* Posts by Justthefacts

112 posts • joined 22 May 2014


Intel SGX 'safe' room easily trashed by white-hat hacking marauders: Enclave malware demo'd


Re: Alternative security measures

I get your point that more complex programs have likely larger stack requirements; I’ve never been involved on something that size, so I haven’t seen the problems.

One answer is to separate stack into return-address and data, and keep return address only in dedIcated onboard. “Surely” that can’t overrun.

I still think that our general problem is that we have sized our compute infrastructure on “must be able to do everything” rather than “securely compute typical things, and refactor our previously unconstrained solutions”.

I don’t have all the answers, not surprisingly....like how to enforce code/data separation for interpreted code like Java


Re: Alternative security measures

I should probably clarify, to show at least “incomplete” ignorance.

I do know that Linux today allows 8MB stack per thread, which blows way past 256k total stack....

My point is - OS design encodes a set of decision making based on a history of CPU microarchitecure, particularly Intel and AMD. This looks “cost-free” on current architectures with stack mapped into main memory, but it is turning out to be very costly from a security perspective.

Are such large stack sizes really needed, or are we just encouraging greedy developer practices. Being controversial (and I know there are people who *love* recursion), if I discovered my team were writing something that required even 1M stack, I would be really worried. If 1M, what are the edge cases that it needs 2M? Or 20M? It seems to me like an accident waiting to happen, without fairly severe numerical analysis, especially when an unrelated team adds an unrelated feature in object-oriented fashion two years later.

If instead, we prioritised security, and accepted hardware limitations on stack-size. Trade-off, on the one hand a majority of metal-level security issues are prevented. Maintenance becomes much cheaper downstream. On the other hand, Linux and Win have to change thread stack-size, and a bunch of legacy applications containing bloated stack assumptions need to be re-spun. Would there be a net benefit for the industry in theory, even if it difficult to get there from here.


Alternative security measures

It seems that (again) the more complex security measures increase the attack surface.

Genuine question - why don’t people implement other architectures that are easier to security analyse? I’m thinking Harvard instead of Von Neumann. It doesn’t even have to be that different from a physical standpoint, the program/data could be shared and enforced by on-chip hardware engine. I doubt the instruction unit core even needs to change, just the memory addressing units.

Or, why not at least separate out data and return-address stacks into small separate on-chip RAMs. 2x256kB RAM for stack could hardly break the bank nowadays, might well be faster than current architecture than what is anyway a rather bastardised idea putting stack in main memory, kills the ROP stuff and stack overflow. I could be wrong but if the stack is larger than L1 cache, I reckon you are both “holding it wrong” and killing performance.

There may be problems wot I haven’t thought of.

European Commission orders mass recall of creepy, leaky child-tracking smartwatch


Re: Tip of the Iceber

Of course 73 MEPs is “no say”. None of the 751 MEPs have any “say” in policy.That’s not their role. The EU institutions weren’t just carbon copied from the U.K. version of representative parliamentary democracy. It was never designed to be, and does not claim to be in its constitution or practice.

The primary institutions are:

The Commission is the executive, and is not an elected body. It proposes, and executes all policy, and is the budget holder. This is “who runs the EU” in the sense that a CEO and Directors run a company. That’s not an insult, it’s simply the facts of the Constitution.

The Council of Ministers consists of the Heads of Government of the EU27.It “decides direction of policy” (but not propose laws, and cant overrule the Commission) and sorta kinda appoints the Commission President. Except it doesn’t. It’s “complicated”. Depending on how you like your metaphors, the Council is equivalent to either the shareholders, or the Queen.

The European Parliament, is allowed to vote only on matters already discussed and proposed by the Commission. Its only powers are to request the policy to be amended and re-submitted (which it only rarely does) and it is not allowed to simply refuse when re-submitted. Although not an exact analogy, it is similar to our House of Lords.

The EU is a radically different political system, which inverts and re-allocates power between Civil Service, elected and appointed Houses. It happens to use words like “parliament”, but those words have very different meanings and weights to what we are familiar with. There are more types of democracy than you think, and the EU style inherits more from that of the Catholic Church and Holy Roman Empire than it does from Westminster.

Talk about beating heads against brick walls... Hard disk drive unit shipments slowly spinning down


Re: Steep drop in prices for SSD

Maybe you are a professional photographer, I’m genuinely trying to understand who uses that much for photos?

3GB per two weeks is a run rate of 75GB per year, which would take 13 years to hit 2TB (and picture sizes were much smaller 13 years ago). And my photos are 10MB each, so apparently you are storing 20 high-quality photos per day. That’s why I’ve felt the sweet spot for final victory of SSD would be £100 for 2TB, allowing 1TB each for movies and photos. But I might be wrong.

