdnet.com/article/ubuntu-core-doubles-down-on-internet-of-things/

Hopefully this will take off and form a trend, thus those realy bad IoT devices Japan has passed legislation to route out will brcomr very much a thing of the past.

Sherman Jerrold January 28, 2019 10:45 AM

Google is NOT your friend!!
here’s another tip of that massive and dangerous security iceberg:
https://theintercept.com/2019/01/28/google-alphabet-sidewalk-labs-replica-cellphone-data/

google tracking is loaded on your ‘device’ with every visit to almost every major website. Google Chrome and Google search engine are spyware.

I use duckduckgo as my search engine: one of the few that don’t track you. (I know it is only a minor help) EFF has privacy badger, etc. We can’t completely avoid being tracked, but I hate what corporate IT is doing to the sheople.

Faustus January 28, 2019 11:18 AM

@ clive @ wael @ roberts @ sherman et al

We usually take the accuracy of cognition as given and feel that “false” opinions come from “false facts”. But our cognition has myriad holes. Sometimes they can be repaired: Often our intuition can be convinced of something that was originally counter-intuitive, as with many logical fallacies.

But sometimes the truth just keeps on feeling wrong, even after the truth is proven.
The Monty Hall paradox is a good example of this: https://en.wikipedia.org/wiki/Monty_Hall_problem. Over a thousand PhDs sent in letters supporting the naive truth even after seeing proofs of its incorrectness. The great mathematician and problem solver Paul Erdos remain unconvinced until the correctness of the non intuitive truth was demonstrated in computer simulation.

I think that the apparently symmetric nature of the problem engages certain subconscious probabilistic reasoning heuristics that fail in this case. How often do we clearly comprehend things that are not true?

Faustus January 28, 2019 12:08 PM

@ Sherman Jerrold

Thanks for the reminder about Spy-gle. I have firefox with privacy badger and noscript for general browsing security. But for convenience and its built in video support I use chrome for entertainment and major websites. And I do use the Google safesurf blacklist service even on firefox, because it does work and catches bad links. (My web browsing is confined to one interface machine, not my development and production machines.) I find myself getting lazy and using the chrome machine too much. But sending my firefox urls to Google’s safesurf exposes my firefox browsing as well.

Your realize that firefox sends your urls to Google safesurf by default, right?

Sherman Jerrold January 28, 2019 12:42 PM

@faustus, thanks for pointing out the firefox conundrum. Google is now, by far, the biggest investor in, and thus biggest influencer of, Mozilla, who runs Firefox. Some are changing to the Brave browser, but it is unproven as of yet.

Though it has somewhat limited effectiveness, I have one junkyard reclaimed PC running BackBox Linux that is connected to the internet that I use for browsing and have ‘air-gapped’ my other computers.

As my cousin and I tell everyone who attends our free computer clinics: “you’re not being paranoid, they’re really after you”

@ clive @ wael @ roberts @faustus et al
I’ve always posited that human perception is flawed and subjective and that we can only obtain relative objectivity and insight into ‘truth’ by gaining a broad perspective on a subject from many varied sources and using logical, analytical reasoning to reduce our subjectivity and in-built biases.

and:
While some will consider it controversial opinion, the following shows a lot of supported insight into the insecurity of our social fabric, as well as the insecurity of even the corporate sector in its reliance on the reliable security of our common resources (roads, communication, computing, etc.).

https://www.truthdig.com/articles/the-world-to-come/

roberts robot double January 28, 2019 2:52 PM

@ Faustus

Thanks for the Monty Hall Problem link. It’s been years since I looked at it and I, too, first intuited that it was incorrect and then the truth of it dawned on me, finally. Now a part of me is trying to doubt it again, but that’s not really me 😉

Anyway, all hypothetical questions can be boiled down to my old Louisiana friend’s wise old adage: “If my aunt had a dick she’d be my uncle.” It’s got such a great rhythm and has a nice tinge of vulgarity, per my taste FWIW.

Guessing probabilities is not really important in a moral universe, however, as treating others with or without respect to their happiness is a choice that must be made in the moment in concert with our internal moral compass — whatever is left of it after our life full of our choices, that is. Some of us strengthen it, some leave it be and some destroy it on purpose. The vast majority of people don’t even consult their moral compass in such situations and instead merely perform selfish cost-benefit analysis. Our Sufi understanding is that all human beings we encounter are a door to greater happiness and that it is by attending to their happiness that we gain our own.

That internal intuitionistic compass heading is the work of a lifetime and is beyond thinking and in the realm of direct knowledge. The problem is that most people have a difficult enough time thinking (with their baseline assumptions likely being crap as well) and don’t even know that they can just know, if only they gave up our societies’ base impulses, remedial teachings and their resulting comcomitant ignorance. Such self-evolution requires adopting a new moral mental framework and then fighting like the dickens to overcome our natural tendencies to act out of our baser instincts. Another problem is that stubborn adherence to “tradition” keeps people from even entertaining the possibility that their culture’s teachings are problematic in the least. Here we see the deadliness of pride.

