Recent Comments


Note: new comments may take a few minutes to appear on this page.

August 24, 2016 6:38 AM

Arch on Privacy Implications of Windows 10:

@kRUSTY

I had already seen this EFF piece, and found surprising that Mr. Schneier would reference it, as he seems to be of the opinion that W10 can be neutralised.

Mr. Schneier is objective - he references articles which both support, contrast, compare and (sometimes) even undermines his point.

However I think you're referring to this question from his recent AMA:

I've heard you stated recently that you think Windows 10, with the bells and whistles, is the most secure OS. Can you expand on the bells and whistles? Are you using it? Also, what password manager do you use?

    I need to write an essay about how I harden Windows 10. It's on my to-do list, albeit not very high. For a password manager, I use my own Password Safe.

I gather that Windows 10 can be hardened and that you can prevent ALL data from being sent to Microsoft according to the article @Sasparilla posted.

You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft services as described in this article to prevent Windows from sending any data to Microsoft. We strongly recommend against this, as this data helps us deliver a secure, reliable, and more delightful personalized experience.

https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services

For non-enterprise users you can stop almost everything - it's quick and easy to use this tool:

https://www.oo-software.com/en/shutup10

August 24, 2016 6:24 AM

Clive Robinson on Friday Squid Blogging: Stubby Squid:

@ Thoth,

Any thoughts on,

https://www.theguardian.com/technology/2016/aug/24/singapore-to-cut-off-public-servants-from-the-internet

Personaly I think it's a sensible idea, there is one heck of a load of technical debt involved with "connect everything". Such behaviour makes for a huge attack surface, before you even start to think about what extra nasties the interconection complexity brings into the game.

Also there is the age old question of "Why?" or "What benifit?" comes with having the majority of employees connected to the Internet...

August 24, 2016 6:17 AM

Bruce Schneier on Friday Squid Blogging: Stubby Squid:

"Does this forum have user policies for safety and other general terms of service, similar to those of other public social collaboration sites?"

No. At least, no formal policies. This is my blog, and you're expected to be both on topic and respectful. If you're not, the moderator will delete your post. If you continue, the moderator will ban you.

August 24, 2016 6:15 AM

Ratio on Friday Squid Blogging: Stubby Squid:

@Nick P,

Butler Lampson's free book [on TLA+]

TLA, TLA+, this book and (probably most notably) LaTeX (and a book on it) were done by Leslie Lamport.

(Lampson and Lamport are both at MSR and were both at DEC in the eighties, but they are not the same person.)

August 24, 2016 5:08 AM

Clive Robinson on Friday Squid Blogging: Stubby Squid:

@ Wael, r, Thoth,

Bullsh*t. I can't wait for him. I want to have ze pleasure :)

Happy?

But what about the things you missed?

Less happy now?

Don't worry they are not that important :)

Oh on tbe "gum" issue, many countries --quite rightly-- have legislation against the filthy stuff and the careless behaviour it engenders. However it's the punishment that varies from a gentle slap on the wrist to chopping it of at the neck...

But don't fear all you who wish to chew and drop, the US is comming to your rescue with those oh so secret rules in their TTP trade treaties... So Coke and Wriggles will be able to open new markets, bringing tooth rot and type II where ever they go.

Just wait for TTP2 it will no doubt have a section mandaiting the opening of veins in children such that GM corn syrup can be mainlined to rot their brains liver and other organs but leave them their smiles. So that US Pharma can step in with billion year pattents on all medications to make them pay pay pay untill they die untimely deaths.

P.S. I'm only half joking about TTP2.

August 24, 2016 5:06 AM

Jerry Blaq on Why an ATM PIN Has Four Digits:


GHOST BLANK ATM HACKERS, is the only genuine ATM cloned card vendor which i have tested and confirmed. So i met this hacker online and we emailed back & forth about an ATM card and how he makes them and sells them. I was in trouble financially two weeks ago so i told him i need one asap. I western union some money to him the next day and the card was shipped in 72 hrs. When i got it i went to a near by ATM which was across the street from my house and i asked for $5000 and it actually worked so since then I've been able to get money freely with no pin. U may say its a lie but its not and now i feel like am on top of the world,if you are interested in their service contact them ghosthackers.blankatmcard.hk@gmail.com

August 24, 2016 4:38 AM

65535 on Privacy Implications of Windows 10:

“[Microsoft] it will face backlash in the form of individual lawsuits, state attorney general investigations, and government investigations… We at EFF have heard from many users who have asked us to take action...” - EFF

I agree with the EFF. Windows 10 Home and Professional leak personal and proprietary data like the Titanic. I believe it will that a huge laws suit to get M$ attention. I suggest that the EFF sue Microsoft.

https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive

@ Max

“They gave up trying to make something worth paying for. New strategy is, turn Windows into an advertising platform.”

Ding, Ding, Ding! We have a winner! Max has correctly identified the core problem with Windows 10 – It basically a huge advertising platform – not a business Personal Computer. Further, the more Microsoft denies that fact the more it lies to its customers.

@ Ross Snider

“…There has been no effective legislation to deal with the mass surveillance disclosed by the Snowden documents, and the partnership of Microsoft and others in surveiling users on behalf of intelligence agencies and federal police ("FREEDOM Act" wasn't effective legislation).”

You hit the nail on the head. Windows 10 is a spy platform that just happens to have a word processor and spreadsheet program.

@ Sasparilla

“I think one could argue that things have gotten worse since 2013, although we somewhat know about it now. The law allowing companies to be able to share any data (without liability) directly with the NSA passed just after Windows 10 came out always seemed like way too much of a coincidence to me - knowing what Microsoft had done with them before. While those reading and commenting here can probably do something (for the most part) about being stuck with Windows on their PC, 90% of the market will not - its still a monopoly at the PC …”

I agree that M$ has turned to dark side and gotten in bed with the 3 letter agencies. I have lost trust in M$.

@ Clive Robinson

“'ve been calling out Microsoft back from the MessDross days.”

Yes, and deservedly so and your not alone.

“...a [huge number - ed] of malware mishaps have targeted security flaws in Microsoft Windows and other programs. Microsoft is also accused of locking vendors and consumers into their products, and of not following and complying with existing standards in its software.] Total cost of ownership comparisons of Linux to Windows are a continuous point of debate… The company has been the subject of numerous lawsuits by several governments and other companies for unlawful monopolistic practices… Microsoft was the first company to participate in the PRISM surveillance program, according to leaked NSA documents obtained by The Guardian…” –Wikipedia

https://en.wikipedia.org/wiki/Criticism_of_Microsoft

@ Ergo Sum

“You really should read financial reports from Microsoft, or at least, articles that analyze Microsoft's financial reports.”

If you are trying to say M$ is making huge profits from Windows 10 that is debatable. In fact, Ballmer calls M$ “run rate” averaging complete BS [he says the books are cooked]. I agree that M$ uses highly dubious revenue recognition [and income recognition] accounting tricks – not to say others don’t do the same.

“…Ballmer's view of the run rate: "Bullshit. They should report the revenue, not the run rate."” - Arstechnica

http://arstechnica.com/information-technology/2015/12/ballmer-microsofts-cloud-revenue-numbers-are-bullshit/

http://www.businessinsider.com/ballmer-wants-microsoft-to-share-cloud-revenue-2015-12

http://www.computerworld.com/article/3011662/cloud-computing/microsoft-revenues-steve-ballmer-bullsshh-bullsshh-bullsshh-bullsshh-itbwcw.html

http://www.geekwire.com/2015/steve-ballmer-criticizes-disclosure-policies-from-the-cheap-seats-at-shareholder-meeting/

http://www.businessinsider.com/ballmer-wants-microsoft-to-share-cloud-revenue-2015-12

http://www.fool.com/investing/general/2015/12/14/steve-ballmer-thinks-microsoft-corporation-must-fi.aspx

In summary, I view Windows 10 [Home and Pro] a spyware/Adware/NSA kissing bundle of malware. It should be either avoided completely or modified to neuter it’s constant calling home features - this of the utmost importance to lawyers and other professionals who depend on privacy.

August 24, 2016 4:37 AM

Clive Robinson on Friday Squid Blogging: Stubby Squid:

@ Figureitout,

--Well your first method doesn't make much sense how you described (why a large negative, not small?), but the 2nd counter method, won't that mean occasionally some blocks get same counter value? Why not use the time elapsed between each sample instead or waiting to increment by 1?

Hmm lot's of questions in one paragraph, where to start ;-)

Well firstly the size of the number into the leaky integrator defines how long it's effects will be present at the output. That is it decays away in some manner over time. The larger it is the longer the effect. However don't make it so large that the TRNG output rate swamps the integrator by effectivly "driving it into the rails". Unless of course you decide a "wrap around" is OK and going from .9 to -.9 is OK (which in most cases it will be unless you get your chosen language complaining). However if you do it's technically nolonger a drunkards walk which might effect your theoretical proofs.

As for the difference between negative and positive values, there should not be unless you need to correct for bias in the integrator. What I originaly said was,

    Where the TRNG puts a large negative (for 0) or positive (for 1) into it.

I left out the comma after large :-(

What I ment was that you come up with some suitably large value X. Then if the TRNG outputs a 0 subtract the value X from the current integrator value. If the TRNG outputs a 1 then add the value X.

What is important is that you then deliberately bias the output from the leaky integrator such that it's effect on the increment is it's positive. That is you change the increment value from 0-n where n is positive and a quite small value of the total counter range.

Which brings us to your question about the counter having the same value. It's not a value in isolation that is important, but a repetable sequence of values. No matter how big the counter it will in some infinite future roll over to it's start value. If the increment was always the same then the sequence of the output from then on would be entirely predictable. With the TRNG and leaky integrator the roll over will still happen but the sequence will get broken by the changing increment value. Thus with the first method you enter a game between your rate of increment change and an attackers ability to analyse it to reduce the range of output values. If you want to dig into that it would be worth a few PhDs, or a life times employment in a Sig IC agency.

Which reminds me try to keep the increments odd ;-)

In the case of the second generator by changing the key you should --if the crypto's any good-- change the sequence. Even if you do end up with the same counter and key the sequence will change when the key does, thus you need to change the key at a rate that will not allow any given sync on key and counter to last long.

Which brings me to your question about "time" my implicit assumption about TRNGs is that they do not produce output bits like clockwork especialy those with a low output rate. Within reason the time gap will be likewise random within a certain range. It's what the computer hardware and OS / App do down stream of that which makes the difference. Obviously the higher the output rate of the TRNG the less and less that time gap becomes with respect to the determanistic sampling of the computer, thus at some rate the time will be effectivly deterministic for the majority of TRNG outputs. At which point things fall into "lock step" and only the state of the bit is random.

If you are in a lockstep position, then you need to use the bit value as a "stop and go" on incrementing the key counter in some way. The discusion of which will be long.

August 24, 2016 2:39 AM

Clive Robinson on Friday Squid Blogging: Stubby Squid:

@ Nick P,

I think the problems we see with it in many of these languages have to do with their implementation of it.

Yup, it makes you wonder if the people building the implementation ever actually use it in anger, or just go on to the next implementation spec.

Often when the implementation of a language is "tight" and has some rough user edges (terse CLI commands etc) it's because the people implementing the language are using the language for real.

However when those implementing are not going to use it for real, what you get is a loose and flabby implementation but superficialy the user experience is smoth with fancy IDEs etc etc, but the output is like the implementation loose and flabby.

Much though we malign it C was written by people that used it in very very constrained environments and it's where some of it's strengths and weaknesses come from. It's noticeable how some of the weaknesses got turned into strengths as time went on and then later became weaknesses again as the constraints changed.

One such is the block structured code issue. Part of it was "everything in one file" for the compiler requirment was not going to work due to core memory constraints. Thus we got partial compilation into object files that got linked together later. The down side was not being able to correctly check seperate compilations were consistent with each other. Now we have much less constraint on memory "everything in one file" is not an issue in most cases. But because you had to split things up, people developed techniques that changed the way the industry worked and even though we could go back to the old way, we've progressed well beyond it making any sense to do so. Unfortunatly for those new to the game and fresh out of school/college/etc, the problems are still there, and they don't like the fact that their hand is not being held the way it is in later languages.

Sometimes the price of freedom is a territory without fences. Thus you risk getting shot for a whole host of reasons before you get to learn about them. Whilst ences make you safer, if you put them up you then have to build paths around and between them and get constrained to follow the way they lead, which may well not be the way you want to go.

August 24, 2016 2:37 AM

r on Friday Squid Blogging: Stubby Squid:

@Thomas_H,

That is exactly the problem at hand, even if the NSA came out and gave us everything they've got - their image is tainted now. There is absolutely no chance for the MIC to win our trust (or even the world's) back completely unless something unforeseen happens - the current cadence is doing nothing for cleaning up their image or undoing the damage that's been done to our entire country's image for that matter. Something's amiss. The only thing that could reverse it is a 'grand slam' on their part like getting a tip about a dirty bomb or something horrendus, god help us. But then there'd be all this speculation like with 9/11 that it was engineered by the CIA or something. I do not look forward to tomorrow (or the next).

