Posts by Justthefacts

Re: De-duplication?

To give an idea of just how bonkers USB-C has become, in its design-by-committee-every-stakeholder-must-be-appeased, here are some functions now included in your *wall-wart*:

#1 Firmware Update. That’s right, your electric plug now gets firmware updates. Which means that wall-wart malware is now a thing. Turn your Office Nemesis electric plug into an untraceable device-specific-zapper they’ll never suspect. Months of schadenfreude fun.

#2 Talking about malware…..you know how you shouldn’t plug untrusted USB devices into your laptop? Well, congratulations, now *every charging point is an untrusted USB host*! Hurrah! You too can recharge your laptop in the coffee-shop helpfully-configured as a USB-C socket, and get pwned.

#3 Authentication hashing. Yes indeed. Your home electric plug now needs to be able to compute crypto hashes to power a toothbrush. Sigh. Digicert 128bit, if you’re interested.

#4 Are you a National Security Agency who wants the ability to insert functionality into *the electric plug* to either - a) trace every single device in your country, since it has to be charged at a plug quite regularly, or b) Something even More Evil?

“The Country Specific Data field Shall contain content defined by and formatted in a manner determined by an official agency of the country indicated in the Country Code field.”

#5 Have you ever thought to yourself - my laptop is nearly run out of charge for a client presentation, but my electric toothbrush and vibrator both still have charge, so why can’t I plug both of those into the laptop to back power it at the instant it runs out, seamlessly, using the power of both simultaneously? You have? You’re in luck! USB-C has a *specific* and highly complex bus protocol designed just for you!

It’s an electric plug. FFS.

Re: De-duplication?

No, that’s exactly the point. You *can’t* use your hair-straightener USB-C charger for your smartphone. Or rather: you can plug it in, and it will charge, but really slowly, probably not efficiently, and quite likely long-term killing your battery life. And none of this is marked in any way on the charger. The consumer is clueless about what they are signed up to.

The USB-C spec is *so complicated* (over 800 pages), that not even the manufacturers of your hair-straightener charger would have an earthly clue of the difference. But it’s there, and it’s massive. The charger can (and if proprietary designed, does) take into account *everything* in the unique characteristics of the target battery.

The USB-C charger can read the battery chemistry, temperature, country of manufacture, manufacturer ID of target device. It’s expected to *download from the internet* a firmware device driver of the optimum charging profile, if it doesn’t have it. Yes, really. Because the spec was designed to be either full proprietary shipped with the device, or on a laptop port charging your device.

The USB-C spec is insane. And it’s nothing like the “universal non-proprietary wall wart” that you think you’ve been sold.

https://www.usb.org/document-library/usb-power-delivery

Re: Uncle Sam

Indeed by definition MPs shouldn’t intervene in an investigation run by an independent agency. Where you and I differ, is whether such an *independent* agency should exist in the first place. And this is nothing to do with Data Protection.

The way we (always have) done things in the UK is that we have a democratically elected Parliament, who can make what laws they damn well please until removed from power by the electorate. The Civil Service have traditionally no independence at all. By design, because we deeply distrust and despise non-elected people with such authority, and with good reason because all such states ruled by “experts” have proven to be quite savage dictatorships within very short space of time. Plus we have an *independent judiciary*. That is our separation of powers. There is simply no such thing as a non-elected entity with rulemaking authority that is not the judiciary. That’s how we do it. If you don’t like it, then frankly go f* off to a Napoleonic code country where they choose to do things differently, and also BTW have politically appointed judiciary

. In the past two decades there has unfortunately been a creeping “independent quango” cancer in the UK affecting many areas. Deeply dangerous. Not imposed by the EU, but also not entirely unrelated to the mindset with Tony Blair and his cronies.

So, no, I don’t think MPs should “intervene”, because I think these issues should simply be decided by elected representatives in Parliamentary Committee. The way our unwritten Constitution has always done it.

