
Well played sir!
271 posts • joined 17 May 2012
I totally agree. This form of optimistic speculative execution, with no cache erasure on non-use, is ridiculous. Where was the peer review when this was done?
This is a fundamental flaw in chip design.
If this was a car we would be seeing punitive damages through class action law suites and a massive, world-wide recall. What we got from Intel was the equivalent of "I know we told you the car could do 70mph, but to be legal with emissions you can only do a max of 30mph. OK?"
I said this at the time - we need to look at the chip designs from the ground up. There is a lot of cruft in the X86 design that simply does not need to be there in the 21st century. Only IBM had a real go at this with the Power Series, and proved that low power, high speed chip could be built. Then you can have the performance without all this dicking around in speculative execution horror.
When I was a contractor I was advised my my accountant that I needed to spend some money from the company because otherwise we would have net profits that hot a tax band. We were going to lose the money one way or another. So, best to spend it ourselves, Right?
So we organised a research trip to investigate the effect of distant nuclear fusion on granular land/sea interfaces.
And that's how I got a holiday in the sun on a beach rather than paying tax.
a/c - OBVIOUSLY!
Long time ago, on a DOS system, I was talking to a new colleague whilst he insisted on typing on the new PC we had provided. Not being totally computer literate, he has was talking to the computer rather than listen to me. At one point he typed that immortal command:
c:> del *.*
I asked him to check what he had typed. t. He looked at the screen and said, to the computer "I didn't mean to do that". Sure enough, DOS repsonds with "Are you sure?". "Yes", he replied, "I'm sure I didn't mean to do that".
And that is why I spent the next hour or so searching for the install floppies and rebuilding his PC and all the application software.
My Y2K nightmare happened on 1/1/2001. It seems the billing engine on the so called "intelligent network" device decided that 1/1/1 was a test day and started tossing billing records in the bin. Somewhere, some people has a great January as we had no data to bill them against.
I was 10 at the time. It was one of the most amazing feats of human engineering I had seen up til then. I have posters of Apollo 8's mission on the walls of my bedroom. My best friend at the time - whose name I have sadly forgotten - and I spent (wasted?) a fair amount of school time working out how we could make models of the command module, with consoles and seats, out of paper and glue!
They keep a lens cap on to protect the under-deck camera from the dust that blown up during landing. They have 12 descent rockets, firing in pulse mode, to bring the lander down to walking speed. That kicks up quite a bit of dust. So they have a lens protector that will be jettisoned today, all being well.
A better photo is from the camera on the robotic arm on top of the deck.
Well done JPL. I watched the 7 minutes of terror yesterday, and had to keep reminding myself that everything we saw 'live' had already happened 8 minutes ago.
But el Reg? Utter Fail. The headline says that Mars Insight beamed back it's first pictures from Mars, but el Reg uses a stock photo of the ground based duplicate lander.
Score 1 for the article. Lose several 100 for lazy journalism.
Home users and SOHO deployments use router / modem devices to interface easily with their broadband supplier. It's simple: you buy your broadband from your favourite network supplier and they send you a modem that you plug in to their socket and it's up and running: Robert is you mothers brother.
To try and then say that this is also a firewall is nonsense. The vast majority have extremely limited firewall capabilities. Many only support limited port forwarding.
And in the main, this should be fine. Little Johnny, playing call of duty, only needs a port open to the game server, which he opens. Little chance of hacking this line, and provided the network initialisation is such that the game can authenticate the game server, and the game server can check that the game is not a hacked version, all should be well.
Two problems remain:
The first is that the router people throw in a wifi hub for free. Oh, look, it's easy, I can use my [insert name of PC, tablet, smart phone, IoT device here]. And this is whats wrong. The user has sacrificed all security because they want easy access. Get the phone to open up some of its security (Yes, Android at the back, I'm talking to you here, and Windows, you can stop sneering as well) and then you have a real problem. It's not the router per se that is at fault, it's the users. Most will never even know that their internal network is now part of a botnet.
The second problem only comes when someone wants to open up the ports (email server, web server, etc) and run these at home. Then you need some sort of firewall capabilities. And some really hardened, trusted software for your server.
The final problem is the remote administration. WHY did anyone think that this was a smart thing to do on a cheap router? Unless it is protected by some form of 2FA, any supplier who sells their products with remote management even available, let alone enabled, should really be taken out and beaten with a club until they can understand the risks involved.
Long ago, in a country far far away, well Durham University to be precise, they shared a mainframe with Newcastle Uni. The mainframe was a old IBM 360, and ran a system called MTS. Now MTS, fun as it was, had a few holes in it. Once of these meant that if you attempted to mount a disk pack that didn't belong to you, but do it in a certain way that has invalid syntax, your console was left god like privileges.
