617 posts • joined 9 Nov 2011
This evil malware is simply the worst. I cannot think of a punishment too horrible for the perps. The sweeping human misery caused by this should be enough to lock them up for the rest of their lives. I am deadly serious.
Regardless of the ratio of stupid to evil involved here, these are, operationally, dangerous sociopaths and should be treated that way.
Every single nickel being spent enforcing copyrights for private interests should be redirected to hunting down these dogs. They should then be locked up with RIAA folk and periodically enough meat for one should be tossed into the cage.
Above not nearly cruel enough so I think we should probably fund a project to invent fitting punishment. Maybe put them at the mercy of several thousand people they harmed?
Google should hire somebody with a moral compass and a lick of sense.
We already have laws against doing the things that harm children. We do not have to make it so that everybody lives in a panopticon.
We also have privacy laws, which, if they are to have any meaning, have been broken.
We need to firm up our laws so that people who do what Google has done are punished commensurate with the damage they do. In this case, it is a lot. Reading the mail of a billion people because you know that one of them is 'bad' does not fly with me and it should not with you either.
We know for goddamn sure that in the half-billion people to a billion people or more whose mail passes through their systems there are crimes aplenty. Exhaustive analysis of that database would reveal all sorts of wrongdoing. That does not give anybody license to go trawling through that mail system looking to gain leverage over people. It is wrong.
There is a sure quick fix to this and that is to criminalize this type of perversion of law and order and to make any fruit from a poison tree like this absolutely inadmissible as evidence. In a sane world, Google would be charged with obstruction of justice by poisoning what would otherwise be legitimate evidence.
If we allow companies like Google to do as they have done here then we open the door to all sorts of abuse and once that door is open the abuse will soon follow. If you look at every jurisdiction in the world, probably most of us are in breach of a law somewhere. Is it OK to provide information to Islamic theocracies that will result in people being stoned to death, beheaded or having their hands chopped off?
We have already established that it is possible right now for a perfectly innocent Canadian boy to be held and tortured for years without even being charged, then charged with a crime confessed under torture and subsequently convicted without anything approaching due process. It is easy to find the most vile stuff on the Internet and easy to plant that into someone's mail system or hard disk. We might as well dispense entirely with the pretense of law and order and admit we live in a tyrannical police state that makes 1984 look like the optimists version of the future.
We know for a fact that within living memory, all sorts of state entities have committed the most horrific crimes under the banner of fraudulent abuse of state authority. Tossing through every citizen's mail in order to provide a pretense under which to imprison them is just such a fraudulent abuse.
Most people are witless enough to think that it just can't happen to them. They are wrong. It can happen to them at any time. The less likely you think it is, the more exposed you are. If you think it cannot happen to you, you expose not only yourself, but the rest of us too.
It is not something I would ever do, but there are plenty of people out there with skills similar to mine that could set you up in a heartbeat, on a whim. How likely are you to get any help if you have been wrongly accused of a crime that everyone thinks is so horrendous they convict on accusation alone?
Kim DotCom is a rich, powerful, resourceful and intelligent man and he is not without allies. Look at the trouble that an accusation alone has brought to his doorstep. He is accused of giving storage to people violating copyrights. If they do that to someone allowing people to store data that appears to be copyrighted songs, how do you think you would fair if you were being accused of molesting children on the basis of disgusting images planted on your computer?
It is disturbing that a community that ought to know better finds there is a debate here at all. This is not a matter of opinion. It is a matter of knowledge. We have a social covenant that allows the legal system certain latitude. It does not allow this. It specifically forbids this type of thing. It is also disturbing that Google would do this profoundly evil thing. It opens the door to something worse than isolated aberrant behavior that tragically affects a few. It opens the door to systemic damage that affects every single one of us. In a world where tyrants hold absolute sway, you can bet that children are not going to be better off.
What we have codified in law is that searches without probable cause are illegal. This is a search without probable cause, not of a few people, but of hundreds of millions of people, myself included. Any evidence thus gathered should be thrown out and all the players involved in this shameful practice punished for basically giving god knows how many pedophiles a free pass because, like the pedophiles, they are morally retarded.
It does not matter what Google or anyone else places in their terms of service. Things that are wrong by their nature are null and void. For all *most* of us know, since we never read all the terms of service that bind us, some of them may say that we are obliged to allow Google to publish our mail, including any ill advised pictures we have taken that cast us in an unfavorable light.
This is precisely the tightening noose that provides power to the police state and such a state ultimately ends up serving nobody at all.
You cannot justify whatever you wish to do, no matter how outrageous, 'because children'.
Google should hire somebody with a moral compass and a lick of sense.
Years ago, after I downloaded a file that looked suspicious to me, I was surprised to find that all sorts of files with obvious network enumeration calls were being passed over by virus scanners. This is not my area of expertise and I can't imagine that it is this crude but it looked as though the scanners were merely hashing a portion of the binary and comparing the hash to a table of hashes of known malware. Given that these tools still download 'virus definitions' it almost looks as if a lot of the engines still depend upon comparing signatures to some extent. I don't know if they are still doing it, but it seems so.
Executable files that contain suspicious network calls should be caught every time. The definition files *should* contain a database of 'known good' files and flag ones that have any suspect system call. They should inspect the file itself rather than just calculating various signatures. I am hoping this is the case, but I really wonder.
It is sad to say, but I think it is safest to operate on the assumption that any network attached systems are untrustworthy. It seems clear enough to me that a very large part of the blame for our insecure network rests squarely on official custodians who cannot be trusted to act appropriately in the public interest.
There is an argument to be made that for practical purposes even a properly designed network cannot be secure against targeted attacks by well armed attackers with the resources of a state. However, I am confident that it is possible to design and build a network that is secure against shotgun attacks looking for weak points.
Our current system looks like we have provided maps to attackers and then painted bulls-eyes on every target of interest. If our protection against weaponry consists of letting in any weapon we haven't seen before we are guaranteed breaches on an ongoing basis.
We might as well just pay law enforcement to break into our homes. Oh, wait a minute...
TL;DR can be hilarious and I expect that someone will take the low-hanging bait provided here. However, I am not sure I want my systems designed by people for whom 'TL;DR' is a pithy response to text that, for them, is simply TL. 'Did not Read' ('DR') is operationally equivalent to 'Cannot Read' ('CR'). . If you have not actually read and comprehended what you are responding too, I expect your range of responses is going to be a bit limited. Should people who effectively 'CR' be heavily involved in technical decisions about systems design? Perhaps, but I would be inclined to look to someone effectively capable of reading for confirmation.
'N of one' examples are fine as illustrations, but they are not good as evidence. If you never read anything longer than a paragraph, your knowledge of things would tend to be limited.
The choice is not between an Internet of Things or 'not' an IoT. The choice is between an Internet of wild, stupid, dangerous things or an Internet of tame, smart, safe things. Right now, about half the people here are arguing for the Internet of the stupid. To some extent, if people like that are vocal enough, we will all get what they wished for. That would be a shame.
The odd thing about this conversation is that the IoT is *already* with us. It is hard to predict novel events in the future, but the increasing convergence of the network is not novel. It is well underway. I wrote about its inevitability myself more than a decade ago. The writing has been on the wall a long time. Factions claiming that 'the old way will never be replaced' have a truly dismal track record.
I refer again to the mathematics of 'group forming networks' (GFNs). It is not the fact that your microwave is connected to the network. It is the fact that *most* devices are connected to one another and groups of them connect to other groups. Your microwave, by virtue of being integrated into a GFN, can be smarter than you are and it can do this with a brain so small and cheap that neither its physical self nor its cost can even be seen. It can use just about as much brain as it needs for a given task and no more. A disparate network as we have now has most of its capacity evaporate into thin air. With duplication of effort, it is likely using a thousandth, millionth or even less of aggregate network resources. There is more than a Zettabyte of disk space up for grabs just by integrating the network. The IoT can release vast resources already in place.
Economies of scale allow much better designs and more fault tolerant chips with greater capacity for less money. We could free up enough value to, for instance, help the third world bootstrap its way into the first.
