* Posts by Charles 9

7492 posts • joined 10 Jun 2009

RIP ROP: Intel's cunning plot to kill stack-hopping exploits at CPU level

Charles 9
Silver badge

"If malicious code is running you already lost."

Then the war is unwinnable because you MUST assume malicious code is already running. We need to change the model to assume (like in the real world) the system IS potentially compromised and find a way to keep running DESPITE it.

1
3
Charles 9
Silver badge

Re: Silver Bullet

OK, so how do we fix Dave when You Can't Fix Stupid?

0
2
Charles 9
Silver badge

Re: "If they don't match, then an exception is raised..."

"This is where I begin to wonder, if the part above can be borked by a 2-pronged attack...??? Hackers first find a loophole in the 'shadow watcher' and tackle that (sidestep CET)."

To do that, they'd have to find a hardware exploit since they're talking about something directly in the CPU.

"Zooming out to macro level for a sec... The Bangladesh-Swift Sony hackers, intercepted the return confirm and manipulated that to make it seem like the transfers were legit (hence no exception thrown). Could the same happen here?"

Only again by a hardware exploit since that would involve intercepting a memory bus, something much harder to do than a network or device bus.

"What I'd like to see is a hardware based LOCK system to prevent any manipulation of code whether its on hard-drive or in memory. The whole idea of self-modifying code is a disaster anyway. But Imagine code that was fixed like an original DVD. That's how it should be from disk to memory. Data on disk should be separated from code permanently and at a hardware level, so any weakness in OS can't be exploited."

You're calling for a Harvard architecture. But much as you hate self-modifying code, it's essential in certain restricted environments or those where speed is essential. Without the idea that code is data and data is code, you couldn't have things like a JIT compiler, for example.

"The process of installing apps i.e. pressing a fixed DVD, would need to be a special process. You don't want it to be cumbersome for users but it also can't continue down the path of silent installs."

Problem here is that you run into an Unhappy Medium. Since Users are Stupid (and You Can't Fix Stupid), there's a need for silent installs of mission-critical stuff like security patches. Meaning you have an overlap where NO ONE is happy.

"But if a program wanted to install itself or update code, I'd like to think that the user would be forced to do something physical like insert a master USB key / turn a physical key, something eternal, so that users better appreciate that what we have right now with UAC is oversight done by painting in water."

And then people just lose their keys and complain.

2
1
Charles 9
Silver badge

Re: this is all very well but...

"more than 5 files got modified in the last 0.1 seconds"

This can happen when you copy a bunch of small files. Too much risk of false negatives resulting in click fatigue (think UAC). Also, smarter malware can just "smurf" and encrypt things slowly to stay under the radar.

"warn against running executables in zip files"

They already do that as far as it goes. It warns against running files just downloaded (shows the signature if it has one), warns against running things off a network, and so on.

"And how about getting rid of the feature in Windows that hides the file extension, so "file.doc.exe" doesn't show as "file.doc"?"

That's mainly to prevent unintentional extension altering, which casual users may not have the skill to undo. Anyway, e-mail programs and archive managers (the main conduits for this trick) show the extensions.

"I'm pretty sure that better Antivirus hooks and cleverer email programs (so obviously not Outlook then) are the key to reducing malware attacks."

Smarter malwares target and disable these or just go above them straight to the kernel where they can't be dislodged. Some even go into the BIOS, MBT, or EFI, making them nuke-proof.

But in the end, as you say, until a better human comes along, this is the best we can do.

1
0
Charles 9
Silver badge

A direct push before a register pass still allows for this. It's one reason modern chips keep larger numbers of registers. Excessive recursion will overflow the stack no matter what. There's also concepts like placing parameters in a structure and passing a pointer to it by register (rearranges the parameter transfer a bit but makes for a cleaner stack).

0
2
Charles 9
Silver badge

"Because in (almost?) all programming language implementations the stack also contains data (local variables)."

And last I checked, there are plenty of alternative ways around that. If the parameters are popped into registers or local memory when the function starts, that gets around it. Passing by register for low-parameter-count functions is an option, too. If this is the price for having a hardened stack, it may be worth paying. As I think about it, do CPUs these days also check for 1:1 stack use by functions (checking that SP at CALL = SP after RET) to guard against stack misalignment?

