606 posts • joined 9 Nov 2011
Not useless by far
Just because a device *could* be controlled remotely does not necessarily mean it *must* be. A smart controllable device can go whatever way it needs to go. A dumb one is, well, dumb.
It should be at least possible to merge anything that has state with the network.
Devices throughout a house could automagically go into a low power state when they are not needed. I have a biggish house that has something like 100 light bulbs. I also have two kids. I spend a lot of time turning off lights. If the house was smarter, I could stop wasting my time on that and the amount of power saved would be even greater than the most diligent homeowner. It would be pretty cool if lights went on and off as needed without me having to bother. Similar advantages would apply to most any other device.
It would also be pretty cool if devices whose heartbeats went offline were tended to without my having to bother. Appliances under recall because they tend to catch fire spontaneously could be disabled automatically as part of a recall. I had a device (heating pad) burn my apartment down once a long time ago. I got lucky that I only lost all my possessions. Some people lost their lives to that defective product. My Sony Notebook had a defect that could cause it to catch on fire. It was curable with a BIOS update. Sometime between that BIOS update being created and applied a few people had a nasty surprise. A network attached device with the appropriate smarts could have avoided that.
Lots of devices already have different CPUs in them that provide some smarts. A one size fits all network chip would require less smarts, allow those remaining smarts to be donated into the network and would allow the device to import significantly more intelligence than it had on its own. Due to economies of scale, plug and play network devices would accomplish more for a lower price.
Technology holds incredible promise if it is managed correctly. We should not be afraid to move ahead. We just need to be sensible.
People are correct that there is danger in a badly connected insecure network. The fix is to make sure it is a well designed, well implemented and secure network. The answer to automobile safety is to build safer automobiles, not to switch to riding horses.
Regardless of the pros and cons, I have no doubt that network convergence will continue. It will happen anyway. Rather than trying to stop the inevitable, technical people should be pushing to make the converging network sane and humane.
Before the IoT really takes off I hope that they hire a couple of people to architect security and then hire a few more to review for holes.
The current security infrastructure is wholly inadequate. Before they hook up my fireplace, they need to fix it. 'They' here might include people like me, but whatever.
I wrote about the converging IoT more than ten years ago:
"All communications and part of the power grid are becoming a single transparent worldwide network. Communications devices and their power requirements are shrinking. It is technically possible, for instance to produce a camera with a 360x360 degree viewing range that is connected to the Internet and near invisible to the eye. When mass-produced, these devices would cost pennies or less per device. Privacy as we know it will become almost impossible within my lifetime. Webcams? They will be everywhere. Light bulbs will be monitored via the Internet because it will be cheaper to produce them with the device than without. "
"Countries once had near absolute sovereignty over their borders. International agreements have changed that. Expect this process to accelerate. "
"It is most important that people in our community (geeks who understand this stuff) work diligently to ensure that our transition to the converged, border-less, information rich world is sane and humane."
"Re: The public good -- what is it? What maximizes it? Somebody will be answering these questions and if they are the only voice heard, that's what we'll get. Frankly, the extension of copyrights, DMCA, the notion of 'Intellectual Property' (as if you could make such a bag and stuff Patents, Copyright, etc into it), FrankenFoods, etc. all act AGAINST the public good in my opinion."
"The networks will inevitably converge and they will be attached to just about everything. Guns and Bullets? The really dangerous stuff is probably already part of a network somehow and that trend will accelerate. How do guns and bullets get deployed and used? Somehow messages went out over a network and those messages resulted in the public will to deploy guns and the particular private orders that resulted in deploying and using them."
Who is responsible here?
Re:"Data security should be a top priority for any business that operates online."
Well, maybe they can find whoever is responsible for weakening security across the board and sue them for the funds to fix it.
Securing things like this falls into 'plausible deniability', rather than actual security. The only reason that the banking system has not been disrupted by now is that (last I worked in banks anyway), the online systems are not actually connected to the Internet in a way that can affect the upstream banking system. I have a horrible feeling that, as the old guard who kept the glass house locked down leaves, these systems will be exposed by people who don't have a suitable level of paranoia.
You have to wonder how they expect the IOT to work without killing people.
Lust after this stuff
I have been following Xilinx forever, but even the FPGAs are a little pricey just to hack around with. I would *love* to have the time to prove stuff out with FPGAs and then have it burned into ASICs.
As @Caesarius says, there is a risky sunk cost with ASICs but the wins can be enormous. Nobody can come close in software to the performance of silicon.
One size fits none
I have no problem with one Windows OS. I have a problem with it being the crappy Windows 8.x -- one size fits none.
Re: Very misleading title for this article
Agree. To rule otherwise would be to dispense with both law and reason. To cure the apparent injustice (there is no real injustice here), they should lobby to have patents abolished. Fair?
Re: What is the point of a warrant?
There are a couple of inventions that do something similar to what I have in mind, but not exactly same and a both less secure.
I really like this, even though is unlikely to be secure against a sophisticated adversary:
Check out the video because it shows how what I have in mind would behave. Unlikely this one, though, the data would actually be encrypted.
Re: What is the point of a warrant?
Re:"The warrant will demand cleartext data. If you make it impossible, you are placing yourself deliberately on the wrong side of the law"
The warrant can demand whatever it wishes. If neither cleartext nor ciphertext exists, the court is out of luck. They can insist that you do the impossible all they like. It will not come to pass. A proper mechanism would absolutely ensure that the ISP and the server provider never had the means to produce cleartext under any circumstances. Everything they store and everything they ever had is encrypted on a key they never possessed.
Mandating that people expose, in advance, their private communications so that they be available for government inspection is, as far as I know, entirely contrary to any reasonable reading of the law and such a legal requirement ought to be beyond the reach of a single legislature, judiciary or executive. We are entitled to our private thoughts and committing them to storage does not somehow make them public property.
It happens that sometimes the state is beyond reason and will capture, imprison and torture the innocent. We are in such a time now. Having come to such a pass, it is time for good people to oppose it, with civil disobedience if need be. Those in power are not always right. In fact, it seems to me that they are wrong more often than not.
People running the apparatus of the state would have you believe that you serve them and that you must follow what they say no matter how outrageous. These are bad people and rather than following what they say we should be opposing them with a mind to removing them from power and prosecuting them once sanity returns.
Re: What is the point of a warrant?
