Posts by Michael Wojcik

Same thing on Windows – that is to say, on NTFS and FAT32 and other filesystems normally supported by Windows.

Using .. for path traversal up to root is an ancient technique; it was widely used in exploits in the previous century. Kind of surprised it's not well-known to most Reg readers. And, yes, this is a problem if you're running the SUS (what succeeded POSIX) tar command or similar with excess privileges, since by default it honors .. in path components.

It's sufficiently well-known that when I wrote a package installer for one of our products around the turn of the century, the specification for the unpacker was that it would discard any paths that weren't in or below the current directory. (The package directory itself was created empty as part of the installation process, so tricks like creating symlinks within it weren't available to attackers who didn't already have a better foothold in the system.)

Re: Well whaddya know

Person of Interest was hopelessly optimistic – positing the inventor of an ML-based crime prediction system would make some effort to keep it out of the hands of the police.

What we're seeing in SF and elsewhere is a populace that, in the main, is only too happy to be surveilled. That will, in fact, shell out quite a bit of money for surveillance on their own property. That will encourage and support the growth and overreach of the police state. For a while politicians needed to deploy scare tactics ("superpredators", "terrorists", "child abusers") to persuade the foolish into supporting these programs, but now US citizens (and many others) are into it and go along willingly.

Re: First Amendment

Definitely throw RICO and the Dormant Commerce Clause in there so you can hit the trifecta of US Overused Legal Arguments That Don't Apply to Your Situation.

Re: Speaking Of Ancient Storage Methods .....

I certainly hope so. I have a good-quality Sony VCR in storage and a box of VHS tapes containing certain content difficult to replace, which I hope to digitize as soon as Mountain Fastness 2.0 finishes construction and I have the space to set up the necessary equipment.

The poor picture quality of VHS really doesn't bother me. I grew up with NTSC VHF and UHF broadcasts, often viewed on a black & white set. I don't even bother with HD these days when SD is on offer, much less 4K.

I'm by no means a fan of crates or other package managers – there's a steady stream of security breaches which ably demonstrates that public software package repositories are toxic, and as you say they encourage programming by including dependencies.

And, yes, the binding mechanism isn't ideal, and LLVM will be an obstacle for some use cases.

However: We're seeing increased regulatory pushback against reckless use of third-party dependencies, thanks to requirements being imposed by large customers such as the US Federal Government. For commercial software development, at least, the SBOM / NIST SSDP / FedRAMP requirements convert some of the externalities of freewheeling use of public packages into direct costs to the vendor.

And the binding mechanism can, in theory, be improved. We saw that happen (to some extent) with Java, for example, where NMI was replaced with JNI.

And non-LLVM Rust implementations are under development. If Rust maintains its popularity, we'll have a usable GCC implementation soon enough.

Re: There are other options that could make you happy, you just have to take the first step

Not an option for my work machine. Not running Windows is just possible here, but it requires a lot of time and effort to deal with all the corporate stuff. And I have to develop for Windows as well as Linux and a handful of UNIXes, and Windows is the least amenable to remote work or (on a laptop) running in a VM. It's simply much cheaper for me to keep the corporate-supplied Windows as the host OS on my work laptop, despite all the things wrong with Windows.

And, of course, with any of the Linux distributions we support for the products I work on, I'd have the accursed systemd anyway, so it's not as much of an improvement as one might think. On Windows I already have a UNIXy development environment courtesy of Cygwin (which I've been using for many years; I don't see any compelling reason to switch to WSL2).

Re: Clueless users

After failing to mind the gap between the two numbers.

Re: Youth is wasted on the young

Oooh – now I have the concept for my next Alice's Adventures in Wonderland fanfic.

Re: or the base security level wasn (In-) the whole time

Between malice and incompetence, I wouldn't trust most developers to write kernel code, full stop. Certainly not a games company. Lord knows the hardware OEMs are bad enough at it, and it's a core part of their product.

Fortunately for me I have no interest in any EA games.

Re: "outside of the Moon"

Pfft. It's gas. Just compress it.

What could go wrong?

Re: Uber

You can't sign anything with a certificate. Certificates contain public keys; signing requires private keys. The signature includes the certificate – that's what identifies the signing party – but you need the private key to encrypt the hash.

Authenticode code signatures are timestamped, and the timestamp is itself signed by a timestamping service provided by a CA. The signature isn't valid if the timestamp is after the certificate's expiration date.

It's certainly possible you could find a certificate and private-key pair that chain back to a trust anchor in a given Windows system's machine certificate store, or in the user certificate store for the account you're trying to run the script on. Code signing is by no means a panacea and has been suborned many times by attackers. But it's not as trivial as you make it out to be.

Re: Nice, but no thanks

Yes. Smartphones in particular have horrible and highly probable failure modes.

I've never lost a phone or had one stolen, but I know people who have. Phones are easy to lose: many users play with them all the time, leave them on top of things, and so on. They're tempting targets for theft because they're expensive and because people put valuable information on them (did I just read an article about that?).

Phone are fragile. I cracked the screen on one once. I had one – an ASUS model – simply stop working one day: black screen, utterly unresponsive. A Lenovo stopped charging to more than about 25% of battery capacity, so it needed to be recharged every couple of hours. A Samsung Galaxy I had became unusable when the USB connector broke, so it couldn't be charged at all.

Using them for anything critical, such as car keys, is a mind-bogglingly foolish idea. It's bad enough that everyone has decided to use them as MFA authenticators.

Re: I will throw my 2p worth

The "whole point of the way it currently works", i.e. the Electoral College system, was to arrive at a compromise between larger (in population) states and smaller (but generally more industrialized and thus wealthier) ones. It's the same reason each state has two senators and a number of representatives proportional to population.