Re: Uncle Sam

Some are, some aren’t. In Germany, it does *not* report to Parliament. It’s an “independent federal agency”. The Commissioner is appointed by Parliament, and gets its budget from national, but is “under no external supervision”. Once appointed, Parliament can’t remove or censure. It’s a judicial system, not a civil service department. You can argue whether that’s good or bad, but they *dont* report to Parliament, neither can they be dismissed nor censured in any way.

https://en.m.wikipedia.org/wiki/Federal_Commissioner_for_Data_Protection_and_Freedom_of_Information

“Intervenes in a case….they’re not supposed to”. Yes, you do agree with me. So what happens when people do what “they’re not supposed to”? They get prosecuted for breaking the law. My original statement and point was: this isn’t the *Dutch governments fault*. As an MP they can’t just randomly decide “we shouldn’t do X because it contravenes GDPR”, if an independent body has explicitly said “no it does not contravene GDPR”. They would be doing exactly what you said they are not supposed to. They would be contradicting a judicial system. The system has cut the legs out from under them.

“They apply national law”. No, that’s not correct. It’s so much more complicated than your list. That’s one of the problems. They now have to account for what is done cross-border, and also apply other countries laws inside their own borders. It’s madness.

https://techcrunch.com/2022/04/28/cjeu-gdpr-consumer-litigation/

But anyway, by the end of this year all the GDPR is being changed to remove the derogations, and national entities won’t

National courts do *not* have primacy. Not only the national court can apply to the ECJ, but also the losing party to any case, which happens almost every major case. ECJ has heard well over 100 cases.There have only *been* 1400 cases. 10% of all cases go to ECJ. So whatever you think in theory, the practice is different. Hint: where was Schrems II adjudicated?

Re: Uncle Sam

Which bit do you disagree with?

That the National Data Protection agency is a quango, not under governmental control?

What happens, in your view, if an MP supervenes?

What law do *you* think they apply?

Which court do you think has primacy?

Unless Sneerclub writes its position down, it’s difficult for me to provide link explaining why what you think you’ve been told doesn’t match the legal reality.

Re: Uncle Sam

In this specific thing, that statement was exactly correct. As *you* know no doubt too.

While it is correct that the enforcement is derogated to “National Data Protection authorities”, these are *appointees*. They are specifically designed by law to be independent of national government. And the only law they answer to is EU law. The ultimate arbiter is the ECJ.

An MP who attempted to interfere with that process, even if they ran on a public platform and had 100% approval to do so, can and *would* be extradited to stand criminal trial.

You really have no idea what you are supporting, do you?

Re: Uncle Sam

Well, it’s hardly their fault, is it? The rules on privacy and tech giants etc are set by the EU Commission. National governments have no more power in this than a bunch of blokes chatting down the pub. As long as the Commission decide their rules are adhered to, intervention by governments would be not just illegal, but actually a *criminal* matter against the Dutch MPs involved. Sedition isn’t just a fancy word. Ask Carlos Puigdemont.

World’s smallest violin.

You supported this system when they handed down decisions you approved of. You can hardly complain when the decisions go the other way.

Password managers

*All* of those clever password managers are effectively Single Sign On. Doesn’t matter whether it’s something open source like BitWarden. Or explicit but from a hated megacorp, like using Chrome to generate and store your passwords in-browser. Or distributed to an online website, like Facebook login.

At core, it’s all the same security issue. You can’t *reliably* store N different keys in your brain. Therefore you have to put all the keys in one cupboard and lock them with one master key. If that master key gets compromised, you’re screwed.

Re: still not getting it

I’m not so familiar with the laptop market. But in smartphones, Apple also have 15% market share. However, they make *50%* of all the profit. At the other end, the “bottom” 50% of the smartphone volume market….make *5%* of total smartphone profit.

And worse still, if you look at the bottom 25% of smartphone volume….they are operating at *net loss*. That’s net loss, despite the fact they have zero R&D. It’s not even remotely sustainable for a Western company, and not intended to be. That’s China subsidising it’s local market. Capitalism doesn’t have to work the way you like.

If you *want* the EU to be in the same position sponsoring all its manufacturers to make net losses on RISCV, go right ahead.

Re: The biggest catalyst for the adoption of RISC-V...

Are you under the impression that 2.5billion cores shipped (over a four year period) is a big number?