Not quite sure what you have in mind and as I mentioned it can get complicated. With the proviso that the third party can be trusted due to the fact that it can be extended to as many different parties as required to be secure and that the PKI need not be limited to a single type and although significantly more involved it is possible to accomplish the same thing with conventional keys or even one time pads:
I have a message I wish to remain secret. I prepare it on a secure system and send a secure message to my trusted third party requesting a one time public key whose private key is known only to the third party. I encrypt my message on the requested public key and then encrypt an envelope containing the third party supplied public key with the receiver's public key. The original message is now gone and there is no way to recover the message without both the recipient's private key and the private key known only to the third party.
Details can get pretty hairy, but suffice it to say that it is possible, if needed, to make it so the third party actually cannot divulge the necessary key without the active permission of the sender and the receiver and an arbitrary number of nth parties if needed.
Security can be a PIA. If you want to secure something on a password and have reasonable confidence that it remains secure as long as the password is not known, you need to come up with a long password whose characters are effectively random. Something like this that has not been published (ie not this actual one because it is compromised now): MKMKtrsquRXKogec_zuxgKRfJmHQIoQW. That should give a nominal 192 bits and likely about a good 90 bits of real security against attack; simply not guessable in any reasonable amount of time. Unfortunately, it is so awkward to use such a thing in practice that it would not likely be used.
The reason for the above is to make it apparent that there are different levels of security available at the expense of given levels of inconvenience. Security is possible in a password, but inconvenient. You would not normally do that, but you might if the need was great enough. Similarly, to ensure that a scheme like the above was more secure against attack you could make it so that access to a particularly sensitive message was only available for a limited time beyond which it disappeared entirely. That way, particularly sensitive communications could vanish forever before anyone had a chance to beat the passwords out of you. This would be pretty inconvenient, but a lot more secure.
I have little doubt that schemes capable of securing systems can be built as long as we can build systems secure against things like side-channel attacks and we can trust the hardware. I have even less doubt that current systems do not approach anything like a level of security that even a duffer less skilled than me could put in place. Any of the big players like MS, IBM, Google, Facebook, Apple, HP, Oracle, etc, etc cannot possibly be trying in any meaningful way to secure their systems. This stuff can get pretty complicated pretty fast, there are gotchas everywhere and even experts who I trust have tried will make mistakes. However, virtually every barrier to entry on to our networks has been lowered to the point that even attackers with modest resources can mount a successful attack.
I have to do a search to see if such a thing has been patented already, but while writing this up I thought of a hugely amusing invention to cure shoulder surfing and related surveillance that had been a real puzzler for me.
What is the point of a warrant?
Bodies of Email like mine go back decades and involve thousands of people. How hard can it be to make the case that somewhere in there is evidence that leads to something by somebody that is unlawful? As things stand, we are subject to dragnet surveillance that regardless of how you feel about it, is illegal. Allowing a warrant to draw in so much data crosses the line, IMO.
If our protection is that 'fruit of the poison tree' cannot be used and things outside the warrant are ineligible to use as evidence, we open the door to wholesale destruction of evidence.
As a community, we need to install mechanisms that simply make it impossible for warrants like this to be exercised. All of the big companies hosting data like Email could easily set up systems that would make it impossible to inspect customer Email without the blessing of the individual involved *as well* as other key holders designed to make 'rubber hose' techniques ineffective.
It is possible to design a system that could be rapidly inspected for something like an amber alert, but still invulnerable to fishing expeditions, even if conducted under a warrant.
It can get complex, so it may not be apparent to some how we might construct a system largely invulnerable to such attacks. However, it should be clear to many that effectively storing your mail in the clear on a server controlled by someone else is certainly less secure than we can make it.
We have got to find someone other than the Fox to provide henhouse security.
Re: Never mind that
Re:"You want Google or Microsoft deciding what is in the public interest?"
No. They are the perps. We are the victims. The courts don't have 'perpetrator impact statements' from convicted felons. They don't generally consult with the felon to get their blessing before passing sentence. If they did, the victims would be invited to the table. We have victim impact statements from the people they harmed.
Never mind that
Rather than consulting with the perps to find out what they are willing to do, they should consult with the victims to find out what they are demanding.
I fear robot rebellion
Great; strangled by your own hands.
I have four or five net facing servers and I get dinged from time to time. There is not much you can do except try to keep a low profile. I will be looking at a secure operating environment next month and hopefully, once I can prove it out, I will be able to shift things over to that -- vanilla, vanilla, vanilla.
The main way to avoid someone breaking into your server is to make sure there is not much worth stealing. Is there anyone with a serious presence on the Internet that has not been compromised at some point? I doubt it.
They'll just find a new way to cheat
Unless they get penalties commensurate with the profits already received, system-wide, they will simply work to find another way to cheat. We all know that. This is just the usual window dressing.
It does not have to be this way.
I'm buying. They aren't selling
I have been looking and looking and looking at AMD waiting for them to release a product that I can reasonably buy. I have three boxen here using older chips like a 1090T. The newer chips require, in my case, upgrading all sorts of stuff for just not enough gain.
They seem to have just completely given up on selling CPUs. I have been an AMD die-hard for many years. All things being equal, I would go with them and I give them a bit of an edge at that.
I have been hoping that they will blow us all away with some dramatic change, but that hope is fading. It seems more realistic that they have just run into a wall where they cannot compete with Intel on x86 CPUs and are contemplating getting out of the x86 biz altogether.
I just can't get that excited about the ARM stuff...
Re: Why am I not surprised by this?
Re:"will someone charge them with child porn"
No. OTH, they will be sure to keep the most disgusting imaginable pictures on hand to frame someone like, oh, say, you, if you get too far out of hand.
There is some seriously disturbed stuff out there and I have no doubt that an arsenal of stuff like that is on hand for whenever they need to target somebody. They must add to the arsenal every day. If it turns out they are doing this, and I expect they are, and they are tolerating these monsters so they can keep adding to their weapons, I hope that they get caught. Let the mob violence they are attempting to manipulate in their favor turn against them.
Meantime, sad to say, I think it is a bit risky to get *too* vocal and I worry I may have come a bit too close to crossing that line.
For Great Justice
All your base are belong to us! Buwahaha.