Friend and I then figured out the way to write to the operators consoles. These were in the bowels of the Newcastle Uni computing centre and run by quite serious operators who had undergone a humour bypass, as we found out. What we did was write in large, bold letters the following to four adjacent terminals:
"BIG" "BROTHER" "IS" "WATCHING".
Cue the operators calling their union rep over, who announced this was a gross intrusion on the privacy of the operators, who then walked out.
The prank was quickly traced to the Durham terminal room, and the Durham head of Operations rushed in along with the Prof of the department. So, yes, I too know "that stare".
Not sure how that happened.
Long time ago, in an IT shop far far away, I was part of the Freeserve design team. I'm pretty sure that our marketing team couldn;t even spell BIOS let alone have a clue how to alter one. Their main modus operandi was leaving CD's at supermarket checkouts.
I can still remember the pain when we turned it on, having asked marketing to only release in one area to one supermarket. All our monitoring software lit up red, immediately. It turns out the marketeers had just ignored us techies and had launched it nationwide, in all outlets, on the same day, WCPGW.
I was, briefly, a lecturer at DEC in Reading and London. I had to march someone off a course.
It was a DECNet IV Internals course, if I recall, and was one that was on the US Restricted list. That meant that everyone had to sign an agreement that they would not give anything the learnt to those peskie Russions/Syrians/Koreans/Cubans etc. Anyway, they way it went was that I handed out the forms, and the course notes, did an introduction before coffee, when I collected and checked the forms.
Well, one idiot had signed the form Mickey Mouse.
The training superintendent had got out of bed the wrong side that day, and was not amused. So joker boy was sent home to his company to explain why he had been thrown off the course.
If the NSA, MI5, MI6, FBI, CIA, etc all hate Telegram and WhatsApp, they are just going to LOVE this idea. One would expect them to try and infiltrate any organisation that attempts to implement such a solution so that they can build trap doors in to. So, code reviews are going to be critical if the AS specifically is going to be trusted.
Overall, I see this as a "good idea". I especially like the parts on limiting metadata both in its content and its lifecycle.
The interesting concept, at least for me (YMMV), is that of having an encrypt-once on send, but decrypt multiple by different participants using different clients. This was discussed some time ago
The problem with that implementation is that it relies on some form of asymmetric PKE. But that can potentially be broken by quantum computers (QC). The challenge would be to have a new PKE that is QC resilient, such a lattice encryption.
Of course, I guess we all agree that having this sort of technology in the hands of Facebook, Amazon, Google, Microsoft, Apple (insert the name of your big brother company here) is probably classed as a "bad idea".
You want to deliver a Linux version of a Windows box?
Why? Seriously, why would you want to do that?
One of the key points of Linux is that you can choose, and then customise, the desktop, and the UI for most applications, to do what you want. And specifically, not what some eager young thing in Seattle decides is the right way to build ribbon bars and that no, I don't need that menu item that I used for the last 5 years, so we hid it for you. Yes, Excel developers, I am talking to you here.
If you REALLY want a Linux box that looks like Windows (shudder), then I suggest you first try and learn how to use Google. Honestly, it really isn't that hard to use. I tried Google and searched for "windows 10 theme linux" and the first hit was b00merang
Over the lat couple of week I have started getting emails from my local Conservative party and central office, telling me that I really, really need to be part of them to support this fudge.
I keep unsubscribing from them. They keep sending me mail shots regardless.
Can I do a GDPR request to get them to disclose what they hold on me? I am not a party member, so there is no logical reason why I would be on their database at all.
@Doctor Syntax:
Very true. This reminds me of the thread yesterday on security of SCADA systems when you have air gapped PCs. Yes, Redmond do ned to find a proper way of doing DRM confirmation. But for a company like Microsoft, this is not beyond our technology to solve.
By the way, the screens I saw were displaying rolling news, so clearly there was an internet connection!
Todays chips are based on old x86 and x286 instruction sets. The whole way that the page large memory sets makes them unnecessarily complex. We can see this with the way that branch prediction and optimistic instruction execution has cause Spectre and Meltdown bugs. These are bugs that are fabricated in the silicon, making them very difficult to correct. In fact, it will take Intel and AMD years to come up with CPU designs that eliminate them completely.
Add to this the number of legacy instructions in the hugely complex x86 chipset that have to be maintained, because somewhere, some bit of code, might just make use of them.
