Schneier on Security

Clive Robinson • June 7, 2025 4:31 AM

@ Bruce, ALL,

Mass layoffs blaim Tax Code 174 change

Put simply in the US 100% of R&D costs could be written off in the year they occured untill 2022.

A single line tax change made it 5 or 15 years in the previous Trump administration with a time delay.

All prospective R&D got the “slasher treatment” and only R&D that was essential remained and is still getting trimmed back and with it US Innovation.

Most of the Mega Corps used that tax break to in essence pay no tax as nearly all employees and costs were in “development” or “research”.

It does not matter how much new income even a short term development might bring in, it will get starved of resources and jobs will go.

But an R&D job has other jobs supporting it… They too loose their jobs as the much over hyped “trickle down” effect likewise stops. Then there is the loss of charity and other funding of arts and culture, it all gets starved of donations etc and jobs go…

https://qz.com/tech-layoffs-tax-code-trump-section-174-microsoft-meta-1851783502

There are three questions that arise,

1, Can the change be reversed?
2, Will it be reversed?
3, Will the required tax balancing have similar effect?
4, Will the jobs come back any time soon?

The answers are,

1, Yes,
2, Probably not currently,
3, Very definitely,
4, Most likely not.

I think people can see from that, that US Innovation has in effect been given the “teen slasher flick” treatment, and as a result now US society is getting the “zombie plague” effect.

People might want to look into why the change to 174 was made, ie what it really funded… It’s not really mentioned in the article but it’s not hard to look up via the bill name/date and MSM Articles from the time.

Clive Robinson • June 7, 2025 6:32 AM

@ ALL,

I forgot to mention there is a more recent paper,

https://www.cl.cam.ac.uk/~mgk25/emc2024-coherent-demodulation.pdf

Put simply all EM signals have both amplitude and phase.

Just looking at “amplitude” misses not just a lot of information but it also distorts what you display. Because when signals of stable amplitude but different frequencies get added you get an amplitude waveform with significant peaks and nulls.

Pulling out the phase information using Coherent demodulation (think FFTs Walsh Transforms and cosine multiplier demodulators and channel bank receivers) allows for this to be corrected and the two signals separated out.

Back in the 1980’s when I used to do my own research on my own time and dollar there was not the computing power available even with DSP chips to be able to do things like this. Now however you can “do it on a laptop” and people do.

Clive Robinson • June 9, 2025 5:55 AM

@ lurker,

With regards “spectrum usage”.

We have the need to send more information wirelessly as “wired communications” be it by copper or glass is expensive and inflexible and is rapidly becoming “backhaul only”. Also there are very many issues to do with crime and conflict with “wires in the ground”.

Due to “history” the world is divided up into “ITU Regions” and various nation states long before this gave their armed forces and guard labour vast swaths of spectrum as “Primary Users”. With each nation deciding irrespective of others where the military could “do their thing” spectrum wise.

A classic example of this was France, it’s military frequency bands just happened to be where all other European Nations decided was the only viable place for GSM mobile phone communications. It got to the point where some French boarder officers were confiscating then very expensive mobile phones or even arresting people.

Since the UK “actioned off” radio spectrum to Mobile Phone companies the problem has only got worse. In part because Governments saw “Spectrum Auctions” as “Free Money” but also because older users would not die… An example of this is FM Broadcast in “Band 1 and II” covering just 67-108Mhz (4m-3m wavelength bands). There was a political edict that it would be phased out and replaced with the joke that is “Digital Audio Broadcast”(DAB) by 2000 (then with more missed dead lines). DAB uses frequencies that some have portraid as “stolen from the military”. But the bands are “awkward” being Band III 174-240MHz and L-Band 1452-1492MHz. DAB has had just about zero take up except where “political strong arm” techniques are used and even giving away DAB radios failed to work… Nobody want’s DAB hence some say it stands for “Dead And Buried”. In fact more take up has happened with spare audio channels in “Digital Video Broadcast”(DVB) (also called “FreeView” in some places). Where the audio quality is higher and as most non city dwellers have a TV antenna “on the roof” already get much better reception.