“A mind is like a parachute, it only works when open.”

As William Gibson says in “No Maps For These Territories” the grander truths of the universe can be summed up rather nicely by New Age fridge magnets. What a man of whit, subversive perspective and gentle heart! The only problem with his books are that there are not more of them.

Clive Robinson January 28, 2019 5:03 PM

@ roberts robot double,

I see your quote, and I raise you with a rejoinder from Terry Prattchet,

    The trouble with having an open mind, of course, is that people will insist on coming along and…. put things in it.

And there is the old favourit from whom I’m not sure originated it, but it is alleged to be Tim Minchin,

    If you open your mind too much, your brain will fall out.

Which I guess is a variation on,

    The problem with an open mind is things drift in as they wish, some stay to become old friends, but the important ones have drifted away when you need them the mm…

Or the one I say when people make comment about my trove of oddities,

    The problem with usless information, is of course, my mind thinks it’s more precious than the rarest of jems, thus hords it jealously like the most misserable of misers.

roberts robot double January 28, 2019 6:08 PM

@ Clive

Delightful. My 12yo daughter loved Pratchett’s “The Carpet People”; read it twice, even.

All I can add wrt open minds is that discernment is knowing if and when to jump, when to pull the ripcord and when to bundle up the chute and move on to the next adventure.

Personally, I consider myself a downright hoarder of interesting info (well, at least to me). I remember when our uni got readnews access to the UPI newswire around `93, some time before (IIRC) they gave those idiots on AOL and CompuServ access to the pipe. Lots of information has flowed under the bridge in all these years. And now we’re flooded with deliberate misinformation. What a world!

And be not mistaken, my friend, having nice trivia tidbits to share with friends and passers-by is worth more than all the gems in this world. It’s even better when that bit of info can expand their worldview a bit. Regardless, if we even try to make another person smile, we have made the world a tiny bit better, even if I’m just dismissed as an over-friendly beardie-weirdie.

Clive Robinson January 28, 2019 7:11 PM

Efficiency is not a survival trait

I’ve mentioned on the odd occasion “Security-v-Efficiency” and it’s down points. Basically in the general case as efficiency increases side channels and other leakage mechanisms increase at some power of the efficiency increase, which is not good.

I’ve also mentioned quing systems that get increasingly fragile over 67% efficiency.

And I’ve also mentioned the failures of “Business Process Reengineering” and similar cul-de-sac efficiency processes. That like the alleged demise of the saber toothed tiger cross an increasing number of “lines of no return” by to much specialization for efficiency become increasingly vulnerable to even small changes in their environment.

Well, it appears others have noticed the “over efficient = over specialized = overly susceptible to change” issue. And as I do think the “more efficiency” managment mantra is a recipe for fragility and failure,

https://fs.blog/2019/01/getting-ahead-inefficient/

Trust me when I say in general natures most enduring life forms are rarely over the magic 67% efficiency figure, in fact often not even that high by a long way.

Not so much “survival of the fittest” but “survival of the fast to adapt”.

Weather January 29, 2019 5:40 AM

All
Website are strange, you can display a remote img as a Ipv6 address and the client connects outside a Vpn, displaying IP address, the techniques have been around awhile, you used to add a picture on forums as your icon, everyone that viewed it got logged, or pawned.
:shrug:

Thoth January 29, 2019 8:15 AM

@Clive Robinson

Unclonable Function (UF – Omitting the ‘Physical’) method by loading a SoC with N amounts of random ciphers or hashing algorithms and then use the SoC’s RNG to randomly select a bunch of cipher/hash algorithms with the SoC’s RNG only and the manufacturer queries the SoC for X/Y challenge response pairs.

Note that this is just a glorified way of saying throw a bunch of “random” dices and where it falls, it will be the CR pair.

The construct’s main essence doesn’t align with the original intent of why PUF was originally created anymore.

I do not believe in UF functions to be as effective as advertised anyway.

Smells like snake oil ?

Link: https://arxiv.org/pdf/1901.05795.pdf

Clive Robinson January 29, 2019 3:25 PM

@ Thoth,

Smells like snake oil ?

It certainly smells of “asumptionville”…

I’m going to have to go through the paper again more slowly but it just feels like there are way to many assumptions in there.

The biggie as with PUF’s is that you can keep the secret in the chip… Well a number of PUF implementations got cute with “Efficiency” and found out the hard way that “side channels” have a habit of follow a power law of efficiency, unless you take specific care.. Which is the whole point about me warning about “Security-v-Efficiency”.

But this whole “uncloneable” idea has always been a bit suspect in my thinking. The point is if you design a chip with “PUF Function” blocks, those blocks can be fairly easily replaced with other circuit blocks on a chip, that are little more than pre-programmable registers. At the end of the day from outside the chip you can not tell between a PUF and a memory block programed to look like a PUF….