Re: Australian Federal Government - The New NORKS
Well said. Let's face it, *we* are the enemy they fear. All of the various noxious legislation is aimed at keeping us all quiet. There cannot possibly be more than a million or so of these miserable weasels worldwide. We outnumber them thousands to one. They are really pushing for advantage. Hopefully we will *all* of us start pushing back.
Don't give up hope
We still outnumber the bastards and at the end of the day this is all about power over *people*. At least to some extent, they can only do this if we allow them to.
So far, we have not shown much backbone in standing up to people in power, but I am hopeful that the people who did things like come out for OWS will eventually find out how badly they were swindled and rise up much stronger.
It seems impossible to understand, but the majority of people accept that the official version of things is mostly real or at least 'real enough'. When they finally realize with certainty that it is not, they may well become impossible to stop.
I honestly wonder what the real case is here. As someone implied, if the systems have all been effectively compromised, it is puzzling that things are seemingly stable. What is holding the attacks in abeyance? The best I can come up with is that well armed attackers such as other states or organized crime have staked their claims on various systems and like some malware does, the people who have hijacked the system have actually put in effective security to keep other attackers from poaching what they have stolen.
Whether it is already in progress or not, it is only a matter of time before the network as it currently exists, with its hopeless security, is a hot battleground.
I believe it is possible to architect a reasonably secure network. If it is, it surprises me that others are not clamoring to have that done. Continued patching as we are doing is likely to become ever more ineffectual.
You should never attribute to malice what you can attribute to incompetence. It seems positively bizarre that there would be such profound widespread ignorance. However, it seems even more bizarre that what is happening overall is by anyone's design.
Are there really that many PHBs that rose to the top of the pyramid that this is all incompetence? It is plausible.
We are already well beyond the point where people with even ordinary abilities with network security should be making a little noise. If they are really that incompetent with security in all those executive suites, then they should be hiring people outside of their organizations to come in and do audits at least. Even if you are not going to fix it, you should have some idea of the profundity of your exposure.
Is this not a juicy business opportunity for someone to sell pricey reviews that allow executives plausible deniability?
Re: Get a grip
Re:"these laws are an attempt to repeal entropy"
Upvote for amusing turn of phrase. Trying to figure out some way to steal it.
Re: We're all screwed
I do not use guns and have no interest in them. Last year, a catalogue for guns showed up with my name on the mailing box. I am vocal and easy to find. Hmmmm. Good thing for me that I actually *am* clean. Not so good that it is dead simple to plant evidence on my hard disks. Given the fact that courts have made bizarre illiterate decisions with respect to government overreach, there is cause to be worried that files of evil allegedly put there by me (but actually planted by shadowy agents of the government behind the government), will be deemed by a court to be perfectly sound evidence and away I go.
Being squeaky clean is no defense; not that it ever was.
The only thing we have is each other. That might not seem like a lot, but it is more potent than you might think. People in power with the knowledge to render a determination deem even a collective portion of the population to be a threat. They cynically coordinated an extreme (and successful) effort to shut down the grassroots 'Occupy Wall Street' movement. By any reasonable standard, many of the measures were and are illegitimate at best; more probably illegal.
Elaborate measures have been taken to convince the sovereign body politic that it lacks both the power and the legitimate authority to correct a wayward government. Neither is true. The increasingly frantic efforts to arm and empower state agencies and disarm and dis-empower individuals demonstrates to me that wayward states fear us, as they should.
We can't be complacent. We still have more power, but as we cede ever more power to the state we make recovering control more costly. Ultimately, this is all about power over individuals and it will still be some time before the state can exercise absolute power. Clearly, though, that is its aim.
Re: This should tell you
Re: "The Government is expected to be answerable for security issues, which you are not, so it's not surprising that your views differ."
In my capacity as proxy for the body politic, the state's very existence is solely at my pleasure. It exists only to serve us. The current state, in my opinion, is malfunctioning and needs to be repaired or replaced. The state Government cannot legitimately hold differing views. To the extent that individuals entrusted with operation of the state act on differing views in any significant way it is an act of treason. The state has attempted to redefine itself as the sovereign in our stead. That is high treason; the gravest of crimes which traditionally has drawn the most severe penalties available.
There is an essential tension between the state and the individual. The state is the face of the collective and to some extent, by definition, its interests are opposed to the individual. One of the aspects of our covenant with one another is that we cede certain individual sovereign rights in order to secure others. My freedom to move about as I please stops at your door. I cede that freedom so that the state can ensure that you do not invade my own house. None of us have ceded even the smallest part of our fundamental rights except in the narrowest of necessary circumstance and then only to the extent necessary to *uphold* the covenant we have made.
It is, in my opinion, legitimate for the state to take some necessary measures to ensure security. It is not legitimate for it to stray beyond certain boundaries and it is well over those boundaries now. It may be more secure for the population to place us all under house arrest, but our covenant does not allow this. Similarly, our covenant does not allow search and seizure without probable cause. An invasion of privacy such as the ones under discussion is an illegal search. Nothing the government can do can make it legal because it is well outside the bounds of the covenant that gives it any right to exist in the first place.
Re: This should tell you
Re: "You mean it doesn't answer to you. How do you know that the majority of people in the UK don't support this?"
Even were it able to justify what is happening, consent is not sufficient. Consent must be informed and there is simply no way that informed consent could possibly given here. A failure to appropriately inform is one of the points in contention. We cannot be held to a contract we are not allowed to see, that acts against the most basic of our interests, regardless of (alleged) consent.
How sad is it that someone posts a question like that? No reasonable government can respond to mob rule. That is what constitutions and bills of rights are all about. There are fundamental human rights defined by constitutions for the United Nations, the United States, Canada, the EU and many other places besides. Those rights are not up for a simple majority vote and rightly so. In Canada and the United States, at least, multiple separate governing bodies must ratify any shift in these rights. There are reasons for this and one of them is precisely to prevent assaults on individual liberty from a tyranny of the majority. It is necessary that the majority of the body politic agree to abide by a covenant. It is not sufficient. Even significant majority votes cannot render lawful that which is fundamentally unlawful. For there to be peace and legitimate law and order even small groups must be given their fundamental rights or they will rebel and create chaos.
"there is nothing to check the inducements to sacrifice the weaker party or an obnoxious individual. Hence it is that such democracies have ever been spectacles of turbulence and contention; have ever been found incompatible with personal security or the rights of property; and have in general been as short in their lives as they have been violent in their deaths" -- James Madison -- The Federalist No. 10 1787-11-22
We are in dangerous territory. A slow rot has begun to stabilize into a fundamentally corrupted system. This cannot last. It is only a question of whether we fall into a frightening permanent tyranny, have a revolution or hopefully cure the rot while we still have a chance.