Connected devices are different in kind from disconnected ones. Groups of integrated connected devices are yet even more different in kind. Lots of synergistic interactions could surprise us with improvements we never even thought of. Text Messages might seem a step backward from voice calls, but they are preferable in many cases, perhaps even most, and they free up vast resources at a stroke. One effect of this is that the world becomes a bit safer. In times of crisis, voice calls could easily jam a network that would be fine under the highest possible volumes of text messages. A smart integrated IoT network would allow, for instance, radically reducing power use in an emergency.
You don't, as a rule, get a choice as to whether or not there is wiring in your house. It is there when you move in because just about everyone uses it all over the place. You don't specify whether or not your microwave oven has an embedded controller. It has one; the end. Fact is, the choice of whether or not you live in a world of IoT is out of your hands. It is coming and you are going to live in the middle of it. Given that it is coming, you might like to ensure that it comes in good and not evil. Trying to stop the unstoppable is not likely the optimal course to ensure that your needs are met.
Pretending that it will not come will only make it a little bit worse than it could be, it won't stop it.
The arguments against are just retreads of the same tired arguments that already have a track record of failure:
" I’m uneasy about this most trendy and oversold community. Visionaries see a future of telecommuting workers, interactive libraries and multimedia classrooms. They speak of electronic town meetings and virtual communities. Commerce and business will shift from offices and malls to networks and modems. And the freedom of digital networks will make government more democratic. Baloney. Do our computer pundits lack all common sense? The truth in no online database will replace your daily newspaper, no CD-ROM can take the place of a competent teacher and no computer network will change the way government works." -- Clifford Stoll, NEWSWEEK magazine, issue dated Feb 27, 1995
"After almost 80 years in print, Newsweek is the world’s most widely-read magazine to go completely online. The cover of the final print issue, dated December 31, is a shot of what was its Manhattan office building, with a Twitter hashtag, #lastprintissue, across the front in red." -- Nevil Gibson, "Newsweek bows out after eight decades in print", "National Business Review", December 27, 2012 [http://www.nbr.co.nz/article/newsweek-bows-out-after-eight-decades-print-ng-134273]
Re: Not surprised, but...
Wow. For what I would expect to be a technical crowd, there are a lot of people here that are hostile to what is clearly (to me anyhow) something useful and inevitable regardless of how many are in denial.
At one, point, even though we had the largest private network in Canada connecting 150,000 employees, our network architecture committee thought that there would not be a need for more than 56K lines and that LANs and associated servers and printers were 'a solution looking for a problem'.
I am pretty sure that some people, never gave up their horses long after cars were a done deal.
The argument from 'my imagination is limited' is a weak one.
Pointing out that there are few suitable roads to drive upon did not stop automobiles from spreading like wildfire in North America.
A networked community of smart devices that take care of one another beats all sorts of disconnected dumb devices, at least in the long run.
Our current network, by design, makes things all but impossible to secure. However, that is not intrinsic to networking as such. We have a dreadful design.
If they are serious, I am not sure what the naysayers hope to accomplish. If there are problems to a growing IoT (there are), then we should be focusing on the problems with an eye to fixing them, not attempting to assemble a case for scrapping the IoT. Anything is possible, but the odds of the IoT going away seem vanishingly small to me. If nothing else, evolution will eventually finish off the laggards.
A properly designed IoT would allow us to catch predators in real time with virtually no compromise of privacy and no chance of dragnet surveillance. Homes would be safer and cheaper. Cars would be cheaper and safer.
Coordinating activities among devices requires they be able to communicate state somehow and be appropriately responsive to legitimate requests to change state.
We have a lot of work to do to properly harness the IoT and make certain that the very real dangers it poses are contained. Even if there is a finite chance it can be stopped, the very real chance that it cannot be stopped requires us to act now, while we can, to make sure that whatever rolls out is reasonably under our control.
The 'IoT' terminology may be irritating to some, but it is an apt name for a converging network of peering (pun intended) devices.
In March of 2012 I read an article in Forbes where a pundit was sagely explaining how "My internet guru just sent me the arithmetic that shows without any doubt that Facebook can’t be worth $75 billion in market cap– much less $100 billion. At that crazy valuation, it might be the short of 2012."
I posted a comment and a blog entry disagreeing. "if I could purchase the whole shooting match and had the $75 billion I would put it down in a heartbeat. Your Internet guru sent you arithmetic. Sometimes, it *is* just a simple matter of arithmetic. Sadly, this is not one of those times. This is a question of mathematics."
What drives facebook is the mathematics of group forming networks. The same math governs a converging network of connected devices. Its value grows enormously as it accumulates more nodes.
"if someone is coming to you with ... arithmetic ... they have no idea what they are talking about. The value ... is in the network of relationships ... and the value of such a network grows, not with the number of [nodes] N or even some power like N squared or N^10. It grows at the rate of 2^N:
Not ….. N = 0 – 1 – 2 – 3 – 04 – 05 – … 50 …
Not . N^2 = 0 – 1 – 4 – 9 – 16 – 25 – … 2,500 …
But . 2^N = 1 – 2 – 4 – 8 – 16 – 32 – … 1,125,899,906,842,624 …
My prediction for facebook was a valuation of $100B in 2014 growing to $1T in 2016. Seems a bit agressive, but so far they are just about exactly on track.
The value of the IoT will grow along similar lines as facebook. Before it becomes too valuable and is locked up by the weasels attempting to gain control of the Internet we would all be well served if the people at least capable of understanding it actually tried to understand it rather than fighting a battle that history tells us they will lose.
Half the arguments against IoT are arguments against something else. The other half would probably apply to just about any tech we have already passed through, certainly to networks, but likely even to electricity. Here's a few:
"The abolishment of pain in surgery is a chimera. It is absurd to go on seeking it... Knife and pain are two words in surgery that must forever be associated in the consciousness of the patient." -- Dr. Alfred Velpeau (1839), French surgeon
"Men might as well project a voyage to the Moon as attempt to employ steam navigation against the stormy North Atlantic Ocean." -- Dr. Dionysus Lardner (1793-1859), Professor of Natural Philosophy and Astronomy at University College, London.
"There is a young madman proposing to light the streets of London—with what do you suppose—with smoke!" -- Sir Walter Scott (1771-1832) [On a proposal to light cities with gaslight.]
"The Kölonische Zeitung [Köln, Germany, 28 March 1819] listed six grave reasons against street lighting, including these: ... It will be easier for people to be in the streets at night, afflicting them with colds... Morality deteriorates through street lighting.. [which keeps the weak from sinning]...
"When the Paris Exhibition closes electric light will close with it and no more be heard of." -- Erasmus Wilson (1878) Professor at Oxford University
"They will never try to steal the phonograph because it has no `commercial value.'" -- Thomas Edison (1847-1931). (He later revised that opinion.)
"This `telephone' has too many shortcomings to be seriously considered as a practical form of communication. The device is inherently of no value to us." -- Western Union internal memo, 1878
"What use could this company make of an electrical toy?" -- Western Union president William Orton, responding to an offer from Alexander Graham Bell to sell his telephone company to Western Union for $100,000.
"Well informed people know it is impossible to transmit the voice over wires and that were it possible to do so, the thing would be of no practical value." -- Editorial in the Boston Post (1865)
"Radio has no future." -- Lord Kelvin (1824-1907), British mathematician and physicist, ca. 1897.
"While theoretically and technically television may be feasible, commercially and financially I consider it an impossibility, a development of which we need waste little time dreaming." -- Lee DeForest, 1926 (American radio pioneer and inventor of the vacuum tube.)
"[Television] won't be able to hold on to any market it captures after the first six months. People will soon get tired of staring at a plywood box every night." -- Darryl F. Zanuck, head of 20th Century-Fox, 1946.
Not surprised, but...
It is not surprising that IoT devices using the same underlying code and designs as the rest of the Internet have similar security problems. However, before people go nuts saying this is a problem with the IoT and we must therefore stop the IoT, the problem is the security designs and code, not the thing using it.
The IoT is like the tide. It is coming in and attempting to stop it is futile. A solution based on attempting to stop the IoT (already well underway) is no solution.
The solution to the problem of our leaky boat is to fix the boat, not to jump in the water.
I agree with @Mark 85. The carriers should be on the hook to pay. They should never have allowed this in the first place. Of course, the carriers have a similar business model themselves.