It has nothing to do with ensuring a division of power between city mice and country mice, and indeed any effect on the division of power is secondary to its main purpose: getting all of the original 13 states to sign off on the thing.

These days the major effects of the Electoral College are 1) to allow the occasional election where the candidate who gets the most popular votes still loses, and 2) to prevent throwing the election over to the House of Representatives, which is what would happen (under II.3 of the Constitution) if no one gets a majority of the EC votes and really would be a disaster.

Re: Employees

It's conceivable the answer is not precisely the same in every jurisdiction.

Re: Decker already did it...

Same way we find everyone.

Re: Quite literally a drop in the Ocean

Powering 5 million homes in 2035 means about 3% of domestic electricity use in the US. It's a drop.

"You have to start somewhere" is essentially equivalent to "let's not try to figure out which approaches make sense first".

Offshore wind might be viable, and research into improving the cost-efficiency of turbines is not a bad idea in itself, but nothing in the article indicates this is a sensible area to actually develop for practical use – yet.

Re: Safety First!

Worse, it extends 100 miles from any PORT OF ENTRY. That includes any "international" airport.

That's certainly been claimed, and I'm sure CBP like to believe it, but is there evidence that they've actually exercised the border exception outside the territorial-border zone, other than in actual ports of entry (e.g. on airport grounds)? I didn't find any in a quick search.

I'm not arguing that the border exception isn't abusive, or that CBP haven't routinely abused even the excessive powers it grants them. There's a ton of evidence for the latter. And even the territorial-border 100-mile zone includes about 2/3 of the US population. But the ACLU fact sheet on the border zone, for example, doesn't mention the airport extension.

Incidently, someone else posted something about the PATRIOT Act. This 100-mile-border-zone thing, alas, goes back to the 1950s, as the ACLU fact sheet explains. Unfortunately, police organizations basically never voluntarily surrender any power, the Executive Branch has absolutely no interest in curtailing CBP, and while some in Congress have fretted about it on occasion and there have been some court challenges, neither of the other branches have done much about it.

Re: Kids' workarounds

On the positive side, California is creating incentives for children to learn about IT security. STEM!

Re: Sink

Nobody's going to stake $45K for a shitcoin like ETH

Per the article, over 400,000 people have already done just that.

I'm not a fan of Ether or the Ethereum network or, god knows, the enormous and ongoing disaster that is the collection of half-assed "smart contracts" running on the platform. But the fact is that quite a few people are, and there's a lot of wealth tied up in it.

Bolton may be an ass (I'm certainly not a fan), but I don't think that means we should condone (alleged) assassination plots against him.

And, really, all the article claimed was that the US government alleges a plot to assassinate Bolton among the reasons why they consider the RG a "terrorist organization". Since they apply that label liberally, the whole death-to-Bolton accusation is pretty small potatoes.

Re: evolution?

This is a matter of usage and style, not grammar as such. Nothing in English grammar prevents using "trial" as a verb; only a degree of care in usage and a sense of good style do.

And, yes, I have taught grammar, usage, and style in school, at the university level. Unfortunately there's precious little time for it, and composition pedagogy has rightfully shifted away from prescribing arbitrary rules cooked up by Neo-Classicists to actually trying to explain something about how language works, which means there's very little time indeed to spend on the implementation details.

Re: Y2K - not *just* snake oil

we discovered Y2K bugs in life-affecting software

Indeed. At the time, someone posted to RISKS (if memory serves) an account of fixing software for a dialysis machine that went into cleaning mode if the date 9/9/99 was entered. That's another variant of Y2K bug – an assumption that your software won't be used after a not-far-distant date – which would have killed people if not corrected.

People routinely underestimate how long their software will be in use. I support a commercial software package that was last updated about two decades ago; we have a handful of customers who are still using it. (That is, I officially provide development support for it. We haven't actually had any support questions about it in years, and even then they were generally "we moved this to a new machine and no one still working here has any idea how to adjust the configuration".) Last year I got rid of a VHS VCR that only supported two-digit years, so it no longer had the correct day-of-week in its display (which I didn't care about, but it's another example).

Customers occasionally give us pieces of their application source code to help diagnose some obscure problem, and it's not unusual to see change dates from the 1980s or even 1970s.

Re: I am looking forward to the crypto ice-age....

Nice thought, but it won't happen. There will always be a new crop of true believers. And cryptocurrencies are ideal for that purpose, because they're easy to explain in a vague, non-technical, hand-waving fashion for the foolish (such as celebrity endorsers), but wildly complex underneath to please the nerds.

And because they're online and involve no physical or face-to-face interaction, they can take advantage of network effects and quickly balloon to huge sums. And that means there will always be some people who bail out at the right point and end up with a real profit, to encourage the losers to try again.

"I've been disappointed by get-rich-quick schemes before, but here's a scheme that will get me rick – and quickly!" (Homer Simpson, and from memory, so probably not verbatim)

Re: Wonderful headline

Taken literally, it would ban all software. "Secure" in an absolute sense is meaningless. You can only be more or less secure, and only under some threat model.

NIST SSDF (SP 800-218) refers to "secure software", which is not a technically meaningful term, but fortunately the actual practices are better specified. They're broad, but they don't assume perfection. For example:

PW.1.1: Use forms of risk modeling – such as threat modeling, attack modeling, or attack surface mapping – to help assess the security risk for the software.

And then there are examples. SSDF is pretty similar to some SDLC programs already used by many software-development organizations. If you're already making a serious effort in this area, it's probably not a huge cost to harmonize what you're doing with SSDF.

My understanding is that FedRAMP is more complicated, but I've only skimmed the surface of that.