There's really no turning back, not for them - not for us - not for anyone.

How many husband's think their wife will get over their cheating?
Does it ever happen?
Do they ever get over it?
How many husbands die by their spurned wives hands?

August 24, 2016 2:33 AM

Thomas_H on Friday Squid Blogging: Stubby Squid:

Oh, and as a follow-up to myself:

Why are we seeing these kind of leaks only (majorly, in case I missed anything...) with the NSA, and not with other TLAs?

August 24, 2016 2:27 AM

Thomas_H on Friday Squid Blogging: Stubby Squid:

So this is going on:

EU ministers debating tightening up surveillance laws

...and just this morning I read that both the French and German governments want to ban end-to-end encryption in messaging apps (can't find an English-language source yet).

Besides the technical hurdles and the unfortunate fact that this will break certain secure services, I am left wondering whether there's any organization that is keeping a detailed tally of the continued assaults on freedom by so-called "democratic" governments as opposed to the successes of Islamic Terrorism in reigning in freedom in democracies. I estimate the former will vastly overshadow the latter.

No URL shorteners in eventual replies, please.


RE: The NSA tool leak: An alternate theory.
One thing that has been bugging me since the NSA scandal revealed by Snowden is how the agency keeps being in the news, not in the least by actions of its own director and additional "revelations" on its activities. The reason it bugs me is that this is not the expected course of action for a person or organization caught up in a scandal that very likely is very damaging to them and that they would prefer not to have happened. The expected course of action for such things is that the person or organization will try to shift the attention of the public to something else, as to quieten down the agitation caused by the scandal both within the inner circle and outside of it. The way the NSA case is handled doesn't strike me as typical, there are some distractions (very noticeable important news overshadowing certain tidbits of information - it's noticeably absent in the case of this leak, by the way), but not enough, as the topic of the NSA keeps floating back up in new "scandals". It's especially grating because the NSA is supposed to be a security organization that thrives on a certain invisibility.
This makes me believe some of these leaks, including the latest one, may be part of a deliberate strategy aiming at allowing the unimpeded creation of a new organization that can replace the NSA over time, or a reorganization of the NSA itself. This deliberate strategy would consist of revealing small parts of the (past) NSA tool sets and/or activities that are deemed to be "inoffensive" for the NSA's (or eventual new organization) current and future operations. Of course, just dumping the information, as Snowden did, would not work, so the release method is crafted in such a way that it firstly seems to implicate another big player, while later, closer examination reveals it was "constructed", further obfuscating the source. Basically, the latest leak doesn't strike me as a "leak". It is more akin a "puzzle" that will keep interested persons busy for a while without really revealing anything really important.

The only assertion we have for an insider leak is that the information release was constructed in such a way that it implies such a thing. There's nothing that tells us the person doing so is actually doing anything illegal, it's just that based on previous events we assume that is the case.

(maybe I'm just being overly paranoid...on the other hand, the pattern of releases really tingles my "look for what is not there (not obvious)"-sense - which I am aware can be totally fooled into finding patterns that are not there :D )

August 24, 2016 2:12 AM

r on Friday Squid Blogging: Stubby Squid:

Well, it turns out I am misinformed. Poor millenials, there's so much cool stuff that they missed.

From wikipedia:

"In the mid 1990s, Singapore's laws began to receive international press coverage. For example, the U.S. media paid great attention to the case of Michael P. Fay, an American teenager sentenced in 1994 to caning in Singapore for vandalism (for using spray paint, not chewing gum). They also drew attention to some of Singapore's other laws, including the "mandatory flushing of public toilets" rule.[4] Confused reporting about these issues has led to worldwide propagation of the myth that the use or importation of chewing gum is itself punishable with caning. In fact, this has never been a caning offence, and the only penalties provided under Chapter 57 are fines and imprisonment.[5]"

August 24, 2016 1:53 AM

r on Friday Squid Blogging: Stubby Squid:

@All,

Don't buy mid range dell laptops, I don't care how cheap they are. My (cheaper) HP can power my USB 1.44 - the dell cannot.

August 24, 2016 12:33 AM

Reluctant Windows 10 User on Privacy Implications of Windows 10:

I finally switched from Windows 7 to 10 last week, simply to have a system that was more supported by Microsoft than the legacy 7.

I'd delayed doing this for many reasons, among which are 1) until this spring Windows 10 seemed to be primarily a kind of ongoing crowdsourced beta (with "Windows 10 Insiders" doing the testing...), scarcely a substitute for real in-depth internal testing (the latest fiasco with disabling practically all web cams bears that out, I think), 2) the degree of UI changes from 7 seemed huge (but I'm gradually adjusting by using Stardock's "Start10" start menu substitute/crutch), 3) the degree of telemetry is crazy (but I've eliminated a lot of it by configuring O&O "Shutup10" program to reload via the Task Scheduler more private defaults each time I start the machine or logon.

I've been agreeably surprised that my system is now quicker than Windows 7 to start/stop, and that generally it just seems a bit more sprightly.

But generally I'm with the EFF and other critics on this: Microsoft, Google and the other Internet oligarch companies really need to give us a precise, clear statement not couched in legalese or generalities of just what data they retain & process of their users' interactions with software & websites, and what product of it they may broker to other companies. We're the product and we have a right to know how our livers are being chopped!

August 24, 2016 12:24 AM

Wael on Friday Squid Blogging: Stubby Squid:

@r,

If you know the altered impedence, the doesn't that give you a bias for further detection?

"They" will destroy several during reverse engineering the target devices and then be able to build an identical one.

I don't think they've even legalized bubble gum yet. :P

+1 you're a genius. Lol

@Thoth,

You can try to help improve open source security here as there is always a need for more practical improvements besides the papers and pens :) .

I paid my dues, baby. Pen and paper suite me just fine now. Maybe in the future when I'm a free agent. Right now, I need to pay the bills.

August 24, 2016 12:16 AM

Thoth on Friday Squid Blogging: Stubby Squid:

@Wael

You can try to help improve open source security here as there is always a need for more practical improvements besides the papers and pens :) .

If those projects doesn't suit your taste, choose your own open source security projects to contribute to.

Links:
- https://github.com/thotheolh/jcChaCha20
- https://github.com/Yubico/ykneo-openpgp
- https://github.com/thotheolh/groggybox
- https://github.com/maqp?tab=repositories
- https://github.com/LedgerHQ
- https://github.com/open-keychain
- https://git.gnupg.org
- https://github.com/genodelabs/genode
- https://github.com/redox-os/redox

August 23, 2016 11:58 PM

Thoth on Friday Squid Blogging: Stubby Squid:

@Figureitout, r

re: Android as attack surface via USB OTG

It can be done the Ledger Blue way (uses USB OTG) where the Ledger Blue is the HSM and you key in and encrypt your plaintext and decrypt your ciphertext from the Blue device and the Android phone or desktop simply acts as a transmitter or network interface for the Blue.

Once I get Ledger Blue's version of GroggyBox up, I would add an option for the Java GUI to enable "Bypass Mode" which is to simply act as a gateway and leave the Blue to handle the rest of entering sensitive text messages and decrypting sensitive text messages.

August 23, 2016 11:57 PM

Wael on Friday Squid Blogging: Stubby Squid:

@r, @Thoth,

It'll be interesting to see @Clive's response.

Bullsh*t. I can't wait for him. I want to have ze pleasure :)

I got news for both of you.

I am wondering if the mesh can be used for PUF so if someone uses an FIB

PUF, eh?

You need to look for papers on FIB (Focused Ion Beam - it's not a LASER.) You also need to look at transmission line theory (for trace cutting effects.) Then you need to look at PUF (Physical Unclonable Functions.) All of these were discussed to some extent (very light) on this blog.

Yes, you can print antennas, yes a cut on the traces will have electrical / electromagnetic effects (parasitic capacitance, inductance, impedance effects, radiation effects, etc.. ) and will be a function of the frequency and duty cycle of the current on the trace, the layers of the board, etc... At high enough frequencies, you'll be looking at the "circuit" as a "lumped" component, rather than discrete components. In other words, you'll be looking at E and H fields and Maxwell's equations rather than at V and I and Ohms and Kirchhoff's laws.

I don't see how the mesh will act as a PUF. With a FIB, and a scanning electron microscope / X-ray one can extract the layout of the device (including the mesh) and "clone it".

Are you trying to protect against a state agent? Hmmm... A couple of sips of water (on a water board) and you'll tell them everything, and more. Besides, you won't be able to build what you are describing (even if it were to work, and it won't.) Hate to be the bearer of bad news, but just trying to save you the time...

This was just an introduction to pave the way for the steam roller @Clive Robinson will come at you with. I'm sure he'll more aaaaammmm "diplomatic" about it :)

@Thoth... Did they legalize Marijuana in Singapore yet? I'm wondering if you took a couple of PUFs when you came up with this idea :) to summarize: put the bong down and work on the smart card crypto. LOL

August 23, 2016 11:53 PM

Thoth on Friday Squid Blogging: Stubby Squid:

@r

Yes it will be interesting.

Most PUF algorithms assumes that the challenge-response function to be done between an external client and the PUF secure processor to check for tampering. My idea is the opposite which is to host an integrity engine within the mesh of the crypto processor and use the PUF of the metal mesh to generate a "wrapping key". The parameters for selection of where to start sampling the PUF is considered a security parameter which the authenticator and the authenticatee have to keep secret (symmetric keyed type) according to the concept of the AEGIS PUG based crypto processor that @Nick P pointed out before.

Assuming that the integrity engine consists of an internal authenticator and authenticatee engine and both contains the security parameters for sampling the PUF andboth housed within the tamper mesh itself, both can independently sample the mesh to generate the PUF "wrapping key" (after some hashing and processing of enough of PUG materials) which will this PUF-generated wrapping key would be used to unwrap a wrapped master symmetric key that can be used to authenticate each other and subsequently unwrap other application keys.

The security is based on the fact that if someone attempts to drill into the metal mesh via the FIB laser beams to extract the security parameters, it will consequently destroy the PUF because the laser would have altered the structure of the metallic mesh and thus even if the security parameters needed for sampling the metal mesh's PUF electrical characteristics were obtained, the fact that the mesh now has it's characteristic altered due to using FIB lasers to dig through the mesh would render unable to create the "wrapping key" and thus the master key would never be unwrapped successfully.

All this assumptions are assumed that the parameters are randomly generated within the mesh and not loaded from factory (that can be handed over to who knows once coerced) and that the algorithm for sampling the PUF characteristic should yield enough entropy (and plus sprinkling a little magic dust via hashing the entropy for more pseudo-randomness).

Due to the fact that only the crypto processor knows it's own randomly generated sampling secret parameters, only an unaltered crypto processor could calculate it's own "wrapping key".

For the part where the external world (e.g. normal users or some integrity checking software) needs to verify the crypto processor, using a 2048-bit RSA keypair (the usual technique for TEE, TPM and smartcard environments) either generated on the crypto processor when in factory and have it's public key extracted or loaded in the factory by the supplier's crypto officer can be used to validate if the PUF-based crypto processor is still intact and un-tampered.

The "wrapping key" generated by the PUF protects the master secret key which the master secret key would protect the master RSA keypair in this fashion so that when the tamper mesh is breached, it would not be able to re-construct the correct PUF-based "wrapping key" and thus all the other keys and secrets down the chain remains encrypted and thus indicates that the tamper mesh has been broken with a high degree of accuracy in my opinion.

All these are assumed that nobody managed to spike the production chain of the crypto processors :) .

I actually emailed and talked to Devadas some time again in the past, the author of the AEGIS processor but I felt his answers kinda were vague as he pointed me away from AEGIS to another of his secure computation project.

August 23, 2016 11:09 PM

r on Friday Squid Blogging: Stubby Squid:

@Thoth,

That's what I figured you were on to, I figured something akin to physically altering an antenna. But with how close to the metal **cough** that mesh sits, do you have the granularity to detect minor breaches?

I was a while ago wondering if you could print one of those etched and traced antenna arrays over the top (or bottom) of a chip. It'll be interesting to see @Clive's response.

August 23, 2016 10:59 PM

Thoth on Friday Squid Blogging: Stubby Squid:

@Figureitout

Yup it will be cross platform Java. Anything that uses an Java 7 or 8 would do and yes it presents a vilnerability if security operations are done there thus the use of smartcard. The Groggybox logic only exists within the card.

@r

Most tamper resistant chips have a metal tamper mesh and I am wondering if the mesh can be used for PUF so if someone uses an FIB laser toncut through the mesh, the mesh could be used as a detection via PUF property to detect laser cuts.

August 23, 2016 10:53 PM

r on Friday Squid Blogging: Stubby Squid:

@Figureitout,

My chromebook is capable of booting off of sd cards, also a full-SMT device. With a little epoxy you should be able to block off most any jtag ports too.

August 23, 2016 10:50 PM

r on Friday Squid Blogging: Stubby Squid:

@Figureitout,

No more of an attack surface than anything else, just in different areas. Certainly a phone that's only been un-boxed and never used can't present a super threat where connecting to a smart card usb/serial dongle for an emergency message to be signed isn't anymore dangerous than a laptop that can have parts removed at a border?