See, this is your problem. ARM has shipped 200billion cores. For all the trumpeting, RISCV has shipped *1%* of ARM. ARM ships about 2billion cores per *month*. And ARM are by no means the only player at the low end. A quick Google finds - about 25billion PIC controllers, for example. And most engineers can name another dozen MCUs that *each* shipped 25 billion cores.

2.5billion RISCV cores, over a multi year period, doesn’t put it in the top ten, I’m afraid. And likely never will.

Re: still not getting it

There’s engineering opportunities all the way up the capability stack, but I agree the majority of the revenue comes from the broad base. If that’s “most important”, so be it.

But where on Earth are you getting “ RISC-V offers a price advantage and an extremely competitive performance and power efficiency.”? That’s demonstrably and factually opposite to the truth on all three counts. Why are you saying these things? Name *one* RISCV chip that wins against its specific competition at that market point. One.

“If you need some sort of special fixed silicon integrated”. Like what. *Exactly*? This is *incredibly* rare. At each level of the embedded market, there’s already a solution that does essentially what you need, and very efficiently. If you just want a control logic, there’s MCUs that are cheap, efficient, and the software will wiggle the pins appropriately.

There just *isn’t* a use-case for that much specialist silicon, where you want to tightly integrate it into the CPU. Because if you have a special application that needs to, say, exponentiate the Wronskian of a 14-dimensional matrix of quaternioms very efficiently, guess what you do? Same as we’ve been doing for twenty years. Code up a silicon accelerator IP block in Verilog, hang it off the memory bus, and for extra credit bodge on an RDMA so it doesn’t tie up the CPU to load the data. Leave the CPU alone. The rationale for integrating it as an *instruction* into the CPU is incredibly weak.

Re: Plenty of reasons to choose RISC-V

If your design or use is affected by ITAR…..then your *first* hurdle is the ITAR status of the FPGA hardware. Almost all the FPGA manufacturers are US: Xilinx, Altera, as was. Selecting a particular IP core as being non-US, and slapping it down on a US part is just such nonsense.

Of course, if you are implementing on that EU BRAVE shit, you are so far lost from real engineering that it is no longer worth discussing.

Re: Embedded FPGAs

Why?

Given that most of the FPGAs of the size that you’d want a CPU core on, ship already with a hard ARM core on, for free. You either use it, or it sits idle. And it runs at 3x clock speed a soft core will.

Or, you buy a cheap teensy little FPGA that doesn’t have a hard embedded CPU on it, and just use any of the over a dozen free CPU soft IPs that you’ve been able to download for over twenty years now. Microblaze, openMIPS et al.

I know bad engineers tend to put this shizz onto their designs to pad their CVs out with buzzword bingo, but honestly it’s not doing you any favours.

Re: Some serious questions.

“Wild” is changing CPU family, just because of differences in how some module manufacturers hook up the pin out on the module.

“Intel for some reason”….but we all know what the reason is. A small niche customers apparently care, and there is a solution for them, at the module level. If it were a larger niche, Intel would make a separate CPU without ME. But that would increase costs, to support more SKUs, and they assess that having the module manufacturer solve their problem is just fine. This isn’t really that complicated.

It’s just nonsensical to say “[RISCV] is a CPU architecture that doesn’t have this feature”, because the feature isn’t part of a CPU core architecture at all. And even if it were, RISCV is an ISA, not an architecture. What I think you are confused about, is that you really mean “Intel has this chosen to implement this feature [on x86 chips], whereas the companies that would like to manufacture RISCV chips if they could make it commercially viable, currently have no plans to implement the feature”

If you think the chip that Esperanto or SiFive make is so great, buy it! Oh look, *they aren’t selling them as a volume proposition*. Look what happened to SiFive:

https://www.sifive.com/boards/hifive-unmatched

Take a step back. Really?

NOTE: Due to incredible customer demand, we quickly sold out of our production run of HiFive Unmatched boards; with COVID-related supply chain issues, we have decided to focus on the upcoming, more powerful development system based on the Horse Creek SoC and platform co-developed with Intel rather than trying to restart HiFive Unmatched production.