What you propose is basically a variant of Intel's idea, BTW (the shadow stack is your call stack). They probably can't do a full separation for legacy reasons since the logic in most CPU architectures is that RET pops the return address.

As for catching overflows, that's a nontrivial solution since functions may be required to work on items outside of its local context (pointer dereferencing, for example), creating conflicting issues of context. Due to the architecture, bounds checking has to be left to the code itself, especially when speed efficiency is required.

4
3
Charles 9
Silver badge

Is there a reason no one's tried to introduce a guarded stack: one that can ONLY be manipulated by PUSH's and POP's such that any attempt to smash or otherwise alter it throws an exception? If you can flag a "shadow stack" as protected memory, why not just flag the ordinary stack as protected?

2
6

Even in remotest Africa, Windows 10 nagware ruins your day: Update burns satellite link cash

Charles 9
Silver badge

Re: If you use Microsoft products...

I'm just saying that for many people the application comes before the OS, regardless of what anyone else may say or do. If you wish to make people change their OS, you have to solve the application problem first, and while things like WINE and VMs provide some outs, it's not a 100% solution or even a 50% solution. Hardware can have Windows-only drivers and are too custom to be supported elsewhere (like industrial C&C interfaces--very custom stuff probably running on antiquated hardware: two strikes against virtualization). It's basically the Network Effect.

0
0
Charles 9
Silver badge

Re: Simple answer: Don't use Windows.

"And, again, "but, but I can't run this game on anything but Windows" just means you can't run that game. The price for running Windows has always been that one gives up freedom and sponsors crime."

Well, then, if you expect people to stop sponsoring "a criminal organization" as you put it, you need to put forth some alternative options. Telling people to stop committing crime is a waste of breath if there are no honest options available.

0
0
Charles 9
Silver badge

Re: Preventable.

"This could be prevented by replacing the operating systems of donated computers with suitable open source alternatives that allow greater user control. For example, Ubuntu is freely available, regularly maintained, and was conceived based on African values. Why not?"

Probably because they need specific applications to work...Windows-ONLY applications. Unless you can deliver the total package (OS AND Applications), you won't be able to get people to jump ship.

1
0
Charles 9
Silver badge

Probably because lots of people are locked into Windows-only software with no viable substitutes.

0
1
Charles 9
Silver badge

Re: Should be running CentOS or some other LTS Linux

Have you ever given thought to the possibility their key software may be Windows-ONLY? Meaning they CAN'T jump?

3
2
Charles 9
Silver badge

Re: If you use Microsoft products...

Trouble is, in many cases, a viable substitute ISN'T available. For example, serious gamers can't really jump to Linux without abandoning access to a vast number of games: especially new headliners that aren't WINE- or VM-friendly. And you can write the developers all they want; some like Bethesda (Fallout 4) have sworn off Linux as too complicated to develop for (because it isn't united unlike on MacOS or Windows). Plus once DX12 games come along, there will be new translation headaches (especially since DX12 is closer to the metal and may not have substitutes even in Vulkan).

2
3

Ad-blocking super-weapon axed by maker for being TOO effective

Charles 9
Silver badge

Re: Why ?

"What we are seeing here is a major limitation of the existing web/internet protocols. IP (v4 and v6) has no real concept of network quality and so is unable to feedback to a source that it is trying to feed a 1mbps data stream into a 56kbps pipe."

What you are seeing is a major limitation of a network where there's no overlord. Plain and simple, if someone insists on being sent, they'll impersonate a high-priority packet or just wrap the whole business in encryption so you can't tell what's what (and since at least some encrypted connections are high-priority like time-sensitive financial information, you can't de-priorititize encrypted traffic in bulk). About the only way you could defuse this is to create a completely-stateful internet where everything can be identified (but then that defeats the anonymity factor that makes the Internet so appealing at times).

0
0
Charles 9
Silver badge

Ad men ∈ Spammers.

0
0

Why Oracle will win its Java copyright case – and why you'll be glad when it does

Charles 9
Silver badge

Re: It is Fair Use!

