Schneier on Security

Clive Robinson • August 13, 2022 12:58 PM

@ name.withheld…,

Re : The names that dare not be spoken.

“Add to the “mix” the oil client state to China…”

Yes it is in my calculus, but at the moment the mear mention attracts much attention by “find and fix” wanting to finish their way under bridge dwelling types, from east of Europe. Which leads to disapprobation and significant cleansing…

The simple fact is the other name that dare not be mentioned, has a sole purpose and cares not a jot how may corpses it takes to achieve that goal. Not that many who would be effected see any advantage to it. In essence they would be swaping a future of prosperity for the drudgery of serfdom without even the benifits if slavery.

What the idiot fails to see is that soon what it wants will not matter because motality has the last laugh. Then there will be a horrendous vacuum that will be filed by yet more destruction. At some point the sotish belief that a potato based spirt brings about past glories in a maudlin fixation will become clear as just a cruel faux fantasy… When that awakening happens it is unclear as to what will unfold. Previous history suggests a desperate search for yet another faux fantasy of past glory and greatness to believe in, as the brutal reality slips even further from their grasp.

It’s hard to believe, but they have every appearence of being a nation where many people want to be downtrodden, and living a worse than medieval existance because “tradition”…

Clive Robinson • August 13, 2022 2:46 PM

@ Winter, name.withheld…,

Hmmm,

ISO 3166 two letter codes gives

RUCNUSUK

Is pronouncable in a rude way 😉

Yup book me a ticket to the fiery pit, I’m probably now on the way to where snow balls have no chance ={

Clive Robinson • August 14, 2022 5:27 AM

@ MarkH, Nick Levinson,

According to DoJ, an entrapment defense must show that the defendant lacked a predisposition to engage in the charged conduct, and that the government acted to induce the defendant’s actions.

At one point it included a broad definition of “capacity” as well, and indirectly still does in a much narrower sense. That is not having previous convictions or related occupation or education is admissable as part of the defence burden. But it also covered the “Agent provocateur” –French for “inciting agent”– i.e. the Officer OR person associated with the Officer by the defendant, provides assistance to cover the lack of “capacity” by the defendent or uses trickery the defendent can not know is trickery (it’s a knowledge, skills, capability test as much as it is a mental competence test which the DoJ has driven it to).

But also in times past it also applied to Police Officers lying to suspects especially minors to gain incriminating evidence or confession. Something that DoJ and similar personnel faught and eventually succeeded in getting removed. Hence the “Write an I’m sorry letter to the victim” and using it as a signed confession trick still works… Hence the advice of why you should never ever speak to an agent or representative of a government agency directly, only through a legal representative.

Also the meaning of “entrapment” varies from place to place[1], it is derived from the early 1500’s French word “entreper” meaning “trap” or “snare”[2]. Interestingly it does not require a premeditated act to create a trap for it to be entrapment, being negligent and not recognising it as a trap suffices[3].

[1] For instance under English law there is no defence of “entrapment” as the crime was committed. It works the other way around, that is the officers conduct is considered an abuse of process thus any criminal case should be “stayed” as the conduct brings the process into disrepute.

https://www.inbrief.co.uk/police/police-entrapment/

[2] It should be noted that the use of “French” words actually gives a historic perspective on how “entrapment” came into law in various states. Suprising to many is that it’s very modern and in a state of flux. Perhaps the most important as far as US Federal case law was by SCOTUS less than a lifetime ago. Back in 1958 they tried and failed to draw a line with,

“To determine whether entrapment has been established, a line must be drawn between the trap for the unwary innocent and the trap for the unwary criminal.”

There are still two “tests” used for this determination which are,

2.1, Subjective test
2.2, Objective test

As both get shoved back and forth all the time you will need a qualified practicioner in the juresdiction you are in to inform you of the “current” definitions and implications.