If Microsoft really have come up with a parallel execution model that allows predictive execution to be handled not at the CPU but at the compiler level, then this just might be something new. It is early days, I know, but it sounds interesting. If they can do this whilst making the context switches efficient, then this might be a way forward to a whole new chipset. If that can be done whilst making motherboards simpler, then so much the better.
I do take on board that Microsoft may very well embed hardware instructions that detect illegal use of Windows, then that is their absolute right to do that. (Last week I sat in a major airport in the middle east, in a lounge, amusing myself that the display panels had "This version of windows in not authenticated" in the corner!). Why does this bother people? If you want to run Windows, then you should pay Microsoft for your copy.
They may very well include DRM. Again, is this necessarily bad? If half the people who pirate films, games, music actually paid for it, the net cost would be driven down. (And yes, I do believe in Santa Claus, thank you.) Again, personally, I don't see this necessarily as bad.
But note the article - they already have Linux running on it. So, you can have your FOSS system, with all the access you want to the hardware. You can roll your own pirate scheme for you and your friends if you want.
The summary is that Microsoft may chose to break the Intel/AMD monopoly with a chipset and instruction set that is designed for the 21st Century. And that sounds to me like a good thing.
This is from someone who is very anti-microsoft and runs Linux everywhere he can.
Have a look at RUST.
Total type safety, with race conditions eliminated, safe sharing of data structures between threads, and blisteringly fast. Compiles and links to a standalone executable.
The future looks Rusty.
Mines the one with "Borrowing for beginners" in the pocket.
The suit and tie are important.
I was doing an audit of a satellite office in the Far East. We were prepped by being told that no-one wear suits, its al very relaxed. So three of us turned up on Sunday, a day early, wearing suits and carrying smart attache cases. We walked straight past security (Fail 1) in to the CEO office, which was unlocked (Fail 2) and proceeded to mooch around. We found an internal document that even we should not have access to. It was THE most sensitive document that the company possessed.
We then went to said CEO's home address, disturbed his family barbecue. On being shown the document and our explanation of how we obtained it, you could see the blood drain from his face as he envisioned his pension floating away. The senior auditor just said "We WILL have you full co-operation for this audit, won't we."
I learnt that day that appearances really do matter!
Of when my parents had the dividing wall removed and made in to a large through lounge. They employed builders, surveyors and decorators. Cost a bomb but looked fantastic.
Next door, the young couple liked it so much they thought they would do the same, only being newly weds and therefore, by definition, poor they decided that it couldn't be that hard. So they started on the wall, and the old chimney breast also had to go, so he hit it with a kango hammer. Imagine my mums surprise when a brick popped out of the wall and landed in her lap.
Sharp words ensued!
Before you say this is impossible, do some research.
Britain already has a thriving space business. From University of Surrey, at Guildford, who handle a number of commercial satellites, both from command and control to data ground stations; to SPIRE, a company in Glasgow, who manufacture 1u, 2u and 3u microsats that are fast becoming the next generation of ship and aircraft tracking and meteorological data.
Cheap LEO satellites are becoming a commodity these days. MEO are a tad harder and more expensive to launch, but in no way overly complex.
So lets not dis our space technology boffins. If we want to build our own Galileo system, I think we can. And because it is not run a bunch of politically minded committees, ours might actually work. I vote we call it the Newton Constellation.
How many beers?
Are they all pints, or do some girlies drink halves?
Can we assume standard beer glasses, or are they pint pots with handles?
Is it just beer, or are there glasses of white wine, mojito, G&T as well?
How often is this used (one a day, just afternoons, or every 15 minutes?)
Come On El Reg - we are professionals here - we need a full end user expectation statement!
I have had three DR situations in my DC life:
1) A planned DR, where the main European DC was shutdown by flipping the main incoming power, forcing the UPS and standby Gen offline, bolting the doors, and shutting down all phones. "This building is on fire and fill burn down. You are all dead. All tapes are destroyed. All documentation is destroyed. Now, lets see if your DR procedures work". I was at the standby site, where we partitioned the mainframes, and cleared a load of disk space. Meanwhile, people hire vans and went to the offsite tape store, someone got a list of emergency contact numbers and started telling people to go to the airport, whilst someone else went to Schipol and found out that if you have a big enough credit on your Amex Black card then sir, that will do nicely, and a chartered jet is available at gate 27 in 1 hour. We had Europe up and running in 32 hours - target was 48. Back in the 80's this was a success.
2) 2 years later, a faulty bus bar in that backup DC arc'd and took out a meter of power distribution. UPS was fine, it took up the load. Standby generator kicked in, and we were all fine. Until we found out that the diesel had waxed, and the wax was now in the cylinder heads. The generator died. We had to hire a standby gen for a month whilst the busbar was fixed. Lesson learnt, and we drained the diesel tank once per year after that. It was an oil company, so you think that they might have known diesel waxed!