@by the rules,

I hear you on the java, C or LISP are likely the best cantidates but you (where C is concerned) need to carry around multiple tool chains... LISP maybe not(?), I have to look into it (personally) considering what I used to do with gas/nasm.

August 23, 2016 10:39 PM

ab praeceptis on Friday Squid Blogging: Stubby Squid:

@ ni

Pardon me, but there seems to be a mental barrier problem.

"I tested your claim logically and empirically by looking at results in academia and marketplaces of Europe vs everywhere else. Something I've been doing for a long time. I found nothing supporting your unsubstantiated claim of Europe's superiority in robust systems at any level."

No, Sir, you tested your mistaken understanding of my alleged claim. Would you kindly take not of the fact that I - I repeat - did *not* claim that europe has more or better tools nor did I claim that europe has more robust systems.

You may repeat that again and again but it will not contribute to the discussion nor support my desire to accept you as a well reasoned partner in this discussion.

As I like to find out reasons I will gladly offer you what I consider the reason: europe has a better foundation, which, however is next to worthless as it simply looks across the ocean and with little thinking just follows.

But then, again, my claim was not that europe is somehow better or produces better tools or more robust software.

"Reality: most good tools didn't work for a while on most platforms. They sucked"

I waited for that one and honestly hoped you wouldn't offer that. To clear things up: I talked about a production version, not about an early alpha. I'm not trying to find something bad, I was putting hope on TLA+, I *wanted* it to work and I wouldn't even have looked closer if it had not created the impression of being a useable tool.

"I brought it up to counter your claim of European superiority."

Well noted, I say this with a friendly grin: What is needed to make you stop riding that very dead horse? Smashing coconuts on your head? Please, pretty please, finally take note of the fact that I assumed (and still assume) european superiority in the ***foundations***, in the premisses, in the underlying basis - the result, the outcome in terms of products or rubostness is - kindly listen carefully - not existing or insignificant imo.

"Russia and China"

I think you are gravely mistaken there and you apply a completely wrong measure. Your use of the term "copycat" underlines that. Russia is not at all about copycat. But they are pragmatic and, that should be kept in mind, they first were in communism and then they were a decade more dead than alive. Should they have reinvented the wheel? Would that have been smart? Hardly.

So, they took what could serve as basis, partly foreign (e.g. open sourced sparc) partly e.g. elbruss cpu (which btw is no worse than loogson) and quite promising and it was originally developed in communist times, i.e. under lousy circumstances. To put it bluntly: They had to throw brains at a problem others could throw money at. You yourself mention Modula and Oberon. Isn't it a sign of intellectual quality to chose those as a base?

Why am I so convinced and said what I said above? I've talked with them and I've seen their work. And they are rigorously and excellenty trained.

But anyway, as I said, my interest is neither smearing nor glorifying this or that country. I brought that Russia point up to show you that my position is absolutely not "we europeans are smarter and make better software, too".

"So, let's summarize. The evidence says the best results are independent of countries or continents involved. Evidence indicates there is better education, esp science or math, results in countries outside America. Evidence indicates that's had little impact on high-integrity, software demand or production. That implies social factors on demand- and supply-side dictate what will get uptake."

Widely accepted.

But, as I said, while a certain country is the IT epicenter and the major producer of crap (incl. in academia) my point was not about pro or anti this or that country.

So, let me pick up your statement and ask the question that really interests and drives me: How come? Why? Or, more pragmatically, "do the good results (no matter where) have something in common and if yes, what?"

*That* is the kind of question I'm interested in and that brings us forward.

I conject (is that the verb for conjecture?) the following:

The good results indeed have some factors in common, namely i.a.:

- a "philosophical" layer of properly thinking about the problem
- strong math orientation and foundations
- sound reasoning (sound particularly as in "roughly transposable to and guided by mathematical reasoning)

where both the first and the last point also touch issues like simplicity or even beauty.

That provocation, as some may see it, was intentional. Because it opens an interesting and promising question: What is beauty - in relation to the field at hand - and how are beauty, simplicity and mathematics related?

And I'd like to add a factor that I already mentioned and that I think is grossly underrated: the human. Both as in "how do we tick?" (hence, how must a good machine human interface be structured?) and as in "in the end, humans must be capable to design and produce good software".

Which invites me to quickly link in one of your closing remarks:

" (me: we will need to produce it with the programmers we have.)
(you:) Haha. Nicely put. Yeah, that's going to be tricky
"

Ergo: we must either change the humans (small likelyhood of success, particularly if needed quickly) or we must change the tools.

As for the latter, beauty raises its head -> What is a (programming) library? It is (among others) a "decoupling" that abstracts complications away and offers a simpler interface.
So, to write to a disk, all I need to do is to say open(), write() close(). The library will take care of many ugly complicated details.

That repeats in the OS. Thanks to the OS, a library need not know or be concerned about control io, how to make a sata controller accept and write bytes to a device, etc.

That, I think, is an extremely promising paradigm - and the most important step is easy: It's to understand and to transpose that logic of decoupling and making simple.

To put it poetically: We need programming languages that render us the same service that libraries provide. Even better: we have thousands of smart minds who have thought about that, albeit from another perspective, and we already understand much of the implicated problems, mechanisms, laws etc.

That, I think is the most promising answer to your "tricky" remark.

Behind the "comfortable friendlyness" we do, however, need a very rigid and sound basis which can be provided by paradigmata along the lines of Pascal, Modula, Oberon (which again lend themselves very well to mathematical rigorousness).

Finally, we must care and invest less in the spot and repair problems approach and care and invest more in avoiding problems in the first place. I conject that for this we need a) basic formal capabilities and b) an interface to formal spec. and verif. from the beginning and as important part of the design.

One important pragmatic subgoal must be to rigorously discern between algorithmic and implementation problems/errors. One very important step in that direction - also addressing the careless average Joe programmer - would be to not anymore think in terms of "a language" but in terms of a "software engineering chain" where a formal tool part were designed from the start to produce, as one product, a formally annotated (and compiler grokable) code skeleton.

From a logical perspective that would be a triade. One side were algo specification and verification, the other side were the final output (compiling) and smack in the middle - where his rightful and proper place is - were the human developer. This could also, and often probably would be, split into algo designers, possibly even as a purchased service or by another group, and programmers who could rely on the skeleton they get (or have elaborated themselves).
Finally, as the compiler had not only the code input but could also look at the spec, it could do a way better job and make sure that spec and code were congruent.

Side remark: we should pick up an idea hidden in some of Wirth's work and have the whole chain offer 2 modes, "strict" and "normal" with certain rules and requirements. This would enhance range of use and also ease and speed up uptake.

Normal would be roughly in a ballpark between Pascal and Ada while "strict" would be beyond and above Ada. Possibly later one could add a "lite" mode for quick and dirty stuff as well as an entry point for beginners. That mode could, for instance, be generous with domains/codomains, not insist on formal spec. etc.
Obviously certain critical components such as libraries would be required to be in strict mode only so as to offer a warm fuzzy feeling of safety when using them.

And (tongue in cheek) we must stay away from java.

August 23, 2016 10:23 PM

confused on Privacy Implications of Windows 10:

@ Gweihir

If you're going to that model, what's the difference between putting XP on the VM and putting Win 7 on the VM? The logic is that MS has given up on XP so while there might be security exposures on XP they can be minimized by use of the model you sketch while there's presumably (!) no danger of MS moving telemetry back to XP.

August 23, 2016 10:20 PM

r on Friday Squid Blogging: Stubby Squid:

@Figureitout,

Don't forget Android, native JVM capability basically - good throw away device if it has USB OTG capabilities.

August 23, 2016 10:16 PM

Figureitout on Friday Squid Blogging: Stubby Squid:

Thoth
--It'll be portable but still either Windows, Linux or Mac OS right? Just an attack surface weakness, that's all.

RE: slit ribbon
--I would guess some stray capacitance (that may affect surrounding areas) and increased resistance from frayed strip (leading to more heat, leading to melting something (maybe)). Stray inductance too...

http://diy.stackexchange.com/questions/11561/what-happens-if-i-shave-a-little-sliver-off-electrical-wire-with-a-utility-knife

Clive Robinson
--Well your first method doesn't make much sense how you described (why a large negative, not small?), but the 2nd counter method, won't that mean occasionally some blocks get same counter value? Why not use the time elapsed between each sample instead or waiting to increment by 1?

ab praeceptis
--Yeah I haven't tried using just a zener diode for entropy, will build one someday. Any thoughts on using the timing jitter as an entropy source?

August 23, 2016 10:14 PM

Nick P on Friday Squid Blogging: Stubby Squid:

@ Wael

It largely became what it hoped. You had Visual Basic, C++, Java, C#, X# (assembly), F# (Ocaml-ish), and so on. The platform was even used to make several OS's in a cross-compiler sort of way. They did one-up Java on the cross-language thing. OpenVMS still the winner given it did it at native code level. Closest thing was all the (good lang)-to-C compilers. ;)

August 23, 2016 9:40 PM

r on Friday Squid Blogging: Stubby Squid:

@Thoth,

You trying to unique-ify something?


@Wael,

I did not realize that about .NET, that's an excellent quality.

August 23, 2016 9:33 PM

Nick P on Friday Squid Blogging: Stubby Squid:

@ Clive, Wael

"Also with objects came serious bloat and slowness and a myriad of other issues." (Clive)

Someone recently told me on HN the original, Smalltalk machines had specs with about same memory as PDP-11 that C was built on. There's also ways to do OOP resolution at compile time with little to no performance impact. I think the problems we see with it in many of these languages have to do with their implementation of it. Similarly, I found out the first LISP ran on an IBM 704. So much for concern it can't handle constrained environments. ;)

August 23, 2016 9:33 PM

Thoth on Friday Squid Blogging: Stubby Squid:

@Clive Robinson

If I have a circuit (copper or metal ribbon) and I were to change it's physical properties by taking a scissors and cutting a slit into the metal ribbon without breaking the circuit, what are the electrical properties that could have changed even if the circuit has not been broken ?

August 23, 2016 9:30 PM

Wael on Friday Squid Blogging: Stubby Squid:

@ab praeceptis,

Thank you for the elsboration. Ummm.. See, Security and politics are like peas and carrots. You can try to avoid speaking about politics, but the moment you mention a geographical object: country, sea, ocean, then you are inviting politic discussions. I'm not into politics, but if I get cornered, I'll reply.

The cabbage, baguettes, burgers were all jokes.

I will not talk as out politics with you :)

August 23, 2016 9:30 PM

Ergo Sum on Privacy Implications of Windows 10:

@Dirk Praet...

Either you are both willfully ignorant of what is going on with Windows 10 and the telemetry backports to 7 and 8, or you are suffering from some kind of Stockholm syndrome.

That might be the wrong diagnosis, the Freudian Theory is probably more fitting under these circumstances.

In either case, you cannot say that Microsoft will have, or ever had Lima Syndrome...

August 23, 2016 9:18 PM

ab praeceptis on Friday Squid Blogging: Stubby Squid:

@ Wael

"The way it came across to me is this ...have you ever coded a thing in your life ... I bet you hold the papers upside down, too.."

In fact, I'm based on the assumption that he already coded in his life.
No, I do not at all think that he is plain stupid ("upside down"), absolutely not.

For the rest, let me turn it around: I am not capable to be a halfway professional engineer and a professional researcher at the same time. Hence I assume that sometimes during his professional life he did code and that since more or less years he does research.

Whatsoever the details (I just politely answered) I'm not someone to say "I respect you" when I don't. I did say that to him and I meant it, Period.

FYI: I'm male.

For your other post:

Due to my self-imposed rule of avoiding politics as far as any possible, I can't respond to all of your (not consistently fair) statements. But I can say something:

My self-imposed rule also concerns what others may likely take to be political.

It, however, wasn't. And I certainly don't believe that eating cabbage makes you a smart engineer while eating burger makes you stupid (I like burgers myself).

What I did was hinting at culture or lack thereof. And again: My point is *not* to say "nation x has no culture" (or to consider myself superior based on where I was born). When I mentions those issues I do it for a reason: Those factors play a role.

There is reason for some countries creating well educated people and others creating high-school graduates, 75% of which have grave weaknesses in reading, writing, and basic math (according to *their* own data).

Actually, usually I do not even care. Of most countries I even wouldn't have a clue what their "culture and education position" is. I think, that I, however, have a right to make some remarks, when that certain country more or less rules major parts of the world and, mor importantly for me, (still) is the epicenter of IT.

Assume we lived in a grave and serious risk to perish in millions (or to lose our posessions, etc) because a certain pacific island, say, liked to carelessly play with coconuts simply ignoring that this might create serious damage.
Would I be asked to shut up and to not dare to mention the problems in that coconut epicenter of the globe? Certainly not.
*Could* we even solve the coconut problem without talking about it and it's relation to that island? Almost certainly not.