Depends on what it is for...
We bought a Macbook 13.3 inch for 999.99 CDN and they threw in a $50 gift card -- Net $949.99CDN == 874.84 USD == 516.60 GBP.
I am a PC bigot, but it is what my daughter wanted, so I gave it a chance. After taking a long look, it compared pretty well to PC counterparts -- a bit pricey, but it is a premium item. Check the resale on Apple stuff and it is pretty much a wash for value. You can actually sell used iPhones and Macbook Air computers. On balance, I would have chosen this myself. It is very light, easy to carry around, the battery lasts literally for days and like it or not, it is nice-looking.
There is, in this case, no contest at all. My daughter *really* loves this notebook. She *hated* her PC notebook even though it was about as powerful. In a pinch, she can actually just RDP into our server and use Windows if she needs to. She gets the best of all worlds.
I am a PC bigot from way back, but the Apple value proposition is surprisingly better than it might seem.
Apologize at least
This may just be something they cannot avoid due to other changes in the ecosystem beyond their control. I will be charitable and assume that is the case. Even so, they should be apologetic for deliberately bricking people's devices.
As for our friend above who thinks that everyone can afford the luxury of tossing things that have not worn out, here's a news flash: everyone can't. Know this: very little prevents you from joining the 'cannot' faction. Pray those with resources exceeding your own don't lift the basic cost of participation above your means by bricking things you can't afford to replace.
Re: The Rest of the Story
Well put. To the best of my knowledge, you are accurate and fair in your description of the situation and your estimation of problems/solutions seems practical and otherwise sound to me.
There are broad systemic issues that should be corrected in order to arrive at a truly 'best' solution. However, that is well out of scope for a small ISP at the leaf nodes of the network. Meantime, what you propose is sane and sensible to avoid a greater evil. The larger incumbents of all stripes, NetFlix included, have done us no favors. They have proven, thus far, to be poor custodians of network infrastructure. It seems to me that smaller ISPs are more likely to accord with broad public interest than the cartels that currently hold sway.
There is, to some extent, a fundamental tension between the public good and what corporate entities do. Corporate entities are, by their nature, 'evil robots'. They cannot reasonably take into account the public good. Directors and executives have a fiduciary responsibility to work to maximize the narrow financial interests of their community of shareholders. To the extent that those interests conflict with any other community and the community at large, they cannot self-police in the public interest because their duty lies elsewhere.
It is necessary that the representatives of the people ensure that the overall value of the public good is maximized. To the extent that this conflicts with corporate interests, rules and enforcement mechanisms must be put in place to make the playing field level. There must be artificial inducements via rewards and penalties mandated from outside by the government to induce corporations to act in a way that results in maximum net benefit for the body politic.
The current status quo is contrary to public interest. It has been unduly influenced by communications cartel members and large players like MS, Google, NetFlix, facebook, etc via lobbying and improper influence on standards bodies. This has been compounded by a state apparatus that demonstrates to me that our government has become a self-interested entity unto itself; no longer capable of acting in the public interest.
A proper long-term cure for things like our network issues starts with sunlight. You have done a good job of shining a little light on things. You also have a responsibility to advocate for your company, so I take what you say with a grain of salt. However, it is pretty clear to me that your interests coincide with mine much better than the major players. As far as I can tell, you have drawn a pretty accurate picture and if nothing else, I think that your honesty should be rewarded by giving more weight to your words.
There are issues...
ISPs should not really know what data is streaming into their portion of the network or where it originates. What is being communicated is none of the business of the carrier be they carrying postal mail or transmitting video. In this respect there is a net neutrality issue because in order to charge someone like NetFlix an ISP would have to be prying into private communications.
Ultimately, the users of the network should pay for the network. Both the customer downloading content and the provider (such as NetFlix) streaming the content are 'users'. They should both pay to send or receive whatever they are sending or receiving to the backbone. They are 'peers' in this sense. NetFlix pays their bandwidth providers to push data up to the backbone and their customers pay *their* bandwidth providers to pull the bandwidth down from the backbone.
It makes little sense for the same traffic to be constantly traversing the network. It *should* be cached as a matter of course. However, if NetFlix must encrypt streams for each individual recipient, it will not actually be the same data that is being sent.
If a company like NetFlix is abusing the network by forcing the same enormous volumes across the network over and over, they should be made to bear some financial cost associated with any malfeasance such as refusing to allow caching. Until they bear the cost of some of the inefficiencies they introduce, they will have little incentive to correct their behavior. That being said, we should err on the side of maximizing neutrality with respect to sender/receiver and the nature of the data being moved.
It seems to me that we come to problems like this because bandwidth is limited and much of that limitation is an enforced artificial scarcity to support the old-fashioned revenue models of the communications cartels. Where I live, Bell Canada still charges the unwary as much as $0.91 per minute for a long distance call within the province. [http://www.bell.ca/Home_phone/Long_distance_rates]. Even with our semi-crippled network infrastructure that is better than a 100000 per cent mark up; pretty good if you can get it.
We are still treating EM spectrum, cable and telephone lines as if what they are carrying is pinned to how it is being carried. This has carved up bandwidth inefficiently and resulted in a lack of competition among the different modes of transport. Both result in higher costs for bandwidth.
We need to get everyone on board to create enormous transparent backbone networks that are essentially public assets that are essentially free to use and to remove regulations artificially propping up differences between transport that no longer apply. We also need to have a conversation guided by people we trust. There is much confusion about all this and it is because the waters have been muddied by people who simply don't understand the network attempting to work against disinformation being supplied by ones who do understand it but have a vested interest in the confusion allowing them to stifle competition and charge more for things than they are worth.
The confusion sown by both the genuinely confused and the network cartels means that we can never have a sensible conversation about prioritizing bandwidth. Some things, such as real-time responses to timing signals, keystrokes, etc require low latency. Some things, such as voice communications, require QOS so that there are no interruptions sufficiently long to interrupt communication. Some things require lots of bandwidth, some require very little. Some traffic, such as text messages require very little in terms of quality. EMail does not suffer much if there are longish delays in moving things about or constrained bandwidth. Real-time video conferencing across state lines requires fairly snappy response times and potentially lots of uninterrupted bandwidth. The value of different qualities of bandwidth differ. In order to maximize the economic efficiency of network investment, we need to be able to set different tariffs for bandwidth of differing value. Unfortunately, we cannot trust any of the incumbent network providers not to abuse such a thing and we cannot trust the system overall to protect the disadvantaged from being pushed out into a second class slow lane.
The ideal would be to have nothing but ultra-low latency and essentially unlimited, uninterrupted bandwidth. That is, the ideal would be if there was only one single quality of bandwidth that was adequate for all needs. That is not likely to happen on a real network for the foreseeable future and hence we need to be realistic about how we charge for different types of bandwidth.
There is much that requires improvement on our global network. I don't think that the status quo of ridiculous confusion is ultimately helping anybody. It certainly is not maximizing the greatest good.
Not useless by far
Just because a device *could* be controlled remotely does not necessarily mean it *must* be. A smart controllable device can go whatever way it needs to go. A dumb one is, well, dumb.
It should be at least possible to merge anything that has state with the network.
Devices throughout a house could automagically go into a low power state when they are not needed. I have a biggish house that has something like 100 light bulbs. I also have two kids. I spend a lot of time turning off lights. If the house was smarter, I could stop wasting my time on that and the amount of power saved would be even greater than the most diligent homeowner. It would be pretty cool if lights went on and off as needed without me having to bother. Similar advantages would apply to most any other device.
It would also be pretty cool if devices whose heartbeats went offline were tended to without my having to bother. Appliances under recall because they tend to catch fire spontaneously could be disabled automatically as part of a recall. I had a device (heating pad) burn my apartment down once a long time ago. I got lucky that I only lost all my possessions. Some people lost their lives to that defective product. My Sony Notebook had a defect that could cause it to catch on fire. It was curable with a BIOS update. Sometime between that BIOS update being created and applied a few people had a nasty surprise. A network attached device with the appropriate smarts could have avoided that.