In short,

    What man can create, man can emulate…

And if you have no way of seeing inside the chip then you have no way of telling what you have on the test bench…

JG4 January 29, 2019 9:42 PM

@Clive – I might have added, “there can always be an undocumented feature one level deeper than you tested,” which cuts to the heart of the exhaustive characterization problem. That and the fact that each additional layer of digging is exponentially larger than all of the previous ones put together.

also @Clive – I forgot mention that the remote projection of invisible energy to create sound near the user reminded me of the talk by Woody Norris that I long ago posted. He was exploiting the non-linearity of air to do mixing. I would have thought that I posted this much earlier than 2017, but this is the earliest mention that I could find:

https://www.schneier.com/blog/archives/2017/08/friday_squid_bl_590.html#c6759267

Lasers can produce very tightly collimated beams, e.g., 1 mm diameter with a divergence half angle of 0.7 milliradians, such that from 1 to 100 meters, the energy would be roughly constant in proximity to the ear. Fair enough that at some distance, divergence imposes a 1/r^2 practical limit. There is another attenuation term, where a wavelength that is chosen to interact with e.g., water vapor, will be absorbed in accordance with Beer’s law. Consequently, there is an exponential rolloff in power with distance. Again, the wavelength could be chosen to provide roughly constant power dissipation per unit distance over some range – i.e., the wavelength could be offset from the strongest absorption intensity, but then you have to start with more power. Accidentally setting things on fire isn’t subtle.

It probably isn’t a good idea, but you could cross two laser beams with a difference frequency that is resonant with a molecular absorption. Analogous to Woody Norris’s technique of ultrasonic mixing. The air medium then would be transparent to both beams so you wouldn’t be suffering from absorption. The 1/r^2 problem could be addressed more aggressively with high numerical aperture, where the beams are generated from large optics and converge for a long distance before reaching the diffraction limit where they cross, then diverging. Large optics aren’t subtle or particularly portable.

I was excited in 2017 about exploring air security, water security and food security. I may have missed temperature security, but the US is about to get it good and hard, as Mencken might say.

It was a big news day; I probably should have pared this down more.

https://www.nakedcapitalism.com/2019/01/links-1-29-19.html

Each Rolodex “card” is a tiny document of free-form text. The user interface is, in essence, a search box that returns the results of a text search on those documents (you can select the full document or just its “title” line). Aside from speed and simplicity, the text-based approach is nice because it’s extremely likely that any malware scanning Yves’ for her address book will be looking for software with fields like “Name.”

Since this Rolodex-like program is simple, effective, fast, secure, and should be cheap, it may not have survived in our current software environment, where software that is crapified with complexity, dysfunction, slowness, lack of security, and high costs has become the norm.

Preparing for the D-Day of technological change will be vital Financial Times (David L)

Microsoft Project Manager Says Mozilla Should Get Down From Its ‘Philosophical Ivory Tower,’ Cease Firefox Development ZDNet. Hope Mozilla told MSoft to pound sand.

Extreme weather and geopolitics major drivers of increasing ‘food shocks’ PhysOrg

Huawei Is Blocked in US, But Its Chips Power Cameras Everywhere Bloomberg

The Chilling Thing Nvidia Just Said about China & Tech Wolf Richter

Inside China’s High-Tech Dystopia YouTube (resilc)

A Tiny Screw Shows Why iPhones Won’t Be ‘Assembled in U.S.A.’ New York Times

Big Brother is Watching You Watch

Japanese Government Will Hack Citizens’ IoT Devices Bruce Schneier

Is Surveillance the Future of Service? Business of Fashion. J-LS: “Scary: note you needn’t sign onto an app, or even have a smartphone, for retailers to monitor you in some of these ways when you enter their stores.”

Google’s Sidewalk Labs Plans to Package and Sell Location Data on Millions of Cellphones Intercept

Online Piracy Can Be Good For Business, Researchers Find Vice

Adversarial AI: Cybersecurity battles are coming ZDNet

Court’s Biometrics Ruling Poses Billion Dollar Risk to Facebook, Google Fortune (David L)

Cassandra January 30, 2019 2:39 AM

@Clive Robinson; @$The_Usual_Suspects; @All

Re: Ubuntu Core

I agree that this is the kind of work that needs to be supported. That said, with a size of 200-and-a-few-10s-depending-on-architecture megabytes for the download, it’s not immediately the solution of choice for running on an Internet accessible lightbulb (Teardown of a Philips HUE LED Lightbulb with #Zigbee and ATmega2564 AVR #IoT #IoTuesday; All Things CC: Philips Hue: Setup and Teardown.

Nonetheless, 10 years of updates is nothing to be sniffed at. If nothing else, it is one small ‘click’ in ratcheting up security – unfortunately that ratchet needs to be spun at ‘a few’ rpm for a while to get to good levels of privacy, security, functionality, and end-user freedom.

For me, $The_Usual_Suspects are all a good number of clicks in the right direction.

Cassandra

Thoth January 30, 2019 3:27 AM

@maqp

There is a suitable range of endpoints for Tx and Rx that have hardware kill switches for COTS use cases which is the Librem product line created by Puri.sm (https://puri.sm/products/).