Oh the thing about L-Band is it’s also used by “Global Navigation Satellite Systems”(GNS), Amateur Radio and other users. Lets just say that certain US Commercial Interests are petitioning very hard to use L-Band and worryingly the “guard band space” around the GNSS frequencies…

So back to the problem you mentioned… The US military in one ITU Region visits another Country in a different ITU Region and their militaries are not aligned (see NATO and Radio and similar interoperability)…

It’s A pre-made recipe for disaster and all to easily seen well in advance.

I can tell you now that NZ citizens have already lost, due to US “Might is Right” thinking. It should not be that way but the US considers Autonomy for it’s self only, and every one else are “subjugated”…

If you doubt this go and look up the FBI and Kim Dotcom… It defies reason and logic, but is explainable in other less palatable ways.

Oh and remember it is well known the NSA runs NZ’s SigInt agency the Government Communications Security Bureau (GCSB) “technical assets” and has done since the 1960’s if not earlier with the setting up of the original 5-Eyes enabled by the BUSA agreement started from Bletchley Park during the latter half of WWII.

Clive Robinson • June 11, 2025 6:51 AM

@ ALL,

For those that are curious as to why I was performing,

“A test of an AI assisted search engine for new academic articles on…”

In part is the very deliberate enshitification of Google and why I stopped using it well more than a couple of years back[1]. Likewise other search engines and why I rarely look at “first page results” on all search engines[2].

But today this,

https://kaveland.no/posts/2025-06-06-library

Brought it back into my mind with a thump.

I used to work in a University and had a lot of contact with students and librarians. I was known to be able to “ferret out useful information” very rapidly so the “process of recommendation” got me more and more skill honing practice.

[1] Looking back it’s amazing I stuck with Google for so long, I guess proof “frogs can be boiled”.

However it was my turning off of JavaScript and similar nonsense that Google insisted I use was the final straw, and I guess from their point of view I was “a rat jumping ship”. Because from my point of view I’d finally realised Google was seriously settling low in the water on what looked like a “one way trip to the bottom”…

[2] I used to have a “fast filter” trick in that I would “mouse over and hover” and actually read the URL. If it was not “subject related” I did not click on it. Likewise if the domain name looked odd, I did not click on it. Or if it “felt hinky”. It’s a “sixth sense” that is worth cultivating as it can save you a lot of effort and if you pay for it as most mobile users do “data usage” as well.

Clive Robinson • June 12, 2025 6:49 AM

@ not important, lurker, ALL,

With regards,

“AI’s impact on the working world”

When it comes to current AI LLM and ML models, its actually still a lot
more hype than substance. With tests showing the “claims” are either false or the tests rigged in some way. With Apple releasing more “it ain’t so” news.

But consider is that really surprising?

As the investment billions keep being sucked in, the actual deliverables get shown in reality to not even be close to the promises and claims from those with their grubby mits out for more cash to burn.

(Mean while it appears it is not just Microsoft killing data center deals, it appears China’s halls of AI are not doing very much of anything other than burn electricity)

ARStechnica are trying to “occupy the middle ground” or as some might say “Getting increased bum cleavage from sitting on the fence” over it,

https://arstechnica.com/ai/2025/06/new-apple-study-challenges-whether-ai-models-truly-reason-through-problems/

My viewpoint is,

“It’s not even close to the promises and I doubt piling more and more technology on the heap will help”

Though as you read through the article, you will see one current AI LLM system proponent claims it’s in effect a lack of token width which implies shovelling on more megawatt furnaces on the sides…

However it looks like the “radius issue” is biting in, that as we’ve seen for some time,

“Just adding more is limited by a power law”

Also called “the law of diminishing returns” it’s something a lot of “new tech” goes through, as has been seen with “Quantum Computing” (That IBM have indicated they have a fix for…).