Lots of devices already have different CPUs in them that provide some smarts. A one size fits all network chip would require less smarts, allow those remaining smarts to be donated into the network and would allow the device to import significantly more intelligence than it had on its own. Due to economies of scale, plug and play network devices would accomplish more for a lower price.
Technology holds incredible promise if it is managed correctly. We should not be afraid to move ahead. We just need to be sensible.
People are correct that there is danger in a badly connected insecure network. The fix is to make sure it is a well designed, well implemented and secure network. The answer to automobile safety is to build safer automobiles, not to switch to riding horses.
Regardless of the pros and cons, I have no doubt that network convergence will continue. It will happen anyway. Rather than trying to stop the inevitable, technical people should be pushing to make the converging network sane and humane.
Before the IoT really takes off I hope that they hire a couple of people to architect security and then hire a few more to review for holes.
The current security infrastructure is wholly inadequate. Before they hook up my fireplace, they need to fix it. 'They' here might include people like me, but whatever.
I wrote about the converging IoT more than ten years ago:
"All communications and part of the power grid are becoming a single transparent worldwide network. Communications devices and their power requirements are shrinking. It is technically possible, for instance to produce a camera with a 360x360 degree viewing range that is connected to the Internet and near invisible to the eye. When mass-produced, these devices would cost pennies or less per device. Privacy as we know it will become almost impossible within my lifetime. Webcams? They will be everywhere. Light bulbs will be monitored via the Internet because it will be cheaper to produce them with the device than without. "
"Countries once had near absolute sovereignty over their borders. International agreements have changed that. Expect this process to accelerate. "
"It is most important that people in our community (geeks who understand this stuff) work diligently to ensure that our transition to the converged, border-less, information rich world is sane and humane."
"Re: The public good -- what is it? What maximizes it? Somebody will be answering these questions and if they are the only voice heard, that's what we'll get. Frankly, the extension of copyrights, DMCA, the notion of 'Intellectual Property' (as if you could make such a bag and stuff Patents, Copyright, etc into it), FrankenFoods, etc. all act AGAINST the public good in my opinion."
"The networks will inevitably converge and they will be attached to just about everything. Guns and Bullets? The really dangerous stuff is probably already part of a network somehow and that trend will accelerate. How do guns and bullets get deployed and used? Somehow messages went out over a network and those messages resulted in the public will to deploy guns and the particular private orders that resulted in deploying and using them."
Who is responsible here?
Re:"Data security should be a top priority for any business that operates online."
Well, maybe they can find whoever is responsible for weakening security across the board and sue them for the funds to fix it.
Securing things like this falls into 'plausible deniability', rather than actual security. The only reason that the banking system has not been disrupted by now is that (last I worked in banks anyway), the online systems are not actually connected to the Internet in a way that can affect the upstream banking system. I have a horrible feeling that, as the old guard who kept the glass house locked down leaves, these systems will be exposed by people who don't have a suitable level of paranoia.
You have to wonder how they expect the IOT to work without killing people.
Lust after this stuff
I have been following Xilinx forever, but even the FPGAs are a little pricey just to hack around with. I would *love* to have the time to prove stuff out with FPGAs and then have it burned into ASICs.
As @Caesarius says, there is a risky sunk cost with ASICs but the wins can be enormous. Nobody can come close in software to the performance of silicon.
One size fits none
I have no problem with one Windows OS. I have a problem with it being the crappy Windows 8.x -- one size fits none.
Re: Very misleading title for this article
Agree. To rule otherwise would be to dispense with both law and reason. To cure the apparent injustice (there is no real injustice here), they should lobby to have patents abolished. Fair?
Re: What is the point of a warrant?
There are a couple of inventions that do something similar to what I have in mind, but not exactly same and a both less secure.
I really like this, even though is unlikely to be secure against a sophisticated adversary:
Check out the video because it shows how what I have in mind would behave. Unlikely this one, though, the data would actually be encrypted.
Re: What is the point of a warrant?
Re:"The warrant will demand cleartext data. If you make it impossible, you are placing yourself deliberately on the wrong side of the law"
The warrant can demand whatever it wishes. If neither cleartext nor ciphertext exists, the court is out of luck. They can insist that you do the impossible all they like. It will not come to pass. A proper mechanism would absolutely ensure that the ISP and the server provider never had the means to produce cleartext under any circumstances. Everything they store and everything they ever had is encrypted on a key they never possessed.
Mandating that people expose, in advance, their private communications so that they be available for government inspection is, as far as I know, entirely contrary to any reasonable reading of the law and such a legal requirement ought to be beyond the reach of a single legislature, judiciary or executive. We are entitled to our private thoughts and committing them to storage does not somehow make them public property.
It happens that sometimes the state is beyond reason and will capture, imprison and torture the innocent. We are in such a time now. Having come to such a pass, it is time for good people to oppose it, with civil disobedience if need be. Those in power are not always right. In fact, it seems to me that they are wrong more often than not.
People running the apparatus of the state would have you believe that you serve them and that you must follow what they say no matter how outrageous. These are bad people and rather than following what they say we should be opposing them with a mind to removing them from power and prosecuting them once sanity returns.
Re: What is the point of a warrant?
Not quite sure what you have in mind and as I mentioned it can get complicated. With the proviso that the third party can be trusted due to the fact that it can be extended to as many different parties as required to be secure and that the PKI need not be limited to a single type and although significantly more involved it is possible to accomplish the same thing with conventional keys or even one time pads:
I have a message I wish to remain secret. I prepare it on a secure system and send a secure message to my trusted third party requesting a one time public key whose private key is known only to the third party. I encrypt my message on the requested public key and then encrypt an envelope containing the third party supplied public key with the receiver's public key. The original message is now gone and there is no way to recover the message without both the recipient's private key and the private key known only to the third party.
Details can get pretty hairy, but suffice it to say that it is possible, if needed, to make it so the third party actually cannot divulge the necessary key without the active permission of the sender and the receiver and an arbitrary number of nth parties if needed.
Security can be a PIA. If you want to secure something on a password and have reasonable confidence that it remains secure as long as the password is not known, you need to come up with a long password whose characters are effectively random. Something like this that has not been published (ie not this actual one because it is compromised now): MKMKtrsquRXKogec_zuxgKRfJmHQIoQW. That should give a nominal 192 bits and likely about a good 90 bits of real security against attack; simply not guessable in any reasonable amount of time. Unfortunately, it is so awkward to use such a thing in practice that it would not likely be used.
The reason for the above is to make it apparent that there are different levels of security available at the expense of given levels of inconvenience. Security is possible in a password, but inconvenient. You would not normally do that, but you might if the need was great enough. Similarly, to ensure that a scheme like the above was more secure against attack you could make it so that access to a particularly sensitive message was only available for a limited time beyond which it disappeared entirely. That way, particularly sensitive communications could vanish forever before anyone had a chance to beat the passwords out of you. This would be pretty inconvenient, but a lot more secure.
I have little doubt that schemes capable of securing systems can be built as long as we can build systems secure against things like side-channel attacks and we can trust the hardware. I have even less doubt that current systems do not approach anything like a level of security that even a duffer less skilled than me could put in place. Any of the big players like MS, IBM, Google, Facebook, Apple, HP, Oracle, etc, etc cannot possibly be trying in any meaningful way to secure their systems. This stuff can get pretty complicated pretty fast, there are gotchas everywhere and even experts who I trust have tried will make mistakes. However, virtually every barrier to entry on to our networks has been lowered to the point that even attackers with modest resources can mount a successful attack.
I have to do a search to see if such a thing has been patented already, but while writing this up I thought of a hugely amusing invention to cure shoulder surfing and related surveillance that had been a real puzzler for me.
What is the point of a warrant?
Bodies of Email like mine go back decades and involve thousands of people. How hard can it be to make the case that somewhere in there is evidence that leads to something by somebody that is unlawful? As things stand, we are subject to dragnet surveillance that regardless of how you feel about it, is illegal. Allowing a warrant to draw in so much data crosses the line, IMO.
If our protection is that 'fruit of the poison tree' cannot be used and things outside the warrant are ineligible to use as evidence, we open the door to wholesale destruction of evidence.
As a community, we need to install mechanisms that simply make it impossible for warrants like this to be exercised. All of the big companies hosting data like Email could easily set up systems that would make it impossible to inspect customer Email without the blessing of the individual involved *as well* as other key holders designed to make 'rubber hose' techniques ineffective.