Interestingly, Librem 5 phones are built off Linux distribution and “hardened” by Purism with hardware kill switches. If used as standalone devices for secure communication use cases, I wouldn’t approve but when used in conjunction with a TFC setup, it would be somewhat rather convenient.

maqp January 30, 2019 9:01 AM

@Thoth

Thanks! Looks like Librem 5 would be a good platform: If you can “jam” the hardware switches off for baseband, Wi-Fi, and bluetooth, you could most likely use them as the TCB halves and even as the Networker. USB-OTG adapters are all that’s needed for connectivity with the data diode.

(On a side note, just one phone alone costs $600..650, which is $100..150 more than the entire netbook setup cost me. But for those who can afford it, the portability factor is definitely there.)

Since PureOS is Debian based I had a look how complex the installation would be. There appears to be multiple tiny issues from importing keys from PGP keyservers to Tor keyring package installation issues, and missing PATH for virtualenv. Didn’t check all the way but most likely nothing major. Expanding platform support isn’t something I have time for now, but for the next release I most likely need to tweak the Tails Buster configuration anyway (hard to support something that doesn’t exist yet), so I might do it at the same time.

JG4 January 30, 2019 9:20 AM

File under Using NLP to predict the future trajectory of AI. Thanks for the link to the terrorist door.

https://www.nakedcapitalism.com/2019/01/200pm-water-cooler-1-29-2019.html

“But what is government itself, but the greatest of all reflections on human nature?” –James Madison, Federalist 51

Tech: “We analyzed 16,625 papers to figure out where AI is headed next” [MIT Technology Review]. “As well as the different techniques in machine learning, there are three different types: supervised, unsupervised, and reinforcement learning. Supervised learning, which involves feeding a machine labeled data, is the most commonly used and also has the most practical applications by far. In the last few years, however, reinforcement learning, which mimics the process of training animals through punishments and rewards, has seen a rapid uptick of mentions in paper abstracts.” • Very interesting!

Tech: “A New Golden Age for Computer Architecture” [Communications of the ACM]. This is a very approachable article, and well worth a cup of coffee if you want to better understand the machines that so dominate our lives. This caught my eye: “In the 1970s, processor architects focused significant attention on enhancing computer security with concepts ranging from protection rings to capabilities. It was well understood by these architects that most bugs would be in software, but they believed architectural support could help. These features were largely unused by operating systems that were deliberately focused on supposedly benign environments (such as personal computers), and the features involved significant overhead then, so were eliminated. In the software community, many thought formal verification and techniques like microkernels would provide effective mechanisms for building highly secure software. Unfortunately, the scale of our collective software systems and the drive for performance meant such techniques could not keep up with processor performance. The result is large software systems continue to have many security flaws, with the effect amplified due to the vast and increasing amount of personal information online and the use of cloud-based computing, which shares physical hardware among potential adversaries.” • And wait ’til we get to the Internet of things.

Clive Robinson January 30, 2019 10:18 AM

@ JG4,

I might have added, “there can always be an undocumented feature one level deeper than you tested,” which cuts to the heart of the exhaustive characterization problem.

@Wael will smile at that 😉

Quite some time ago @Nick P, RobertT, myself and others got into a technical point of view issue over the future of security. I pointed out that if you looked at the entirety of the computing stack there would always be a layer of attack below which you could reasonably test for attack hardware. That is an attacker could get in beneath you and their attack “bubble up” the stack (think as a,metaphor those column water features where tiny almost invisable bubbles start at the bottom and get progressively larger as they rise in the same way champaign does in a flute glass). RobertT confirmed this by explaining the use of analog techniques in a digital chip layout whereby you could couple out the carry bit from the ALU to use as a side channel signal. @RobertT also pointed out a few “holes” in the current chip design and fabrication work flow where a state level attacker could change the circuit. The simplest being most chip designers don’t even get close to “gate level” design, they simply pull library macros together and put in the interconnects they need (pluss a whole lot more so a single piece of silicon could be packaged up as a whole variety of individual product lines).

I had also pointed out that around the time Alan Turing and Alonzo Church were laying down one of the foundations of computing, another, Kurt Gödel had laid down the death knell for computer security…

Put simply there is no way a single instance of a computing engine can tell you if it is secure or not. That is it can only tell you what it has been programed to tell you. Thus you get into the “Trusting Trust” issue where, Ken Thompson[1] in his 1984 lecture pointed out another asspect of why computers can not tell you they are secure. This time from the top of the stack downwards.

But there is also the “reach around attacks” to consider as well. It has always been assumed that you could insert a “dead stop” security mechanism at some point in the stack. The simplest example is the Memory Managment Unit (MMU) that sits between the CPU level and core memory / system RAM level. The idea was that the CPU in privileged mode could programme the MMU via page tables to stop an unprivileged process being able to read or write to core memory outside of it’s allowed range. That is the MMU would raise an interupt that would put the CPU back into privileged mode and thus trigger the “core out” of the offending process with a “seg_fault” and optional “core dump”.