A few reasons why cops haven't immediately shot down London Gatwick airport drone menace


Re: No gumption

Maybe the operators have indeed “armed the drone”.

That makes your proposed non-solution [“careful now”] much worse.


A) Marksman rifle shot. Risk - spent rifle bullet or drone carcass hits somebody. Risk level - density of people on ground, a few thousand x 0.1m2 per km2 => less than 1 in 1000. Consequence - a couple dead. Bad, but let’s see what option B has to offer.

B) Do nothing. Risk level - fairly high that this is either a serious attack in progress, or an initial probing for a larger attack if the culprits are not stopped. Probability surely at least 10%. Or even say I am paranoid, but not less than 1%. Consequence: loss of one or several airliners, each with hundreds of people on board.

Personally, I choose option A.

Gatwick have gone for B; now we just wait for more attacks, one of which may well succeed with a large number of deaths. Bad choice.


Re: Won't someone think of the great, great, great grandchildren.

You don’t seem to understand the difference between capitalism and a free market economy.

This is absolutely capitalism max, plus a slightly less than free market.

The experiments of Ayn Rand have been done, and the results are available for everybody to see, without debate.

Totally unregulated free market: Somalia and Yemen. Failed state. Quickly dissolves capital, and hence capitalism, which is no match for the true free market.

Pure capitalism: a command economy *easily* beats a free market, economically, with its hands tied behind its back. China is key exponent of this approach. Once again - communism and capitalism have absolutely *nothing* opposite about them. The truest capitalism is a command economy of factory bosses. That’s Putin’s Russia too. Putin just isn’t as good a capitalist as Xi.

The problem is neither of these systems is very compatible with democracy. Nor does democracy necessarily maximise GDP. Nobody claimed it did.

Boffins build blazing battery bonfire


Re: Thorium Cycle Reactors

I have always thought the easy solution would be true citizen democracy ;)

Have a referendum asking whether Britain should go nuclear or build out renewables. Maintain voting records, and saddle people with consequences of their chosen option.

1) During Power shortages caused by variability of wind or solar, smart meters would blackout those who voted “renewable” until the dip subsided, performing demand management and protecting supplies for those who chose to value security of supply.

Privatised Electricity companies can choose to build out storage systems, which will cost whatever they cost, and renewables folk can sign up to those packages if they like. I have no idea what the trade-off curve is between cost and reliability drop-out. But the renewables folk think it reasonable to impose this unquantifiable on everyone, so it must be Ok for themselves.

2) Nuclear folk are required to buy third party insurance for the nuclear risks, including the supposedly unquantifiable (but actually rather accurately known) decommissioning cost. This is easily re-insurable (and indeed you can buy those corporate bonds right now), so there should be a competitive insurance market. Others will point out that I can’t guess very well what the insurance premium will be. But, since we already have nuclear baseload, and the consequences to our country will happen whether I like it or not, we all of us anyway currently end up paying that anyway, by taxes over time. So I can’t whinge.

Under these conditions both religious factions can vote how they damn well please.

My tribe is nuclear, so *we* get turkey with all the trimmings *every* Christmas, with million candlepower Christmas Tree lights. Children of Renewables parents hoping to be invited for Christmas can......return to the Middle Ages whence they came, while their sad, hungry eyes watch the windmill sails with trembling but ultimately futile hope that the wind will blow with just the right amount of puff to power both the shower and the oven.

Merry Christmas one and all!


Re: "cheaper"

It can’t be true that safety always trumps cost, when society resources are always limited. That’s not hard-hearted, it’s the opposite, to find the best way to save lives in the real world.

Health in our society is currently funded at a level such that treatments are available at a level of Quality Adjusted Life Year = £15k. I won’t go through all the arithmetic, but the net is that making energy cost savings of just 1% would be allow re-deploying resources to save 200 lives per year in the U.K.

Alternatively, road-safety measures operate on a target cost of spending £1.5M per life saved (equivalent to £50k per QALY). The same cost savings could be redeployed to save about 60 lives per year on the roads. Ideally government would take a more consistent view on its spending, but the general point is there.

Bloodhound SSC reaches the end of the road for want of £25m


Actually, that is a good idea....

I am a believer in grand challenges. All too often, as a generation we aimed at the foothills rather than the stars. Taking into account a bit of over-promise, under-deliver, that delivers poo emojis.But the true dreamers never build anything either.

If there were a more generally recognised Grand Challenge Foundation, dreamers could publically submit the crazy dreams to public vision. And equally crazy engineers might have solutions to turn them into reality. If it also had some sort of voting on the worthwhile things to achieve, maybe governments could fund X-Prizes without the bureaucratic safety-seeking of grants.