The only legitimacy the state has comes from a covenant between individuals and the collective. That covenant is expressed through constitutions in the United States and Canada. The state has no legitimate business, particularly and explicitly in the United States' Constitution of enumerated powers and bill of rights if it strays outside the confines of the Covenant.
"I entirely concur in the propriety of resorting to the sense in which the Constitution was accepted and ratified by the nation. In that sense alone it is the legitimate Constitution." James Madison in letter to Henry Lee 1824-06-25
My right to worship as I please, including being an atheist if that is my leaning, is not up for a majority vote. The covenant that mutually binds us -- you, I and the state -- reserves that right to me alone. Similarly, my right to security of my person, including my privacy is beyond the legitimate power of the state to waive, except under very narrow circumstances.
"If tyranny and oppression come to this land it will be in the guise of fighting a foreign enemy." -- James Madison
The 'war on terror' is an illegal attempt to claim a narrow circumstance exists, applies without limit and allows the state to do as it pleases. This has been used already to justify universally illegal acts such as torture and the very worst sort of summary execution. At least some strictly illegal and illegitimate acts, be they committed by legislators, executive operatives, the judiciary or even the military in the heat of combat are void of legitimate authority. They are crimes. A claim that an emergent permanent war with no end condition whatsoever is of necessity void and cannot justify illegal acts.
"Those who are to conduct a war cannot in the nature of things, be proper or safe judges, whether a war ought to be commenced, continued, or concluded" -- James Madison, , Letters of Helvidius, no. 1
You do not set a fox to guarding the hen-house.
Some acts that have been committed in recent years have always been illegal and are not subject to statutes of limitations. They can be, should be and I hope in at least some instances will be prosecuted and the perpetrators punished.
You do not have to do something the state orders you to do when it exceeds their legitimate authority. You resist to your peril, but sometimes good men have to rise to such a challenge. Our current liberty, tenuous as it is, was paid for in blood by our forebears. We can expect to pay for it with more blood going forward, but I think we should attempt to do our best with our current liberty to minimize that. So far we are not doing a good job.
Regardless of their presumptive motivation or state of mind, acts by Aaron Swartz, Bradley Manning and Edward Snowden are noble, brave and necessary and acts by their persecutors are shameful, cowardly and necessarily opposed.
The state apparatus, no matter the ever more outrageous revelations that continue to pour out from a few whistle-blowers continues to press for ever more advantage against its citizens. Have they, at last, no decency? Have we? When does it become OK, in your opinion, to call demand an end to this?
A majority opinion does not justify wrongdoing anyway, but I repudiate the notion that an informed majority of my fellow citizens in Canada, the U.S., the U.K., other parts of the EU and most of the world for that matter would vote to have a state monitoring and perverting discourse everywhere and committing ever more extreme crimes in the name of protecting the very things they are destroying.
Re: This should tell you
Re:"Commonality of interest and greed suffice."
Very well put. It expresses my own thinking very well. Whether it is currently the primary driver or not, it is a simple and sufficient explanation and almost certainly true to some extent. It is an attack vector that we have to close down whether or not it is actively being used.
This should tell you
... that there is essentially only one party in power and it does not answer to the people.
Sigh. So many fundamental problems
I personally find it inconceivable that the massive failure of security all around is not by design. However, even if it is spectacular incompetence all around there is an undeniable profound fundamental flaw that even a child can see:
We have trusted our security to our adversaries.
One of the systemic problems that needs to be addressed is the fact that we are placing trust in too few people and the wrong people at that.
NIST, when it comes to approving a standard in this area needs to be compelled to do it in concert with other entities entirely at arms length that at least have a chance of being honest. The NSA has no chance of being honest, but NIST by itself has already proven untrustworthy, even if it is only by incompetence. They should not be able in any way to pronounce by themselves on such a thing and arguably, beyond rubber-stamping a properly made decision, should not even have input in any core details.
I question the incompetence because it would have to be simply astounding incompetence to have no security expert capable of seeing that the NSA could not possibly be trusted.
When we give the ability to open a bank vault we do not give it to a single person. That would be insane. When it comes to security, security is proportional to the number of trusted entities required to gain access. It is also inversely proportional to the conflict of interest those entities may have. If, for instance, you give oversight of the CRTC to people exclusively from the telecommunications cartel, you can be pretty sure that no matter how many of them you have they will always end up casting a vote that favors their old friends in the telecommunications industry.
In theory, if not in practice, we do not give control of bank vaults to criminals.
I do not trust an all U.S. or U.K. solution for security of any type. End to end security is a planet-wide concern and standards need to be vetted by enough disparate entities to give some hope of security.
As a trivial example, if I need a few random bytes for encryption, I only need to get them from one source. However, if I trust the wrong source then I am sunk. As long as I get even one single set of random bytes, I am golden. If I only use one source, that source can let me down. If use five sources, I am fine as long as any one of them is trustworthy.
We already have examples of instances where key lengths we were told were sufficient were not. We do not need any more to show that limiting the key sizes, especially to minuscule values like 128 bits, is not optimally secure. Why is there any resistance at all to specifying arbitrary key sizes?
If you had a trustworthy source of random bits you could encrypt a message such that, if the key is as long as the message and it is not compromised, the message is provably secure. In practice we can't secure the key absolutely, but whatever we encrypt with a truly random stream is as secure as the key. Why do we not have proper mechanisms to gain such keys and why do we have no reasonable way of securing and transmitting these keys. I expect a mediocre high school student could improve upon what we currently have.
Practically nothing in our network universe can be secured in any meaningful sense. We should be at the stage of guarding against extreme side-channel attacks. Instead, we are stumbling around in the dark with virtually every point of entry compromised in some way.
The specific instance of heartbleed could not be predicted in advance. However, anybody reasonably in the know had to realize that such bugs were there. Having looked at the code, I cannot imagine that they are not there still. The code involved in heartbleed could be fixed. Why is it not being fixed? Why are we instead spending massive resources getting poised to jail grandmothers because their grandchildren accessed the wrong thing on the Internet?