3) Wind forward a few years. I get a call from the CIO saying that the computer room has flooded, and could I drive 50 miles to oversee what was happening (he, of course, was unavailable). My panic level went in to the red. It was only getting in to he car that I thought: "hang on, the machine room is on the 4th floor - flooded HOW?". It seems we had water fox fire suppressant and the pressurised pipes had failed, sending jets of water in to the Sequent, the AS/400, a couple of Vaxes and a Tandem. IBM had a team on standby for exactly this situation and got the AS/400 back quickly. The Sequent needed a couple of disks replacing, but no big deal. The Vaxs took a little longer (Digital were not as good as Big Blue on this occasion). Oh, the Tandem? despite the power being out, despite there being water 3 inches deep in the machine room, the Tandem kept processing card payments, without stopping, glitching, or even noticing!
This, along with the Cambridge Analytica use of ProtonMail raises the question about where the responsibility for key management lies. There are various apps that allow end-to-end encryption, where the communication provider has no knowledge of the key.
In the simplest form, this could be a one time pad encrypting a message sent by post. The postal service is the conduit but has no ability to read the message. All they can do is make a copy and pass it on. This has existed in one form or another for at least 2,000 years.
Fast forward to today: Now we have services that use PKE to encrypt the message. This has been the case since Phil Zimmerman released PGP in 1991 and faced serious amounts of detention for it. If the sender is careful, then not even they have a copy of the mail and can't decode it (assuming they expect the police raid and store no copies of the plain text). Only the recipient has access to the key needed to decrypt. The use of various trap-door algorithms that form the basis of PKE rely on the fact that we believe that the choice of a suitably long key renders the time to decrypt the message longer than the message validity life time. With ProtonMail, the service provider acts a a transport hub, but can't read the message, even if subpoenaed.
Fast forward again: How long until we have a viable quantum computer that can handle a large number of PKE messages and read the plaintext? Then no-one will know who has read what messages.
So the arms race progresses. Now we will move to harder encryption: say TwoFish or AES. These are not, we believe, subject to quantum crypt analysis. I have to say believe, because that might be what they want us to think, right? What better way to handle cracking seriously hard encryptions by the security services than the classic double bluff: "Oh yes, we have cracked xyz encryption, but abc is still hard" when in fact the opposite is true!
Next stage: Quantum resistant versions of PKE, eg McEliece or its like. Lattice based cryptography. The cost of encryption is dropping as computers get more powerful and we have GPUs to help. We also have high speed comms networks, so the fact that it takes a long time to encrypt a message and the key is in the 4MByte size is not really a problem.
So what does the legal system do now? Seriously, what do they do? They can legislate all they want and make it the senders responsibility to provide the keys, but it does not take a genius to work out ways for the keys themselves to be distributed, used and destroyed making the sender unable to provide the key. And that assumes the sender is in a jurisdiction that is favourable to such legal frameworks.
I am a systems programmer. I have made plans for a multikey quantum resistant message exchange that would permit plausible deniability of knowledge of the keys. I know I could do this using what be believe are trusted methods (no, I am not going to be foolish enough to crate my own encryption, thank you). With multiple encryptions and the addition of noise in the encrypted message, it would be very hard to decrypt, even with a quantum cryptanalyis system.
Random Noise? Can it be random? Yes it can:
https://www.popularmechanics.com/technology/security/news/a28921/lava-lamp-security-cloudflare/
Got to stop here - I can see the black helicopters circling and there are men in the garden who must be really cold - they are putting on balaclavas.
So, we have two QC's in this:
For NT2 - Hugh Tomlinson QC of Matrix Chambers
For Google - Antony White QC, also of Matrix Chambers
The cynic in me suggest that this whole thing is a put up job by Matrix to keep two QC's in a high profile case employed. And it is definitely heads-I-win-tails-you-lose. Which ever way you cut it, Matrix is in it for the win.
Mine's the one with the no internal compete clause in the pocket
>>> t's $billions space littering, especially as its orbit now crosses that of Mars, and it isn't sterile and risks polluting the place ruining it for science should it hit.
In the words of everyone space guru:
Space is big. Really big. You just won’t believe how vastly hugely mindbogglingly big it is. I mean you may think it’s a long way down the road to the chemist’s, but that’s just peanuts to space."
The Hitchhiker’s Guide To The Galaxy, The Hitchhiker’s Guide To The Galaxy
The probability of it actually hitting Mars, or anything else in the solar system for that matter, in mine, or yours, or even our great grand childrens lifetimes is so astronomically small that you might need an infinite improbability drive to calculate it.