Unless we are willing to assume that it's just mere coincidence that the field of IT is controlled/influenced to a very considerable degree by its epicenter across the ocean and that, hey, tomorrow morning about 9 am the epicenter just flips over to say, Italy, and from then on Italy basically control major parts of IT, unless we are willing to assume that nonsense, we can't but ask the question "how come that we are plagued by unreliable, insecure, and often makeshift software? What in that epicenter country might be the cause?"

*Not* to smear that country but to find solutions.

Soothing side note: In europe we have a "hatespeech regulation" wave ("hatespeech" meaning whatever the governments happen to dislike). There are already people who have been sent to prison for "hatespeech" and thousands of social media accounts have been blocked or deleted for "hatespeech". Based on that and terrorism paranoia the first european countries are *seriously* creating "cyber security centers" and they are even openly talking about creating agencies for the prupose of breaking encrypted communication.

Can they do that? After all, we have crypto. Yes, they can, because we also have openssl and a plethora of insecure, shoddily built software. Is that OK for you? Is that threatening and important enough to think about why in the IT epicenter country things are going badly wrong and since many years?
How much damage is needed to make those questions and thoughts OK and not "anti[country x]" or "too political"?

If you still have doubts I recommend to good deep look at scada security.

And, *no* this was *not* political.

August 23, 2016 9:16 PM

Wael on Friday Squid Blogging: Stubby Squid:

@ScottD,

I am rethinking the orthographic password algorithm.

An algorithm is one thing, and a commercial solution is another. I suggest you look at use cases and how they can be secured for an enterprise environment -- you know, with a two or three tier network where TLS sessions terminate in the perimeter zone (internet facing and easily reachable by attackers.)

August 23, 2016 9:13 PM

Gweihir on Privacy Implications of Windows 10:

The main issues with Win10 I see is that we _still_ have no conclusive analysis of what it sends home (and no legally binding assurances from MS either) and that there is no reasonable way to opt out of updates, making any Win10 machine an unreliable mess that can break at any time and get new malware and spyware installed and you can do nothing about it.

Professionally, I don't know what we will do, we have reason to expect that in the near future more and more customers will explicitly forbid us to store and process any of their data on Win10, it is just too much of an unquantifiable leakage-risk. For the moment we are staying on Win7 for all things that require Windows (mostly office), but either MS will offer a way to switch off telemetry completely that is available to a small business or we will probably have to move to Win7/Win10 locked down in an isolated VM with no network access or updates for use with office.

Privately, I have one application type that unfortunately still needs Windows: Gaming. If MS continues with its evil machinations (telemetry and forced updates), I will likely move to a model where I have one machine for gaming only, no email, no web-browsing, etc. and one with Linux for everything besides gaming. That would also mostly neutralize the threat from forced updates, as then they could only break games. Alternatively, dual-boot, but encrypt everything Linux so that Windows cannot access anything, but I am leaning to the two-machine model, also because then I can lock down all network access for Windows to what is needed for running games and getting updates and nothing more.

It is a sad state of affairs when you have to consider a major OS maker a malicious adversary. Microsoft has now fully reached that status. Sure, like any good parasite, they are trying not to kill the host too fast, but still.

August 23, 2016 9:11 PM

Wael on Friday Squid Blogging: Stubby Squid:

@Clive Robinson, @Nick P,

Also with objects came serious bloat and slowness and a myriad of other issues.

The idea was, in the early days of .NET, to allow developers with different language skills to work on the same project. One can write in C#, another in Basic, another in ASP.net, etc... Good concept, has some drawbacks.

As for OOP, I believe it's a good paradigm for large projects. May not be the best choice for device drivers or embedded, resource retrained systems because of bloating, large libraries, and "things that happen behind your back".

August 23, 2016 8:54 PM

Nick P on Friday Squid Blogging: Stubby Squid:

@ ab

EDIT: The good news is I saw the last exchange before submitting. Edited to be more civilized. ;)

"If I may offer a piece of advice: Don't allow emotions to take over in an intellectual discourse. I did *not* say that. I talked about the foundation, not about the tools or the quantity thereof."

I tested your claim logically and empirically by looking at results in academia and marketplaces of Europe vs everywhere else. Something I've been doing for a long time. I found nothing supporting your unsubstantiated claim of Europe's superiority in robust systems at any level. I instead found specific groups in various countries were doing it themselves against the status quo. So, I rejected your false hypothesis then pointed out that mere prejudice, in you or your sources, was all that was left in it. I'd bet the technology stacks, CVE's, and so on in Europe have as many problems as in U.S.. I know they ask for the same stuff on their hiring pages. The good ones are outliers everywhere.

"Reality: TLA+, at least for a while, simply didn't work on linux, another version did, but didn't on Windows. Was, it seemed, to do with some java idiosynkrasy."

Reality: most good tools didn't work for a while on most platforms. They sucked. A demand for the product or corporation pushing it got into enough shape to be useful. Then, there were tools like TLA+, Coq, ML, and so on that could do great things but were in shoddy condition. Almost no effort by the OSS or commercial sectors while they puts tons of effort into C, Java, etc. Even when those projects were failing, they still put tons of effort into them. It's a social, not technical, thing causing such problems. Not enough people care.

"Sir, it seems to me that you never used TLA+. But you know papers and books about it."

The papers point was a pile of work produced from all over the world. I brought it up to counter your claim of European superiority. They were also produced by a combination of researchers, professional engineers, and elite combinations of both. A significant chunk are experience reports where they applied specific methods to real-world problems. They then report what worked, didn't, and so on. TLA+ was weaker than some of those results so I ignored it. It was other engineers that used it talkign in places like Hacker News that told me its usability was greatly improved. They gave me Amazon case study and Lampson book as evidence. In any case, I thought it was strange you'd ask me to dismiss what thousands of researchers and engineers taught me as a show of "respect" to one, anonymous engineer claiming something else. I'm still listening as you'll see.

"If it pleases you (which seems probable) I'm ready to say that across the ocean many, many more software (incl. tools) have been created. Not only would I be ready to assume but I actually *did* assume that elsewhere (namely Russia) is a society that will very soon overtake us europeans."

I know that many top firms in tech, pushing low assurance stuff, have research centers in Russia where Russians solve their hard problems. I know they're smart. Yet, all the best stuff is non-Russian. Examples: MLton or CakeML vs Moscow ML; their little Pascal/Oberon compilers vs Modula-3, Ada, or Rust; Elbrus CPU's vs Oracle SPARC's or POWER8; (90nm?) fabs vs 14-28nm among non-Russians; total lack of equivalents to results like SP architecture, Cambridge's CHERI, dependent types, and so on. The published evidence plus capabilities of their commercial systems indicate they're behind the state of the art in these sub-fields. Their I.P.-theft-clone-improve cycle does amazing things like with that Itanium variant Intel was forced to build. Their clean-slate stuff is weak, though. I'm more concerned about China if we're talking well-educated, innovative copycats with cheap labor. Shenzhen's innovation, Loongson processor, and increased patent trolling are a sign of things to come.

So, let's summarize. The evidence says the best results are independent of countries or continents involved. Evidence indicates there is better education, esp science or math, results in countries outside America. Evidence indicates that's had little impact on high-integrity, software demand or production. That implies social factors on demand- and supply-side dictate what will get uptake. Evidence in marketplace shows highest demand for low-assurance systems and lowest demand for anything high-assurance. So, that's the reality of the situation. Foundations are laid by social and economic phenomenon that are hostile to robust, software development.

"Something that looks very innocent and unimportant, yet is extremely powerful: ranges. The point I'm interested in is: How must one think to come to that approach - as opposed to the typical and very widespread signed and unsigned integers (and floats, and ...)?"

Now, I like how you think here. Clearly, one group is operating on reason and one is *only* operating on the machine. I agree with you that Ada's designers tried to keep the two together. Wirth, too, but much less than Ada due to simplicity being highest priority. We also see his hardware work shows a knowledge of math and electrical engineering. The stuff he creates is designed to work with both easily. No surprise an offshoot of his work, Modula-3, was one of first to have its standard library formally verified. His Lola language and an Oberon variant were also used to synthesize hardware.

"nd we'd better keep that in mind until we find a planet with natural programers, because if we want more reliable code we will need to produce it with the programmers we have."

Haha. Nicely put. Yeah, that's going to be tricky. I still don't know what the solution is going to be. I just know it needs to be high-level, strongly typed whether static or dynamic, support some kind of Design-by-Contract for interface checks, safe-by-design, simpler than Ada, and produce efficient machine code. I'm with Gerard that an improved Modula-3 with nicer syntax would get us pretty far. I'd add some of Ada's restrictions, Rust's safety features, and SPARK contracts into it while keeping language itself simple. The amateur developers can use simplest version with many forms of safety built-in to language & libraries. As they get better, they can add contracts, advanced types, automated tests, or anything else. It just needs to be incremental learning with whole language not too damned big.

So, that was my idea on it a while back.

August 23, 2016 8:49 PM

r on Friday Squid Blogging: Stubby Squid:

@Chad Walker,

We didn't always have the luxury of pretend networks.

(+++; some of us never left our home network to begin with, pretend is irrelevant there.)

That wool sweater?

It's a white dress over a black heart, get to know her before you invite in.


@by the rules,

Cracker is racist and deragatory, even the way you use it is dismissive on it's own.

Incase you didn't catch up with the point I was trying to make, Wael points out that you're still knee deep in politics whether you realize it or not.

I would hate to come off feeling like you're some sort of racist.

August 23, 2016 8:39 PM

Chad Walker on Friday Squid Blogging: Stubby Squid:

>@ Chad Walker: Come on, gang, it's the weekend! You all should be playing CRYPTOMANCER, a tabletop fantasy role-playing game about hacking, informed by real-life cryptography and >networking fundamentals.
>Don't be silly. This is the place where we play Me Mom Is A Saint game, Teaching >Moderator To Sit Pretty game, You Noise Me Signal game, the Denunciation Method game, and >I'm Bored By You game.

>So what would yours supply that we haven't tried already. Learn from the pros, come up >with something that ups the ante, not side-channel-lines it onto some, er, side channel.

@ianf

My game is about rolling d20's, killing orcs, and compromising pretend networks. It teaches non-technical folks the basics of crypto, networking, and privacy literacy. It's outreach to people who might otherwise proliferate the "I have nothing to hide" argument and makes them allies, and it does so in a fun and silly way. If you are in Utah in October, come see me present and defend the game's conceptual fantasy architecture to a bunch of security heads at SaintCon!

August 23, 2016 8:25 PM

r on Friday Squid Blogging: Stubby Squid:

I'm here for the pictures, pdf's and analytical fourplay can paint a great image for those of us who struggle with the (not so 2bit expressions of) MathML.

August 23, 2016 8:21 PM

Wael on Friday Squid Blogging: Stubby Squid:

@ab praeceptis,

And, Pardon me (and I *really, really try to avoid politics here), need i spell out the factor that changed europe since about the fifties and that replaced baguettes with burgers

Well, that's unfortunate! I wish you hadn't said that, because you just got yourself (temporarily) involved in politics (and food.)

See, when I was younger, I was impressed with German stuff. And I thought what is it that made Germans so smart. I found the answer! They eat a lot of cabbage -- it looks like a brain, right? Logical, makes sense, must be right.

The baguettes? I love them, but I doubt they contribute to intelligence. The burgers maybe the culprit, I tell you :)

August 23, 2016 8:01 PM

Wael on Friday Squid Blogging: Stubby Squid:

@ab praeceptis,

I had no intention whatsoever to diss or insult a poster.

Got it. I wasn't sure, but there are others who do, and I wanted to share that with them as well.

How the hell should I address a bluntly obvious problem without someone feeling dissed

The way it came across to me is this: You read a lot of papers, you send thousands of links, have you ever coded a thing in your life? You don't know what you are talking about -- are you sure you read the papers, or to you just look at the pictures? I bet you hold the papers upside down, too...

But that's clear now.

I simply turn around and ignore that poster.

I noticed :) The rest of your text isn't contentious -- I agree. You are a scholar and a gentleman (or lady -- I don't know)

August 23, 2016 7:41 PM

ab praeceptis on Friday Squid Blogging: Stubby Squid:

@ Wael

I had no intention whatsoever to diss or insult a poster. As some might have noticed with a certain poster, I politely reply and when I reach the point where I think *stupid a**hole", I simply turn around and ignore that poster.

In fact, I respect Nick P, and I have clearly stated that now. We *do need* the people who know a 1.000 papers. But we must not forget that in the end we also need code, preferably properly working one.

I'm, however, not willing to "politely" ignore issues. I'm willing to address them as politely as I can but I will address them.

How the hell should I address a bluntly obvious problem without someone feeling dissed? It is, in my minds eye (and I'm ready to learn something I clumsily overlooked) a simple fact that pretty everything across the ocean is quite different. Similarly, its bloody obvious that we in europe reach new records of stupidity every decade it seems. We observe, to be concrete, that nowadays fresh students are *considerably* less educated than high schoolers were some decades ago. And, Pardon me (and I *really, really try to avoid politics here), need i spell out the factor that changed europe since about the fifties and that replaced baguettes with burgers and relatively sophisticated TV with primtive soaps?
Yet, well noted, my interest is not to point at the bloodily obvious culprit - my interest is to avoid us dying in millions next to melting reactors. Or, less dramatically, "how do we enhance software quality?"

