Re: And another thing......
Oh? Aren't they already on the Internet?
7444 posts • joined 10 Jun 2009
Oh? Aren't they already on the Internet?
" If it can only deliver gigabit throughput instead of 10 gigabit, well, you probably don't care when SCADA data rates are generally measured in kilobits."
Bit Kaspersky's forte is in telecommunications, where data rates in the tens if not hundreds of gigabits per second is becoming old hat. That demands a very tall order: a high-security, high-throughput device. And telecommunications is one of the stated industry goals of this OS.
Actually, it looks to be reinventing seL4 according to the specs. seL4 is the first formally-proven kernel, and this looks to be the second.
"The blue screen of death used to be common with Windows 9x/NT/2000/XP, it is pretty rate these days."
You would think something exposed to the public like this would run an OS with a higher degree of reliability, or at least a better way to restart itself unattended.
"In order to be able to switch in/out of ring0, you must have a CPU that's designed to allow it. X86 is not that CPU."
Given that context switching is in the manual, and virtualization requires it, an explanation is in order.
That is frankly none of its business. That's a job for the higher layers.
But these same industrial systems are also expected to be tuned with higher precision. To get that higher precision, you need more readings at a time, which means lower latency. That's especially true in the field Kaspersky is most experienced: networking. If you plan to pass through multiple gigabits of data per second, you're talking a maximum lag time in the nanosecond. range. For turnarounds that quick, you MUST cut the processing time to the bare minimum, and that usually means getting close to the metal. Microkernels block this because they prevent close-to-metal access. Indeed, one caveat of seL4 is that the formal proof only applies if you disable DMA; guess what's one of the most common ways to reduce latency?
But then you have to deal with port forwarding, NAT traversal, VPN's sometimes, and TWO protocol stacks. It's unfortunately a necessary complexity.
If the description is accurate, it would only be the SECOND formally-proven kernel written (after seL4). The thing is, how well can such a microkernel perform when latency (such as high-throughput networking) is an issue?
Phones are expected to do FULL FAT office suites, 3D gaming with lots of graphics and math, and other high performance jobs while simultaneously keeping up with both mobile and WiFi networks all while on a battery. And the customer is always right or they'll go to LG. So what do you do?
"If you applied that as a generic principle you'd find they would not be able to pass ANY legislation. Which may not be such a bad thing :)."
Until private enterprise sees that as carte blanche to covertly use cheap not-necessarily-safe stuff and trick the people into thinking it's top-grade stuff. Regulations (like road safety regulations) are there for a reason.
Name me one organization that runs COMPLETELY without SOME form of hierarchy or structure. I bet you won't because we call such a thing a MOB.
You can't get rid of them because structure is a necessary evil in society. Without it, you just have anarchy. Problem is, the structure by its very nature concentrates power, and you know what they say about power...
"They can earn our trust again, but like a habitually naughty child, it's going to take them some effort."
It's too late. The population is already past the "Fool Me Once" phase and will NEVER trust the police again, meaning it's a lost cause to even try. Plus after events like 9/11 and the increased incidents of targeted police assassinations, police everywhere are assuming siege mentality out of necessity. It works both ways. If you want the police to earn your trust again, you have to produce an environment conducive to them extending the olive branch. Trying to make peace while the bullets are flying only results in more bodies.
No, because we'll just end up with even worse. No one realizes they can get worse until they throw the lot out and find out it's possible. Like the Beast being replaced by the Smiler (in Transmetropolitan).
But what option do you have when the public REFUSES to trust you (meaning there's no way to earn it again), YET expect you to prevent massacres? Seems to me the problem behind the problem is impossible demands. It's like having twelve people stuck on a barren island with only three coconuts. No matter how you split it, it can't end well.
You forget that when something is REALLY addictive, people will warp their worlds to get another fix. when it's THAT bad, you can't force detox them because they'll KILL you to get past you. Or in this case, pull law or rank to overrule you.
"However if you have opensource applications using encryption between millions of users, you have to convince most of the users to accept a backdoor. Which you never will since many of them won't even realise they're using encryption."