It is possible to design a system that could be rapidly inspected for something like an amber alert, but still invulnerable to fishing expeditions, even if conducted under a warrant.
It can get complex, so it may not be apparent to some how we might construct a system largely invulnerable to such attacks. However, it should be clear to many that effectively storing your mail in the clear on a server controlled by someone else is certainly less secure than we can make it.
We have got to find someone other than the Fox to provide henhouse security.
Re: Never mind that
Re:"You want Google or Microsoft deciding what is in the public interest?"
No. They are the perps. We are the victims. The courts don't have 'perpetrator impact statements' from convicted felons. They don't generally consult with the felon to get their blessing before passing sentence. If they did, the victims would be invited to the table. We have victim impact statements from the people they harmed.
Never mind that
Rather than consulting with the perps to find out what they are willing to do, they should consult with the victims to find out what they are demanding.
I fear robot rebellion
Great; strangled by your own hands.
I have four or five net facing servers and I get dinged from time to time. There is not much you can do except try to keep a low profile. I will be looking at a secure operating environment next month and hopefully, once I can prove it out, I will be able to shift things over to that -- vanilla, vanilla, vanilla.
The main way to avoid someone breaking into your server is to make sure there is not much worth stealing. Is there anyone with a serious presence on the Internet that has not been compromised at some point? I doubt it.
They'll just find a new way to cheat
Unless they get penalties commensurate with the profits already received, system-wide, they will simply work to find another way to cheat. We all know that. This is just the usual window dressing.
It does not have to be this way.
I'm buying. They aren't selling
I have been looking and looking and looking at AMD waiting for them to release a product that I can reasonably buy. I have three boxen here using older chips like a 1090T. The newer chips require, in my case, upgrading all sorts of stuff for just not enough gain.
They seem to have just completely given up on selling CPUs. I have been an AMD die-hard for many years. All things being equal, I would go with them and I give them a bit of an edge at that.
I have been hoping that they will blow us all away with some dramatic change, but that hope is fading. It seems more realistic that they have just run into a wall where they cannot compete with Intel on x86 CPUs and are contemplating getting out of the x86 biz altogether.
I just can't get that excited about the ARM stuff...
Re: Why am I not surprised by this?
Re:"will someone charge them with child porn"
No. OTH, they will be sure to keep the most disgusting imaginable pictures on hand to frame someone like, oh, say, you, if you get too far out of hand.
There is some seriously disturbed stuff out there and I have no doubt that an arsenal of stuff like that is on hand for whenever they need to target somebody. They must add to the arsenal every day. If it turns out they are doing this, and I expect they are, and they are tolerating these monsters so they can keep adding to their weapons, I hope that they get caught. Let the mob violence they are attempting to manipulate in their favor turn against them.
Meantime, sad to say, I think it is a bit risky to get *too* vocal and I worry I may have come a bit too close to crossing that line.
For Great Justice
All your base are belong to us! Buwahaha.
Re: Australian Federal Government - The New NORKS
Well said. Let's face it, *we* are the enemy they fear. All of the various noxious legislation is aimed at keeping us all quiet. There cannot possibly be more than a million or so of these miserable weasels worldwide. We outnumber them thousands to one. They are really pushing for advantage. Hopefully we will *all* of us start pushing back.
Don't give up hope
We still outnumber the bastards and at the end of the day this is all about power over *people*. At least to some extent, they can only do this if we allow them to.
So far, we have not shown much backbone in standing up to people in power, but I am hopeful that the people who did things like come out for OWS will eventually find out how badly they were swindled and rise up much stronger.
It seems impossible to understand, but the majority of people accept that the official version of things is mostly real or at least 'real enough'. When they finally realize with certainty that it is not, they may well become impossible to stop.
I honestly wonder what the real case is here. As someone implied, if the systems have all been effectively compromised, it is puzzling that things are seemingly stable. What is holding the attacks in abeyance? The best I can come up with is that well armed attackers such as other states or organized crime have staked their claims on various systems and like some malware does, the people who have hijacked the system have actually put in effective security to keep other attackers from poaching what they have stolen.
Whether it is already in progress or not, it is only a matter of time before the network as it currently exists, with its hopeless security, is a hot battleground.
I believe it is possible to architect a reasonably secure network. If it is, it surprises me that others are not clamoring to have that done. Continued patching as we are doing is likely to become ever more ineffectual.
You should never attribute to malice what you can attribute to incompetence. It seems positively bizarre that there would be such profound widespread ignorance. However, it seems even more bizarre that what is happening overall is by anyone's design.
Are there really that many PHBs that rose to the top of the pyramid that this is all incompetence? It is plausible.
We are already well beyond the point where people with even ordinary abilities with network security should be making a little noise. If they are really that incompetent with security in all those executive suites, then they should be hiring people outside of their organizations to come in and do audits at least. Even if you are not going to fix it, you should have some idea of the profundity of your exposure.
Is this not a juicy business opportunity for someone to sell pricey reviews that allow executives plausible deniability?
Re: Get a grip
Re:"these laws are an attempt to repeal entropy"
Upvote for amusing turn of phrase. Trying to figure out some way to steal it.
Re: We're all screwed
I do not use guns and have no interest in them. Last year, a catalogue for guns showed up with my name on the mailing box. I am vocal and easy to find. Hmmmm. Good thing for me that I actually *am* clean. Not so good that it is dead simple to plant evidence on my hard disks. Given the fact that courts have made bizarre illiterate decisions with respect to government overreach, there is cause to be worried that files of evil allegedly put there by me (but actually planted by shadowy agents of the government behind the government), will be deemed by a court to be perfectly sound evidence and away I go.
Being squeaky clean is no defense; not that it ever was.
The only thing we have is each other. That might not seem like a lot, but it is more potent than you might think. People in power with the knowledge to render a determination deem even a collective portion of the population to be a threat. They cynically coordinated an extreme (and successful) effort to shut down the grassroots 'Occupy Wall Street' movement. By any reasonable standard, many of the measures were and are illegitimate at best; more probably illegal.
Elaborate measures have been taken to convince the sovereign body politic that it lacks both the power and the legitimate authority to correct a wayward government. Neither is true. The increasingly frantic efforts to arm and empower state agencies and disarm and dis-empower individuals demonstrates to me that wayward states fear us, as they should.
We can't be complacent. We still have more power, but as we cede ever more power to the state we make recovering control more costly. Ultimately, this is all about power over individuals and it will still be some time before the state can exercise absolute power. Clearly, though, that is its aim.
Re: This should tell you
Re: "The Government is expected to be answerable for security issues, which you are not, so it's not surprising that your views differ."
In my capacity as proxy for the body politic, the state's very existence is solely at my pleasure. It exists only to serve us. The current state, in my opinion, is malfunctioning and needs to be repaired or replaced. The state Government cannot legitimately hold differing views. To the extent that individuals entrusted with operation of the state act on differing views in any significant way it is an act of treason. The state has attempted to redefine itself as the sovereign in our stead. That is high treason; the gravest of crimes which traditionally has drawn the most severe penalties available.
There is an essential tension between the state and the individual. The state is the face of the collective and to some extent, by definition, its interests are opposed to the individual. One of the aspects of our covenant with one another is that we cede certain individual sovereign rights in order to secure others. My freedom to move about as I please stops at your door. I cede that freedom so that the state can ensure that you do not invade my own house. None of us have ceded even the smallest part of our fundamental rights except in the narrowest of necessary circumstance and then only to the extent necessary to *uphold* the covenant we have made.
It is, in my opinion, legitimate for the state to take some necessary measures to ensure security. It is not legitimate for it to stray beyond certain boundaries and it is well over those boundaries now. It may be more secure for the population to place us all under house arrest, but our covenant does not allow this. Similarly, our covenant does not allow search and seizure without probable cause. An invasion of privacy such as the ones under discussion is an illegal search. Nothing the government can do can make it legal because it is well outside the bounds of the covenant that gives it any right to exist in the first place.
Re: This should tell you
Re: "You mean it doesn't answer to you. How do you know that the majority of people in the UK don't support this?"