I heard that phrase probably more often than my own name -> "Nowadays IT is the nerve system of modern society, of goverments, of industry, and economy"

To me, our way of dealing with that looks like saying "rattle snakes can kill you" and reaching with your bare hand for one. It's sheer insanity!

The epicenter of IT is across the ocean. May they be blessed and earn gazillions with it. But that also means that we must somehow address that problem and as politely as we possibly can ask them "You fu**ed up and big time. No week without mio. of credentials stolen, probably billions of $ robbed, and sooner or later a max. desaster like a nuclear reactor melting. OBVIOUSLY you must think again and think hard about your approach rather than happily spitting out new band aids every month"

August 23, 2016 7:21 PM

ab praeceptis on Friday Squid Blogging: Stubby Squid:

@ Clive Robinson

You are right. But hl languages that do support inline asm aren't that rare anymore; moreover one can always link in asm routines.

The point I was focussing, however, was a different one, but maybe I misunderstood Thoth. I was under the impression that the assumption ASM is faster than, say, C is not necessarily correct per se. I did quite some ASM stuff myself but then, when I did that, it did make sense to even quickly glance over any C compiler output (todays compilers are dimensionally better).

Just recently I had to "print" (no really, but it's good enough as explanation) some numbers in a *very* time sensitive aio network context and sprintf just didn't cut it; it was way too slow. So I did my own and evidently divide-by-10 was an ugly spot. After handcrafting some SHL, ADD, then SHL ASM I got curious (way too late) and looked what the C compiler made out of a stupid / 10. Surprise (on my side): It knew and used the same algorithm.

That's why I warned that most programmers will usually be better served just sticking to their language. But again, for things like flags, your are of course right.


@ Ni (we are saving bits, right?)

"You also re-iterated a prejudicial statement about Europe's superiority in this field."

If I may offer a piece of advice: Don't allow emotions to take over in an intellectual discourse. I did *not* say that. I talked about the foundation, not about the tools or the quantity thereof.

" All I need is those papers," ... [a while later] ... " TLA+" ... " model-checker to help people with less time or talent. ... follow the guidance on its website. Or ... book. "

The 1.000 papers effect again. Reality: TLA+, at least for a while, simply didn't work on linux, another version did, but didn't on Windows. Was, it seemed, to do with some java idiosynkrasy.

Which leads to another point: A verifier, model checker, or similar in java. In java! Of course, in academia they love antlr and it's certainly no coincidence that since antlr got popular, a whole slew of tools (usually created in academia) are built in java. I've learned from bloody experience to stay away from them, although, from time to time, I curious (and stupid) enough to try again (as I did with TLA+).
In fact, it was only later that I tried to reason about that and to find out why a whole class of tools has a strong tendency to not deserve my trust or to be in my toolbox.

Sir, it seems to me that you never used TLA+. But you know papers and books about it. You might want to seriously consider to have no less respect for actual engineers than you expect from them.
Again, you are evidently a man who knows a gazillion things from a gazillion papers (I say that respectfully and honest); and that is valuable and useful and I respect you for that and I read with attention what you write here. But knowing a thousand cities from books and pictures is very different from living there. Each one of us has his place and use. The 1.000 papers people are a valuable resource but so are the engineers, even though some 1.000 papers people consider them, I quote, "people with less time or talent", not "skilled", or "immaterial to this conversation".

For your information: I'm actually working with formal specifications every day, I do formally verify anything sensitive or not trivial. My "1.000 papers foundation" is 100 papers and 900++ hrs of actually doing what we talk about here. I dare to conject that this foundation is no less reliable and solid than 1.000 papers.

Being at that: It is exactly those immaterial people with mediocre talent whom we must wake up, teach, and provide with tools they can use. Because it is those people who write the vast majority of software - the very software that spills our credentials and has plenty of backdoors.


"Your claim was a European advantage. " - Again: No.

That was what you in a hurry and with a quick glance took it to be - and erred. I claimed a european advantage in the foundation, i.e. in the cultural and intellectual basis. If it pleases you (which seems probable) I'm ready to say that across the ocean many, many more software (incl. tools) have been created.
Not only would I be ready to assume but I actually *did* assume that elsewhere (namely Russia) is a society that will very soon overtake us europeans.

My interest isn't in glorifying one country and blaming another and, if that soothes your feelings about the felt "attack" I'm certainly not proud to be west-european (ask them. I'm telling them often enough how stupidized we have become, how we did allow our very foundation to rot).

My interest is in finding reasons and the hope that finding them will lead to solutions. *That* is what I'm interested in.

Let me offer a concrete example. Something that looks very innocent and unimportant, yet is extremely powerful: ranges. The point I'm interested in is: How must one think to come to that approach - as opposed to the typical and very widespread signed and unsigned integers (and floats, and ...)?

The signed, unsigned, 8, 16, 32, 64 bit integer approach is one that sees a machine and asks "How to make use of that?". Wirth's (et al.) range approach comes from a quite different direction, namely from mathematics. It's an approach that says "well that machine can do operations very quickly and we have to keep some of its properties in minds (such as word sizes) but - a very important but: foremost we must properly define the domains and codomains of the functions."

The C approach is to say, that the machine offers a word size, while Wirth's approach is to ask, how to *properly* use the provided technology and he keeps the rules of mathematics in mind. Whatever we put in those registers are but values along an alorithm and for an algorithm, which can be considered a function we need to properly specify domain and codomain. For him, so to say, an integer is a box of a given capacity and he acknowledges that but moreover he keeps in mind that we use those boxes for a purpose and that not the tool but the concept and the laws of reasoning are of primary importance.

Seen from this perpective we can easily understand Ada to be an evolution of that paradigm, one that is even more rigorous.

But we can also understand other things, for instance that it's insane and irresponsible to use tools (incl. languages) that do not support and make easy to discern between algorithmic and implementation errors.

There are other examples that look innocent, yet have much depth, for instance Pascals High and Low. While a loop in C is often parameterized in a descriptive way (what the lowest index, typ. 0, what's the highest index, typ. sizeof - 1) behind Pascals loop lays the mathematical constructive approach (apologies. english is not my 1st language).
All that is needed for trouble in the C approach is to add some elements to the array (changing its size). Using the other approach won't spill beans. Low is still Low and High is still High (~ Ada 'First and 'Last).

One can hardly overestimate that point. Wirth (et al.) come from a mathematical view and are almost necessarily more robust - and btw. much easier to correlate with formal specs. Not by coincidence.

But there is even more to it. Because one approach makes it easy to make implementation errors while the other makes it easy to avoid them. That is also important because unfortunate many developers don't care too much (as you correctly hinted). I call that the human factor - and we'd better keep that in mind until we find a planet with natural programers, because if we want more reliable code we will need to produce it with the programmers we have.

August 23, 2016 7:19 PM

Dirk Praet on Privacy Implications of Windows 10:

@ hawk, @Reed Wiedower

I agree. MS faces a lot of blind opposition from persons like CR.

Let me put it this way, gentlemen: burying your head in the sand may give you plausible deniability as to who exactly it was that sodomized you, but it will not change the fact that it happened. Either you are both willfully ignorant of what is going on with Windows 10 and the telemetry backports to 7 and 8, or you are suffering from some kind of Stockholm syndrome.

August 23, 2016 6:59 PM

Nick P on Friday Squid Blogging: Stubby Squid:

@ Wael

Hilarious shit. I'm guessing the Pentium thing is a reference to the infamous recall that made formal verification standard practice in that industry. Far as BASIC, I'm just saying it is an OS and looked pretty clean vs C or ASM. Far as from the cow, I think that analogy is going to get pretty disgusting once you hit digital, analog, and esp RF. RF would probably be whatever moves through it in waves. I hear you drink from that, too. :P

August 23, 2016 6:47 PM

Wael on Friday Squid Blogging: Stubby Squid:

@ab praeceptis,

But the real world is quite different from a sofa with 1.000 papers around it. You can and do provide lists upon lists of projects and at times that's useful. However: How much

Every so often, someone directly or indirectly disses a poster. What we need to realize is that posters here have variety of interests. There are those who are interested in programming language research and history in relation to security. There are those who are interested in implementing their own projects be they on smart cards, micro controllers or web applications. There are those who are more inclined towards politics and cultural differences. There are those who posses depth and breadth in all of those subjects, and more. Then there are those who are here to learn from everyone: a good paper, a new crypto algorithm or weakness, a new tool or browser extension, etc...

There are the humorous ones, the ones with axes to grind, the grouchy bastards, the PR types, etc... a small model of the real world.

Then again, there are those who know a lot about an area but can't say much on the subject because of NDA, work contract restrictions, fear of assassinating one's own character, etc... There are those who are very competent coders, but can't share, discuss, or even comment on code that's shared here, for a variety of reasons.

@Nick P, @Clive Robinson,

Yo man, check out what they did in the "baby"

goddamit, Nick! How many times did I tell you I drink straight from the cow's[1] ... ? Huh? I got your basic right here, pal. :) I'll look at it later... Incredible work load at the moment.

[1] https://www.theguardian.com/technology/1999/mar/04/onlinesupplement3

August 23, 2016 6:26 PM

tyr on Privacy Implications of Windows 10:


Clive is not the only one who has followed the
Microsoft story since its sordid beginnings as
a grab from the public domain. They have never
been your friend it was always about the money.

The business model was selling you broken things
that required one more upgrade to be functional.
Now it is to take over yur comp and hold you for
ransom. Benefit to you has never been part of the
scam.

Win 10 just adds another layer to the saga.

August 23, 2016 6:00 PM

Nick P on Friday Squid Blogging: Stubby Squid:

@ ab

" But the real world is quite different from a sofa with 1.000 papers around it. You can and do provide lists upon lists of projects and at times that's useful. However: How much "

What's that paragraph have to do with anything? You claimed there needs to be a way to use math to make software. I pointed out there was a ton with varying degrees of practicality. You also re-iterated a prejudicial statement about Europe's superiority in this field. Having seen thousands of papers and tools, I easily refuted that showing there was no consistency where the best or even mediocre work was coming from. All I need is those papers, some which had prototoypes or commercializations, to refute those two claims.

""HOL, for example. is a PITA for developers to work with - and that's why very, very few do."

I should've been more clear to mean Isabelle/HOL. I've seen countless stuff done with it. The one that's easier for average developers to learn is use of Dependent Types with Coq. Chlipala has a nice book on that. Heavier stuff can be learned with this one. These topics don't apply to the average developer because they want to throw code together with minimial thought, rarely do any QA, and often with time/focus constraints. The latter force them to use 3rd-party stuff as much as possible. The former's implications mean that 3rd-party stuff is mostly written in languages that are not helpful to your goal.

What the average developer wants is immaterial to this conversation except the Haskell or medium-assurance parts. The high-assurance, mathematical stuff you seek has to be done by skilled people with appropriate training and background. Isabelle/HOL, Coq, ACL2, and others have worked fine for those types of people with problems that can be fixed over time if *enough people cared*.

"to create TLA+, a "much friendlier" incarnation; to create TLA+, a "much friendlier" incarnation; "If you are Amazon you can afford to get a lecture and support (and the prof will gladly hurry to your HQ); unfortunately, very few of us are Amazon."

It was a great example of improving a model-checker to help people with less time or talent. You don't need to be Amazon to follow the guidance on its website. Or Butler Lampson's free book. Or form a group of such people OSS-style building educational resources, example programs, etc.

"So, does the fact, that a given country has a massive community in pharmaceutical research indicate that its population is healthy"

We are talking about practices or tools for creating robust systems. Your claim was a European advantage. That means I need to look at the best tools and most robust systems created to see what their nationality was. They mostly weren't European. That's consistent over long periods of time, too. The heaviest hitters were probably the likes of Dijkstra, Hansen, Wirth etc in terms of correctness vs practical effect where 60's to early 70's European output was huge. It was mostly language-level stuff. Yet, we had Burroughs HW/SW architecture, McCarthy's LISP, & Hamiltons correct-by-construction systems for Apollo program before 1970. Almost no comparison in capabilities or what areas they were successfully applied to. I could easily brag on American superiority there but it's dishonest given most of America wasn't doing that. Most of Europe wasn't either. It was dynamics of individual and group-level activity in action where a few, brave, bright people set out to conquer the hardest problems imaginable. The rest actively opposed high-integrity systems and still do. So these prejudiced statements about nationality conferring advantages are exactly that and only seek to divide us. Good news is great things are currently coming out of U.S., U.K., Europeans, Australians, and so on *working together*.

As we should.

"It's about time to understand - and to understand as non-negotiable and as binding, as the law of our profession - that software must be built no less carefull and no less professional than bridges or airplanes."

Far as that, software is usually allowed to be crap quality either in general or as long as you looked like you put in good effort. This is what markets want because they almost always vote against the high-quality offering in favor of faster, cheaper, pretter, etc. Same with management, owners, and lawmakers taking money from them. So, engineers wanting to succeed in the market should make whatever the market wants no matter what the cost to society. They're not responsible for the damage in democracies and markets that refuse to push proper liability legislation and standards. If they choose & for personal principles, they can try to make something with higher quality. There are those who succeed differntiating that way. It's just a big chance with something like 90+% failure rate. Need fast development, high-quality, and integration of 3rd-party components. Hence me mentioning things like Haskell, Ada/SPARK, or Rust that can do that.