Everywhere I look our security is hopelessly inadequate. If it looks that bad to me it has to look even worse to people who are accomplished at hacking into things. I am not unfamiliar with security, but I am not even close to being an expert like Peter Gutmann or Bruce Schneier or tens or hundreds of thousands of other individuals. This is not hyperbole. Hearbleed was a whopper of a breach. It should never have been possible for it to happen and yet it was inevitable. How is it possible that when anybody can reach just about any security expert in minutes from anywhere in the world that just about no decision makers can gain access to one of them?
One thing right.
Re: "Random numbers are vital in cryptography"
Controlled by who?
Re: "Communications cannot be viewed or examined by an analyst other than in strictly controlled circumstances."
Controlled by who?
We are so used to senseless BS from these people it all just fades into noise.
We need to stop negotiating the terms of our servitude and demand liberty. These guys sure do not represent me. As far as I am concerned, the perpetrators of all this nonsense belong in prison.
I am stunned to hear about another security issue
Re: Code is truly awful, but sadly not unusual
My experience is not at all limited to megaprojects. I have worked on pretty much every size and type of software. My experience is a bit limited because I have almost always been on the development side rather than maintenance. I think that programmer productivity does fall with project size, but not entirely as much as you seem to think, nor for the same reasons. You cannot take a few exemplary and successful small projects and their developers and use that as a yardstick for even other small projects, let alone large ones.
Take a look at the actual projects and source code on sourceforge; count code age and lines. Does it exceed daily productivity by paid professionals from large consulting firms? I have seen a lot of code from both sources and I would say that it does not. Most big projects have been less cost-effective than I would have liked, but not all. I worked on a project costing tens of millions of dollars with Sybase consulting and they kicked ass. I also worked on a huge multi-billion dollar production system for one of the largest firms in the U.S. and it is the only non-trivial project where we managed to come in with quality code both ahead of time and below budget.
Re: "size it in that manner and expect - as you do - inevitable overruns."
That was a thumbnail quote based on a line count and inspection of a sampling of code. It may seem strange to some, but in my experience a survey of code quality and line count has been the best indicator of the time required. I expect that if I had that budget and was allowed to form my own team that I could come in below that budget. However, overruns are inevitable on most projects because they would not have been started at all if more realistic estimates were made. Writing software, even with an existing system as a spec (huge leg up), is still labor intensive and difficult. I have been a career consultant and worked on a lot of different sizes and types of projects including in software companies as such like Sybase and Microsoft. My experience, as far as I can tell, is about exactly in line with what generally happens.
BTW -- I have worked on large projects with both IBM and Accenture and if you think you are better than their top guys I suspect you have not met their top guys. They *do* pitch out some less than stellar programmers on huge projects, but they attract some really good people. I was out a bunch of times with IBM, Andersen and then Accenture and none of our projects failed to deliver. You could have done it cheaper, but when you are spending $250 million dollars on a mission critical system that has to be there on time, it is not prudent to wing it.
I am near certain that I could beat the average large consulting firm project in terms of time and budget. I am also near certain that I would not be able to beat them if they fielded their best people. In no case could I possibly offer the guarantees that they can. One of my Andersen projects came in on time because there was a series of something like $5 million penalties for coming in late against milestones and they had deep enough resources to insure they made it.
Whether we like it or not, cost and time over-runs are a fact of life in complex projects. Failing to plan for that is planning to fail because of that.
Re: One BSD developer beating thirty developers from a large consulting firm.
In my experience you would lose that bet in a spectacular way. The average team member would probably be a bit worse, but the kind of consulting dollars available on these projects attracts some very good people. Chances are the same guy would be offered $200 per hour to work on the project with the big team as well as being offered much greater resources and helpers to amplify his productivity. If he is really serious about his craft, he will join the big team. Heck, he might even learn something.
Career programmers with thousands of hours of hands-on experience and credentials like Master's degrees in Engineering and PhD's in math are not guaranteed to be the best software developers. Some are even bad, but in my experience they are pretty good.
Whatever you can say about the openSSL code quality, I would say that it reflects work below the median quality of most working professional programmers. That is not to say that the programmers who worked on it are less than mediocre. It is an enormous amount of intrinsically difficult code in a language that many programmers find challenging. My hacks may not include gotos or multiple points of exit or mutant stylistic habits, but they can still be pretty ugly. If you only have time to do the hack, even the best programmer will produce poor code. Is there an experienced working professional programmer anywhere that has never been boxed in like that? I highly doubt it.
Re: "I'd still be more likely to trust whatever the OpenBSD team ends up using themselves."
This could go either way, but I am pretty sure that, given the budget I mention I could do better than they will end up doing and so would Accenture or IBM.
Re: "Your team would likely still be at the PowerPoint stage phrasing vision and mission statements"
This might have been true in the past, but I doubt it is now. Given the budget I mention, a couple of people on the team would be formally interfacing with management and users. It is possible that the team might *also* produce management friendly documentation. In the past I have worked on ISO 9000 projects where various documents (a lot of them) were a formal requirement. You might want to have a bit of polish on the presentations and documentation too if you were spending tens of millions of dollars on a project.
Re: "and various sociopaths would scheme to get themselves into politically advisable positions."
I agree with you here. The climbers are everywhere and they muck up the works with their schemes. Since they are devoted to climbing and you are devoted to your actual job, they end up winning a lot even though they are visible to at least some. This may be over-represented in fat and happy environments, but no organization is immune to this, including open source.
Re: "Seeing that people have to use something right now and over the next year, what do you suggest they use instead?"
There are good arguments in favor of both the existing project and the forked one. I expect that the SSL code generally will benefit by this situation, though it may be painful to the openSSL maintainers. Either should do, but if I had to make one choice I would choose the original over the forked version.
SSL is important enough that it should support a budget in the tens of millions to seal it up. However, even if SSL achieves perfection with respect to its design and code, it will still suffer from the many architectural and philosophical difficulties the whole system has.
Hearbleed was about the worst security bug I have ever seen in terms of both breadth and depth. It potentially affected every net connected device in the world, including ones that did not even use openSSL. I am not making light of it, but if you think about it, the only thing that has changed before and after is that we found out about this specific misfeature and we fixed it. We are not in good shape, but we are in better shape than before.
My estimation of our security situation has not changed. If you look at prior postings of mine you will see that security and privacy are big issues for me and I have been pretty blunt that security is hopelessly broken. That has not changed -- up or down.