Oh? Then explain why you can't get the colored books on optical discs (like the Red Book for audio CDs) for free (those are APIs as well).

0
0
Charles 9
Silver badge

Re: APIs vs Copyright

A trademark ONLY applies to things that are used to identify you as a business. The Java Coffee Cup, for example, is a trademark. The specific depiction of the word Java and its use in a particular context are trademarks. And API cannot be trademarked because it's not used to identify it. That's a matter of copyright, but in matter of things that necessarily have to be public, Fair Use applies as in that verdict in May.

0
0
Charles 9
Silver badge

Re: Multiple points

Trade secrets violations are a separate matter from copyright. A trade secret violation can invalidate a copyright because the original work that got stolen would carry an implicit copyright under the law. If this can be proven. the thief gets a double-whammy: trade secret AND copyright infringement.

0
0
Charles 9
Silver badge

Re: This article conflates two important issues

"That has already been decided by the courts, and the answer is a confirmed, settled and now indisputable "Yes"."

Cite the case law, please, if there IS such a precedent.

"Google have already been found guilty of doing this, and Google have lost all avenues of appeal on this question. You don't need to browse the code yourself, the document that matters is the court judgement stating that this has happened."

Again, cite it, please. Highlighting the pertinent section where they can prove beyond reasonable doubt that the code was copied direct from Sun and not clean-roomed.

4
1

Get ready for Google's proprietary Android. It's coming – analyst

Charles 9
Silver badge

"Why would they need the code from the chip makers? They would give the chip makers an API and they would supply blobs that implement it just like they do now."

Except these blobs would go straight to Google, not to the manufacturers. That's the reason to take it proprietary: to take control of the OS away from the manufacturers and put it square in Google's corner the same way iOS is all Apple. Thanks to things like Stagefright, Google's potentially on the hook (since the exploit code is in Android itself, NOT in the driver blobs) unless they can control the update channel, and the only way to control the update channel is to take control away from the manufacturers. There's no other way around it because the manufacturers in this case will be actively interfering (because they want a Captive Market so they can tell customers, "Your phone is obsolete. Time for a new one *ka-ching!*").

0
1
Charles 9
Silver badge

Re: The more closed Android becomes ...

Sorry to send microwaves to your tin hat, but ALL US phones are subject to the Patriot Act. Submitting is a condition of being allowed to sell in the US.

0
0
Charles 9
Silver badge

But doesn't ART still rely on the same Java-based API as Dalvik, only it's compiled instead of interpreted?

0
0
Charles 9
Silver badge

Re: It isn't like Google has the only maps

Plus there's the matter of context linking, where a map search has a logical connection to a Web search, a contact search, and so on.

0
0
Charles 9
Silver badge

Re: Hopefully leads to devices getting patched

"But accusing the world's medical scientists of a global conspiracy to keep cures off the market because profit is more important to them (the scientists themselves, not the companies) than saving lives, with zero evidence, is a whole new step into tin-foil hattedness."

Who pays the scientists? Who is willing to cross the boss and get kicked to the curb as a result? And if you want evidence, look at the human microcosm that is politics.

0
0
Charles 9
Silver badge

Re: GPL?

No, they can just do what Tivo does: open-source the kernel itself but keep everything else under lock and key. Look up "Tivoization".

0
0
Charles 9
Silver badge

The point is that with the code completely under Google's control, they can get the code from the chip makers directly (which they MUST provide to get their stuff working on Android in the first place), going around the phone makers who aren't motivated due to market pressures.

0
0
Charles 9
Silver badge

Re: Hopefully leads to devices getting patched

"Saying that phone vendors don't do updates because they love built in obsolescence is art school level of analysis. you might be right on occasion, but your reasoning is suspect."

Not art school. Economics 101. There's no business like repeat business. That's why they don't make vacuum cleaners that last for decades anymore like Kirby or Electrolux. That's why medical companies make treatment regimens, not cures. There's no money in a one-and-done.