Space policy boffin: Blighty can't just ctrl-C, ctrl-V plans for Galileo into its Brexit satellite


Re: Actually, this may be a well-disguised win

If you want to descend to ad hominem, a more accurate point would be - perhaps one reason Galileo is over budget and technically poor, because the EU institutions won’t allow non-whites to work on their engineering, whatever is on the passport.

Compare the ethnic mix of any London-based engineering team, with the “Europeanised” flavour of an “EU” team. This is a game anyone can play by googling EU or ESA conference photos. Here’s one, but there are thousands to choose from, you don’t like my data, make your own!


11 non-whites out of about 300.

To anyone with a UK engineering background, you literally won’t believe your eyes. My first ESA conference, I walked through the door, and honestly it was the first thing I noticed. It was shocking to me. And if you think 4% representation is bad, wait until you realise that out of dozens of conferences, there has never been a single non-white podium speaker!

*This* is what institutional racism looks like. And these are the people lecturing to us about open borders. The hypocrisy is astonishing.


Re: @codejunky A minority

No straw man. Classic “post modern ironic” Defense.

First Imply something outrageous, with a /sarc tag.

If not challenged, statement hangs there as accepted and true.

If challenged, “I was only joking”, and you are just a jerk for pointing it out.

“Part of the motivation for Brexit....profit from currency speculation”

By whom? The Illuminati? See above.

Most currency speculators are City folk, who are mostly Bremainers.

If you want to retreat to a more defensible position, like “there is a viewpoint, not just in the U.K., that one can benefit ones own country with a currency devaluation race to the bottom, making your exports cheaper”. Then yeah, there is. Currently, Trump and Xi are making the argument explicitly. Switzerland is doing it.

And it is one of the primary reasons that Germany is in the euro at all. Very roughly, Germany has been prepared to pay 950bn euro via its Target2 claims which will never be repaid, to keep the euro as low as it is, keeping its industrial exporters very profitable.

And it is a possible argument for Brexit. And not one that I agree with.


Re: Strangely in the last week or so..

Without any people’s vote in the *UK*. Pedant. Certainly, other countries have voted. Sometimes more than once until they came up with right answer (Ireland)

Bulgaria, Croatia, Cyprus (kinda), Czech, Estonia, East Germany counts half, Greece, Hungary, Latvia, Lithuania, Poland, Portugal, Romania, Slovakia, Slovenia, Spain.

That’s 15.5 out of 27, which is more than 50%. How have I erred?

You are correct only that Hoxha being Albanian shouldn’t strictly count. Ironic that. The Albanian diaspora is a classic example of how EU rhetoric on enabling freedom of movement, is entirely unsupported by the reality on the ground. There are as many Albanians living in the EU27 as in Albania itself (wiki Albanian diaspora), despite it *not* being a member of the EU. So, what need is Schengen? For clarity, I’m *pro* immigration.

I can accept that countries can transition from autocracy to democracy. What scares the shit out of me is the reverse, which is happening now in large parts of the EU27.

Polish friends with the wrong ethnicity are selling their house in Poland. Hungarian Jewish friends are getting their parents out now, not even waiting for the payments to clear on the house sale because it’s that dangerous to stay. A gay Romanian friend is hiding their traces on social media, after their friend committed suicide in a police cell by shooting himself in the back of the head.

Your dismissive tone shows that you belong to a class that has never had anything to fear, and has no skin in the game. For people outside your privilege group, there are very valid reasons to worry if the U.K. will still be a place of safety in an increasingly federalised Europe, with a centre of political gravity consisting significantly of fascist governments.


Re: Unicorn based politics

There was no POC intended until OHB failed to deliver the goods.

The POC contract only came along as OHBs method to keep the main contract, as satellite prime.

So a contract extension was spun up, to keep the train on the rails.

Citation - the Galileo RFP’s from the EU database. If you are in the industry, you will have downloaded these at the time. But no, I can’t publically post them. As you well know.

The POC isn’t the same as the fully functioning system. Well, duh. It differs mainly in the onboard clock, the modulation ASIC, which are “customer provided elements” rather than manufactured by the satellite prime. Also in the amount of station-keeping propellant carried. Next red herring?


Re: Spexit!

Nor can we rely on the EU. For example, while the US refused to support us in the Falklands, the French actively refused to give us the Exocet codes, resulting in huge loss of life.

Political risk exists *either way*.

So, I propose to plan for a world that matches the history of the last fifty years or so. Which is-

A bunch of small conflicts, where there is mostly but not completely multilateral agreement. But certainly no threat of active US GPS denial.

Plus a continuation of Cold War tensions and proxy wars, where the US will be on the same side. Not necessarily prepared to defend us though. But the US is certainly more likely to be actively involved on the U.K. behalf, than trying to defend the indefensible like EU27 including Hungary and Poland.