August 23, 2016 5:47 PM

Clive Robinson on Friday Squid Blogging: Stubby Squid:

@ ab praeceptis,

MULs and DIVs ... are among the most expensive ops on pretty [much ]any architecture. Going ASM rather than, say C, doesn't cut out much there

Yes and no. I suspect that I did not make it as clear as I could have. What I was talking about --and Thoth as well-- is doing say 64bit maths on an 8 or 16 bit computer. Most high level languages do not give you access to the carry bit where as assembler always does. Thus an "add with carry in" is a standard assembler instruction and very very fast compared to doing it in a high level language.

Thus to do a 32bit add on a 16bit computer requires four reads one 16bit add followed by a second 16bit add with carry and a couple of writes in assembler. However in a high level language on the same hardware eight reads and masks with four shifts to get the two 32bit values in 8bit format in the low byte, you then have to do four adds, four masks, three branches and potentialy three additional adds and then more masks and writes.

That's why I said the math or word width instructions are very slow in a high level language when the data width you are working with is greater than the underlying CPU data width.

August 23, 2016 5:09 PM

ab praeceptis on Friday Squid Blogging: Stubby Squid:

Nick P

I'm not surprised by that answer. But the real world is quite different from a sofa with 1.000 papers around it. You can and do provide lists upon lists of projects and at times that's useful. However: How much code have you produced in, say, Mercury (which you mention)? Have you searched for and finally hacked yourself syntax highlighting for your favourite editor? Have you used and tested the seemingly nitty gritty details which, however, can make ones day miserable? Have you created bindings for C libraries with it? Have you also analyzed what Mercurys weaknesses are?

HOL, for example. is a PITA for developers to work with - and that's why very, very few do. Don't get me wrong, HOL is a fine tool for some things, but there is a reason why programmers rarely touch it. btw, most not only don't ever touch compcert (a fine verified compiler) but actually even hardly heard of it.

Another example: The creator of TLA went the distance to create TLA+, a "much friendlier" incarnation; and while he mentions some major corps. as reference, it's rarely used out there in the wild. If you are Amazon you can afford to get a lecture and support (and the prof will gladly hurry to your HQ); unfortunately, very few of us are Amazon.

Part of that problem is that software developers are educated (and practically forced to) think in terms of language and compiler. It goes even further: There is a language standard and there is what ones compiler accepts. Guess which one is binding for most programmers.

As for across the ocean and europe, my point isn't that across the ocean they are stupid and have no culture (no matter whether true or false; it's imply not my point). My point is the significance of proper reasoning and a solid foundation (where europe happens to be in a much better position. If it were the lila-lulu polynesian islands I'd say the same). Actually, I'm expecting quite a lot from Russia in the next decade; reason: excellent education, rigorous adademia, solid cultural and intellectual foundation. I'd even go so far as seeing Russia as the "new europe" because we (west)europeans have lost very much and have reached a very sad academic state, except maybe france and, to a limited degree the uk.
The Russians seem to have well kept (over a long winter) what across the ocean hardly exists and what we (west)europeans stupidly and arrogantly let go.

You fail to see factors not to your taste (or experience or self-view or ...). To give some examples:

The decisive factor sadly often is not the quality of a concept (or language) but the "market". If large corps. push sh*t then sh*t is the wid spread normal. Had Ichbiah created Ada as an academic experiment or for a portuguese government agency, it would be dead by now and but a few experts would have heard of it. But he created it for the dod and so it had weight and clout.

Or look at Pascal. Hardly anyone would know about it, let alone use it, if Kahn/borland didn't market and push it (and at an affordable price at that, which probably was the decisive factor for its success).

Another issue you underestimate or judge wrong (imo) is when you name all the projects done across the ocean. So, does the fact, that a given country has a massive community in pharmaceutical research indicate that its population is healthy?

Many of the projects you seem to see as a wunderful example of ingenuity (which is a valid way to see them but not the only valid one) can as well be looked at as late insight after fu**ing up big time.

But in that fat argument block of yours is a hidden very major factor, namely when you mention ISAs. Why? Well, there has been am (understandable) tendency for languages to go along with cpus. As someone so aptly and funnily put it: "At those times we considered a language something to come with a new architecture or processor". In fact, C, or more precisely, its ancestors came into existence for that very reason! While a new hw architecture (or a significantly evolved or changed one) was worked on, a new language for that arch. was also worked on.

So, in a way you answer the question why there were/are so many projects across the ocean. In the end: Because IT was widely *their* technology (and to a large degree still is).

But that was not my point. My point was how to create safe and reliable software from the beginning (rather than starting many projects to cure problems that should have been avoided in the first place).

Extracting it brutally down we arrive at: There is but us and mathematics and proper reasoning (at the other end, let's not forget about that, there are exploding rockets and humans killed by radioactive poisoning ... or maybe soon a hijacked and melted down nuclear reactor).

That also explains why I'm somewhat hard on you and the 1.000 papers.

So, to get back: we have us, humans, and we have mathematics and proper reasoning. That is what it boils down to - and that is what we must build on. To do that, we need tolls - and, very important, a healthy perspective and understanding of our field of profession.

And, if I may remind ourselves, albeit somewhat bluntly: That's what makes us engineers rather than hobbyist. It's about time to understand - and to understand as non-negotiable and as binding, as the law of our profession - that software must be built no less carefull and no less professional than bridges or airplanes.

As long as this is not the accepted and implemented professional standard we may enjoy fumbling but we'll have to worry about this weeks 10 mio stolen passwords or, sooner or later, about a hijacked nuclear reactor.

August 23, 2016 5:08 PM

gordo on Friday Squid Blogging: Stubby Squid:

@r

...a couple fishy things

The reference to "going through this archive" is probably from 2014:

And there’s another prospect that further complicates matters: Some of the revelations attributed to Snowden may not in fact have come from him but from another leaker spilling secrets under Snowden’s name. Snowden himself adamantly refuses to address this possibility on the record. But independent of my visit to Snowden, I was given unrestricted access to his cache of documents in various locations. And going through this archive using a sophisticated digital search tool, I could not find some of the documents that have made their way into public view, leading me to conclude that there must be a second leaker somewhere. I’m not alone in reaching that conclusion. Both Greenwald and security expert Bruce Schneier—who have had extensive access to the cache—have publicly stated that they believe another whistle-blower is releasing secret documents to the media.

The Most Wanted Man in the World
By James Bamford | WIRED | August 22, 2014
https://www.wired.com/2014/08/edward-snowden/

August 23, 2016 5:06 PM

Marcos Malo on Privacy Implications of Windows 10:

When using an OS become like being in an abusive relationship, it's time to leave. Corporate entities have a poor track record in couples counseling with humans.

August 23, 2016 4:59 PM

Clive Robinson on Friday Squid Blogging: Stubby Squid:

@ Nick P, Wael,

The cool thing is I understand most of the non-ASM parts without remembering the syntax.

The thing with "old style" BASIC is it's like your first bicycle, that had training wheels on it. It was designed so it would stay up and you along with it, even though you did daft things as you got over confident.

Actualy writing an old style comand line BASIC interpreter is very easy --certainly easier than writing a full screen editor-- the hard part is realy the memory managment and if you implement it the garbage collection.

The rot set in with "objectification" and Object based BASICs became just one of a plethora of object based languages on which the object model did not sit comfortably. Also with objects came serious bloat and slowness and a myriad of other issues.

August 23, 2016 4:48 PM

Tõnis on Privacy Implications of Windows 10:

"What always stands out to me are the sockpuppets like you spewing crazed nonsense about Microsoft but never a word about AT&T or Verizon or China Telecom."

@hawk, @all

Thought crimes are usually two pronged:

1. Dissemination
2. Possession

Perhaps I don't care so much about what I disseminate, because I'm not sharing nude selfies with contacts who I think are 15 year olds but are actually 40 year old cops. Yes, Verizon sees my internet traffic, but it cannot help itself to my stored files or share them with its law enforcement "partners" the way Microsoft now supposedly will be able to do with a user who is on a Windows 10 box. I care about the files I'm in possession of because a) they're private; and b) I may not even know about every file I might be shown to be in possession of or what it even is.

Dissemination is harder to prove. I don't care what IP this post of mine is coming from. After all, who is really at the keyboard typing it when there's tape over my webcam? On the other hand, possession is easier to prove. Just take some naive sap's unlocked, unencrypted smartphone and plug it into Cellebrite UFED equipment or get Microsoft to give you a heads-up so you can make a surprise visit and take his unsecured laptop. No, thanks.

August 23, 2016 4:21 PM

Clive Robinson on Privacy Implications of Windows 10:

@ Bruce,

... of all the ways Windows 10 violates your privacy.

I doubt it's "all" as it's a fast moving target... Which is fast turning into the worlds largest game of "Whack-o-Mole".

As parents tell their children when playing on the park roundabout "If it's making you giddy then it's time to get off otherwise it will make you cry" appears to be sage advice for those that can.

August 23, 2016 4:11 PM

Ergo Sum on Privacy Implications of Windows 10:

@Reed Wiedower, quote...

Remember, unlike Google, or Facebook, Microsoft's business model is not to collect data to advertise at you. (Both Apple and Microsoft differ from Google/Facebook in this key way) So they definitely don't want to erode trust in that way because it impacts their business model of selling you more software and hardware.

You really should read financial reports from Microsoft, or at least, articles that analyze Microsoft's financial reports.

http://arstechnica.com/business/2016/07/windows-surprisingly-strong-in-microsofts-20-6b-fourth-quarter/

Quote from the link:

Bing, however, was profitable for the full year, and in the fourth quarter its revenue was up 54 percent (or up 16 percent with traffic acquisition costs* included) from a combination of both more searches and more revenue per search. Windows 10's greater use and embedding of Bing was instrumental here, with more than 40 percent of Bing searches in June coming from Windows 10 devices.

*-Emphasis mine...

Guess what the "traffic acquisition costs" refers to? Yup, the free Windows 10 licenses...

@All...

Yes, most OSes and apps do collect "telemetry data" that can be just performance data and everything else. If it's only performance data collected by Microsoft, can someone explain how Bing had more 50% jump in its earning? Maybe I am not up to date on the type of data that valuable for advertisers, but it's doubtful that strictly performance data could increase Bing's revenues that much.

It's sort of interesting that Bing's revenue has increased for previous versions of Windows about 14% during the same time period. It shows, that despite the fact that Windows 7 and Windows 8.x had been retro-fitted with "telemetry" tools, the much larger number of installation base did not result in greater revenue share than Windows 10. In my view, the reason for it that Bing isn't as deeply integrated in the OS. At least, not as of yet.

Starting in October this year, Microsoft will have packaged updates for Windows 7 and 8.x, basically take it or leave it, same as the current Windows 10 updates for non-enterprise versions. I fully anticipate that Bing's revenue from the older platforms will grow substantially by March 2017...

August 23, 2016 4:10 PM

Clive Robinson on Privacy Implications of Windows 10:

@ Hawk,

I agree. MS faces a lot of blind opposition from persons like CR

If that comment is aimed at me then you've picked the wrong target to aim at. Yes I've been calling out Microsoft back from the MessDross days. As for Mess Windoze I've called them out on that as well, having still got copies from Win 1 through to Win 7. But I was not the only one calling them out the US DoJ and various EU courts did the same for the same reasons.

But if you had been around this blog for long enough you would know I've called out other OS's even those that were supposedly secure. So I don't favour Microsoft for condemnation, all consumer OS's and some specialist OS have received my condemnation. In fact you will find a comment on this blog where I clearly state I don't believe any consumer OSs are secure enough to use. Further I'm none to impressed with Tor having pointed out where it has significant architectural flaws that will stop it from ever being secure against the likes of the Five Eyes and in particular the US (google this blog for "all roads lead to Rome").

As for working for MS it's funny you should mention that... long before Mess Dross I had the misfortune to work with them over CP/M on their Z80 card for Apple ][ systems, and I certainly remember Billy Boys open letter over people passing copies of Basic around, and laughing like a drain knowing that in effect he had stolen the idea.

But if you had been around on this blog for a while you would know I've given freely of information so that people can improve their security regardless of their OS or Apps.

But lets be honest about things here, MS Windows 10 Home is bad news and actually very likely to get found guilty of various illegal behaviours in non US courts over it's actions.

But as a side note can you name can you name another commercial OS that has around fifty "telemetry servers" addresses hard coded into it?

Likewise can you name another comercial OS that forces mindlessly large downloads on users who most asuradly do not want them?

I could go on with a very long list of things Microsoft have done and are doing to users that other commercial OS designers/developers do not do.

But at the end of the day I still use MS OSs I just ensure that they can not breach the legal duties of confidence I'm legaly required to keep. Part of that is not "upgrading" beyond XP in most cases. The fact that all but one of the MS OSs I use has been orphaned by Microsoft is neither here nor their as far as I am concerned, they still do the jobs they are required for admirably. Thus I have no need to climb into Microsofts "hamster wheel of pain" of endless upgrades and patches and thus have more time to use constructively in other endevors.