See: https://image.gsfc.nasa.gov/publication/document/IMAGE_FRB_Final_Report.pdf
NASA conducts a failure review whenever any mission ends unexpectedly. It's good practice. But when an amateur manages to find that a satellite has revived itself, and NASA had no idea, that's, well, troubling.
The FRB stated: "It is unlikely that the IMAGE mission can be revived. However, the October 2007
eclipse season may permit a Transponder SSPC reset (and a re-powering of the
Transponder), but this is not certain given that the main bus reset level may really be 21
V."
However, they did say: " If revival occurs, the mission should be able to continue as before with no limitations."
When the Sequent engineer came in to register all of the new SCSI disks we had spent a week installing and configuring. This was in the days when 4G SCSI disks were considered the best thing ever and we had a full rack of these, populated front and back. It ran the Customer Care database, the incident logging DB, and most important, the transaction log that we were required to keep by law.
cue the Sequent engineer kneeling down to read the lower disk IDs, over balancing, reaching out, and yes, he hit the main power contactor. "It was only off for a second", he told me, as the DBA's started wailing that their database had gone down. And then wouldn't come up because it seemed we still had the transaction log on the same disk array.
Cue backup taper recall from the safe store, reinstall, and oh? Where are the historical table spaces? It seems that the Sequent backup program for Oracle doesn't backup readonly table spaces at all.
Next thing happening:
1) Me , explaining to the regulator, why we couldn't fulfil their request for information we had to have;
2) The DBA's doing a repeat after me: "A backup you haven't tested is not a backup at all"
3) Sequent issuing a fix: namely a page to insert in to the manual set saying the readonly tables spaces don't backup.
Very expensive and painful lesson learnt, and we too put cardboard flaps over the very exposed main switches!
@BobC
I don't disagree. What SHOULD have been done long ago is get a chip that has true 64bit clean architecture, and doesn't have all of the 286/386 legacy instructions to allow paging of memory banks in and out as required. This way a decent OS can understand the memory architecture directly, and intrinsically know when memory is being executed outside of the current processors bounds.
If you add to this flags on memory to state if it contains executable code/data, wether it is ReadOnly/ReadWrite then you actually start adding a lot more security. evil Person can't just do a buffer overrun and add their code to the execution path because it is then impossible to write to a readonly executable area.
No need for a NorthBridge at all.
Not having banked memory means that the whole 64bit address space can be mapped directly to memory. Devices then appear as memory locations (Vax? PDP?, Nova?, motorola). Bang goes the SouthBridge.
You end up with a much cleaner, simpler, CPU architecture. Simpler motherboards. Simpler compilers. Even simpler OS.
My team (it wasm't me, gov, honest) blew up a Vax 11/780 not once, not twice, not even three times, but at least 5 times. Digital were confused as to why the unibus terminal interface could keep blowing up. But as it was under warranty, they kept replacing it.
It was only by chance that I was in the lab one day. Normally, they didn't let us office types in there in case we did something silly and blew up the lab (very probably the case). The lab was connected to the computer by a long length of shielded cable strung between the two building. It seems the guys in the lab had removed the earth wire from a 4 way extension lead because the earth was interfering with the oscilloscopes, and they needed to allow the earth to float high. Then the plugged their terminal in to this, to record results in the database.
So the terminal floated high (that was the days of CRT terminals, lots of high voltage there).
So the lines to the VAX floated high. And then it all earthed through the Vax. Blew the Vax up. But the lab didn't know. So they repeated their tests, blithely unaware that they had taken out a very expensive piece of kit.
When we found out, we had them label the extension lead with "UNEARTHED - NOT FOR COMPUTER EQUIPMENT", which they should have done anyway, but hey, they are boffins, the brights guys in the room , right?
We decided that we weren't going to tell DEC in case they stuck a bill for failed VAX's on to us!
Probably a wholescale redesign of the instruction set. Ditch the reliance on X86 based instructions, ditch compatibility with 32 bit software, and design a brand new instruction set based on 64 bit architecture. If you did this, you would design a processor that makes board design simpler, cheaper, and simply get rid of all the page spaces that cause so much of the problem.
Digital did it in the lates 70's with 32-Bit VAX architecture, and tried to upscale this to Alpha. Thats died the death, because it was expensive, and eventually wasn't able to compete. Others tried, and fell, as the WinTel juggernaut rolled over all in its path.
It would take a major investment by IBM, Intel, Motorola or AMD to build a new platform. That is a LOT of money and it would take decades to get market penetration to the point where it started to pay back.
But I agree, it is probably what is needed.