0
1
Charles 9
Silver badge

If you plan to make an audio CD that correctly plays in all the players on the market, or make a player that can correctly play all those CDs, then yes, you need the "Red Book" which specifies the formats and so on for them (IOW, it's the interface for making audio CDs). And last I checked, you have to PAY for the Red Book. And there are plenty of other interface books you have to PAY to access.

3
2
Charles 9
Silver badge

Re: Why this will actually NOT happen

1. Would Chinese manufacturers be willing to submit to Microsoft's terms any more than the terms they have now? They could just fork the last AOSP version and go from there, but that has its own pitfalls as Amazon can attest.

2. But it's still full of bugs no manufacturer wants to patch. Even the blanking KERNEL has bugs. The only way Google can force them to be fixed is to go full vertical integration the way Apple does.

3. The Tivo kernels are GPL Linux, too, but that never stopped them. Google can release the kernel clean as day, but everything ON TOP of it can be proprietary. Also, with dm-verity enforced in Marshmallow and up, they can check for modified kernels, too, all without violating the GPL (see "Tivoization").

4. The manufacturers are aware of the switch part already, meaning the bait doesn't mean anything to them anymore. Did you read the part of the article where Samsung gave up trying to make their own services?

6. Closing AOSP is meant to make the manufacturers moot, not force them to update. The idea is that the software becomes wholly under Google's control, meaning they can push the updates as needed instead of waiting on manufacturers who would rather you junk you phone. Increasing legal pressure means Google HAS to take this route or face potential civil and criminal penalties for increasingly-vulnerable installations that, at the last, falls to them.

0
1
Charles 9
Silver badge

Re: Could be interesting....

"...especially if all the Asian manufactures get together and dump it like a hot potato."

Dump it for what? No other mobile OS open to them has nearly as much in terms of availability, and apps require the Network Effect to really take off. Google had the resources to play the long game, and that's pretty much what you need, especially with incumbents already in the market.

6
0
Charles 9
Silver badge

"This goes against the entire reason Android was created. Highly doubt it's true. Many devs choose Android (over Apple) specifically because it's open-source."

NO, many devs choose Android because of audience penetration. Once upon a time, many of them stuck with iPhones...for the same reason. Until a few years ago, devs made iPhone apps first, then jumped to Android.

1
0
Charles 9
Silver badge

Re: Speaking as a consumer ...

"All I really care about, is to be able to buy a phone, and have control over what crap I do - and don't want on it."

So what do you do when you come across a closed market where NO phones are customizable and all the existing customizable phones are hopelessly out of date?

6
1

FBI tries again to get warrantless access to your browser history

Charles 9
Silver badge

Re: Bah!

Wouldn't they just invent a filter to screen them out based on timing and pattern matching?

0
0
Charles 9
Silver badge

Re: Is there a crime for "wilfully adding the breach of constitutional rights"

No, because treason is explicitly and narrowly defined. Unless they actually take up arms against the US government, they cannot be tried for treason. Plus most people in office are immune from direct prosecution and have to be impeached and removed first. Breaking the Constitution in other ways can be impeachable offenses, but Congress does look after its own.

0
0
Charles 9
Silver badge

Impossible. The snoops can always dig up existential threats to the government, and government by default has a self-preservation motive...

0
0
Charles 9
Silver badge

Re: Coward

Apparently, a republic doesn't work either, because it ALSO sits around all day spending others' money. In fact, ANY government is at its core a bunch of people (a bunch can be one sometimes) spending other people's money. Kinda comes with the territory.

1
1
Charles 9
Silver badge

Re: Spoilt brats

"It is called a leather belt, and it is applied judiciously to the bottocks."

Unless the brat's a masochist, in which case the belt only solicits cries for more, along with some erotic moaning. With some people, you just can't win because they like it BOTH ways...

0
0

Hardcore creationist finds 60-million-year-old fossils in backyard ... 'No, it hasn’t changed my mind about the Bible'

Charles 9
Silver badge

Re: re: creationism makes perfect sense. As long as you ignore all of creation?

"As long as you don't ask "Where did the creator come from?"."

A: The Creator didn't come from anywhere. He always existed, an absolute presence (and many religious people believe the Creator IS the one absolute presence in the universe): always was, is, and will be. In layman's terms, the Creator is outside of time as we know it.