So….they sold “ a lot” whatever that is. But couldn’t make it at the price they needed to sell it, and had no industrial muscle. I bet *I* can sell lots of ten pound notes at five pounds each. It’s not hard.

And at a time when every other semiconductor company was making out like bandits….they decided *not* to attempt to sell stuff; and partner up will Intel instead. That’s Evil Intel to you.

Do you think this Horse Creek SoC will have an ME on it? Bet it does.

Re: Some serious questions.

“Ah, you’ve picked the wrong implementation”….

Your problem as the manufacturing buyer of the chip for an electronic end product, let alone the end consumer, is knowing whether such guidelines have been adhered to.

Currently, you know your chip has an ARM Cortex on it. That’s really all you need to know. It’s a brand, and tells you how much real engineering stands behind it.

But *by definition* if open source becomes a thing, brand defining security reputation disappears. You tell me that Esperanto is good. I have no idea. That presentation certainly doesn’t fill me confidence, it’s very surface schmooze, he obviously doesn’t understand the deeper issues. But if Esperanto becomes the new ARM…..then that’s all it’s done. A new proprietary leader.

Please tell me that the open source world understands Spectre deeper than that Esperanto guy. Otherwise we are in for a world of pain.

Re: Some serious questions.

I’m not debating the threat model. All you’re doing is saying “Intel made a bad security decision, and I don’t like it”. But people who agree with you, apparently are provided in the market anyway. ME-disabled modules exist.

This is *not* a silicon issue. It’s just *wild* to jump and want to leave the x86 ecosystem entirely.

Plus, it doesn’t address the problem *at all*. Let’s say it succeeds and RISCV becomes widely available. Many RISCV manufacturers are bound to put remote management cores on their silicon too. The EU has proposals to *legally require* them to, to enforce a secure networking enclave around the whole of Europe, but that’s another matter. Now you are faced with several different RISCV implementations; if you pick the one that happens not to have put a remote management core on, their *core* RISCV is still proprietary implementation. It will have its own CVEs. Just like Spectre has been mitigated for Intel silicon, every single distinct RISCV implementation needs its own security analysis and individually specified set of CVE workarounds. So what have you gained?

Re: Some serious questions.

The other thing that is important to consider about RISCV security: Unlike Intel or ARM, there is simply no canonical RISCV implementation that we can have confidence about vulnerabilities, nor even a definitive set of such. This will not be like “Pentium has a floating point bug”. It will be “some significant proportion of the worlds CPUs are vulnerable, but we don’t know in which products and can’t check”. Think Log4j, but *in hardware*.

So, for example, in 2018 people were worried about Spectre/Meltdown, asked about RISCV, and SiFive categorically said “well, we are not affected…..[because we don’t use out-of-order speculative execution].

Spin forward to 2022, where there are lots of out-of-order RISCV implementations. So I took a quick squizz at the top hit on GitHub. This one:

https://github.com/rsd-devel/rsd

What I can tell you from inspecting the Verilog is that this specific implementation as of today * is definitely vulnerable to Spectre*. There don’t appear to be any bug reports, so I don’t think anyone has even thought about it It’s touted as being “very fast, low footprint, works on FPGA”, so probably the authors weren’t that interested or skilled in security. No, I don’t have any interest at all in “responsible notification” or helping fix their code or any of that shizz. Nor in finding out how many other RISCVs are vulnerable, or which ones we should care about, nor going down the classic excuses of “works on my machine”, “fixed in tomorrow’s version” or “Yeah that microphone driver never worked on Pop, try Mint instead”.

Re: Some serious questions.

Sorry, you’ve totally missed my point. The remote administration is simply Intel exposing “the Crown Jewels” via an authenticated interface to the outside. *All* platforms have “the Crown Jewels” exposed at the silicon, but the others simply don’t route it out of the module.

“Trusted Execution Environment” makes zero difference, if someone can attach directly to the chip pin out and single-step your code with breakpoints. This is nothing to do with threat model, or whether it is realistic. Simply that if you are unhappy with the remote administration, your problem is with the module, *not the silicon*, and it is the module you need to fix which isn’t even made by Intel.