Your scenario is that some Bond villain compromises the United States most highly protected military asset, an act of war, and instant annihilation for any nation trying it. Not realistic.


Re: Spexit!

What military actions exactly in today’s world would be “Suez-like?”. Almost all of the UK’s recent wars have been multilateralist. Those that are not (e.g. Falkands) are likely not supported with the required precision by Galileo, because there isn’t a high-rising MEO over that location.

Very importantly, in the case of Falkands, let’s not forget that it was France that refused to give us the Exocet codes to allow us to defend ourselves. Or, let’s take a minor civil war like the Northern Ireland conflict. Are you sure that the EU would support the use of munitions like GNSS guided mortar fire to take out an IRA position? 100% sure? Galileo absolutely doesn’t retire political risk. Most realistic scenarios are very problematic when stated explicitly.

4) To support an independent nuclear deterrent. *Yes, exactly that*. So, let’s have that debate.

It isn’t the US intervening on our behalf, it is whether they would actively prevent our own capability.

If instead of people being told “Brexit bad because no Galileo”, this were phrased as

“A key benefit of Remain is to allow us a policy to launch nuclear weapons even if the United States disagrees” most Remainers, being liberal multilateralist, would be *horrified* that this was what they had been voting in favour of.


Ongoing costs.....

People realise that these are LEO satellites that come down after three to four years right?

So when you say “due to launch in 2022”, those just barely replace the ones already up and will have come down by then. T


Re: Spexit!

So now, when it suits your preconceived politics, you just believe the vendor advertising.

Read what they said. Exactly.

“Available”, yes. Giving the high precision, no.

In particular, giving the super high precision required for munitions guidance, no.


Re: Genuine question...

Trolling, much? You list the EU countries of NATO, but excluding the USA


Re: Unicorn based politics?

Yes, I am aware that Airbus bought Surrey. So what?

Is that your cynicism showing that either -

Big company will slow down small company to its pace.

France- and Germany senior management will simply prevent its U.K. arm from bidding, and say “yeah, but of course Airbus Germany has a department that could do that”.

Both of those are partially true, I won’t deny it. But that’s not really a pro-EU argument is it? More a discussion about the extent to which U.K. should allow strategic assets to be bought by overseas investors. Probably still the right thing to allow it IMHO


Re: Spexit!

Yes, and no.

Available, yes. But you need to understand Dilution of Precision. Go google it,

Then, realise that orbits don’t need to be circular, and elliptical ones can hang for longer at more optimal angles, by Keplers law.

In short, take a course in orbital mechanics, and have a squizz through the dozens of technical trade offs made.


Re: Spexit!

No. You have misunderstood the physics. It isn’t “high latitudes”, it is aided by a pseudo Molniya orbit with high altitude and hang time over Europe. Specifically Europe.

By the way, that is absolutely a correct engineering decision for most of the *civilian* use cases.

But not much use to aid the military scenarios.


Re: Actually, this may be a well-disguised win

Writing this in a lot of places.....

You have chosen excellent examples :)

Both Suez and the Falkands are in geographic locations where Galileo accuracy will be poor, compared to GPS, due to the orbits chosen. Galileo would have been useless to guide munitions in those cases.

This is an engineering forum, so it’s best to put technical engineering before your political propaganda. Sorry young pup.


Re: re: this pertains to defense applications

What? Either Bullshit Or Worse. “We won’t have access to the GPS system.....

We of course continue to have *UK* military access to US GPS military codes. In a way, to be clear, that the US would *never* allow to France. But we would never have rights to sell equipment encapsulating secret codes that aren’t ours to sell.

Are you claiming that U.K. Defense companies have been pre-selling systems that include and rely on *Galileo* military codes? Selling to the usual suspects in the Middle East and APAC? Bearing in mind that selling such would violate our terms of Galileo membership. And also bearing in mind that it would be a fraudulent sale to e.g. Indonesia, as the accuracy of Galileo in Indonesia is ten times worse......

I *hope* you aren’t claiming any of that. Please do expand.........


Re: Actually, this may be a well-disguised win

Galileo doesn’t *even* add capability to drop a munition into a bunker.

Not unless the bunker you are looking for is:

a) Located in mainland Europe (technical configuration of the constellation and orbits)

b) *Not* located in one of the EU 27 as politically unallowed to make war against the EU (can you start to see the problem......)

c) Located in a country where the military political view of the USA differs from that of the EU, like a Russian invasion (otherwise you would just use standard US GPS)

I think that pretty much limits its use to the War against the People’s Liberation Front of Sark. Those damn Sarkies don’t like it up ‘em sir, they don’t like it up ‘em.


Re: @codejunky A minority

So, you know with high certainty that the pound will fall further?

You should rejoice, because you, sir, are about to be *fabulously* wealthy.