0
0

US military tests massive GPS jamming weapon over California

Charles 9
Silver badge

Re: @Gray ... Military aggression

They can do that anyway with inertial guidance (which is impossible to jam), and if the target is big enough, drift isn't a concern, as it just needs to get close enough.

5
4

So. Why don't people talk to invisible robots in public?

Charles 9
Silver badge

You do know HDMI cables can now carry Ethernet? And that more and more appliances contain Whispernets?

Let's face it. Big Brother's already here, and he's not going to go away. They'll make it so that EVERY appliance you buy phones home. And then they'll find ways to disable all the ancient tech that doesn't phone home. Make old vehicles non-compliant, add new product compliance testing, and so on.

2
1

England just not windy enough for wind farms, admits renewables boss

Charles 9
Silver badge

Problem is the Greens would turn around and reply, "And we'd be better off for it. At least we wouldn't be running the planet into the ground."

0
0
Charles 9
Silver badge

Re: As I see it

"As we've seen with solar, more deployment drives research into improving the technology and the same should be true with storage; and this research may well feed back in battery technology in general."

Except there's been a drive to find a better battery for decades. Unless some hitherto-unknown "miracle" tech is discovered, we've practically hit the limits as far as physics tells us. We keep hitting tradeoffs that force us to sacrifice a desired quality until we give up too much and the result is not practical.

3
0
Charles 9
Silver badge

Re: Silly Article

"once the panel is there, it'll produce for 25 years, maintenance free"

Don't these things get covered in dirt and grime to the point even rain can't wash them off? What about hail? Intense winds strong enough to rip up windmills? Damage from extreme cold and so on? From what I've read, solar is hardly a "set-it-and-forget-it."

2
0

Letters prove GCHQ bends laws to spy at will. So what's the point of privacy safeguards?

Charles 9
Silver badge

Re: Does Intelligence provide Prime Proprietary Lead or Work to Crazy Politically Incorrect Orders?

I surmise it's simply too easy for a wolf to pass for a sheep, and once you're past the guards it's already too late to do anything. You have to be lucky forever. They only have to be lucky once.

0
0
Charles 9
Silver badge

But the people aren't willing to pay the price for inefficiency given how they complain about taxes now.

0
0

'UnaPhone' promises Android privacy by binning Google Play

Charles 9
Silver badge

Re: Terrorism!!! Are you out of your mind?

"Glad it won't be rolled out in those countries too but won't stop someone getting hold of one and taking it there and unless the mobile can discriminate between providers and refuse to work on prohibited one game over and wouldn't it be distinctly recognisable to that provider?"

They HAVE to. That's why your network call sign appears on your phone when you use it: because networks have signatures based on the SIMs and so on.

As for preferring anarchy to the police state, I don't agree. I think more likely is someone gets enough muscle to push everyone else away and create an autocracy (which tends toward police states if we go by Machiavelli).

0
0
Charles 9
Silver badge

Re: bend over or check out

Or maybe some people just remember that Psalm about knowing the difference between the things you can't change and the things you can change. Sometimes, you need to stare someone in the face and say, "Sir, you're demanding unicorns." But other times, the guy demanding unicorns ALSO has a gun to your head and an itchy finger on the trigger. In which case, you better start looking...

0
0

Smartwatches: I hate to say ‘I told you so’. But I told you so.

Charles 9
Silver badge

What about all those who lose their phones in their purses and always miss calls because they lose time hunting around for them?

0
0

Computerised stock management? Nah, let’s use walkie-talkies

Charles 9
Silver badge

Re: SAP? ..for Inventory Control? Are you mad?

Then you're supposed to say, "The Customer Is Always Right. If you don't make this right by the time a policeman shows up, you're going to have a lot more than just F'n Staples Online to worry about, or are you aware of the crime of False Advertising?"

1
3

Air-gapping SCADA systems won't help you, says man who knows

Charles 9
Silver badge

Re: Excellent

"To summarise, security costs money; if you cut corners you'll get what you paid for."

But tell that to the accountants that just gave you a shoestring budget.

11
0

Forums