Well it’s been long known that other hardware could mess up this cosy little MMU security model. The example of this is the Dynamic Memory Access (DMA) controller, which alows external hardware to directly talk to core memory. Thus bypassing the CPU-MMU protection mechanism. Well the argument was “Then design/program the DMA so it can’t”…

But known almost as long is the individual cells in the RAM memory arrays could get changed by external influence such as high energy particles. So we added parity checking to RAM to give us “error detection” (ED) and later the likes of Hamming codes to give not just error detection but correction (EDC). For some reason –probably marketting– both EC and EDC RAM gets lumped together under Error Correcting Code (ECC) memory, just to confuse things for buyers. But the important thing to note is it is not just “high energy particles” that can cause “bit flipping” pushing chip timing specifications can have the same effect, which has also been known about since the earliest days of DRAM. In some memory such as used for display frame buffers this is not of great importance as the user of a high res display will mentally screen out a pixel change due to a,”bit flip”, thus engineers would push the timing to the limits and slightly beyond. In others applications such as financial or safety critical systems they are important, but… some engineers for specmanship still pushed those timing limits and often still do in desktops and the like. The result being that by rapidly writing to one memory array could effect another array causing an increased likelihood of bit flips in it. Whilst considered a nuisance for some time, eventually somebody figured out how to use it as an attack vector. Thus the RowHammer attack and it’s variants became known as the first of the “reach around” attacks. That is you create a bottom of the computing stack hardware attack from a top of the stack software attack by “reaching around” the inline MMU protection mechanism.

It’s not just MMU’s and ECC that are inline protection mechanisms, “memory tagging” as used in the likes of Cambridge Computer Labs Capability Hardware Enhanced RISC Instructions (CHERI) security system also rely on “in line” protection that works in a similar way to ECC and MMU. Which as I said yesterday to @Thoth[3] is a concern because the UK Gov want GCHQ to “enhance computer security” and CHERI is one of the options, and will remain vulnerable to “reach around” attacks.

Thus my viewpoint long ago was that single CPU systems like Intel’s IAx86 from 16 through 64bit CPU’s was not the way of the future. Not just due to security concernces but the fact that it had hit the “end wall” of Moores Law that the laws of physics dictates. That is it was not realistically possible to make the core of a sequentially processing computer any fast without heat death issues (which is possibly the reason Intel went ‘multi-core’).

So I looked into how to mitigate both the security issues and the fact that massively parallel multi-CPU systems are very much part of our future. As a result other problems became more easily solvable. However whilst the security was vastly improved, there was still the issue of various types of “insider”[4] and the attacks[5] they can carry out. Which realistically is difficult to prevent depending on their skill and resources in relation to yours.

Due to the nature of the design in effect programs were broken down into tasklets (think independent threads) that ran not just individual CPUs but CPUs configured as “jails” in “voting circuits” monitored by various levels of hypervisors. That could not just monitor each tasklets signiture, but halt the individual CPU’s and go in and examine the local memory including the registers[6] to find errors or tampering (malware etc). Obviously such examination takes time, which means the frequency it is carried out effects both security and efficiency of processing. Thus it is up to the system owner to decide the probability of detection.

Due to the differences between a high end single CPU system and this system I called it “Castle -v- Prison” and there is quite a bit of discussion about it up on this blog, spread over vary many pages.

@Thoth looked into implementing a version using Smart Cards, and has pointed out various people are now apparently comming up with the idea themselves more than half a decade later…

@Wael, has decided to “bite the bullet” and catalog it at some point…

[1] https://blog.acolyer.org/2016/09/09/reflections-on-trusting-trust/

[2] https://en.m.wikipedia.org/wiki/ECC_memory

[3] https://www.schneier.com/blog/archives/2019/01/friday_squid_bl_660.html#c6788286

[4] Insiders are not of necesity employees of the owner of the system. They can be the designers and builders of the OS as Ken Thompson pointed out, likewise any and all software and hardware.

[5] The “insider issue” is something you can not resolve without loosing control. In short either you “own” your systems or somebody further up the supply chain “owns” your systems, thus the data and any Intellectual Property (IP) on them. There is realy no alternative, it is possible for you to “own” your systems and delegate via a suitable process a limited set of functions. But at the end of the day a person with access to the power switch, a screwdriver and the system front pannel can by changing primary hardware gain ownership of the system. What this gains them depends on other security (FDE etc) you have put in place.

[6] One of the major problems with CPU’s is the speed of light. It dictates just how fast memory can be accessed. The more local memory is to the ALUs of the CPU the faster data can be processed. The current way of doing this with caches is actually very inefficient and prone to all sorts of security isses. There are better ways to do it very large register files that can also be used as array vectors is one way, and there are several others (see Google etc’s CPU research). Further memory is compared to other “speed up techniques” no where as power hungry thus does not suffer as badly from the “heat death” limitations and can be of higher density.