All you have to do is remortgage your house, and use the funds to short the pound with a CFD. I checked, and you can leverage up to 25:1 without difficulty. If you put your money where your mouth is, you should have no difficulty being 5 million euro up by this time next year. This will allow you to buy citizenship in one of the countries that advertises that service freely (e.g. Malta, Austria). Job done.

For clarity, neither am I saying Brexit will be good for the pound. But I am saying that anyone who claims to know with better than random odds which way it will go, is either a fool or a bullshit artist.


Re: Strangely in the last week or so....

Almost all of Remain voters do not understand what Remain means either.

They understand it to mean - continued partnership of an EU with its current remit, organisations and political makeup. Nothing could be further from the truth. The EU has completely transformed its constitution, remit and makeup three times in twenty years, without any people’s vote. You should expect the same over the next twenty years. In fact, it is even written so - “ever closer union”. “Remain” is a charter to be part of an unknowable institution with unknowable remit.

Remainers understand the EU to be in line with U.K. middle classes, broadly socially liberal, and fiscally neoliberal. Nothing could be further from the truth. Over 50% of current EU members have been fascist states within the past 50 years. Franco, Salazar, Greek colonels, and Hoxha seem all to have been forgotten. But that is a very temporary situation, as Orban in Hungary, FPO in Austria, AfD in Germany show. Remainers see only what they want to see in the EU future.


Unicorn based politics?

Is that like where Surrey Satellites bid the contract, technically feasible and under cost? Then German OHB win, take 5 years *not* to launch what they promised in three. Then Surrey satellites rescue the spectrum allocation by building tech demonstrators from a standing start in 18 months, while OHB drop a *further* two years and many billions of EU money.

Then, OHB *keep the contract*, despite that a U.K. company is demonstrably cheaper, technically more capable, and faster.

Right now, despite the billions already spent, Surrey could *easily* build and launch an entire 30 satellite constellation for lower cost than just the four remaining satellites with OHB. Wiki doesn’t mention that, does it.....

Are those the unicorns you are looking for?


Re: Spexit!

Hurray! A bit of engineering amidst the “Brexit must be bad” stuff.

So, our involvement in EU Galileo gave us:

1) Access to the military signal (civilian everyone gets anyway)

2) In cases confined to a European theatre of war. So, out of the wars we have been involved in recently, this would have helped in: Afghanistan, no. Iraq, no. Syria, no. Going back a bit - Somalia, no. Falkands, no. Aden, no. Serbia maybe, except see below actually still no.

3) But, since we don’t have it, as a member of NATO we get the USA GPS codes unless the USA refuse to support. So, this investment allows us to prosecute a war within Europe, in which the United States is at least neutral (so, not against Russia then).

4) A war not against any of the other EU27 (which excludes a Serbia type conflict) or a civil war. Or, is that what you want it for? A suppression of Catalonian nationalism for example? If that is it, please let’s get it out in the open and discuss.

Please could any of the expected downvoting Remainers, outline just ONE scenario that this actually fulfils a need?

Blighty: We spent £1bn on Galileo and all we got was this lousy T-shirt


Re: Trident

You do know that none of what you say is actually true, right?

Harbour manoeuvring ferries.....you can’t use GPS-type nav for that, for multiple reasons. The issue isn’t the precision of the nav-code, (which makes zero difference for this type of application), nor even Dilution of Precision. River and harbour pilots are necessary because underwater sand-banks move. And radio reflections off the water cause positions in port to be off by 200meters quite often. End of. Shame neither you nor the EU actually *asked any Port Authorities* before claiming it.

Auto landing airliners is done via airport radio beacons. It’s a solved problem, and nobody is interested in GPS type nav for it.

“Deciding on the future direction” is pure control-freakery EU jargon. Why would you want to? It’s free, and a useful add-on to GPS. That’s all.

Missing out on contracts: Yes. Just exactly like we did when part of the EU. Both the SSTL and Astrium offers were cheaper, technically better, and would have come in on time, compared to the German OHB proposal, which was slideware. But, we lost the bid anyway. SSTL built two satellites in one quarter the time of OHB, to keep the orbital slots rescuing the whole project, and proved they were better, but still didn’t win the work. UK had to pay for SSTL tech demonstrators out of a separate budget, that wasn’t EU money. The EU financed only the (non-UK) launchers. Please give facts and which specific components you think are or might have been UK return on Galileo, had we stayed in?



Please explain what benefits access to the encryption give.....

It only benefits military receivers with access to the encryption sequence. It isn’t relevant to ordinary citizens or commercially.

So, *what wars would you like to fight* where that is a relevant consideration? Do you wish to exit NATO?

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)


Re: The issue is changing the password...

Yes. That’s a risk at high security level.

If you don’t like it, consider a FIPS compliant solution. Not consumer or even enterprise grade, more TLA.