Re: Some serious questions

Fine. I didn’t know that. I’ve got no issue with that.

We agree then, it’s just not a big deal to design the external module to bypass it, and it’s fully commercially available to those who want to. I’ve got no idea how the bypass module is priced, as that depends more on customers willingness to pay on a niche product. But the additional manufacturing cost is unlikely to be more than a couple of quid for a small flash. Hooking up a couple of pins differently on the PCB and a one-dollar chip is just nothing to consider jumping to a totally different CPU family.

Re: Some serious questions.

Like I said. Those Intel CVEs refer to external people being able to hop directly from USB to control chip internals, *incorrectly without authentication*. On the RISCV chips *there’s no authentication to start with*.

What you probably don’t know (I’m assuming based on your comments), is that pretty much every chip ever has been available to hardware debug over JTAG, connected to your outside PC by a USB to JTAG debugger bridge, and in the last couple of decades that USB has been integrated into the chip.

You can *always* single-step the entire chip, write anything you want into any register, read back all data without hindrance, and disable any security. Over the USB. For obvious reasons, that’s a security problem. So for consumer PCs etc, the USB debug port is not connected to anything one can access from outside. At the *chip module* level, not silicon. Effectively, Intel have said you can leave in that connection off-chip by adding an authorising on-chip entity.

RISCV chip implementations discussed have *no authorising on-chip entity*. If you just look at the silicon, if you hooked up to the debug USB, you simply have complete root access to the whole thing, single-stepping and everything. The only Defense is that the module manufacturer didn’t hook up the Debug USB to the outside. That’s it. That’s really all we are talking about.

Re: Some serious questions

Motherboard manufacturers can do it, as an optional extra, if there were a demand, not “granny”.

[also, not a firmware for the ME. Effectively an external BIOS that bypasses and disables the ME.]

But obviously, Normal Human Beings *don’t* care, they can just have a standard mobo that leaves ME enabled. It’s *your* hypothesis, not mine, that there is some “security-conscious” customer somewhere who does care, enough to pay £20 extra for an extra widget on the mobo. I’ve seen no evidence other than the fevered imaginings of this board that anybody anywhere cares.

Re: Some serious questions.

I’m not expecting everybody to be able to do this. My skills are relatively orthogonal to most IT people - there are many “very basic” IT-type tasks that I don’t have any knowledge or skills in at all, I’m far more on the hardware/embedded end.

I’m simply pointing out that, if, as claimed, Intel ME is such a big deal to the end-customer, it’s relatively easy and cheap for a middleman to design & make a specialist module that takes it out of the loop. And if the hobbyists can’t get one made, they should just shout across the wall to some decently-skilled embedded-specialist mate. It’s far cheaper and lower impact to do that, than upend the entire CPU ecosystem.

But, as a matter of fact, I *don’t* believe Intel ME is a real problem to anybody but the chattering classes looking for a stick to beat Intel with. I can’t think of any *real* reason to worry about it’s security other than shroud-waving: any secure system is going to be air-gapped anyway, plus TEMPEST etc. If you are worried about someone reaching in through the ME, then why aren’t you equally worried about people snooping in over the JTAG and the debug buses for RISCV? On RISCV, it’s open season for hunting pheasants. Or Differential Power Analysis? Have any of RISCV implementations been checked to be DPA-safe? No, of course not. Or anyone snooping the airwaves for radiation from the memory bus? Do any of the RISCV implementations support native encrypted RAM? No, of course not.

“Worries” about Intel ME are just FUD with an agenda.

Re: Some serious questions.

Sigh. If this is *really* your beef with Intel, it’s fairly easy to disable Intel Management Engine.

No, you can’t do it “from within Linux”. You will have to connect to the underlying hardware via HW debugger, and have read the actual CPU documentation properly. But it’s perfectly within the capabilities of a decent software engineer with embedded experience.

The “difficult” bit is rewriting what are effectively drivers (from my POV) that now need to be external, for the main CPU boot, to take over what the IME is supposed to do. But of course, once you’ve written a script, then it’s done.