Even were it able to justify what is happening, consent is not sufficient. Consent must be informed and there is simply no way that informed consent could possibly given here. A failure to appropriately inform is one of the points in contention. We cannot be held to a contract we are not allowed to see, that acts against the most basic of our interests, regardless of (alleged) consent.
How sad is it that someone posts a question like that? No reasonable government can respond to mob rule. That is what constitutions and bills of rights are all about. There are fundamental human rights defined by constitutions for the United Nations, the United States, Canada, the EU and many other places besides. Those rights are not up for a simple majority vote and rightly so. In Canada and the United States, at least, multiple separate governing bodies must ratify any shift in these rights. There are reasons for this and one of them is precisely to prevent assaults on individual liberty from a tyranny of the majority. It is necessary that the majority of the body politic agree to abide by a covenant. It is not sufficient. Even significant majority votes cannot render lawful that which is fundamentally unlawful. For there to be peace and legitimate law and order even small groups must be given their fundamental rights or they will rebel and create chaos.
"there is nothing to check the inducements to sacrifice the weaker party or an obnoxious individual. Hence it is that such democracies have ever been spectacles of turbulence and contention; have ever been found incompatible with personal security or the rights of property; and have in general been as short in their lives as they have been violent in their deaths" -- James Madison -- The Federalist No. 10 1787-11-22
We are in dangerous territory. A slow rot has begun to stabilize into a fundamentally corrupted system. This cannot last. It is only a question of whether we fall into a frightening permanent tyranny, have a revolution or hopefully cure the rot while we still have a chance.
The only legitimacy the state has comes from a covenant between individuals and the collective. That covenant is expressed through constitutions in the United States and Canada. The state has no legitimate business, particularly and explicitly in the United States' Constitution of enumerated powers and bill of rights if it strays outside the confines of the Covenant.
"I entirely concur in the propriety of resorting to the sense in which the Constitution was accepted and ratified by the nation. In that sense alone it is the legitimate Constitution." James Madison in letter to Henry Lee 1824-06-25
My right to worship as I please, including being an atheist if that is my leaning, is not up for a majority vote. The covenant that mutually binds us -- you, I and the state -- reserves that right to me alone. Similarly, my right to security of my person, including my privacy is beyond the legitimate power of the state to waive, except under very narrow circumstances.
"If tyranny and oppression come to this land it will be in the guise of fighting a foreign enemy." -- James Madison
The 'war on terror' is an illegal attempt to claim a narrow circumstance exists, applies without limit and allows the state to do as it pleases. This has been used already to justify universally illegal acts such as torture and the very worst sort of summary execution. At least some strictly illegal and illegitimate acts, be they committed by legislators, executive operatives, the judiciary or even the military in the heat of combat are void of legitimate authority. They are crimes. A claim that an emergent permanent war with no end condition whatsoever is of necessity void and cannot justify illegal acts.
"Those who are to conduct a war cannot in the nature of things, be proper or safe judges, whether a war ought to be commenced, continued, or concluded" -- James Madison, , Letters of Helvidius, no. 1
You do not set a fox to guarding the hen-house.
Some acts that have been committed in recent years have always been illegal and are not subject to statutes of limitations. They can be, should be and I hope in at least some instances will be prosecuted and the perpetrators punished.
You do not have to do something the state orders you to do when it exceeds their legitimate authority. You resist to your peril, but sometimes good men have to rise to such a challenge. Our current liberty, tenuous as it is, was paid for in blood by our forebears. We can expect to pay for it with more blood going forward, but I think we should attempt to do our best with our current liberty to minimize that. So far we are not doing a good job.
Regardless of their presumptive motivation or state of mind, acts by Aaron Swartz, Bradley Manning and Edward Snowden are noble, brave and necessary and acts by their persecutors are shameful, cowardly and necessarily opposed.
The state apparatus, no matter the ever more outrageous revelations that continue to pour out from a few whistle-blowers continues to press for ever more advantage against its citizens. Have they, at last, no decency? Have we? When does it become OK, in your opinion, to call demand an end to this?
A majority opinion does not justify wrongdoing anyway, but I repudiate the notion that an informed majority of my fellow citizens in Canada, the U.S., the U.K., other parts of the EU and most of the world for that matter would vote to have a state monitoring and perverting discourse everywhere and committing ever more extreme crimes in the name of protecting the very things they are destroying.
Re: This should tell you
Re:"Commonality of interest and greed suffice."
Very well put. It expresses my own thinking very well. Whether it is currently the primary driver or not, it is a simple and sufficient explanation and almost certainly true to some extent. It is an attack vector that we have to close down whether or not it is actively being used.
This should tell you
... that there is essentially only one party in power and it does not answer to the people.
Sigh. So many fundamental problems
I personally find it inconceivable that the massive failure of security all around is not by design. However, even if it is spectacular incompetence all around there is an undeniable profound fundamental flaw that even a child can see:
We have trusted our security to our adversaries.
One of the systemic problems that needs to be addressed is the fact that we are placing trust in too few people and the wrong people at that.
NIST, when it comes to approving a standard in this area needs to be compelled to do it in concert with other entities entirely at arms length that at least have a chance of being honest. The NSA has no chance of being honest, but NIST by itself has already proven untrustworthy, even if it is only by incompetence. They should not be able in any way to pronounce by themselves on such a thing and arguably, beyond rubber-stamping a properly made decision, should not even have input in any core details.
I question the incompetence because it would have to be simply astounding incompetence to have no security expert capable of seeing that the NSA could not possibly be trusted.
When we give the ability to open a bank vault we do not give it to a single person. That would be insane. When it comes to security, security is proportional to the number of trusted entities required to gain access. It is also inversely proportional to the conflict of interest those entities may have. If, for instance, you give oversight of the CRTC to people exclusively from the telecommunications cartel, you can be pretty sure that no matter how many of them you have they will always end up casting a vote that favors their old friends in the telecommunications industry.
In theory, if not in practice, we do not give control of bank vaults to criminals.
I do not trust an all U.S. or U.K. solution for security of any type. End to end security is a planet-wide concern and standards need to be vetted by enough disparate entities to give some hope of security.
As a trivial example, if I need a few random bytes for encryption, I only need to get them from one source. However, if I trust the wrong source then I am sunk. As long as I get even one single set of random bytes, I am golden. If I only use one source, that source can let me down. If use five sources, I am fine as long as any one of them is trustworthy.
We already have examples of instances where key lengths we were told were sufficient were not. We do not need any more to show that limiting the key sizes, especially to minuscule values like 128 bits, is not optimally secure. Why is there any resistance at all to specifying arbitrary key sizes?
If you had a trustworthy source of random bits you could encrypt a message such that, if the key is as long as the message and it is not compromised, the message is provably secure. In practice we can't secure the key absolutely, but whatever we encrypt with a truly random stream is as secure as the key. Why do we not have proper mechanisms to gain such keys and why do we have no reasonable way of securing and transmitting these keys. I expect a mediocre high school student could improve upon what we currently have.
Practically nothing in our network universe can be secured in any meaningful sense. We should be at the stage of guarding against extreme side-channel attacks. Instead, we are stumbling around in the dark with virtually every point of entry compromised in some way.
The specific instance of heartbleed could not be predicted in advance. However, anybody reasonably in the know had to realize that such bugs were there. Having looked at the code, I cannot imagine that they are not there still. The code involved in heartbleed could be fixed. Why is it not being fixed? Why are we instead spending massive resources getting poised to jail grandmothers because their grandchildren accessed the wrong thing on the Internet?
Everywhere I look our security is hopelessly inadequate. If it looks that bad to me it has to look even worse to people who are accomplished at hacking into things. I am not unfamiliar with security, but I am not even close to being an expert like Peter Gutmann or Bruce Schneier or tens or hundreds of thousands of other individuals. This is not hyperbole. Hearbleed was a whopper of a breach. It should never have been possible for it to happen and yet it was inevitable. How is it possible that when anybody can reach just about any security expert in minutes from anywhere in the world that just about no decision makers can gain access to one of them?
One thing right.
Re: "Random numbers are vital in cryptography"
Controlled by who?
Re: "Communications cannot be viewed or examined by an analyst other than in strictly controlled circumstances."