[3] The negligent aspect is best described by analogy, and one that was in the news yesterday[4] suffices… That is if you design s
a lift with double doors that work in concert by interlock switches or leavers, of one door in the lift carriage, and one in the lift shaft, as is a normal design. But you make the gap or the design alows the gap between them to be to big, such that for some reason a person or part of a person may get caught between them, then if a person is caught they are “entrapped” and you are technically guilty of entrapment even though that was not your intention. It is the act of building the trap even if it was not intended to be a trap and has similar logic to it as does creating an “attractive nuisance” [which originates from the 1841 Lynch -v- Nurdin case in England. The opinion of the presiding judge that a cart left in the street unattended would attract a child to climb on it and the cart owner should know this thus was liable for the injuries a child who did so and fell suffered]. Thus the agent of the Government or person they use is held or should be held to a higher standard than the person being entrapped by dint of their profession, training and learned knowledge.

[4] https://www.boston25news.com/news/trending/residential-elevators-recalls-31k-home-elevators-amid-child-entrapment-injury-risks/C74TO2MU7ZCBJOHDCLDVUAZUFU/

Clive Robinson • August 15, 2022 4:21 AM

@ ResearcherZero,

Re : Linux file handle garbage collection.

This issue with “Garbage Collection”(GC) is much more general than this file handle issue and has been known about with garbage collectors for years.

The upshot generaly said is,

“Don’t use Garbage Collectors”

With the implication being to use refrence counting instead…

When they say “Garbage Collectors” what they are actually talking about is the “Mark and Sweep” process and it’s issues.

Basically what they are refering to is the sometimes horiffic

“Stop The World”

issue that “Mark and sweep” garbage collectors have which grows to some power law of the used heap memory. The stop the world happens because you have to have non volitility / consistancy during the “mark and sweep” otherwise memory leaks occur. Which tend not to show up in “user applications” but do show up in “server applications” when the “trip and fall”.

But the “stop the world” problem actually shows up in both user apps and servers these days and can be quite shocking when it does. For instance First Person Shooter games have the bad habit of stoping with a muzzle flash… Web browsers drop pages or just crash. Because some user apps use memory at an extrodinary rate and the programers go about doing it the wrong way. Others such as Web Browsers actually try to become Operating Systems for the user, and those developing them don’t realy have OS Develipment experience.

But the most used altetnative to Mark and Sweep GC is Refrence counting GC which also has it’s problems (cycles) which you can lookup.

Some time ago somebody decided to hybradize a garbage collector to use both “mark and sweep” and “Refrence Counting”… The result is it still has problems, just less obviously so.

One problem that is going to realy hurt in times to come with GC is in a parallel processing environment, every bit as much as it currently does with RTOS systems, where the general advice for GC is either,

“Design it out, or Do it yourself”

Where “design it out” is the most preferable.

The thing is garbage collection in high level languages is like a lot of things “An abstraction nicety” that,

“Breaks hard and hurts badly”

They are put in to take the workload off of ‘not so good’ or lazy programmers. As such it’s a disaster waiting to happen and usually does. Because a language does not know the programers intent so is a “one size fits all” solution that is guarenteed to be inefficient, ineffective, and snag/blow up as things scale. Thus the solution…

“Actually know what you are doing and do it appropriately”

The problem is because GC is conveniently abstracted away, next to nobody has any real experience with then. GC systems are “Like the paving slabs beneath our feet, we generaly do not think about them untill we trip and fall”.

You can find discussions on GC in what the legal profession call “Learned Journals”.

But… One such article, from IBM Watson labs by David Bacon et al[1] makes the point that in fact fundementaly both the Mark and Sweep, and Refrence Counting are the same… The conclusion being that neither is perfect and you should thus chose on your “resource costs”.

Which has led to some GC’s adopting a “divide and conquer” approach in that rather than “mark and sweep the whole heap” you divide the heap up into small segments and mark and sweep those individually. That way the “Stop the World” issue gets broken into small pieces that can be dispersed in time. It’s kind of like the notion of “process space” in “process space”.

Some years ago I wrote a Stack Based environment for embedded systems. I decided from the get go to use not just refrence counting but indirect pointers via a base stack pointer. Primarily as microcontrolers tend not to have Memory Managment Units(MMUs) so doing VM had to be done via refrence to process or thread “base pointers”. Once you have to do things that way, other things have to follow. Hence it’s up to you “To turn the sourest of lemons into the sweetest of lemonade”… It turns out that in effect you make GC easier because of it because you get “micro heaps” almost for free.