You have to ask yourself why IBM, Red Hat, HP, Apple, Microsoft and other large players have not put together the necessary budget and had this done. Even at a commitment of $20 million it is a drop in the bucket for them. The weakness of the current openSSL code base negatively affects everyone, including people who do not even use it. They all have people who would have, like I did, look at heartbleed and know that even by our shabby standards of security it had a very serious problem. Given a look at the code base I would say that it is almost certainly still broken.
Perhaps they know that the systemic problems render an SSL fix pointless. Maybe they are under orders from some government agency not to rock the boat. Maybe they really don't think the openSSL code is that bad. I can't think of a scenario where all the big players look good here.
Re: Trust + Compilers
@h4rm0ny is correct with respect to a specific contemporaneous attack vector. However, there are other attack vectors that could be exploited and we have proof that some attacks on our security infrastructure were launched long ago with industry collusion.
I have the source code for the compiler I principally use (tcc) for small tools. Running my own version of the compiler does not give me much confidence it is not compromised. There are not all that many compilers about and if the NSA wanted to place evil code into C compilers, it would not be much harder to place the compromised code into all the binaries or for that matter in the operating system, BIOS, editors or hardware.
You have to take the safety of many things on faith and a breach in any one leaves you open to at least some type of attack.
The following says "hello world" in the visible source, but displays something different from a hidden stream in that same source file. If your IDE writes and only compiles an evil stream variant of your code, how would you know?
echo hello, world>hello.source
echo Goodbye cruel world.>hello.source:nsabackdoor
The above would likely be quickly found by the community. However, MS could have, under a secret order from the NSA, put in an invisible alternate stream mechanism and OS code to make sure that an evil variant is always created, and silently presented. The OS can easily intercept and quiet any messages that hint at the evil code. It only takes a single compromised executable to mess things up and how many can say that they built from scratch, audited the assembly code for every binary and proven their hardware is secure?
Unfortunately, the more you look at security the more you realize how fragile it is. It is fantastically difficult to mount a defense against a targeted attack from a well resourced and determined attacker. I have very little confidence that anything I use can withstand attack from all of the potential attackers out there.
I could describe many specific weaknesses but there are so many it is hard to know where to start.
As a practical matter, unless you are a programmer with a fair bit of knowledge about this area, you basically just have to trust other people to keep your systems safe. Even if you are a programmer with a fair bit of knowledge about this area, unless you have significant resources *and* a bit of luck you are not all that much safer.
It is sad but true that you cannot really trust any of the involved devices even right down to the silicon. You should be able to, but years of neglect by white hats and enormous efforts by varieties of black hats (the worst being the ones who actually think they are white hats) has made every bit of the system suspect.
A much more certain mitigation strategy is to work to shift liability to a party capable of taking it on. For instance, if you are going to do banking online, you follow all the rules of the institution providing the service and if your account is compromised, they were the custodians and have to fix it. If something needs to be kept safe, it is best to take it offline.
Code is truly awful, but sadly not unusual
I took a look at the source here: http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/
Code like this abounds and it seems to me especially in security code (the last place it should exist). The very first file I opened, ssl_asn1.c, contains multiple points of exit and goto statements. It is a festival of mutant coding practices. I am looking right now at the classic evil code comment:
/* can't happen */
I am not kidding. My eye came to rest there because the line is indulging in the journeyman C programming stylistic *error* of failing to put braces after an if statement because the programmer believes with all their heart that they are prescient enough to foresee that nobody will ever mistakenly add another statement and forget to put in the braces. This, of course, is ruled by Murphy's law and does, despite the programmer's confidence it is 'impossible', in fact happen. Sigh.
Code that contains unconditional jumps like goto statements, unstructured breaks, multiple points of exit, effective multiple points of entry, etc is much harder to debug than it needs to be. One of the first things I would do to fix stuff like that would be to restructure and correct the many stylistic problems. Code like that invariably hides a variety of bugs. That is especially true of old code that has been visited by multiple programmers because the code is only as strong as the weakest programmer that touched it. Cleaner code that follows good practices gets touched less.
Spot checking to make sure that I am not looking at one aberrant file, the following are similarly impaired:
ssl_lib.c, s3_pkt.c, t1_enc.c, pqueue.c, smime.c, openssl.c, rsa.c, ec.c, x509_req.c
It is a gruesome body of code. Whoever said it was not large cannot possibly have much experience with this type of thing. I count more than a quarter million lines of code. There is enough that I would be inclined to actually write tools to do a lot of the boilerplate cleanup.
Adding more programmers is not necessarily productive, so even with an unlimited budget your best bet is to go with a finite number of programmers. However, off the top of my head, where code quality trumped budget and the budget was effectively unlimited I would be inclined to assign a fairly large team to fixing this on the order of three dozen people. Assuming a target blended hourly rate of about $80.00/hr and adjusting for the inevitable overruns, a project like this would cost something approaching $10 million if done through a large consulting firm. I have worked on projects with much larger budgets ($250 million on a couple), but this would still be a large project.
Unless a very, very clever small team of programmers builds tools to fix the code, or it is funded as above by big players, or a canny coordinator can crowd-source enough hands, this code is not going to be very trustworthy. I am not sure if it would be better to start from scratch.
The above assumes that openssl can actually accomplish its ultimate purpose and I personally am doubtful. I think our entire security infrastructure is similarly impaired in implementation, design, architecture and ultimately philosophy. It was designed in a much more naive time. Security has now escalated into a profoundly adversarial situation involving very well funded organized crime, states and powerful industry players. Many of the assumptions underpinning current security thinking are patently false.
The most poisonous aspect affecting SSL is the demonstrably false assumption that the current chain of trust is trustworthy. That includes more than just the CAs. The money to fix this properly is definitely there and the people controlling those funds are most certainly aware that the system is broken. It remains broken because an insecure network for most of us with its attendant increasingly open cyber warfare serves their purposes more than a genuinely secure network.
Maintaining code like this is a heroic effort. Both teams engaged in this deserve credit for taking on a very difficult and thankless task. Even though mistakes abound, the code has a heritage reaching back to times when some of their practices were considered benign or even 'best practice'. Having reviewed it, I am arguably one of the people responsible in a way and unless I get some sort of divine inspiration, I will not be correcting the many issues with this.