BitLocker is primarily for “I lost my laptop on the train”


Re: "Because MS was just blindly trusting them all, they have to take some of the blame."

“It does the encryption nicely thank you”

Staying in your box, not thinking about the bigger picture.

Those Spectre, Meltdown bugs etc, are a threat *precisely because* of the trade offs you made to do security in software. If the key storage and engine were in physically separated hardware, it wouldn’t have happened. “Trust”. You still had to trust underlying CPU hardware, that you knew nothing about.It turned out to be possible to recover keys held in software using timing channel attacks that “ought” not to be possible. It’s a human bias to trust things we know and distrust or ignore what we don’t, but it is just that, a bias.

Once again. Security is hard. Really hard. If you do it yourself, you better be very sure that out of the other thousands of security professionals in the world, not one of them is smarter or more experienced than you. Be very, very sure. It only takes one. Otherwise, rely on certification.


Re: Yes and no.

I agree with you, about the failure root cause. The point I was making is that this is the drive manufacturer at fault, not MS. Had MS decided not to trust drive encryption at all, that would likely have caused more holes, and more easily exploited, just because security is hard to do right.

I don’t agree however that it is purposeful, because the alternatives are problematic too. You say “derived key” which is security correct. However, any updateable Data Encryption Key makes it not be easily updateable (requiring entire drive rewrite) as someone pointed out. Unfortunately this pushes one to the security undesirable static Data Encryption Key, whatever you do with the Key Encryption Key. Accepting that trade off pushes to a model where the drive as a whole is locked by the user key.

Personally, I would have argued for something like: internal private randomised key, which the user Key encrypts, and then it is only that which is stored. Thereafter, it is only the encrypted key that is ever stored, with the DEK generated dynamically in from the user Key. To update the “key”, decrypt the DEK with old key and re-encrypt with the new key.

The extra manufacturing line time to provision the initial device-specific randomised key is going to come under fire from cost perspective. So, you can see how this got bastardised in a meeting to: the user key is just the key to the box, job done. I have been in very similar meetings, and lost the same argument to “this box has to be secure enough against standard hackers (who in the minds of management are all script kiddies); nation-state security requires FIPS compliance and we aren’t doing that”


Yes and no.

Starting with: is it sensible for the OS to defer responsibility to the hardware.

Yes. That is exactly the correct thing to do. it is so hard to get this stuff right, unless you have *tens* of years experience, it is dereliction of duty to roll your own. You push the security boundary into a separate certified object. And if you don’t trust the hardware, you can’t trust the RAM either. For example, Where Exactly will the OS store the decryption key? Ultimately, via some key hierarchy, that would be on the disk, in the clear, unless you have a separate hardware key store. ARM Trustzone do. Thats great, as I said, push it into hardware! Somehow.

Secondly. SSD manufacturers did this accidentally, not deliberately. Because *this isn’t the security hole* as far as a TLA is concerned.

There’s a much simpler way, once you have physical access and can update the firmware and play with the hardware. Simply, the data on SSD is encrypted with AES CBC mode, which is *symmetric and a simple XOR with scrambling code*. Just: hoik off the raw SSD chips read the encrypted data, swap out the SSD chips and put in ones filled with 0’s. Read again through the hardware decryption unit, XOR the two streams together. Job Done.

30 spies dead after Iran cracked CIA comms network with, er, Google search – new claim


Re: Face facts

Trump’s tweets have been the first notice he has given the world of Presidential policy. He has fired advisers over Twitter, in his capacity as president. It is not a personal account.

You, along with him, are unable to differentiate *why* so much of what he does crosses the line between personal and official. He shouldn’t be employing his daughter and son-in-law as an adviser, for example.

Considered as an actual security risk, Trump carries his phone on his person. Any attack vector which could compromise a device OTA (like for example, a Bluetooth buffer overrun attack) is immediately fatal. *When* rather than if his personal phone is security-compromised, it can be used as a spying microphone in his pocket. He is POTUS FFS. Not a middle-level official.

Clinton’s risk was an *email server* running at home. Her attack surface was an email address. A physical attack would require someone to *enter her home*. The email server is not compromised even if she opened a dodgy email. Because it’s a server.

If you were saying that her device used to *read* emails could be compromised over the internet, that’s a reason not to access email at home, wherever the email server is located. But that isn’t the allegation. Most managers read their email at home, over VPN, including most governmental officials, and nobody is saying that was against policy. Running an email server is not that risk.

The server risk is someone entering her home could have stolen it and accessed the emails, breaking passwords with state-actor level methods.

*But that didn’t actually happen. Did it.*


Re: Face facts

Is that a bit like crooked Trump’s iPhone?