At the end of the day it's your choice to climb into that hamster wheel, if you wish to not mine. But as I'm charitable I will help you make it's use safer so neither you guts spill or your unmentionables get displayed to the world. But it's up to you to ask, as many others have. It realy is your choice and your choice alone to ask or not, but I would ask you not to condem me for helping those who have asked, that realy is not helping anyone, including yourself.

August 23, 2016 3:55 PM

Nick P on Friday Squid Blogging: Stubby Squid:

@ ab

"We humans are not computers. Besides the fact that we still know regrettably little about how we do think, we have strong reason to assume that we think very differently from computers. It is **us** around whom the whole model should circle, **us** - not the cpu. "

This is true. It's why high-assurance systems almost always use a combo of English specs, formal specs that are machine-checked, and matching implementation also machine-checked. The combo has done the best in real-world examples. It's especially important to constrain the design and implementation to what's easily analyzed. It was hierarchical layers of finite-state machines in the past with statically-typed, functional stuff w/ side-effects in one FSM these days.

"Concrete example: I've yet to see an programming tool that allow us to mathematically formulate an idea and to then spit out code."

There's a ton of those. The two that heavyweights are using the most are Coq and HOL. Both have extraction mechanisms that produce code equivalent to the mathematical expressions in them. The CakeML team have expressed a HOL prover, first-order logic, ML variant, LISP 1.5, machine code of several ISA's, and a compiler to those from HOL. Before that, Prolog was used to express problems in first-order logic with heuristic search solving them. I recently discovered a compiler done with a mix of Z specs and equivalent Prolog statements. Mercury added functional concepts to improve on it. Long before all this, the woman (Margaret Hamilton) who invented sofware engineering did something similar (001 Toolkit at htius) with a logical, specification language that semi-generated design then autogenerated code, tests, and traces. It's been done many times over in hardware with ACL2, DDD toolkit, and recently in HOL via CakeML people.

Advances have been increasing past few years do to combo of great provers and powerful desktops. Yet, mainstream engineers just aren't interesting in messing with them. The result is investment into lightweight methods that enchance functional programming for easier verification and efficient compilation. COGENT is best example of past year or two with ext2 filesystem redone in it already. Haskell with QuickCheck and QuickSpec are kicking serious ass in terms of productivity, correctness, and performance. Combining Haskell ecosystem with Cleanroom development methodology is probably closest thing we'll get to your vision for most programmers. For the average ones anyway.

"(That btw. is also one of the reasons why I again and again mention the cultural and intellectual foundation that seems to be *much* stronger (and more rigid) in europe)"

Europeans tried this here before. I pointed out we invented high-assurance, software engineering (see Hamilton et al in Apollo & Burroughs) and INFOSEC (Anderson, Burroughs, and Schell). The best demonstrators were created in America with good work in UK and Europe in parallel. Tons of them in kernels, crypto, compilers, language models, protocols... you name it. U.S. (esp separation kernels/crypto/CPU's/langsec), U.K. (esp Cambridge CHERI), France (esp Gallium CompCert/Coq), and Australia (mainly NICTA seL4) did the top-tier results recently. As of today, the same groups that did the previous ones are still doing good ones with a few, scattered results popped up in more places. Medium assurance is all over the place in more scattered form. There's no clear winner on nationality.

So, I call BS on whole, prejudiced claim. I have thousands of papers on the topic. The only thing I see consistently is: (a) quality of academic center involved, (b) desire to focus on high-robustness developments, and (c) having teams that follow through on that. It can happen anywhere so long as they start with the right theory and worked examples with help from a specialist. Occassionally, some smart person in an environment without (b) or (c) gets amazing stuff done. Occasionally, that creates (b) or (c). Rarely, someone without (a) just dreams it could be better and does what they can. That's it. There's no European advantage given the above. It's just bright people taking on hard challenges where neither the brightness nor hardness represent most of what goes on in that country.

August 23, 2016 3:26 PM

ianf on Friday Squid Blogging: Stubby Squid:


@ Robert Gu,

I'm not interested in this particular paper, but in basic computer forensics. As you've already downloaded 3 versions of it of slightly differing lengths, did you

1. check the files' CREATION dates
2. cat * | strings | diff (symbolic syntax)

to gain an insight into what you were served? It's a mystery to say the least.


At the risk of causing another "you suck all air out of this forum" T'ACCUSE!, I was confronted with a somewhat analogous situation lately. While browsing through an education QUANGO's website, I discovered 3 versions(?) of the same ~13MB downloadable file. They were named:

…/media/document.pdf
…/media/document_1.pdf
…/resources/files/document_0.pdf

I downloaded all 3, then checked their sizes and creation dates. File 1 and 3 were the same size, different dates. File 2 different size, close-enough date to 1, seemingly an alt. version. The size diff was on the order of a kilobyte.

    I decided to notify the NGO of it, and EXPLICITLY stated that IF they remove the superfluous duplicates, THEN they should create symbolic links to the remaining file with current filenames SO AS NOT TO BREAK ANY BOOKMARKS for these elsewhere. I even provide them with the correct syntax for that on both OSX and CLI Unix.

I receive a thank you note from a secretary informing me of her forwarding my note to the correct party (not listed on the web).

I thank the secretary and invite her to keep me informed of everything that happens at the office, "no issue is too small," very polite et al. Last I hear from them, I think.

I am wrong. A week later I get a letter from a titled systems support person explaining that they used to maintain a tiered website, etc excuses. I do not respond.

Sunday, on a hunch, I again try all three files. The first is there, the other 2 are 404'd. Symbolic links apparently are Satan's gift to Mankind.

You'll can breathe in now.


@ Thoth RE: advertising

To paraphrase an advert that once was all over the MTV:

    been there
    done that
    NOT doing it again

I don't think your product(s) are suited to be promoted by advertising. Besides, clever slogans are a dime a dozen… the real work is in identifying and reaching the correct target group. A tall order in your narrowly specialized game, and, HEAR THAT, due to confirmation bias, it's not sure that you are the one most suitable to focus on it.

(Not quite in context, but I recall this marketing case example: a small factory made thin profiles out of metal foil. Then all such was "outsourced" to Taiwan, bankruptcy loomed. The owner went for advice to an ad/ marketing agency, he only had a miniscule budget for that. Let's do this, they said: fold your gold foil profile into a picture frame. We'll put in a Jubilee picture of Our Queen Beatrice, and pay for a full page ad in a family weekly a percentage based on incoming orders. This single ad generated so much business that he was able to prosper and then some.)

August 23, 2016 3:25 PM

Borked Agin on Privacy Implications of Windows 10:

@de La Boetie


"You are supposed to get Enterprise, the W10 Pro is not Pro at all. That's what the main problem is, the retail versions don't include anything equivalent to the Enterprise functionality."

There are several websites touting a totally easy and free version of W10 ENTERPRISE by merely copy-pasting a generic key into the activation setting.

WARNING from ONE WHO MAKE THAT BIG, BIG MISTAKE:

If you do that, you have just borked your 'puter.

The watermark warning in the lower right corner is a subtle beginning. However, you now cannot update the system, the warnings and black screens start to increase geometrically, there is no way personalize your system, certain settings become locked with no obvious way out of it. It is a bad, bad, bad thing to do.

The ONLY fix is a complete reinstall from scratch. grrrrrrrrr.

Guys, don't do it. Seriously.

btw, a legit key is about $400, but only available to corporate customers. So much for free Windows 10 forever.

August 23, 2016 3:23 PM

ab praeceptis on Friday Squid Blogging: Stubby Squid:

@ Gerard van Vooren

"Your post got me triggered. I think I am gonna write a 5 page blog about what I call the Hydra problem and why fixing one issue doesn't solve anything."

Oh, thanks so much for the compliment; and it *is* a very major one because there isn't much one could strive for more than to trigger the professional brain of a colleague (in a forum like this one). Thank you.

The only grain of salt: If only I knew which of my postings you're referring to *g

In case you are interested (and willing to hint me to it) I'll gladly read and/or comment and/or engage in a discussion on the matter on your blog


@ Nick P.

Funny. When I was a "cool" greenhorn I always smiled at an older colleage who worked in Basic, which, of course, I considered uncool.
Later I was hinted that that man had created major pieces of software for airline management and that they loved him because his software (unlike most) had almost no flaws.

While I still think that writing an OS in Basic is a very poor choice , I have learned some important lessons with that man, among others that arrogance should at the very minimum be based on professional merits and standing rather than on "I'm a C hacker, ergo I'm cool and Basic guys are but hobbyists".

Today, I have to confess, that I was the idiot, not him.

It took me many years to not take for granted that image (of a language) and PR do translate to quality and that a "baby language" can offer a damn grown up compiler while some "adult pro languages" can be condemned to have lousy compilers, if alone for vage "standards", leaving much to the understanding or even the will of any compiler builder.

But there is more to it; that hole goes way deeper.

We tend to consider a compiler to be a tool that transforms a human grokable language (representation of cpu instructions) into binary cpu instructions.

Looking closer one notices (or not ...) that the crux is built into the definition: 2 times cpu lingo, one "human grokable".

Problem: We humans are not computers. Besides the fact that we still know regrettably little about how we do think, we have strong reason to assume that we think very differently from computers. It is **us** around whom the whole model should circle, **us** - not the cpu.
Because it is us who think about problems and solutions, it is us to formulate needs, often quite IT ignorant (e.g. client talks to IT architect), it is us to ponder paradigms and formulae.

Code is but the last output. The real process takes place between humans and within human brains. Hence, we must rethink, we must understand that a programming language is *not* a human grokable version of what the cpu wants. It is, or must be, a dual, a two-faced transformation mechanism/tool. First - and way more important than the cpu end - it must be an interface to humans. It must allow to formulate as a minimum solutions in a way humans tick. Only at a later step that gets transformed into cpu lingo.

Concrete example: I've yet to see an programming tool that allow us to mathematically formulate an idea and to then spit out code.

We have sage and the like or tla/tla+ and we have a plethora of programming languages - but we don't havea human centric tool that allows us to specify a problem, to formulate ideas, to tinker with them and, once we are satisfied, to push the "generate code" button.

The way I see it today is that we are not that much of a distance away from people flipping switches on a hex console. Almost all those superduper languages are but glorified, rubber coated, funnily painted switches on a hex console. Funnily, one still wide spread criterion for "professional" and "geek" actually is to have rather primitive console switches (e.g. C) while the few attempts to create real programming tools (albeit in the form of a language) are either all but dead or frowned upon.

(That btw. is also one of the reasons why I again and again mention the cultural and intellectual foundation that seems to be *much* stronger (and more rigid) in europe)

August 23, 2016 3:18 PM

Nick P on Friday Squid Blogging: Stubby Squid:

@ Gerard

I found another Oberon compiler I didn't know about: Vishap Oberon Compiler. Github here. It compiles to C as usual cheat for portability & efficiency. A nice chart shows unmodified source can already run on quite a few ISA's & OS's with enough claimed efficiency for use on 8-bitters. Through it, I discovered another interesting page with some books I didn't know about worth following up on. Finally, also found out Wirth has a language specifically for PIC's: PICL. It has clear advantages in readability & error prevention over the assembly with the compiler being about 6 pages of Oberon in 2 files. Per its news section, the VOC compiler above was used to port PICL to Linux desktop.

So, some interesting stuff altogether.

@ All

The essay, Oberon - The Overlooked Jewel, does a great job explaining the motivations and accomplishments of various projects in that sphere. Just over 10 pages so quick read. It was clearly ahead a number of times with many some key technologies of modern era re-inventing it without attribution. I particularly think both JVM and WebAssembly are garbage compared to the Slim Binaries of Juice project referenced in this article. It was a perfect for the time foundation for mobile code with all the right tradeoffs. Also, I knew the school ran on Oberon but not that even their printers used it.

August 23, 2016 3:18 PM

Grk on Privacy Implications of Windows 10:

@hawk

Maybe because this is a thread about Windows 10 - a MICROSOFT product?

It isn't an AT&T Product. It isn't a Verizon Product. It isn't a China Telecom product.

It's a Microsoft product.


Shill elsewhere.

August 23, 2016 3:12 PM

Ginger Breadman on Privacy Implications of Windows 10:

"Privacy Zuckering verb:

Creating intentionally confusing privacy policies —à la Mark Zuckerberg—to sucker users of social networking sites like Facebook into exposing valuable personal information."

From Wired magazine: Jargon Watch

You really don't need to use FB or Google. Even if you do, there are some controls that you can use to make sure your most private data stays that way.

Not so when the OS is secretly cooked to record and save your every word, keystroke, password, and data point entered.

Now MS is applying Zuckering principals to change the privacy rules on the fly, taking more and more with every tweak.

It's not right. We all know it's not right. But, based on those who have gone before MS, apparently it's all 100% legal.

And, let's not say Linux is a real choice for the vast majority of users.

That leaves Apple OS systems, ...maybe.