Clive Robinson January 30, 2019 11:20 AM

@ Cassie,

For me, $The_Usual_Suspects are all a good number of clicks in the right direction.

Does that mean we go “all the way to eleven” 😉

Wael January 30, 2019 12:42 PM

@Clive Robinson, all (always implied.)

will smile at that 😉

I smiled alright 🙂

has decided to “bite the bullet” and catalog it at some point…

Yes, I have and I didn’t forget. It’ll be at least 6 weeks before I can get to it as I have much higher priorities, like working on the next song (any suggestions?) And work things, too.

Cassandra January 30, 2019 2:53 PM

@Clive Robinson

Not to eleven*, or even eleventy-eleven, but “To Infinity and Beyond!”**

I am deeply impressed by the well-founded knowledge that is sometimes seemingly casually thrown around.

*On a customised Marshall amp.
**For small values of infinity.

Clive Robinson January 31, 2019 3:02 AM

@ Wael,

as I have much higher priorities, like working

Work is as they say “What brings in the daily bread” thus along with keeping a roof –or Nevada night sky– over your head the most important of things. So keeping your nose to that particular grind stone must rate highly.

Speaking of grinding, if your singing voice is anything like mine 😉

the next song (any suggestions?)

I have a couple of “earwigs” chasing around in my head at the moment, due to having a spring clean and needing “add free, DJ free, static free, DRM free” music to accompany me, I’ve been diging into more than three decades of CDS to play. I doubt many will know either of them[1],

1, Roger Whittaker “New world in the morning”

2, Love Affair “Rainbow Valley”

And I suspect neither is appropriate for what you have in mind.

[1] Though a quick Google says they are both up on U-Bloob.

Clive Robinson January 31, 2019 4:08 AM

@ Cassie,

I am deeply impressed by the well-founded knowledge that is sometimes seemingly casually thrown around.

Well hold onto your socks as some one once sang “You ain’t seen nuffing yet, no no no baby, you ain’t seen nuffing yet”.

You mentioned “customised Marshall” amps, well the first ones all were in effect as they were hand built. The “Lord of Loud” James Charles Marshall OBE, was not even a guitarist, he started out as a singer and due to “labour shortages” of the time also became a drummer, and built his first amplifier so he could be heard above his drumming. His idol became the American drummer of considerable fame Gene Krupa (that will get you full points in a “Pub Quiz” 😉 My father who was a contemporary of Jim Marshall also was a fan of jazz and Gene Krupa with the result I inherited some now very rare 78s of Gene in action with his jazz band.

Jim was born in Acton and associated with West London for many years, he became very proficient as a drummer and started teaching. This enabled him to set up his first tiny shop in the Uxbridge Road Hanwell[1] selling “drum kit” and later guitars for the up and comming music scene. Pete Townsend was chatting to him one day about the need for a guitar amp, as all the amps then around were not realy suitable (lack of amplification and most important distortion as it turned out). Anyway after about half a year of trying to “make it loud” Jim realised that the only way was to accept the distortion and in effect overdrive the hell out of the finals, that became known as the “Marshall fuzz”. There are various stories about who finally gave the amp the blessing but the story I like the best came from Rick Parfitt, but Ritchie Blackmore said it wasn’t him that blew it up…

Any way back in my dim and distant past I’d been to Jim’s shop to get hold of some valves, not for amps but to use as finals in an AM pirate rig. In the process I met Jim who quickly established I had all the musical ability of a squashed frog, and finally got me talking about what I was realy using them for. Anyway he asked me if I wanted a job, and I said I was still at college, so he said give me a call when you are looking for a job. Any way long story short he moved production up to Milton Keynes which was a “new town” what felt like half way up the country. Being the kind man he was, Jim put me in touch with another company more local to where I was and I was offered a job by them simply because Jim had phoned the boss…

But Jim also had a wry sense of humour, after the film Spinal Tap came out Jim had his leg pulled by a few of his more famous customers. So he decided to make an Amp that “Went all the way to twenty”.

[1] For those that live in West London and want to see the shop it was number 76 but you had better be quick it’s about to get demolished,

https://feelingealing.co.uk/2018/03/17/ealing-council-set-to-approve-59-flat-development-in-hanwell-town-centre-beside-lidl/

Clive Robinson January 31, 2019 11:32 AM

@ James Evans,

Any changes that improve the security of any system ordinary citizens use to protect their privacy in this day and age is to be welcomed.

But as with any journy each step hopefully takes you closer to your destination.

The problem is of cause whilst the SigInt agencies wish to be covert and generally have in the past ignored some of the things that people do like gambling. Which people in other countries are much more free to do some other nations take a different view, or atleast their law enforcment agencies do.

It’s not been unknown for both the FBI and the NY DA to swat-team people in their homes over not even illegal activities, just to put preasure on them to illegaly “co-operate” with them.

For instance a few years ago a software developer had his house swatted by the NY DA who made it clear he would do it again and again untill either he got the software developers “illegal co-operartion” or he found some way to lock up the developers family to get the “illegal co-operation”. The developer after being told by several lawyers that,

1) What the NY DA was demanding was illegal.
2) They were not going to help him fight the NY DA.
3) Have a big bill for the above.