The one that he uses to tweet from, despite that the Security Services stating publically and privately that it is against federal law and telling him to please stop.

The one that there are video clips on national TV showing him using, including Fox News.

You can go to @realdonaldtrump to read his tweet denying that he uses an iPhone to tweet, which says at the bottom “iPhone app”.

Is that the sort of thing that you have in mind?

SCISYS sidesteps Brexit: Proposes Irish listing to keep EU space work rolling in


Re: Well that's weird....

I didn't say it was unfair. I was simply pointing out that people who think ESA is EU are incorrect, and (see above) EU are trying to make them correct against the will of the ESA Head.

I agree that Galileo specifically is an EU program.

I personally believe that Galileo is a waste of money, but it isn't my money.

If UK gets locked out of Galileo pork, I personally have no issue with that.


Re: Well that's weird....

Do you work in the space industry?

What actually happened is that the EU made a power-play to take over the ESA competence. ESA Head Worner told them to F* off, and has made very clear that as long as he is in charge, they aren't getting their sticky fingers on ESA. Galileo is the bone that he had to throw them to get the EU to back off.

This is the world of EU byzantine negotiation. I have spent over a decade of my life playing it at senior levels, and I personally have had enough. You should talk to some people who have actually worked the corridors and coffee points, rather than reading Wiki.


Well that's weird....

Having worked in this industry, with Scisys.....

The entire industry is centred around "georeturn", i.e. contracts go to companies located in countries where their government contributes money towards ESA budget.

Note, by the way, that ESA membership is nothing to do with the EU. Just another of the things the EU claims that have nothing at all to do with them. For example, Canada is a member of ESA.

How much money is Irish gov planning to put into ESA from now on? Unless it is more than UK.....

Brit startup plans fusion-powered missions to the stars


Re: Mission energy requirements....

Not *relevantly* true with current technology because:

Solar radiation to power the solar panels falls off as 1/r^2, which means your ion engine has produced most of the delta-v it is ever going to, by the time it has gone more than 0.5AU outwards from the Sun. Your standard 400mN thruster achieves 0.6mm s-2 on a 6 tonne spacecraft. Unfortunately, that only gives you a delta-v of about 5-8 km/s. That’s *good*, but it certainly isn’t a game-changer compared to conventional chemical.

To be a game-changer for delta-v, it would have to accelerate *much* faster over the “runway” of the first 50 million km outwards from the Sun. 3-5 mm/s2 at least. That means much higher power requirements, so very much larger solar panels (mass starts to exceed what we know how to fold away in the launcher), and plain beefier ion thrusters.

But god knows why fusion......

Actually a standard nuclear RTG is just the ticket to generate electricity independent of distance from Sun and therefore a much longer “runway”. Just, we aren’t allowed to launch RTGs any more for political and environmental reasons.

London tipped to lead European data market. Yes, despite Brexit!


Re: London Ahead?


Engineering Reality check. Ignore Brexit, the major investment banks would love to save Square Mile rent by moving to cheaper premises. But the latency for HFT trading means that *even going outside the M25* is just too much to remain competitive. And you propose Frankfurt?! That’s nearly 10ms behind London to the crucial transatlantic connectors, which land in Cornwall. It’s physics light flight time, plus a bit of repeater delay.

Barnier as Canute “make lightspeed infinite to keep our European credentials pure”!

Plus, absolutely nobody wants to live in Frankfurt. It’s like Slough but without the charm and nightlife. You just don’t earn a million a year and live there. In the finance world, being transferred to Frankfurt is like Traffic Duty for police - it’s the standard way to tell people they are going no further and should resign.

Linux kernel's Torvalds: 'I am truly sorry' for my 'unprofessional' rants, I need a break to get help


Re: That's right Linux community... bend over...

“Rainbow-haired pronoun people”

He finally looked in the mirror and realised that he created and enabled *people like you*. That’s what this is about.

In your view, bullying people for their gender and sexuality is not just OK but somehow morally *necessary* as a badge of belonging.

That’s why most women don’t want to be software engineers, and most gay engineers are *still* afraid to come out in their workplace long after the world changed. How many are there in yours? Don’t know? Because *you* are the problem.

UK.gov finally adds Galileo and Copernicus to the Brexit divorce bill


Re: To anyone pro-Brexit

You are correct. EU negotiators should (and will) offer nothing.

The problem, is that EU negotiations go on all the time, for the past twenty years. And they have been offering nothing consistently every time. Nothing at all will change.

Point to just one negotiation where the U.K. interest was served. You can’t. I worked on the Galileo programme myself. We got royally stuffed six ways from Wednesday on the satellites.

Horizon2020 is worse!



Hmmm - two things I hear a lot from Remainers.....

1) It was so close that the vote was meaningless

2) non-England are massive Remainers really.