I fully expect GC to keep coming up as a problem subject long after I’m gone, and in all probability long after all the current readers here now are gone… It’s just one of those things.

Oh and it’s not just “memory that leaks” when you get it wrong but “security leaks” as well either directly as with malloc() / free() issues or indirectly through time based side channels that an attacker can induce. Which is a consequence of the “Security -v- Efficiency” issue I mention from time to time here and other places.

[1] “A unified theory of garbage collection” : David F. Bacon, Perry Cheng, V.T. Rajan : IBM T.J. Watson Research Center, Yorktown Hights NY 10598.

A copy of which can be found at,

‘https://web.eecs.umich.edu/~weimerw/2007-415/reading/bacon-garbage.pdf

Clive Robinson • August 17, 2022 6:11 AM

@ JG4, name.withheld…,

Re : George Carlin comment abd Security.

The observation of,

“It’s not in their interests to have a nation of critical thinkers.”

Raises two obvious questions,

1, Who is “they”?
2, Why is it not in their interests?

The first or “they” question is perhaps the most vexed one, but once understood almost implicitly answers the second.

Basically after analysis and abstracting out behaviour commonalities the result is the “they” are those that are doing most harm to society and can be seen as “the self entitled” who have very “short term” or “fast” attitudes to work and life. Which is why they are not just a major security risk[1] but a positive danger to society as well.

So the “they” boil down to those who have aberant overlaping mental pathologies most of which are considered incurable but heritable (genetic).

Depending on who you listen to the list includes some or all of,

1, Narcissism
2, Sadism
3, Psychopathy
4, Machiavellism
5, hypersexuality
6, Beliefes of entitlement
7, Fast lifestyle
8, Prediliction to dangerous behaviours.

It needs to be noted that the latter half of the list are “symptoms” of the first half and increasing evidence suggests the second quater are actually not heritable so not genetic.

But with a “hawk” generally exhibiting some or all of the above, with the exception of Machiavellism, against a more general “Dove” population you can see why the Hawks might not want an educated Dove class.

Further Machiavellian behaviour does however have a strong correlation with intelligence and the ability to learn (high functioning) with the desire to be more covert than overt in their base behaviours thus more successful in aims and duration. Such high functioning individuals would not be overly concerned about “critical thinking” Doves. In fact they might view them as being a spice to test their métier.

Some, thinking on the matter, suggest that these dark traits that are heritable are a form of perverted evolutionary mating advantage. So have given them several names in the past as the views refine, one of which is “fast-life”, another the old “Alpha-male”. Basically behaviours that favours the creation of many offspring but taking reaponsability over none of them. Thus favouring quantity over quality, which is not the way for the majority of humans.

The main problem for society is the fallout or side effects of the “fast-life” behaviours. They are generally not at all good and lead to “short-life” behaviours like smoking, drinking, drug abuse, sexual abuse, and sleep avoidance thus hypermania. As these traits tend to require significant funding this leads almost inevitably to fraud and other forms of significant criminality. And worse the fast-reward driver leads to very poor impulse control thus often agression and violence, which can be made significantly worse by the sadism trait. It has been suggested that nearly all “hit and run” and other speed or dangerous driving behaviours are committed by those with a “Dark Triad” base. Likewise apparently sensless public violence, and Troll behaviours.

Whilst these people are nolonger considered in the main to be clinically insane, they do represent a very significant risk in society, especially in hierarchical structured organisations.

The result being that most US corporations and government agencies tend to have these people as the top levels of the hierarchy… Which might explain the neo-con predlictions for behaviours that make “slash abd burn farming” look ecologicaly sustainable in comparison.

What becomes interesting is the rapid rise of the dark triad since Thatcherism and Reaganism of the 1980’s that saw the rise of,

1, Greed is good
2, Generation Me
3, Generation Entitlement

In successive decades. As the old name of “Alpha-male” suggests these traits were originally mainly seen in men, but it has very rapidly made an appearence in women since the rise of,

4, Ladette Culture.