He realised just how corupt the NY DA and his department was, as were most of the rest of the legal profession. That is “Power corrupts and absolute power corrupts absolutly” with the NY DA being absolutly corrupt and the rest of the legal profession being at the very least either in fear of the NY DA or corrupt…

He then kind of turned the tables on the NY DA infrobt of a judge. However the judge just accepted that the NY DA could draw up a contract forcing illegal activities…

With such mentalities in law enforcment and the judiciary, what can an individual do?

More importantly as these people don’t care for legalities is the DoJ/FBI -v- Apple of any surprise? Or how about the FBI paying a US University a million dollars or more to have Tor and other privacy systems anonymity systems broken?

I’m very sure orhers can add to this list.

Thus the question arises of “sufficient security”, I’ve stated with my reasoning why I do not believe that any of the current “secure messaging apps” are infact secure. I’ve even drawn stick from people over it, but the point is as our host @Bruce and others have pointed out your security is only as strong as the weakest link in the entire system. More importantly I’ve told people not only what needs to be fixed but how to mitigate the current and future systems that can not be fixed. And again as our host @Bruce points out in the general case security attacks only get better with time.

Thus there is a race between well funded and well motivated law enforcment entities who are more than happy to commit crimes including almost daily perjury. And on the other software developers who taken on average are not very good at making secure software for just about anything.

Thus to be honest the odds are not in the software developers favour. Which has a knock on effect to those ordinary citizens who quite rightfully want to maintain their privacy from others.

Sadly I’ve also been thinking ahead and I can see that Tor has a long way to go, and I’m not even sure it will be alowed to finish the journy. If you look at UK and Australian legislation where neither country has a constitution or bill of rights it’s fairly clear that they have no intention of alowing people “electronic privacy”. This is a problem because we know that various parts of the Five-Eyes have spyed on each others citizens so that politicians can stand up in their political houses “We do not spy on our citizens” knowing full well another Five-Eye nation does it for them… Thus the question arises, with demands for “better value for money” being pushed at SigInt agencies to get them to open up to law enforcment, and the known deceitful behaviour, how long before the UK is spying on Aus citicens for Aus and the other way around, with “Parallel Construction” being used to cover up purjury by the LEO’s just to up their conviction rate?

Thus my viewpoint is there are a lot more things to be done and less and less time to do them in, and ordinary citizens can not aford to wait because every step in the race effectively sees them falling behind the LEO’s.

But this problem is getting significantly worse from another direction the W3C. They are pushing HTML extensions in HTML5 that are so privacy unfriendly that they can only have been dreamed up by the PPI harvesters like Google, Facebook, Amazon, etc.

Thus in the race the citizens are also being actively nobbled by bot just the W3C but nearly all web sites that insist on cookies and javascript, and will in time insist on more and more of the undesirable extentions to HTML not just in HTML5 but what ever follows.

But also web browsers are not exactly independent of this, try turning anti-privacy features off and the average person can not do it. Google has just stopped anti-add plugins, as many academic papers will tell you adds are the biggest privacy threat there is.

Ask yourself the question “How long before LEO’s use adds to put malware on ordinary citizens devices?” if of course they are not already doing it…

This is the enviornment we have to think about, not tommorow but today or even yesterday. As @Thoth will tell you both he and I have been thinking and we have more steps to add to the journy.

But one lesson to remember was the FBI can and does take over web sites and sends their malware down to all users, not just those using Tor, thus I’m honestly asking myself if there is going to be any privacy soon? Look at it this way, go back and review what law the FBI/DoJ tried to use against Apple, how long before they try using the same law against little web sites? The fact that the FBI pulled out the way they did was to avoid Apple winning and,setting what the FBI would regards as “negative” case law on that old legislation. Which is a fairly clear indicator that they fully intend to use it again…

We may now already be beyond the point where any network privacy/anonymity system can actually give us that privacy…

JG4 January 31, 2019 10:58 PM

Thanks for the great discussion. If I understand correctly, only a few percent of people are susceptible to berylliosis, but it’s a rough way to go. It appears to be a genetic susceptibility. I couldn’t find any evidence that berylliosis causes wounds to not heal, but that at least seems possible.

https://www.nakedcapitalism.com/2019/01/links-1-31-19.html

Big Brother is Watching You Watch

Apple just broke all of Facebook’s internal apps Business Insider (David L)

Google will stop peddling a data collector through Apple’s back door TechCrunch

When ‘Former’ Spies Run Wild Bad Things Happen Moon of Alabama (Chuck L)

Chaos has reportedly erupted inside Facebook as employees find themselves unable to open the company’s apps on their iPhones Business Insider

Attackers Can Track Kids’ Locations Via Connected Watches Pen Test Partners

Imperial Collapse Watch

The Threat That the US Can’t Ignore: Itself Wired (Dr. Kevin)

Gerald R. Ford Aircraft Carrier Suffers Launch, Landing Failures Bloomberg (resilc)

James Evans January 31, 2019 11:06 PM

@ Clive

That’s funny, I was just (re?)reading about the inability to disable Widevine in Chrome plus how the EFF dropped out of the W3C when encrypted media extensions were added.