I wrote one (various reasons, practical engineering rather than paranoia related), but since I’m only an average rather than a great software engineer, it’s a bit flaky and targeted to the one specific CPU running our kit.

If this were a real problem, it would be fairly easy to productise this onto a consumer module….if the alternative is “investing” hundreds of billions of taxpayer money into re-inventing the entire semiconductor supply and design chain on nationalist grounds.

Re: Finally a solution for in car satellite radio?

Are you assuming that LEO satellites just will have more power density to ground than GEO?

If so, that’s wrong. It *may* be sometimes correct, but there are too many other factors to make it a useful guide. Distance is not the only measure.

First off, a typical GEO is about 10x larger than a typical LEO, which means 10x solar panel size, which means 10x electrical power budget.

Second, GEO satellites can have truly massive antenna dishes, 10-15m+, which goes most of the way to mitigating the orbital distance penalty.

Third: at each power level, you have to work with power amp technologies and modules that actually exist and can be procured, not just extrapolating off the end of a graph.

Fourth, cost,cost,cost

There simply isn’t any way to definitively decide whether GEO or LEO has the advantage, other than doing a full costed system study end-to-end. When I were a lad, in the first 5-10 years of being a satellite design engineer, I was convinced that if one could only understand it at a deep enough level, you’d be able to intuit it from first principles. After twenty years in the industry, and personally being involved in, and then running, over a dozen system studies, I accepted the brutal truth. There’s no shortcut. You’re going to need to do the detailed work, and it will take ten experienced engineers a couple of months to calculate the right answer.

Re: Hmmm

He did. He was wrong. That’s impossible for good technical reasons. It costs at least double to provide mobility. He should have known that, but he didn’t because he doesn’t know much about telecoms. But he’s learning.

Re: "If Starlink detects a dish isn't at its home address, there's no guarantee of service"

Sigh. No, it’s very different. Engineering modems to be able to cope with mobile (fast-fading multipath) is complicated. Mind-bogglingly complicated and expensive. Total global R&D is about $30bn *per year*, for a decade, of which probably a third or more goes on solving just that one problem.

Elon is *launching* thousands of spacecraft. Plus building those spacecraft. Plus designing the modems on those spacecraft. His total available R&D spend for modems is maybe at best 2% of what 4G cost. How much are you expecting him to add engineering effort on, for a use case that doesn’t exist yet, and that *you don’t even want to pay a single cent for*. I can tell you how much engineering he did on that use case: he allocated exactly as many dollars as you are prepared to pay for it, on top of the Fixed case. Zero.

It’s no use whingeing “but the Fixed scenario is already expensive”. Yes. Yes it is. It has to pay for thousands of spacecraft, more by a factor of ten than have been built in the history of humanity. What were you expecting?

Re: "If Starlink detects a dish isn't at its home address, there's no guarantee of service"

Well, an aero sat terminal normal cost price $30k for a cheap one, $250k for one appropriate to a commercial jet.

If Elon is selling you the same terminal for the $1k you’re paying for your home Starlink terminal, then you’re getting an exceptionally good deal.

Suggest you buy the home terminal capable of aero terminal functionality ASAP at a saving of a smidge under a quarter of a million dollars. Before Elon notices what a doofus he’s been.

Re: "If Starlink detects a dish isn't at its home address, there's no guarantee of service"

Yes. Yes it is. Do you not have a satcoms engineering background?

One word: multipath

Two words: Rayleigh fading

Three words: Savage fast fading

Re: "If Starlink detects a dish isn't at its home address, there's no guarantee of service"

There are more and less congested regions of the earths surface. Obviously, Starlink are going to allow new subscribers in the less congested regions, but will have to cap capacity in the more congested regions.

The fact that the satellites are moving is irrelevant. At any one time, there is a maximum of X satellites above each location to provide service.

As to the mobility angle, I think you are thinking about the Doppler, no that also makes a difference. 7km/s for line-of-sight does cause Doppler, but in a pretty trivial way to compensate. But as soon as you are driving through areas, you need to think about reflected signals and that means compensating for Rayleigh fading. It’s a very,very different problem.