It’s been suggested that this is due to birth control. In the past fast-life behaviour in women would have been curtailed in many ways by the birth of a child, and each successive child would have redduced it even further. Remember even in the 1980’s and 1990’s women were being istitutionalised on spurious reasons and sterilized compulsorily “for their own good” whilst others were made subject to brain structure damaging treatments including but not limited to electric shock treatment and direct nurological surgery such as lobotomies, enough of whom died as a result that such treatments are looked on even in the proffession as medieval torture.

The basic heritable traits of narcissism and sadism are considerd to be “genetic” or “nature”.

Whilst for psychopathy there is increasing evidence it probably results from physical or chemical “insult” / injury during brain development and later[2].

Which leaves Machiavellism, which is currently seen as being as a result of high functioning sadists and narcissists learning to be less direct so less obvious in their behaviours thus it is regarded as “learned” or by “nurture”.

The main point is that in the US and UK without doubt these traits are significantlt on the rise especially in women. Thus the question of “Why?” is one that is ununswered and desperately needs answering fairly rapidly.

It also takes very little follow on thinking to see why “they” should be considered the number one insider threat to security, and a major threat to the safety and continuance of society as we currently know it.

[1] Some may be tempted to draw conclusions based on large quantities of highly classified documents being “recovered” from dusty corridor cupboards this week by the FBI. You might not be wrong to do so, we would need further evidence to be certain, and that evidence is generally not something that becomes directly public except during trials.

[2] I’ve mentioned befor “the sporting link” where head contact sports are now known to cause brain injuries that increasingly bring out the behaviours associated with psychopathy. And at autopsy it’s been shown that there has been structural brain damage.

Clive Robinson • August 17, 2022 8:56 AM

@ Winter,

“But some people only want to be higher than their neighbors, even if this means everybody is lowered.”

Ahh,

“The idiocy of status”

I’ve mentioned it before with the “usefull idiots” that fill the court in the “King Game”.

Thay would chearfully vote to forgo all the benifits of modern society where we live nearly twice as long, healthy and mainly comfortable lives, with education (and in the UK quite often lack of religious nutf4ckery). To sit on a horse riding around spitting on those they force to grovel in the soil…

Such is the price of opening the status gap. They know that in any functional modern society that wealth and power nolonger bring the sort of status they crave.

The reason, next to nobody wants to lead mean, short, brutish lives even those with much wealth and power generaly realise that their wealth and power from which the gain the control they desire, would not exist without a modern economy generating it. Which in turn requires an active economy with significant churn. You do not get economic churn let alone growth if you do not have wealth generators, and those grubbing around in the ground rarely generate anything like wealth.

In the mediaeval period excess weakth over income from a pleasant was on average less thsn 10% and they had no actual disposable income.

In a modern society more than 50% of what an individual earns goes to central and local government. However untill this century most had about 25% of what remained as disposable income, which is what caused the economic churn and growth not just of wealth but society.

You can see why the sobriquet of “idiot” applies to those seeking status… In fact we tend to joke about them being “Z Listers” amongst other things.

Clive Robinson • August 17, 2022 3:32 PM

@ &ers,

Re : NHS 111 Cyber attack.

I’ll have to do some checking but the part of the NHS 111 service they are talking about is one of the only bits left of the Worlds largest Failed ICT project… “NHSnet” that I mentioned a week or so back[1].

If memory serves correctly the part being talked about was done so under BT when our host was working for them.

As far as I’m aware @Bruce was never involved with NHSnet… which by the way has become a case study in it’s own right of how not to do major ICT projects.

But the checking will have to wait due to “natural events”,

https://www.bbc.co.uk/news/uk-62574134

We’ve had next to know rain and regularly had tenps above 30C which had thoroughly dried the surface like concrete. So rather than “soak in” as we need, it mostly has become “rin off” causing major flooding. I have been tempted to get the canoe out but my damaged rotor cuffs would put me at a disadvantage compared to just half a decade ago.