You do that by slipping it under their noses. You don't do it all at once, but take a piecemeal approach to create a gestalt. An innocuous, even useful update that just happens to do something just so, another one later on by a different shill user, and so on until all the pieces are put together but not one really knows what came in where, and BOOM! The world's your wire.
"Working smarter will do a better job, but that means that all the intelligence organizations will have to get off their fat backsides to work out what they really need to be doing."
But working smarter only goes so far, lone wolves aren't detectable until after the fact which is too late and the voters expect the government to prevent the unpreventable or they'll vote someone else. And no, you can't educate them to bow to the inevitable because otherwise what's the whole bloody point of civilization?
"You get three of these built by different foundries and then tell them to check each other."
But what if a state has the capacity to subvert ALL the foundries?
Right. You also pocket the savings: enough to have an escape plan should you be found out.
I don't have one, but I'm just warning that percussive destruction isn't a universal solution. For example, one would be wise to avoid doing this with a compressed gas container of any sort. You never know just how unknown compounds can react if forced together like that.
"Currently throughout the world there is a jolly nice bit of spectrum from 960MHz to 1215MHz allocated to radio navigation aids for aviation. I wonder how long it is before governments come under unbearable pressure from wealthy powerful telcos to give that up ("blah blah everything is GPS these days blah blah")."
Nope. At least HERE there's a pushback from the aviation industry and aviation regulators. They're under historic precedent to avoid rocking the plane, so to speak, and there is a need for redundancy, which is why historic navigation aids are still in operation. Since attempting to usurp air-use frequencies poses a safety risk (and the next crash that occurs after such an act will immediately point fingers), those frequencies would have to take something overwhelmingly more useful (or is a direct replacement for the tech it's replacing), then those frequencies are as safe as military bands, which can't be touched out of sovereign security concerns (thus why the Americas don't use Band III).
At least if it's systemd you know where to look: systemd.
Whereras with a gestalt exploit, the actual point of attack may be so obscure no one knows where to look because the exploit takes advantage of systems that are greater than the sum of their parts. EVERY SINGLE COMPONENT works exactly to spec, yet when you put them together, then things go wrong. And since the component makers don't talk to or understand each other...
"systemd does not add new functionality in this area - it just does the same old stuff in a different way. This is why some of us are pushing back - what was there wasn't fundamentally broken."
If that were true, why are there constant complaints about things breaking? What I see is a bunch of bodges on top of bodges, and the thing about bodges is that they don't usually hold that well.
If I had to put it in a nutshell, I say the whole UNIX model is broken because it relies on a level of trust you can't guarantee anymore. You simply can't rely on everything in the chain to "do it well"; odds are at least one thing will "do it wrong" instead, which is why things keep breaking.
PCI and PCI Express are not fixed buses. You have to POLL them to learn what they house. Universal Serial Bus has to be polled. So does 1394 IINM. Unlike with most ARM configurations (fixed memory map), the system doesn't know what's in the system at the initial bootup, and the configuration change at runtime (like with USB and 1394 which can hotplug).
No, because if I can control a process's logging, I can do this, too (note, in this example ONE process wrote this):
[ rogue ] Something innocuous happened
[ fake process ] Something fake happened
How do you keep a rogue process from making a fake tag when the process can match any tagging the logging system uses?
"syslog tells you - both process name and PID. So your mythical pwned process could put whatever it likes on the line after that - but only the truly clueless would not notice that the very beginning of each line tells you exactly where the message came form."
The fake process newlines its log and creates a fake tag that ticks all the marks. And the log has to be able to newline in case of structured text output like a hex dump.
Watchdog crashes. What restarts the watchdog other than init, who's already asleep by your logic?
But if you DON'T double-guess, the AVERAGE user gets lost. Always remember, if you know what you're doing, you're in the minority, and the average user's money outvotes your money...by a large margin.
"Unless your brain stops working while you're playing, it means doubling the amount of heat your head must dissipate."
How is +10W double 20W (this adds up to 30W, a 50% increrase, vs. 40W)? Plus this is exposed to the outside so at least has other avenues to vent heat.