Technically, I think that it needs to be mentioned that many practices such as running regression test suites are necessary, but not nearly sufficient. They are *more* necessary when code looks like the openSSL stuff, but they are proportionally less sufficient.
I have been designing and reviewing security code for decades now. It is *very* difficult. In fact, I am less confident now than I was twenty years ago. Even if the openSSL code was carefully rebuilt by seasoned programmers I would not trust significant financial transactions to it, let alone military secrets.
We don't have to honor invalid patents
Re:"the US Patent Office has assigned patents to Google, Microsoft, Amazon"
At some point, and I think we have passed it, the patent offices render themselves useless by making everything the subject of a patent without respect to actually meeting the necessary criteria.
The U.S. federal government has no legitimate power that is not granted by the U.S. constitution. The relevant text governing patents reads as follows:
"To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries."
If you look at the circumstances surrounding the creation of the constitution, this clause barely made it. It says "To promote the progress of Science and useful Arts". It also says "for limited times". In the case of software patents, neither are true and hence the patent laws as applied there should have no legal force. The founders were very, very, very explicit that:
"The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."
Granting effectively unlimited terms (computer tech moves very quickly) that demonstrably inhibit progress cannot have legal force. The congress is *NOT* at liberty to pass any rule it pleases. The POTUS is not at liberty to pass or enforce any edict he pleases. The supreme court is not at liberty to interpret law in such a way that it is in conflict with the constitution. Law enforcement personnel are not at liberty to break the law as they please.
It was ever thus that the rules were stretched and broken by the powerful. However, the rise of technology has made this phenomenon increasingly dangerous and irreversible. I genuinely worry for our future. We are poised on the brink of abundance and freedom, but currently choosing by default to live in impoverished slavery.
I have a suspicion that stuff like the TPP is intended to end-run the U.S. Constitution because people responsible know that none of this junk would pass a *fair* test against the law of the land.
People in power have shredded constitutions everywhere. In the United States, nearly every substantive provision of the Bill of Rights has been violated.
The United States federal government has become a rogue regime. The administration of patents is not the worst of it, by a long shot. The people of the United States have not just the right to oppose it and put things back in order. They have the duty to do so; every one of them.
To be fair
To be fair, this project is hardly alone with respect to shaky code. A lot of code has been written by people with a good academic understanding of the subject matter, but a poor understanding of software development.
It does not help that *MOST* of the people in charge of software projects are not accomplished professional programmers. This discipline is particularly vulnerable to the Peter Principle.
By my reckoning, the skill of an artist lies not in his hands, but in his eyes. The fact that the aesthetics of so many of these projects are poor shows that people guiding development lack the necessary level of skill.
Security is especially problematic because not only do most of the people responsible for security lack the knowledge and skill to implement proper security, some are actually entirely impenetrable to reason: http://trac.filezilla-project.org/ticket/5530
If people are serious about fixing such things (I am pretty sure they are not), funding would be increased, developers would be skilled up in security, security people skilled up in programming and users made aware of the extent of the deficiency. I will not hold my breath.
Re: "I am leery of lock-in"
I emphatically agree. That, in its many forms, is perhaps the worst strategic mistake and eventually will bite you. It can actually take the company down.
Tangential aside: Hate the current 'cloud' buzzword. The term has been perverted, just the same as 'hacker' was, by people with no history and understanding. I have been on 'the cloud' in various forms since the 1970s.
For geezers rightly suspicious of this back-end infrastructure, though, it is finally becoming reliable enough to use. In some respects, your IT infrastructure is better off on the de-localized backend and that even includes traditional 'client' side stuff like GUIs.
Trevor is spot-on about a hybrid solution. If you have something that has to be saved or has to be accessible without a network connection, you need local infrastructure as well.
As a practical matter, I am an IT guy and I have just about an even mix of function on the cloud and locally. Except that the cost of having idle sessions on the cloud is impractical, I am beginning to prefer it.
No question it's theater. I wonder how many of the congress critters are on stage and how many in the audience.
Re:"made it legal to hide changes in the law"
I am pretty sure you know better, but for the record, they cannot actually make it 'legal' without changing the constitution and even then there are limits. Ultimately, legal force comes from the body politic. Keeping a law secret until the lawmaker decides to 'do the reveal' pretty much negates the whole notion of legality.
Fix the broken stuff first
Most of the failings of tech stuff are design and software failures. Design would be fixed by including users in the design process and *not* including accountants except perhaps at the end. Software could be fixed by including real programmers in the design of languages, APIs, etc.
People who hard-code arbitrary limits should not be allowed to use a compiler.
To the extent that things are not limited by the above, bandwidth is constantly a stumbling block. There can never, not ever, be enough bandwidth; not here, not there, not anywhere. Everything should be designed to maximize bandwidth and clear a pathway so that greater bandwidth can be made available as technology and funds permit. People who ask 'why would you need more bandwidth' do not understand the problem and should be excused from the design process before they can do any harm. Bandwidth from any point to any other point should be opened as wide as possible and standards should leave everything open ended. People who say things like "[insert any arbitrary limit here]-bits allows more than every particle in the universe so you can't need more" are idiots. They need to be removed from any decision making position.
Secure and private everything. Everything should be doable with proxies. If my identity is going to be attached to something it should be my choice alone.
Building block inter-operable devices. My phone should connect to my local system and allow me to edit files on it, compile programs -- whatever I tell it to do. I should not have to utter any strange incantations to do this. It should connect as long as it has permission.
Software that requires daily updates is broken. It should be fixed.
Operating systems that require reboots are broken. They should be fixed.
Things like phone batteries and laptop batteries should be standardized to gain economies of scale, allow easy replacement on the fly, etc. Everything should be seamlessly inter-operable. Apple should have to replace every mutant plug type they have invented with something properly inter-operable at their own expense plus pay a fine for doing it in the first place.
It should be illegal to have margins greater than five times cost. Any company guilty of such an offense should be obliged to pay back everything they stole plus treble damages. That would probably make things like long distance phone calls and certainly text messages too cheap to bill for.
Let's finish convergence properly so that all our bandwidth is available for use all at once rather than chopped up into little bits. Unless I am on Mars, I should have access to Gbps speeds at all times and I am not even that sure about the Mars limitation . Companies in charge of things like 'right of ways' should be given a one year notice to 'use it or lose it'. Either they will lay massive amounts of fiber to every end-point or we will give somebody else the opportunity.