In any case business and government will be using Windows for the foreseeable future, thus setting the trap for hapless workers who aren't IT wizards.

August 23, 2016 2:59 PM

chickenhawk on Privacy Implications of Windows 10:

BUT WHAT ABOUT ISPs, WHAT ABOUT THEM? THEY SUCK TOOO!! Very convincing, hawk. Guess what, nobody trusts Microsoft, even after your spectacularly lame riposte for simpletons. Ever wonder why?

Now, emboldened by his incongruously macho name, hawk tries to tell us resistance is futile, Tor or i2p or FREENET or GNUNET or VPNs will get you in trouble, which evidently deters sniveling Microsoft bitches like hawk, if not people with a semblance of balls. Hawk wouldn't dare spoof a user agent or poison fingerprint data. He's too dumb for linux.

So, hawk, you're such a cyber big shot who pooh-poohs the very notion of privacy, hack me. Without getting pwned and doxxed to ignominious 4chan fame.

But seriously, are you so in need of an identity that you're reduced to identifying with a shitty mass-market consumer product? Can't you be like other lost souls and wave your pom-poms for the Red Socks or whatever?

August 23, 2016 2:46 PM

hawk on Privacy Implications of Windows 10:

Microsoft is always getting bashed here. Even though ISP's will provide authorities with everything and anything about you and without resistance, Microsoft's pushback gets dissed as PR.

If it weren't for Microsoft we'd all be stuck back in the 80's. The .NET framework makes Java look like road kill.

I wasn't born yesterday. I can't help but think all the Microsoft-is-evil crap has just a little bit to do with a sore loser IBM cloud wannabe.

August 23, 2016 2:20 PM

Nick P on Friday Squid Blogging: Stubby Squid:

@ Wael

Yo man, check out what they did in the "baby" language I was using a while back: Frost OS. Looking at kernel, spinlock, and some other files was interesting. The prototype nicely mixes high-level, readable BASIC with occasional, inline ASM for lowest-level stuff. Also wraps the latter where possible to make the calls type-safe. The cool thing is I understand most of the non-ASM parts without remembering the syntax. Something I have trouble with when looking at arbitrary C or C++ apps after being away from those languages for so long. ;)

August 23, 2016 2:19 PM

de La Boetie on Privacy Implications of Windows 10:

Perhaps the sea-change for the discerning here is to move to a fully Virtual machine environment based on an Open source host (also including Qubes).

That way, you can run Windows, or any other "social/spying" operating system in an appropriate environment for your purposes. This may include zero networking, or it may just be used for particular personas or applications you want to operate.

Either way, it should not get unfettered access to your local file systems and keystrokes, nothing closed source should do so.

What does annoy me in the W10 upgrade is that, for example, it is a downgrade for W7 Ultimate users, it does not include things like AppLocker. You are supposed to get Enterprise, the W10 Pro is not Pro at all. That's what the main problem is, the retail versions don't include anything equivalent to the Enterprise functionality.

August 23, 2016 2:17 PM

r on Friday Squid Blogging: Stubby Squid:

@Who?

No apologies, my noise level does me a diservice sometimes.

http://www.reuters.com/article/us-intelligence-nsa-commentary-idUSKCN10X01P

There are a couple fishy things being stated in that article,

The first being that snowden's current copy in russia is 100% ANT free.

The second being that snowden claimed he ditched all his data before traveling past HK, this may be minor as it could've been reconstituted but how then does he have an archive in russia?

The third, curl http://nsa.gov

Was something embedded on that website so deeply that it still needs to have it's front page kept down?

Sometimes the best place to hide something is in plain site.

August 23, 2016 1:56 PM

hawk on Privacy Implications of Windows 10:

@Micoflaccid

What always stands out to me are the sockpuppets like you spewing crazed nonsense about Microsoft but never a word about AT&T or Verizon or China Telecom. You don't have the foggiest idea what you're talking about. Please tell how you're so smart hunkered down in the basement on your air-gapped box and the data diodes. Nuts.

August 23, 2016 1:45 PM

hawk on Privacy Implications of Windows 10:

Your ISP already knows everything about the websites you visit. You don't even know what the MS telemetry data is. You think you can use a different browser on a Linux machine and no one will know? Even back in the XP days websites popped up ads based on your searches and your browsing. You can't even be sure of privacy with a smart card and VPN or with Tor. All you accomplish is making it look like you're a terrorist. And everything is Microsoft's fault? WTF

August 23, 2016 1:36 PM

Gerard van Vooren on Friday Squid Blogging: Stubby Squid:

@ ab praeceptis,

Your post got me triggered. I think I am gonna write a 5 page blog about what I call the Hydra problem and why fixing one issue doesn't solve anything.

August 23, 2016 1:14 PM

Who? on Friday Squid Blogging: Stubby Squid:

Well... I have read somewhere that dates on the stolen NSA hacking tools match the time Snowden left the NSA. Don't remember the source, too much has been published in the last days about this incident. It is an odd fact that supports your idea on these tools being part of the Snowden archive.

I really hope these tools are not in the hands of black hats (Snowden or the people with access to the archive would not do that, right?). If not, the code should be released to the public or, at least, to security experts and manufacturers so these bugs are finally fixed. I do not trust, however, in the way small subsets of the community manage security incidents, sometimes hidding fundamental information to the right targets (e.g., OpenSSL hidding bugs to LibreSSL in the past).

Sorry, I missed your article. Will look for it right now.

August 23, 2016 1:10 PM

Sasparilla on Privacy Implications of Windows 10:

The announcement of impending change of the Windows Update system on Windows 7 & 8.x to the Windows 10 type update system pushed me enough. Last night I downloaded and created several Linux install / run DVD's and will look for one that actually successfully runs on my PC computers. If I can get one to work, I'll go to dual booting Linux and keeping the Windows partition only for the occasional gaming I do. Will try to do the disable WU and use security only method if that is available:

WSUS Offline Update, Autopatcher or PortableUpdate.

"There has been no effective legislation to deal with the mass surveillance disclosed by the Snowden documents, and the partnership of Microsoft and others in surveiling users on behalf of intelligence agencies and federal police"

@Ross Snider - I think one could argue that things have gotten worse since 2013, although we somewhat know about it now. The law allowing companies to be able to share any data (without liability) directly with the NSA passed just after Windows 10 came out always seemed like way too much of a coincidence to me - knowing what Microsoft had done with them before.

While those reading and commenting here can probably do something (for the most part) about being stuck with Windows on their PC, 90% of the market will not - its still a monopoly at the PC level - and Microsoft will be happy to see us go (less people complaining).

Here's a good article (bit of a MS mouthpiece but the details are good) on turning back the telemetry on Win 10 for those stuck with it (remember this is just the telemetry part, it has other parts that are talking back to home base), it defaults to sending home everything:

http://www.zdnet.com/article/windows-10-telemetry-secrets/

https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services

August 23, 2016 12:53 PM

r on Friday Squid Blogging: Stubby Squid:

@Who?

The longer this goes on the more I am finding myself inclined to believe it's part of the Snowden archive, or at least - a subset of it that was fleshed out early.

If you look at the article I posted yesterday from the reuters commentary there's some fishing sounding stuff.

There's alot of minor co-incidents surrounding this, I wouldn't be suprised if there's more than one disinformation campaign making the rounds.

August 23, 2016 12:47 PM

Microflaccid on Privacy Implications of Windows 10:

Microsoft has ordered the sockpuppets over the top to get mowed down, hawk, reed, et al, and predictably, none of them address the actual problem: nobody trusts Microsoft. Microsoft thinks it's their machine, not yours, and they've already shown that they will use it to rat you out to the government. The only way Microsoft can palliate this problem is with manipulation and coercion, so naturally those are the two core functions of their new operating system.

Now when people can conveniently choose a replacement,

https://www.virtualbox.org/
https://distrowatch.com/

Microsoft is terminal. Their market is powerless victims: cubicle serfs, big-box lumpenproles, underdeveloped countries. Do the compassionate thing, just pith Microsoft.

August 23, 2016 12:46 PM

ianf on Privacy Implications of Windows 10:

parabarbarian: welcome to your future with Microsoft; where your every action will be monitored and regulated by computers you do not control
You've got the correlation wrong: MSFT does not want to regulate your computer/ browsing usage, it wants to mine the content of that so it can extract a mesh of keywords describing your interests. Which, TOGETHER with your unique browser/ device fingerprint, it then can sell to the ad industry WHILE YOU ARE BROWSING THE WEB, so that you'll be served just the "appropriate" kind of ads in real time (well, in theory anyway).

That's the present intrusive commercial surveillance model, who knows what will come after that?

A CONTEXTUAL ANECDOTE: I mention this to a friend during a Skype session, why I'm giving up on Skype, that MSFT analyses our voice exchange and weeds out keywords to add to our amalgamated fingerprint profiles (also in this case identified by mail addresses).

    If you speak of ThisBrand car model, you are bound to start seeing many more ads for it in the near future, I said.
    "Really? So if I say BrandX, BrandX!, BrandX!, they'll show it to me?"
    Never heard if it, I say, but probably.
    "They make 35 units a year, used to make 17-18."
    In that case, you don't have to worry about being inundated with their ads, they already sold the entire production run for the next several years.
    "True, I'll have to go see it again at the Geneva Car Saloon."

    CONCLUSION: there are limits to usefulness of keywords harvesting.

August 23, 2016 12:46 PM

Ano on Privacy Implications of Windows 10:

but gathering telemetry data on application crashes and OS hangs seems like exactly the sort of thing anyone deploying a widely-used operating system *should* be doing.

Bob, this is HR. Why did this pornhub app crash on your computer over 30 times this morning? You're supposed to be working on that kernel driver!

You say you have nothing to hide. Shall we test that theory?

On another tack: Does it include arguments? If I run mariadb batch mode with userid & password command-line arguments, and it crashes, does microsoft know my userid & password? What about memory dumps from a crashed program? Can microsoft extract my encryption keys?

There's plenty of stuff I want to keep to myself. Medical records, future research projects, those special pictures with my wife.

This is why app crashes & OS hangs telemetry are usually opt-in and not mandatory!


Cortana is opt-in

Not anymore!

July 27, 2016: https://tech.slashdot.org/story/16/07/27/1714213/you-cant-turn-off-cortana-in-the-windows-10-anniversary-update

Quoting from one respondent:

In some ways this is more honest, it's been demonstrated that the OS will talk to 107 domains whether or not some switches are toggled in the Control Panel to give the illusion of privacy.

Please remember, Win10 overrides the local computer's hosts file. You need to block all 107 (known so far) domains at the router!

 

I believe it was said best by Darth Vader: I am altering our deal. Pray I do not alter it further.

Actually, I'm praying they do alter it further. I have popcorn! After the taskbar advertising, forced upgrades, click X to upgrade, ... you know, there's just too much to list here ..., etc. I can't wait to see what happens next. This is better than TV!

August 23, 2016 12:22 PM

Ross Snider on Privacy Implications of Windows 10:

The EFF article fails to mention that the privacy policy for Windows 10 explicitly lists law enforcement as a partner that will have access to your data. Combine that with the list from the EFF: geolocation, voice input, text input, programs run and during what times, visited websites, etc.

No thank you. There has been no effective legislation to deal with the mass surveillance disclosed by the Snowden documents, and the partnership of Microsoft and others in surveiling users on behalf of intelligence agencies and federal police ("FREEDOM Act" wasn't effective legislation).

Until there's some legitimate action protecting me from third party abuse I minimally engage with these companies and encourage others to boycott them and will communicate explicitly that Microsoft's terms of use give state police copies of everything you do on your Windows 10 Operating System, including what programs you run, what websites you visit, and what you type into and say near your computer.

August 23, 2016 11:48 AM

Tony Vance on Research on the Timing of Security Warnings:

@ vas pup

No, MRI works by placing a single person into a bore of a giant electromagnet. Also, it works best with a controlled experiment in which you can compare brain activity among experimental conditions.

August 23, 2016 11:32 AM

Nix or Nothing on Privacy Implications of Windows 10:

Disabling yet another Win10 "feature"? Yeah, honey, keep slapping more makeup on that black eye. Tell the nice officer that you walked into a door. Tell the nice doctor that you fell down the stairs. Tell everybody that he's just "misunderstood".

August 23, 2016 10:50 AM

Who? on Friday Squid Blogging: Stubby Squid:

What I will say now may be unpopular and, perhaps, even completely wrong.

Now that a second "hacker" has the stolen NSA hacking tools on sale for $8,000 USD:

http://bgr.com/2016/08/22/nsa-hacking-tools-1x0123/

I think the FSF, WikiLeaks or whatever should buy these tools and release them to the public so these bugs and backdoors can be identified and, whenever possible, fixed forever.

The way the NSA has managed this issue shows that NOBUS vulnerabilities do not exist, either because adversaries may have enough computing power or because they may stole the keys to exploit these vulnerabilities.

Now that these powerful hacking tools are out of the NSA control what can we do? Let cyberterrorists and wrongdoers use them against multiple targets? The NSA must act responsibly if "national (or "international", who cares!) security" is one of their goals.

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.