On a more pessimistic note Garry Marcus has sloshed a bucket of cold water on the grubby mit hypers,

https://garymarcus.substack.com/p/a-knockout-blow-for-llms

But like me he is not Anti-AI we’ve both been in it one way or another since last century. In my case it was expert systems, fuzzy logic and Robotics back in the 1980’s when reasonable compute power was a bunch of 8bit home computers on an ad-hoc network made from their serial ports (think of it as like ethernet but only at 9600b/s).

We are both being realistic on current LLM and ML systems, and the actual harm the hypers are doing to AI in the more general sense. The fact is so much money and other capital have been poured in for next to no return is going to have future blow back that is utterly predictable.

But a simple notion to consider,

Any logical problem can be solved with a multi level tree diagram. The problem is that the number of branched paths needed goes up as a minimum of 2^n for each level. The solution however tends to go up in a linear relationship with the number of levels. Thus a problem with a depth of 5 has only 32 leaf nodes. Double the depth and it jumps to 1024 leaf nodes, double again and you get to over a million leaf nodes. But you also have to fill in all the intermediate nodes as well so effectively double those numbers.

Reasoning is the ability to short circuit the process, that is get to the right leaf node without having to build the rest of the tree that is effectively wasted work. The better your reasoning the less work or in the case of LLM’s resources such as GPU’s, Memory, Power, and of course distance and the involved speed of light constraints.

Clive Robinson • June 13, 2025 6:35 AM

@ Stoned Howler Monkey, ALL,

With regards,

“SmartAttack uses smartwatches to steal data from air-gapped systems”

I was wondering when another portion of “re-boiled cabbage” was going to be extruded from “Ben Gurion University” by “Mordechai Guri”

A little history, the basic attack of using sound as a “carrier frequency” for a covert side channel to exfiltrate information was actually first “publicly published on this site” back when people were being rude about “BadBIOS” and basically showing their ignorance of the physical world.

If you search this site for BadBIOS my name and the name of @RobertT you will see the discussions we had about it and the results of an experiment I carried out over a weekend.

Both of us had actually tried using sound to carry data from computer to computer back in the 1980’s like an acoustic modem, but as an extension to using audio cassette recorders for storing data that was common in “8bit Home Computers” at the time.

Obviously when using audio frequencies below 15kHz it would be extremely annoying to people using it and around them. However the quality of “moving coil” speakers and microphones in computers or home audio equipment of the time was basically crap and trying to use them up around 18-20kHz was not very effective at all. It was also cumbersome requiring careful positioning of mic in relation to the speaker.

Which is why most design engineers of the time as PDA’s became a thing was to use IR diodes[1] of the form used in TV remote controls.

However in the intervening decades the quality of audio in Personal Computers improved, and more importantly the 32bit CPU’s in laptops had sufficient power to do “Digital Signal Processing”(DSP) in “Real Time”(RT). But as importantly in laptops moving coil transducers were nolonger used and ceramic / quartz and similar devices in quite small packaging were and if you could turn off the DSP filters in the AC97 chip set could quite happily work above the average adolescent or adult hearing range.

There was considerable comment from the non hardware engineering crowd about it being impossible, but I knew that not to be the case, hence my little experiment.

I however was still being told I did not know what I was talking about by various “vested interests”.

Then a couple of students did almost exactly the same as I had done but in a University corridor, and had got their paper “rush published” and all of a sudden all those it can not be done types were suddenly experts having read it…

The whole episode was laughable especially when I pointed out we should stop using the out dated “air gap” expression and replace it with the more accurate “energy gap”.

Any way Mordechai Guri saw it as an opportunity to publicise his “institute” that at the time was split between Germany and Israel.

And ever since he has been drumming up publicity by using the same underlying covert channel mechanisms with the latest tech or tech it has not yet been done with.