One thing all the rain has done other than flooding everywhere is suck the temprature down from over 30C to just about 20C which now feels positively chilly. Oh and the bad smell… Roads have something like eight weeks of dead tyre rubber and exhast smuts on them. The rain has washed it along in the process making a rather unpleasent dead chemical stink.

Hopefully you are enjoying better weather where you are and things are quiet.

Something tells me that selling that T34 to some crazy collector would be a good idea 😉

[1] It came up in regard to a comment that I think @SpaceLifeForm had linked to where someone talked about a software Crypto system protected by Triple DES that was installed on PC hard drives. It was from the civilian side of GCHQ known as CESG and was the little brother to Rambutin which was another cipher but using custom network chips. Both were used to supposadly protect “NHSnet”…

Clive Robinson • August 18, 2022 2:41 AM

@ SpaceLifeForm, ALL,

Re : The passage of thought over time.

“Now, nearly 9 years later, I am not sure that Bruce would still completely agree with his 9 year old self.”

I actually don’t think our host implicitly agreed with it back then.

One of the things this blog has done is changed the way our host thinks on many things. It sometimes takes a whill but you will see things said on this blog that he has obviously read and thought over.

It might also be a shock to him to realise what is obvious to others, that what he says publicly is like the wake of a ship. His thinking is some distance ahead in it’s journey, what we hear he has thought through, checked and thought through again. And is thus most probably true of that time when first thought off weeks or months ago.

Look at it this way, what a Professor teaches undergraduates in his classes, is established science, not what he is researching in his lab and working his way through, that he might talk about to those working on their PhDs.

One of the things we see with regards journalists is they in effect have two sources of comment. The first comments factually and without speculation, which appears dull. The second type are those who speculate and don’t see commenting factually as important.

I think I’ve made comment in some depth before when talking about “secure messaging apps”, lets say it got a little heated but eventually people started to think it through and realised I was not speculating, I could clearly explain what I was saying, that I was speaking factually and compared to others rationaly.

The simple fact was my thinking on the subject had been done several years before “secure message apps” became a “thing” as I’d spent time some years before hand mulling over “Why Johnny Can’t encrypt”[1]. Not just from the “user perspective” but what it realy ment for OpSec of a “system” of which an encryption program would be just a tiny part[2].

[1] From the 8th Usenix Security Syposia all those years back (it’s the 31st in a couple of weeks). It’s still what I would consider fundemental reading for anyone thinking about putting cryptography in a product, where users will have to get their hands in to change the oil as it where,

https://www.usenix.org/conference/8th-usenix-security-symposium/why-johnny-cant-encrypt-usability-evaluation-pgp-50

[2] As it happens I’m still thinking about it more than half a lifetime later. With two problems that at first appear as apparently unimportant to the task of the system but turn to be absolutly fundemental and the bed rock on which everything else is built[3]

[3] The two fundemental system problems that just won’t resolve themselves for “Anonymous End to End Encryption”(AE2EE) occurrs with every usage when both parties are mobile devices and are,

1, An Anonymous Rendezvous Protocol.
2, An Anonymous way to securely establish a “root of trust” without using PubKey or secure side channel.

Why do both have to be Anonymous? Well if they are not then you can show it’s not “End to End” but through a Man In The Middle who then knows who is speaking to who.

Take “Quantum Key Distribution”(QKD) it’s a point to point protocol still currently. Whilst building the OTP is secure and dors not require a root of trusy, the fact the locations are hardwired-in gives away a lot of information which is undesirable, such as who both parties are and where they are now and have been. Thus can be correlated with other DBs to identify both parties beyond reasonable doubt.

Soon we should be able to do QKD securely via “switched” systems, which will rob a third party “Eve” from finding which two parties are talking to each other and building a root of trust (a thought I would not have agreed to just a year or so ago, and infact an argument I used against QKD for some years).

Thus solving the second issue of the two issues anonymously [Which is surprising as technically it looked like the harder problem to do remotely, as previously it was not possible to set up “a remote secure channel to exchange a shared secret as a root of trust” as a remote secure channels could only exist via shared secrets…so “Catch22” or “turtles all the way down”.].