Further reading about adaptive padding in Tor: “Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning” Adversarial machine learning is encouraged as a possible mitigation but it won’t be as easy as it is with image classifiers.

So of course the attackers have the edge, and it took Tor long enough to add in WTF-PAD. But even though the feds paid CMU a million to hack Tor there is much money on the pro-privacy side as well. Where would you donate your dollars as a biggest bang for buck move to increase privacy?

I’m also wondering about when Australia will issue its first Technical Capability Notices under the new TOLA Act. Word is the powers are already being used.

Clive Robinson February 1, 2019 12:14 PM

@ JG4,

If I understand correctly, only a few percent of people are susceptible to berylliosis

As far as I’m aware everyone will suffer from berylliosis if they get enough BeO inside them. The question is really “how little and how long” before it happens. For some just a one off tiny inhalation is enough to bring it on quickly, whilst others it might take much much longer and they die from some other diagnosis on the death certificate.

It’s why in Europe various agencies decided there was no safe level for BeO, therefore it’s use is heavily restricted, as is it’s disposal. Whilst in the US the view is somewhat different.

Lets just say I’ve had quite an exposure to BeO in it’s –supposadly– safe form in my professional career that I’m more than a little cautious of it…

With regards “wounds never healing” I’ve heard it said about many things even cuts and abrasions in very cold environments. The only ones that I’ve heard of real evidence for is the biologicals, such as the fairly unique bacteria in the saliva of the Komodo Dragon and other “necratising” effects by venoms, poisons or virus that hide in nerve endings waiting for some trigger like stress for it to kick off again.

However that said in theory every organic substance has a catalist that lowers the entropy point at which oxidization becomes self sustaining. I’m hoping there is not one for humans, but the point is that there might likewise be a way to effectively “seal a wound” without the skin growing back. Dioxin for instance can give chloracne, which is associated with certain aromatic hydrocarbons that are highly fat-soluble and end up collecting in the bodies adipose tissues for decades. It manifests by causing blocking of pores with an associated build up of greenish puss.

So the question is are there any chemicals that have a catalytic effect thus tiny amounts required, that can produce a symptomatic response not unlike chloracne?

If there are than that would be a candidate.

bttb February 1, 2019 1:52 PM

From a) https://www.emptywheel.net/2019/01/31/terabytes-of-rat-fu cker-data-trail/ [ link broken to conform with “7 Words You Can’t Say On TV” ( http://law2.umkc.edu/faculty/projects/ftrials/conlaw/filthywords.html ) ; or tl;dr ( https://www.youtube.com/watch?v=kyBH5oNQOS0 ) (George Carlin; about 6:30)) ] :

“We often talk details about the Mueller investigation that should make Donald Trump worry.

And I [emptywheel] think the government’s motion [ https://assets.documentcloud.org/documents/5707673/1-31-19-Stone-Complex-Case.pdf ] to declare Roger Stone’s prosecution a complex case ought to do that.

According to the filing, Mueller’s team has got “terabytes of electronic records and data” from Stone, including a bunch of stuff that doesn’t look directly pertinent to an obstruction case, but might look more interesting given the hints of campaign finance violations in this investigation. Or worse.

I’m particularly interested in this paragraph:

‘It is composed of multiple hard drives containing several terabytes of information consisting of, among other things, FBI case reports, search warrant applications and results (e.g., Apple iCloud accounts and email accounts), bank and financial records, and the contents of numerous physical devices (e.g., cellular phones, computers, and hard drives). The communications contained in the iCloud accounts, email accounts, and physical devices span several years. […] The government also intends to produce to the defense the contents of physical devices recently seized from his home, apartment, and office. Those devices are currently undergoing a filter review by the FBI for potentially privileged communications.’…”

Wael February 15, 2019 7:19 PM

@Faustus,

A few weeks, I won’t forget.

If I were to think of your proposal, I’d structure it further. For example:

Goal – Preserve human dignity:

  • Forgive (when one has the ability to retaliate, otherwise it’s called “cowardice”)
  • Compensate
  • Achieve fairness (injustice is one of the root causes of conflict)

Cost-Benefit:

  • Assure that fair and swift punishment is inevitable. (Implied threat.)
  • Imprison
  • Fine
  • Disqualify from lottery

Method:

  • Understand
  • Root-cause; fix the cause, not the symptom
  • learn
  • adapt

I don’t think either the partitioning or the listings are accurate. It’s Just an illustration. I also did not attempt to enumerate “things” until the classification of “things” is better understood. Hope that’s useful…

Speaking of AI, I heard today that the FAA ordered the grounding of Boing 787 (or 737…I forgot) because some AI component was the reason behind the Malaysian airliner crash. Can’t find a link.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.