All you really need to be aware of is basic physics and how energy is moved by primarily conduction and radiation[2] and how work is always inefficient thus the “waste energy” has to be transported away, and how that waste energy can be “modulated” or have information impressed on it that then gets carried away with it outside the box in various ways…

A faraday shield made with copper coated soft iron sheet might reduce both the Electric and Magnetic components of an EM signal. But it is really very bad with both acoustic, mechanical, and thermal energy. Thus if you want security you have to manage them as well. As such this sort of engineering is not taught from the “Security Perspective” and why I’m confident ” Mordechai Guri” will have plenty of fresh cabbage to reboil over and over.

Also if you understand the issues involved, why you will know that half the “recommendations” made in the “Beeping Computer” article are either wrong or ineffective.

One specific that “gets my goat” is the “masking by noise” that always comes up… It does not work because the attacker can use “Low Probability of Intercept”(LPI) techniques in a reciprocal way.

A classic example of doing this was Matt Blaze and his “JitterBugs” paper,

https://www.usenix.org/event/sec06/tech/shah.html

And well worth the short time it takes to read.

Annoyingly it was something I was only to aware of quite some time before from experiments I had done in my own time and at my own expense. But unfortunately I was working for a “defence related” company so they said No and threatend the use of the UK DORA and OSA legislation. However once Matt had published it was out in the public domain and could be talked about more or less with impunity.

[1] For some reason most design engineers do not think about the reciprocal nature of LEDs as “Photo-diodes”… I once shocked @figureitout by describing how easy it is to use them as a “covert channel”. Because these days most microcontrollers I/O pins are “universal” in that they can be configured in software as basic Parallel digital I/O or analogue I/O. Which means that you can take what the designer regarded as being Parallel Out to drive a front panel LED and just by changing the software so it’s Analogue in use it as a “photo-diode”. You can multiplex this at a high enough rate that the LED still glows but at reduced output, but it also increases the sensitivity of it as a photo-diode. Shine a modulated laser diode at it from a window from across the street using a telescope and all of a sudden those glass walled data centers visible from outside become a security breach…

[2] I have also worked out ways to do it with convection or what some would call Delta-T/t methods where doing work causes increased heat that has to be taken away from sensitive electronics. Whilst you can use passive IR or FLiR cameras you can also just listen to the fans or heat pumps that to be “efficient” spool up and down with the increase and decrease in work. It’s just one reason why you will hear me go on about “Efficiency v. Security”, something that applies to all aspects of computing in oh so many ways, and is responsible for most if not all covert channels in consumer and commercial ICT equipment. But I was not the first to think about the sound of moving mechanical items. Back after WWII and untill the early 90’s many cipher machines were mechanical. If you stood near one you could hear the “secret key” as it changed the stepping etc of rotors and similar. Tony Sale who rescued Bletchley Park worked in MI5 along with Pete Wright who went on to write “SpyCatcher” in the early 80’s. The front part of the book describes “technical spying” techniques and you will find a section describing “jumping the hook switch” in a telephone that had been put in the “Crypto Cell” at an embassy in London to turn it into a surveillance microphone, that could hear the mechanics of the crypto kit in use, and this audio got forwarded to GCHQ to very much reduce the effort in “breaking the key”…

Clive Robinson • June 13, 2025 11:01 AM

@ Bob Paddock,

First time I’ve seen the TR2003-35 document, but just reading the introduction is almost semantically the same as I’ve written above and what I wrote to @figureitout.

Like many other embedded system hardware engineers I knew about it back last century, as you note people were publishing about it in the 70’s and I and many others were using it to reduce BOM and get a form of networking for free. So how they got a patent on it in 2005 kind of says more about the failings of the USPO than it does about the originality of the idea.

With regards,

“Someplace in the deep dark places of secure systems, there is an LED power indicator flickering at 2400 Baud…”

Let me tell you a funny story of a high level NATO Crypto device designed in the UK as a “British Inter Departmental”(BID) Telex line encryptor…

Crudely it was a stream cipher that used the equivalent of a LFSR but the feed back was not linear (ie XOR based).