But the Anonymous Rendezvous problem remains and is intriguing to put it mildly.

Basically to find something you have to “search for it”, it sounds obvious when you think about it, but we very rarely do, and almost never think about the implications.

One way to search is “exhaustively” that is for you to “knock on every door” present your “search key” to the “door keep” and ask if it matches.

Another search method is to have standardized “search keys” and for every house owner to be listed in a directory along with all valid search keys. You then go to the “keeper of the directory” who holds the directory and you give them your search key and they run their finger down the directory, and if a match is found gives you the result.

The problem in both cases neither you nor the search key you are using can be kept confidential one or more parties become aware of both. It is an ideal “Man In the Middle” attack of which authorities have been cognizant for centuries and they jealously guard that privilege unto themselves for not just the power but control it gives them.

But how do you solve it in the modern era when both parties are of no fixed location and continuously mobile?

The only solution we have currently is based on the idea of a central directory that both parties have to not just consult, but continuously update frequently. Such a system as stated is impractical as it can not scale. So the current solutions work on the notion that location changes are local, thus you only need to update your local part of the directory thus a hierarchical tree of incressingly older pointers exist and your search begins locally and if your search fails moves up a layer untill a pointer is found, then the search walks down the pointers to find the freshest pointer. This is how the DNS and mobile phone networks do it. The problem is,

1, It is in no way anonymous to those involved in the search.
2, Every step in the search reveals who you are searching for by unavoidable meta-data to any observer no matter how you try to encrypt the search key.

I won’t go into the details but you can not make the search key anonymous except with a shared root of trust between both parties, but you can not get that without having solved the root of trust issue.

A seamingly Gordian Knot of interwoven spirals of infinite regression.

Clive Robinson • August 18, 2022 5:05 PM

@ lurker,

Re : Not the cat’s meow

“My reporter says the victim is now supping up large on paxlovid.”

Apparently it has a “dead cat bounce”[1] issue in four out of ten (does not say if it’s “New York fat cats” or otherwise 😉

Apparently the US face of C19 and the current Pres have gone boing,

https://www.webmd.com/lung/news/20220630/fauci-paxlovid-rebound-worse-symptoms

That said in the “unvaccinated” it’s claimed to have a just under 90% ability to keep them out of hospital or off of ventilators etc. Others are saying that in the vaccinated little or no efficacy and possibly harmfull… (I’ll let people look it up and read the accrued medical evidence but even it’s manufacturer has said as much…).

The trouble in the UK, by the time you get a Dr’s appt these days to get a prescription, it will probably be “to late” to be of benifit anyway…

[1] Originally a sarcastic term from the US finance industry as Wikipedia notes,

“a dead cat bounce is a small, brief recovery in … a declining stock. Derived from the idea that “even a dead cat will bounce if it falls from a great height”, the phrase …, is also popularly applied to any case where a subject experiences a brief resurgence during or following a severe decline.”

Clive Robinson • August 19, 2022 5:02 AM

@ &ers,

Re : Mercury Rising

<

blockquote>”Currently i envy you – as we have here again a heatwave,”

<

blockquote>

The flash flood rain stopped yesterday. At not yet 9AM in the UK this morning the thermometer here said 26 in the coolest room… I predict that if the cloud cover clears and it does not rain it will be back up to 30 or higher outside in a few hours…

This time though it will be “broiling not baking” as the way of cooking… As the 90mm of rain fall water steams off.

It’s these fast weather changes that are the signifier of GW… Not that it gets hot in Summer, though year on year the temp range is bot just increasing but rising as well which is another indicator. The problem that most first notice is traditional water managment can not keep up…

A sad statistic, on average people use 11lt or 5.5 times the amount of water they drink in a day… Because they leave the tap running for all the time they clean their teeth, around 4-7mins a day. That’s the equivalent of two toilet flushes… Likewise showers… It is posible to have a “Navy Shower” and use less than 2lt of water to get compleatly clean you can even heat the water with sunlight in the winter…

How we live within our environment kind of defines us…