Controlled by who?
We are so used to senseless BS from these people it all just fades into noise.
We need to stop negotiating the terms of our servitude and demand liberty. These guys sure do not represent me. As far as I am concerned, the perpetrators of all this nonsense belong in prison.
I am stunned to hear about another security issue
Re: Code is truly awful, but sadly not unusual
My experience is not at all limited to megaprojects. I have worked on pretty much every size and type of software. My experience is a bit limited because I have almost always been on the development side rather than maintenance. I think that programmer productivity does fall with project size, but not entirely as much as you seem to think, nor for the same reasons. You cannot take a few exemplary and successful small projects and their developers and use that as a yardstick for even other small projects, let alone large ones.
Take a look at the actual projects and source code on sourceforge; count code age and lines. Does it exceed daily productivity by paid professionals from large consulting firms? I have seen a lot of code from both sources and I would say that it does not. Most big projects have been less cost-effective than I would have liked, but not all. I worked on a project costing tens of millions of dollars with Sybase consulting and they kicked ass. I also worked on a huge multi-billion dollar production system for one of the largest firms in the U.S. and it is the only non-trivial project where we managed to come in with quality code both ahead of time and below budget.
Re: "size it in that manner and expect - as you do - inevitable overruns."
That was a thumbnail quote based on a line count and inspection of a sampling of code. It may seem strange to some, but in my experience a survey of code quality and line count has been the best indicator of the time required. I expect that if I had that budget and was allowed to form my own team that I could come in below that budget. However, overruns are inevitable on most projects because they would not have been started at all if more realistic estimates were made. Writing software, even with an existing system as a spec (huge leg up), is still labor intensive and difficult. I have been a career consultant and worked on a lot of different sizes and types of projects including in software companies as such like Sybase and Microsoft. My experience, as far as I can tell, is about exactly in line with what generally happens.
BTW -- I have worked on large projects with both IBM and Accenture and if you think you are better than their top guys I suspect you have not met their top guys. They *do* pitch out some less than stellar programmers on huge projects, but they attract some really good people. I was out a bunch of times with IBM, Andersen and then Accenture and none of our projects failed to deliver. You could have done it cheaper, but when you are spending $250 million dollars on a mission critical system that has to be there on time, it is not prudent to wing it.
I am near certain that I could beat the average large consulting firm project in terms of time and budget. I am also near certain that I would not be able to beat them if they fielded their best people. In no case could I possibly offer the guarantees that they can. One of my Andersen projects came in on time because there was a series of something like $5 million penalties for coming in late against milestones and they had deep enough resources to insure they made it.
Whether we like it or not, cost and time over-runs are a fact of life in complex projects. Failing to plan for that is planning to fail because of that.
Re: One BSD developer beating thirty developers from a large consulting firm.
In my experience you would lose that bet in a spectacular way. The average team member would probably be a bit worse, but the kind of consulting dollars available on these projects attracts some very good people. Chances are the same guy would be offered $200 per hour to work on the project with the big team as well as being offered much greater resources and helpers to amplify his productivity. If he is really serious about his craft, he will join the big team. Heck, he might even learn something.
Career programmers with thousands of hours of hands-on experience and credentials like Master's degrees in Engineering and PhD's in math are not guaranteed to be the best software developers. Some are even bad, but in my experience they are pretty good.
Whatever you can say about the openSSL code quality, I would say that it reflects work below the median quality of most working professional programmers. That is not to say that the programmers who worked on it are less than mediocre. It is an enormous amount of intrinsically difficult code in a language that many programmers find challenging. My hacks may not include gotos or multiple points of exit or mutant stylistic habits, but they can still be pretty ugly. If you only have time to do the hack, even the best programmer will produce poor code. Is there an experienced working professional programmer anywhere that has never been boxed in like that? I highly doubt it.
Re: "I'd still be more likely to trust whatever the OpenBSD team ends up using themselves."
This could go either way, but I am pretty sure that, given the budget I mention I could do better than they will end up doing and so would Accenture or IBM.
Re: "Your team would likely still be at the PowerPoint stage phrasing vision and mission statements"
This might have been true in the past, but I doubt it is now. Given the budget I mention, a couple of people on the team would be formally interfacing with management and users. It is possible that the team might *also* produce management friendly documentation. In the past I have worked on ISO 9000 projects where various documents (a lot of them) were a formal requirement. You might want to have a bit of polish on the presentations and documentation too if you were spending tens of millions of dollars on a project.
Re: "and various sociopaths would scheme to get themselves into politically advisable positions."
I agree with you here. The climbers are everywhere and they muck up the works with their schemes. Since they are devoted to climbing and you are devoted to your actual job, they end up winning a lot even though they are visible to at least some. This may be over-represented in fat and happy environments, but no organization is immune to this, including open source.
Re: "Seeing that people have to use something right now and over the next year, what do you suggest they use instead?"
There are good arguments in favor of both the existing project and the forked one. I expect that the SSL code generally will benefit by this situation, though it may be painful to the openSSL maintainers. Either should do, but if I had to make one choice I would choose the original over the forked version.
SSL is important enough that it should support a budget in the tens of millions to seal it up. However, even if SSL achieves perfection with respect to its design and code, it will still suffer from the many architectural and philosophical difficulties the whole system has.
Hearbleed was about the worst security bug I have ever seen in terms of both breadth and depth. It potentially affected every net connected device in the world, including ones that did not even use openSSL. I am not making light of it, but if you think about it, the only thing that has changed before and after is that we found out about this specific misfeature and we fixed it. We are not in good shape, but we are in better shape than before.
My estimation of our security situation has not changed. If you look at prior postings of mine you will see that security and privacy are big issues for me and I have been pretty blunt that security is hopelessly broken. That has not changed -- up or down.
You have to ask yourself why IBM, Red Hat, HP, Apple, Microsoft and other large players have not put together the necessary budget and had this done. Even at a commitment of $20 million it is a drop in the bucket for them. The weakness of the current openSSL code base negatively affects everyone, including people who do not even use it. They all have people who would have, like I did, look at heartbleed and know that even by our shabby standards of security it had a very serious problem. Given a look at the code base I would say that it is almost certainly still broken.
Perhaps they know that the systemic problems render an SSL fix pointless. Maybe they are under orders from some government agency not to rock the boat. Maybe they really don't think the openSSL code is that bad. I can't think of a scenario where all the big players look good here.
Re: Trust + Compilers
@h4rm0ny is correct with respect to a specific contemporaneous attack vector. However, there are other attack vectors that could be exploited and we have proof that some attacks on our security infrastructure were launched long ago with industry collusion.
I have the source code for the compiler I principally use (tcc) for small tools. Running my own version of the compiler does not give me much confidence it is not compromised. There are not all that many compilers about and if the NSA wanted to place evil code into C compilers, it would not be much harder to place the compromised code into all the binaries or for that matter in the operating system, BIOS, editors or hardware.
You have to take the safety of many things on faith and a breach in any one leaves you open to at least some type of attack.
The following says "hello world" in the visible source, but displays something different from a hidden stream in that same source file. If your IDE writes and only compiles an evil stream variant of your code, how would you know?
echo hello, world>hello.source
echo Goodbye cruel world.>hello.source:nsabackdoor
The above would likely be quickly found by the community. However, MS could have, under a secret order from the NSA, put in an invisible alternate stream mechanism and OS code to make sure that an evil variant is always created, and silently presented. The OS can easily intercept and quiet any messages that hint at the evil code. It only takes a single compromised executable to mess things up and how many can say that they built from scratch, audited the assembly code for every binary and proven their hardware is secure?
Unfortunately, the more you look at security the more you realize how fragile it is. It is fantastically difficult to mount a defense against a targeted attack from a well resourced and determined attacker. I have very little confidence that anything I use can withstand attack from all of the potential attackers out there.
I could describe many specific weaknesses but there are so many it is hard to know where to start.
As a practical matter, unless you are a programmer with a fair bit of knowledge about this area, you basically just have to trust other people to keep your systems safe. Even if you are a programmer with a fair bit of knowledge about this area, unless you have significant resources *and* a bit of luck you are not all that much safer.