Well it had a LED on the front of the rack mount unit, that flashed in an odd sort of way. As I had access to the repair documentation I looked the CCT-Diag up… Yup some plumb had connected the LED on the shift register feedback line… So in effect the key-stream was being displayed on the LED…

As for,

“Attack on Digital Microphones Using Pulse Density Modulation…”

It’s rather to be expected, it is in effect a 1bit sampler. The output of which when fed through a low pass filter or integrator will give you the analogue signal. The harmonics of a fast edge clock can go up into the low microwave bands these days, but I still find 250-500MHz is the best compromise in terms of antenna size and directivity for this sort of side channel grabbing (it works with quite a few TRNG circuits as well).

Speaking of “random” my goat got got again with,

“we propose a new hardware defense based on clock randomization.”

I really do wish people would stop with this… Some years ago I pointed out that adding “jitter” to clock signals actually can make it easier to synch-up to the wanted signal and reject other unwanted signals.

The example I used was the LFSR used to “whiten” PC clock harmonics by “spreading the energy”. The problem is that itcwas in effect a “Spread Spectrum” system so sort of worked as CDMA does in that get the “code offset” right and your wanted signal comes up significantly against unwanted signals. So the “hide the sensitive PC in a group of non sensitive PC’s –a recomended security trick– was ineffective at best.

Put simply with computers,

“Ther’s no such thing as truelly random”…

Which means it’s deterministic at some level and that can be synced to, to lift “the signal from the man made noise” (QRM).

But also the use of an FM discriminator is “suboptimal” especially if it’s a “slope demodulator”.

Back in the 1980’s I developed a highly linear “Pulse count demodulator” in digital (74 family) circuits for testing transmitters and the like.

In essence for each “zero crossing” it output a single pulse from a high stability XTAL oscillator that then got ‘integrated’. The cheap version used a low pass analogue filter. The expensive version used a digital “up-down counter” as a “follower integrator” that output into a Digital IF I’d developed that fed directly into a DSP chip.

Clive Robinson • June 14, 2025 7:52 AM

@ ResearcherZero, ALL,

My views on UEFI have been posted on this blog as long as it has existed.

My latest just a few days ago, in the above comments,

https://www.schneier.com/blog/archives/2025/06/friday-squid-blogging-squid-run-in-southern-new-england.html/#comment-445872

But the acid or litmus test question still is,

“As UEFI provably does not benefit the user… Who does it benefit?”

The answer to which goes vack a decade or so before the “Fritz-Chip” was named to show “the guilty parties”. From,

https://academickids.com/encyclopedia/index.php/Fritz-chip

The Fritz-chip is a nickname for the hardware component of a software-execution monitoring system. It is sometimes meant derisively by those opposed to digital rights management (DRM) in a trusted computing context. It was named after former United States Senator Ernest “Fritz” Hollings, who sponsored several pieces of legislation aimed at protecting the interests of intellectual property (ie, copyright and software license) holders in the digital age, including one (the CBDTPA) that might mandate the inclusion of such a chip in every computer.”

He was also known as “Senator for Disney Corp”…

Clive Robinson • June 16, 2025 1:19 PM

@ Bob Paddock, ALL,

I don’t like the expression “random number” except when it has the implicit or explicit “sequence” after it.

It’s why the XKCD cartoon of a C function that always returns “4” is funny. Because any single number by definition is a selection from the set of numbers it forms a part of, and has the probability you would expect.

But consider, even when we have random number sequences, are they actually random?

Consider it as “drawing a ball from an urn” the probability is 1/n where n is the number of balls in the urn.

So you draw out a ball what do you do with it?

The answer to that when you think about it has an effect on all future drawings from the urn.

It can trivially be shown that with an array of bits in a shift register or similar such as a LFSR “State Array” that you can not draw the same number twice because it would form a closed cycle and the sequence would hold on that number.

Similarly with all “state array” values.

One consequence of this is the probability on the next number decreases with every number drawn, untill you get to the point only one number can be drawn next… So hardly a “random sequence”…