Copyrights and patents are sub-optimal. They should be scrapped.
Re-engineer things properly. Stupid arbitrary limits driven by the lack of imagination of old designers should be removed. Whoever said a system will only ever have one mouse, one keyboard, one monitor, one CPU core, one location for resources like disk, RAM and communications, etc was an idiot. They are the ones who gave us the limitations of IPv4 and they are the ones that are keeping us on it.
IPv6 needs to be ditched and replaced with a protocol that is backward compatible with IPv4.
Crapware loaded on to new equipment should be outlawed. I generally do not support the death penalty but in this case and the case of spamsters and free toolbar authors I think exceptions may be warranted.
One programming language should be enough for scripting, compiling, data manipulation, procedural and object oriented programming, assembler, etc. Designers should start with C and avoid the ridiculous mistakes of Java and C++. If your language makes it hard or impossible to do something another language can do then there is something wrong with at least one of those languages. A 'language' should in fact be a 'tool-chain' that includes everything from the operating system kernel on up, including revision control and facilities for developing feature rich 3D GUIs. The language should allow a skilled programmer to write programs at least as small and fast as hand-coded assembler on up to a complete modern operating system.
People who do not understand the need for a pre-processor should be legally barred from language design.
I want my CPU cycles back. The bloat of current systems is appalling. My first program was less than 128 bytes long. I wrote, by myself, a multi-user system in less than 14K. Every second literally hundreds of billions of small decisions are made by CPU cores on my network here. Is it too much to ask if, say, ten percent is devoted to me, the owner? My old Atari 400 with less than a 2MHz single core CPU put me at a command prompt faster than my 32 cores pushing out nearly fifty thousand times as many cycles. If that machine ran at the efficiency of these ones it would take a week to boot up and on my Windows machines that would mean they would never boot without needing a reboot immediately.
Before we start delivering the flying cars, we should be fairly certain they won't crash. Before we start delivering autonomous robots with much capability we should be fairly certain they won't turn on us.
I honestly feel there is room for improvement here.
Not even bad
Those things have all been so mediocre they did not even register. Now that I see the common thread I will steer clear. To paraphrase an old expression from Wolfgang Pauli, those movies were 'not even bad'.
I am glad that others said it: Star Wars was OK, but not nearly as great as people seem to think. I am a long time sci-fi fan, but The Godfather movies were truly great; Star Wars is not in the same class at all. Our culture is pretty vulgar, so the fact that something is really popular is not much of an endorsement.
There is no harm in trying
We have set it up so that no matter how egregious the assault on the commons, there is simply no penalty for trying. Regardless of how much it would damage the public, this type of thing is 100% upside for the perpetrators. Their worst case scenario is they waste a little money and even that may not be the case as we actually seem to be paying out of pocket for our own civil servants to fly around the world to stab us in the back.
I would like to see us issue a statement that these interests have a narrow amnesty period during which they lay down their arms after which any further noxious behavior will be punished, even if it requires post-facto legislation.
There comes a time when it is legitimate for citizens to seize back control from a corrupt state. We are approaching that time, if we have not reached it already.
I may be naive, but I believe that until they shut down our means to communicate with one another we have a genuine chance to take back control of our government through the simple expedient of fielding candidates intent on setting things right and voting them into office. Sometimes the obvious course is the right one.
Re: I think it's a bit harsh
Re: "I personally know people who have been physically injured"
I think that the right to have a voice through 4chan should be protected. I understand what you mean, though. I remember seeing instructions for how to grow crystals that were instead a way to make a poisonous gas could easily have killed someone they tried it.
Sites like 4chan are not for people who need supervision.
This is the cancer
that is killing the /b/ reputation.
I, 4 1 hope 4chan continues to occupy its important role in encouraging less bland types of expression on the Internet. Nobody is forced to go there.
Re: Technical solutions, anyone?
Correctamundo. Like the broken security structure the broken pipe architecture serves a purpose for someone. Hint: Not us.
The people setting forward standards and administering the network gave us vulnerable centralized DNS, IPv4, non backward compatible IPv6, mail stupid enough that it can't prevent spam and PKI were the people upon whom the entire system depends upon for trust are the least trustworthy members of the network.
Distribute everything and make all traffic opaque. You can't play favorites if you don't know who is sending the packet or what it contains.
This is why DRM is inevitable
It is situations like this that make Digital Restrictions Management (DRM) inevitable. I am deeply concerned about the capacity for abuse of DRM, but would eventually end up writing in myself if it is not done. Before DRM extends deep roots we need to put in place laws and technical mechanisms for key escrow that preclude single nefarious entities from abusing the technology.
Thus far, the bad guys rule DRM and the only reason it has not sent us to hell already is that the bad guys are not very good at securing things. They are getting better and before they actually get DRM working we need to stop them from making it work against us.
Treacherous devices without controls to protect the public interest are dangerous. Note: The public interest is not equal to the interest of the state. These interests are so divergent now, the state is one of the bad guys we need protection from.
What a novel way ...
for the U.S. government to extend their influence over the Internet.
We have simply got to get people, including most techies, to understand this stuff. Rather than tightening down the way network service can be provided by the completely self-serving incumbents they should be opening up the provision of bandwidth to competition and freeing up all the wasted EMR spectrum captured by rent seekers.
This is no cure
Now I can have some good feeling that *if* other handsets are using the same protocol as this handset and are as secure as this handset, it will be just as secure as ...errr... Ya. I am not sure I feel all that secure yet.
We have a long way to go before anybody who has a clue can also have confidence in network security.
They don't even have the problems right, let alone the solutions.
Hacked data centers incapable of power outages are still hacked data centers.
For the love of god, hire somebody with a clue about security. Our system is rife with critical problems not even mentioned here.
Right from a slide available for years:
"TLS-PSK mechanism provides mutual authentication of client (browser) and (web) server without revealing the password or other shared secret"
There are theoretical architectural security problems we do not even know about yet. Let's at least deal with the many ones we *do* know about that are just gaping holes right now.
- +Analysis Microsoft: We're making ONE TRUE WINDOWS to rule us all
- Climate: 'An excuse for tax hikes', scientists 'don't know what they're talking about'
- Apple: We'll unleash OS X Yosemite beta on the MASSES July 24
- White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
- Pics It's Google HQ - the British one: Reg man snaps covert shots INSIDE London offices