It is sad but true that you cannot really trust any of the involved devices even right down to the silicon. You should be able to, but years of neglect by white hats and enormous efforts by varieties of black hats (the worst being the ones who actually think they are white hats) has made every bit of the system suspect.
A much more certain mitigation strategy is to work to shift liability to a party capable of taking it on. For instance, if you are going to do banking online, you follow all the rules of the institution providing the service and if your account is compromised, they were the custodians and have to fix it. If something needs to be kept safe, it is best to take it offline.
Code is truly awful, but sadly not unusual
I took a look at the source here: http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/
Code like this abounds and it seems to me especially in security code (the last place it should exist). The very first file I opened, ssl_asn1.c, contains multiple points of exit and goto statements. It is a festival of mutant coding practices. I am looking right now at the classic evil code comment:
/* can't happen */
I am not kidding. My eye came to rest there because the line is indulging in the journeyman C programming stylistic *error* of failing to put braces after an if statement because the programmer believes with all their heart that they are prescient enough to foresee that nobody will ever mistakenly add another statement and forget to put in the braces. This, of course, is ruled by Murphy's law and does, despite the programmer's confidence it is 'impossible', in fact happen. Sigh.
Code that contains unconditional jumps like goto statements, unstructured breaks, multiple points of exit, effective multiple points of entry, etc is much harder to debug than it needs to be. One of the first things I would do to fix stuff like that would be to restructure and correct the many stylistic problems. Code like that invariably hides a variety of bugs. That is especially true of old code that has been visited by multiple programmers because the code is only as strong as the weakest programmer that touched it. Cleaner code that follows good practices gets touched less.
Spot checking to make sure that I am not looking at one aberrant file, the following are similarly impaired:
ssl_lib.c, s3_pkt.c, t1_enc.c, pqueue.c, smime.c, openssl.c, rsa.c, ec.c, x509_req.c
It is a gruesome body of code. Whoever said it was not large cannot possibly have much experience with this type of thing. I count more than a quarter million lines of code. There is enough that I would be inclined to actually write tools to do a lot of the boilerplate cleanup.
Adding more programmers is not necessarily productive, so even with an unlimited budget your best bet is to go with a finite number of programmers. However, off the top of my head, where code quality trumped budget and the budget was effectively unlimited I would be inclined to assign a fairly large team to fixing this on the order of three dozen people. Assuming a target blended hourly rate of about $80.00/hr and adjusting for the inevitable overruns, a project like this would cost something approaching $10 million if done through a large consulting firm. I have worked on projects with much larger budgets ($250 million on a couple), but this would still be a large project.
Unless a very, very clever small team of programmers builds tools to fix the code, or it is funded as above by big players, or a canny coordinator can crowd-source enough hands, this code is not going to be very trustworthy. I am not sure if it would be better to start from scratch.
The above assumes that openssl can actually accomplish its ultimate purpose and I personally am doubtful. I think our entire security infrastructure is similarly impaired in implementation, design, architecture and ultimately philosophy. It was designed in a much more naive time. Security has now escalated into a profoundly adversarial situation involving very well funded organized crime, states and powerful industry players. Many of the assumptions underpinning current security thinking are patently false.
The most poisonous aspect affecting SSL is the demonstrably false assumption that the current chain of trust is trustworthy. That includes more than just the CAs. The money to fix this properly is definitely there and the people controlling those funds are most certainly aware that the system is broken. It remains broken because an insecure network for most of us with its attendant increasingly open cyber warfare serves their purposes more than a genuinely secure network.
Maintaining code like this is a heroic effort. Both teams engaged in this deserve credit for taking on a very difficult and thankless task. Even though mistakes abound, the code has a heritage reaching back to times when some of their practices were considered benign or even 'best practice'. Having reviewed it, I am arguably one of the people responsible in a way and unless I get some sort of divine inspiration, I will not be correcting the many issues with this.
Technically, I think that it needs to be mentioned that many practices such as running regression test suites are necessary, but not nearly sufficient. They are *more* necessary when code looks like the openSSL stuff, but they are proportionally less sufficient.
I have been designing and reviewing security code for decades now. It is *very* difficult. In fact, I am less confident now than I was twenty years ago. Even if the openSSL code was carefully rebuilt by seasoned programmers I would not trust significant financial transactions to it, let alone military secrets.
We don't have to honor invalid patents
Re:"the US Patent Office has assigned patents to Google, Microsoft, Amazon"
At some point, and I think we have passed it, the patent offices render themselves useless by making everything the subject of a patent without respect to actually meeting the necessary criteria.
The U.S. federal government has no legitimate power that is not granted by the U.S. constitution. The relevant text governing patents reads as follows:
"To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries."
If you look at the circumstances surrounding the creation of the constitution, this clause barely made it. It says "To promote the progress of Science and useful Arts". It also says "for limited times". In the case of software patents, neither are true and hence the patent laws as applied there should have no legal force. The founders were very, very, very explicit that:
"The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."
Granting effectively unlimited terms (computer tech moves very quickly) that demonstrably inhibit progress cannot have legal force. The congress is *NOT* at liberty to pass any rule it pleases. The POTUS is not at liberty to pass or enforce any edict he pleases. The supreme court is not at liberty to interpret law in such a way that it is in conflict with the constitution. Law enforcement personnel are not at liberty to break the law as they please.
It was ever thus that the rules were stretched and broken by the powerful. However, the rise of technology has made this phenomenon increasingly dangerous and irreversible. I genuinely worry for our future. We are poised on the brink of abundance and freedom, but currently choosing by default to live in impoverished slavery.
I have a suspicion that stuff like the TPP is intended to end-run the U.S. Constitution because people responsible know that none of this junk would pass a *fair* test against the law of the land.
People in power have shredded constitutions everywhere. In the United States, nearly every substantive provision of the Bill of Rights has been violated.
The United States federal government has become a rogue regime. The administration of patents is not the worst of it, by a long shot. The people of the United States have not just the right to oppose it and put things back in order. They have the duty to do so; every one of them.
To be fair
To be fair, this project is hardly alone with respect to shaky code. A lot of code has been written by people with a good academic understanding of the subject matter, but a poor understanding of software development.
It does not help that *MOST* of the people in charge of software projects are not accomplished professional programmers. This discipline is particularly vulnerable to the Peter Principle.
By my reckoning, the skill of an artist lies not in his hands, but in his eyes. The fact that the aesthetics of so many of these projects are poor shows that people guiding development lack the necessary level of skill.
Security is especially problematic because not only do most of the people responsible for security lack the knowledge and skill to implement proper security, some are actually entirely impenetrable to reason: http://trac.filezilla-project.org/ticket/5530
If people are serious about fixing such things (I am pretty sure they are not), funding would be increased, developers would be skilled up in security, security people skilled up in programming and users made aware of the extent of the deficiency. I will not hold my breath.
Re: "I am leery of lock-in"
I emphatically agree. That, in its many forms, is perhaps the worst strategic mistake and eventually will bite you. It can actually take the company down.
Tangential aside: Hate the current 'cloud' buzzword. The term has been perverted, just the same as 'hacker' was, by people with no history and understanding. I have been on 'the cloud' in various forms since the 1970s.
For geezers rightly suspicious of this back-end infrastructure, though, it is finally becoming reliable enough to use. In some respects, your IT infrastructure is better off on the de-localized backend and that even includes traditional 'client' side stuff like GUIs.
Trevor is spot-on about a hybrid solution. If you have something that has to be saved or has to be accessible without a network connection, you need local infrastructure as well.
As a practical matter, I am an IT guy and I have just about an even mix of function on the cloud and locally. Except that the cost of having idle sessions on the cloud is impractical, I am beginning to prefer it.
No question it's theater. I wonder how many of the congress critters are on stage and how many in the audience.
Re:"made it legal to hide changes in the law"
I am pretty sure you know better, but for the record, they cannot actually make it 'legal' without changing the constitution and even then there are limits. Ultimately, legal force comes from the body politic. Keeping a law secret until the lawmaker decides to 'do the reveal' pretty much negates the whole notion of legality.
- Review Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?
- MEN WANTED to satisfy town full of yearning BRAZILIAN HOTNESS
- +Comment 'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Apple tried to get a ban on Galaxy, judge said: NO, NO, NO