"If the heat can't get to your head due to an insulating air gap, and can't escape the device very well due to lack of moving air, then it will get hotter and hotter until it is so hot that even passive cooling, slow moving air and yes an insulating air gap between it and your (much cooler by comparison) head can be more easily crossed because of the larger temperature difference."
You forget the thermal insulating layer between the air, the CPU, and the housing, which will be even more difficult to penetrate since it will be designed for the purpose. And you're talking as if 10W, spread all around your head like a halo, is a big thing. It's already been mentioned the brain generates 20W on average already. Plus even if air is a poor thermal conductor, it's at least greater than zero.
And you can put a metal heat conductor between the air gap and the heat source. Metal is superior even to skin when it comes to thermal conduction, so it can soak up the heat and then employ radiation and convection to bear it off.
But your headlamp concentrates that heat at one spot on your head. With a wraparound design like Hololens, they can spread out the heat generators so instead of one 10W hotspot, it's several 2-3W spots spread around your head; you're less likely to feel several smaller hotspots. Plus with smaller hotspots, it's easier to find ways to dissipate the heat through thermal conduits and so on.
Unfortunately, yes. Efficient code by its very nature leaves tells. The only way to remove the tells is to drop fake tells, which ruins your efficiency. It's one reason privacy-oriented networks perform so poorly; there's simply no way around it.
I'll give an analogue. How do you avoid being tracked if there's only one way in or out of your neighborhood (meaning disguises won't work)? The only way left is to use dupes to confuse your pursuers (that's what Harry Potter was forced to use in Deathly Hallows if you'll recall).
In other words, anonymity and attestation are directly at odds. Attestation is required to ensure people don't vote twice, yet this in and of itself is also proof you voted. In order to avoid vote tampering, you MUST have a means to verify your vote, and THAT provides a means for a third party to pressure you because they can construe a means to shoulder-surf your vote.
In other words, how can you be sure your vote counts without opening up the possibility of outside pressure on the votes?
"and an independent observer who have no incentive to collude."
There's ALWAYS an incentive to collude: bribery or blackmail are always available, so how can you be sure the "independent" observer really IS independent and not subverted behind your back?
"If there's nothing sensitive or personal in it, if it's just usage stats as Microsoft say then there is no reason to encrypt it"
Unless it's been ruled that usage stats alone can be considered PII because getting enough of them together can allow a de-anonymization attack.
Even security updates? Doesn't that just leave you open to being pwned and making everyone else's day miserable?
"How accurate do you need to be to hit a massive castle wall?"
Hitting the wall itself? Not very. Hitting the same spot over and over like a hammer? Much more, as you need consistency to get the required effect.
It'd be a lot easier to toss in a salvo of shivs. Shivs are silent and a lot easier to conceal.
Thing is, given the average human male's weight of 80kg, and given your average joint has about 5mg of THC in it, the math seems to indicate that THC will be the least of your worries when it comes to dying on joints. Now, the impurities and so on are another matter. Plus there's always the psychotropic X-factor (which is how many stoned people tend to get into trouble--not from the joint but from the things they were doing while high).
I have, though. As they say, your mileage may vary.
It was BOTH. Many times the corpses shot into the city were rotten or plague-ridden.
"So, you're telling me that the near billion quid a day that the government spend on welfare is insufficient, then?"
No, because for those on the wrong side of the tracks, many were DENIED. So where do you go from there? The gaol or the grave?
How about on Self-Service food service kiosks? or ATMs?
Not necessarily. If it was an old setup, the graphics chips in them may not have had the oomph to drive both screens. Or the flip side was added later on.
The BSOD gets all the attention simply because it's so easy to recognize (well, that and red-X dialogs). But I do recall at least one instance of seeing an OOPS on a billboard.
You start to see that around Chapter 8. It's meant to be a tongue-in-cheek way to inform you the facility's about to blow (tongue-in-cheek humor is signature to Portal). You can also see them on occasion with the user-made puzzles.
"In the end, I think it's just Capitalism at work. The healthiest companies survive, those that cannot identify threats and define mitigations fail. Isn't that what Capitalism is all about ?"
Trouble is, capitalism doesn't take collateral damage into consideration, and that tends to have very innocent victims.
Why use force when finesse will do just as well? How often does a good pickpocket get caught?