Mathematically, those can’t both be true. If #2, then England must have been massively Brexit to make up the numbers.

It wasn’t of course, so #2 is just rubbish.

The problem for all of us, in either direction, is the echo chamber. We all think that the others are just a minority of idiots. They aren’t.

Poster is guilty of a third error though “people who disagree with me, would agree with me if they knew the One True Way. So, I will add the numbers of the other side to mine. Obviously, none of My Tribe will have switched allegiance in the interim, because by definition they are Intelligent, and would never vote as Idiots.”

GlobalFoundries scuttles 7nm chip plans claiming no demand


Not great.......

The only leading edge fabs left were Glofo,TSMC, Intel, Samsung.

Given the cost of new fabs, it seems Glofo have now bowed out of the top tier. That leaves only three....

Given that Samsung and Intel only make for themselves, it is now a TSMC monopoly at leading edge!

But also, what about the tools manufacturers, specifically ASML and EUV. Increasingly they are selling to monopoly customers, may lose their reason to exist at all, and then EUV may well die too.

Self-driving cars will be safe, we're testing them in a massive AI Sim


Re: L5

You seem to conclude differently, even though we are basing on the same NTSB report.....

“The self-driving software classified.....”

Let’s be clear: the “AI black-box deep learning” stuff is at the lower software layers.

Above that, a human coder at Uber wrote lines of code that said “if don’t know, do nothing until have figured out where object will be”. Do you think these things aren’t code-reviewed?

This wasn’t a “bug”, like a classification failure, or pointer exception. It was *the designed behaviour*.

That *is Manslaughter*. A reasonable approach, and what would be expected of a human driver: “don’t know = take action that will avoid either possibility”; in this case, emergency brake.

Uber have explained exactly why they didn’t do that, because they *already knew* the classification failure occurred too often in the field and would cause emergency braking too often. The problem is that Uber knew, and disabled the safe behaviour, because they wanted to test.

*There would be no reason to disable the emergency brake while computer controlled unless they knew that the computer control often put it in dangerous circumstances. You would do it the other way round: low level emergency brake should disable computer control*

This is *not* a failure of AI, any more than “Company handbook says that Uber drivers shall prioritise speed over human life” is a failure of paper.

It was company policy to prioritise testing of the classification algorithm over human life. They wrote that down in black and white in their company handbook, which happens to be written in ‘C’ and handed to a computer for execution.


Re: L5

If you live down such a road, then don’t buy it....

You will be in the 1% for whom this is the wrong car. For the other 99%, it’s great.

For example, my friend bought a BMW (rear wheel drive) lives up a hill that is a snow hazard. She is a good driver by the way, but finds that hill lethal in the snow. She decided she bought the wrong car, and changed to a 4x4.

Of *course* L5s can refuse to drive in dangerous circumstances. During the Beast from the East, half my friends stayed home. They *could* have made it with a lot of frayed nerves, but really would that have been a good idea.

Yes, there are people who *must* drive in those conditions. They are in the minority.

Xeon-bashing Tachyum claims its Prodigy CPU will run AI jobs as well as traditional apps


Re: Seriously, actually quite easy......

I had second thoughts....it’s both better and worse than that....

a) Honestly, I forgot that a 4x4 matrix would be 128 bits. So, it needs either some equivalent of an AVX multi-register, and (better) an additional 128-bit register load/store operation. Not exactly rocket science though.

b) There is a *major* advantage putting something like this into software. You get to use a Strassen or better algorithm O(N2.4) rather than naive O(N3) for large matrix multiplies, which I doubt you can on a GPU (although I haven’t thought this through, someone else may know more)

c) Ummm, what’s to stop Intel doing this on their Next Xeon.....Once Nvidia have pipecleaned whether it is really commercial with the TensorCore, this is just another fairly trivial AVX instruction for Intel. If this is a disruptive winner, Tachyum *still* get destroyed without even a course change by Intel.


Seriously, actually quite easy......

But probably dumb.

A TensorCore in an Nvidia GPU is just a 4x4 matrix multiply. That’s where almost all the deep learning “TOPS” come from.

If you took a 32-bit processor, and added a single FMA 4x4 packed INT8 matrix multiply instruction, this would easily trounce a Xeon.

Since they probably based it off an old dumbish RISC core they licensed for almost free, yes it will be smaller than a modern out of order ARM.

They presumably think that the clever thing is being able to do this without handoff to an accelerator (internal or external), saving cycles and latency.

But, these things are *never* about the hardware. They are about the software and ecosystem. Basically, who is going to write TensorRT for them, and even if done are prospective customers really going to buy into a small proprietary chip ecosystem.

But yeah, if you actually want this doing, I could probably do the hardware with a team of five or ten in less than a year.


Biting the hand that feeds IT © 1998–2019