Posts by doublelayer

Re: This All Falls Under The Category Of...

"Isn't there now a risk of a Streisand effect, where lots of other people will try & sneak code in 'for fun", since it's been proved to be possible."

I doubt it. It's not very easy to introduce something just for fun. Submitting a basic patch allows people to say they did something and not have someone angry at them.

"Might have been better for the kernel folks to have just had a quiet word with the Uni, while improving the processes which allowed this to happen."

Oh no it wouldn't. If people were going to tamper with the code, the research paper itself made that idea public. Keeping this quiet would have left that paper as the last word. What the Linux kernel community has done now is to demonstrate that maybe you can insert useless or dangerous code into the kernel, but if you get caught, they will target you with all the power they have. They have established a deterrent to people contemplating pulling the same kind of stunt.

Re: Place your bets...

It works all the time. If you're going to penetration test someone who asked for it, you coordinate with the person who hired you that you're going to do it. You don't tell them all the details, but they need to know who you are and at least a range of time you might do the penetration. That's so that, if you fail to penetrate and end up in the security office or the police station, they know to vouch for you.

Re: Place your bets...

I think that comment is missing the point.

"Still, one should question whether the policy of "Don't probe possible vulnerabilities because it might upset us" is such a great idea in today's infosec security targeting world."

Probing vulnerabilities in the code is important, and the Linux community doesn't have a problem with people doing that. Nor is there a problem looking at the ways people operate and suggesting that such ways lead to security problems. The key is that observation of others is good and probing of your own systems running others' code is good. Probing others' systems without permission is a very different story.

Consider a parallel. Penetration testing is important to ensure that security procedures are sufficient and followed. Hiring a penetration tester is a good idea. However, being a penetration tester of someone who didn't agree to it is not. At best, you have people angry at you though fixing problems you've demonstrated. At worst, you end up in jail. If these researchers had gained the agreement of someone in authority on the team that they would run the experiment, the community would probably be reacting very differently. They didn't even try to get permission.

Re: Force open source instead

Not really. Sometimes that's a problem, but most of the time, the stumbling block to third-party support is that the manufacturer has locked down all the things that you need. Custom versions of Android can run on phones with most kinds of SOCs. Certain ones are harder, for example because Mediatek doesn't release information about some of their chips, but the developers can get around some of that. Manufacturers have even less excuse, because they have access to documentation that we don't. They could update things but choose not to. Third-party developers can too as long as they have access.

They released those a few months ago. There's not much they could do for a new range so soon. Designing the M2 will take longer.

Re: Bloody Azure

"you could just add more internet connections."

Oh come on. The stated use case is about as clear a don't-use-cloud situation as you could imagine short of an airgapped environment. It's not cheap to run extra internet connections which you intend to be redundant. Cable connections may use common infrastructure, so you either have to pay for installation of alternate paths or hope that an issue with one won't bring down the other. Fixed wireless connections may not be available depending on the size of the factory, are prone to congestion, and may use common infrastructure as well. Satellite might be the best alternative to avoid those problems, but that also depends on the weather and available satellites. Meanwhile, from the sound of it, the server doesn't do anything for people outside the factory, so it's a lot more important that it is available to the other things in the factory than to the outside world.

There are at times advantages, sometimes significant ones, to using the cloud. However, even if the cloud providers manage to improve their uptime to 100% and reduce their prices by an order of magnitude, there will be some cases where it's still not the right decision. A situation where the users and the cloud are separated by unreliable or limited network connections is one of those.

"(yet, my instincts tell me that there is more to this - how far down DOES that rabbit hole go?)"

Then go digging. You have the freedom to do it. Just don't complain if you find the security researchers know more about it, having researched it for months, than you can find out. I've seen nothing which suggests Russia couldn't or wouldn't have done it. Nor do I find any major flaws in what I've read so far attributing it to them. The opportunity's always there if you can prove them wrong.

Re: Cult and control

That's fine, but not really complete. There are lots of subjective elements. What should the assumed environment be? Does the user use a single laptop screen or two large desktop screens? If there is a possibility of a mobile user, two interfaces or one interface? Should the desktop interface look like the mobile interface with additions so users who use both are familiar with it or should they be made to look like the interfaces of the devices they're running on so that actions are fast on each one? What are the key actions to be taken? Should the action be made fast or have lots of options? Should there be two choices for the same action just so one is fast? What about aesthetics?

As I've stated, I am not an expert on this and I don't want to be one. Still, there is a lot of subjective stuff when designing UIs. I subjectively think the Office ribbon is bad. I know a lot of others who also think the Office ribbon is bad. Microsoft stated at the time that it was better for feature discoverability. I'm sure they've done some tests on it. I've also heard people who don't think it's a problem. Similarly, I've seen such discussions about the window systems on Windows, Mac OS, and various desktop environments for Linux/BSD. Each group has some statistic they'll bring out for why their desktop is better. Each looks nice and numbery, and probably has some validity to it. Yet there is no agreement about which is best. Because it's subjective. That doesn't stop a bad interface from being bad for pretty much everybody, but it does eliminate the ability to find the epitome of excellence in UI design.

Re: Cult and control

The developers could be doing that, but they could also have a point. UI is very subjective. There are lots of UI changes that some people think are better. Others will hate them vociferously. Also, changing the UI is a guarantee of annoying most people. So it does to some extent depend on what change was suggested and how many people were familiar with the previous one. After all, if you maintained an office program and someone suggested you throw out all your menus for an ribbon of buttons which always seem to move when you're not looking, would you do so immediately?

In my experience, I try to minimize UI changes after the first non-beta release. Suggestions for redesigns only get through if the change is small (and I think it makes sense) or they've written a long, detailed description of why this improves the system and how users can be made familiar with the change. Improving the UI because "I know more about usability than you do and this approach is superior to yours" won't happen; both of those points may be true, but that's not enough for me to start from scratch with no support. Fortunately, I rarely have to deal with this because I don't like working on UI stuff and try to either stay to the backend or keep it simple.

Re: The concept of open source

"if your project has non-developer users and some sort of feedback mechanism then I think you should expect feature or usability requests."

You should, and you should take some of them. I do wonder if some of the negativity with which feature requests are received is due to users who ask for the impractical all the time. I'm on a couple of mailing lists for open source projects, some of which have quite a few non-developer users. I've seen plenty of normal feature requests which should get real consideration. Sadly, I've also seen people asking ridiculous things and not stopping when it's explained why that's not feasible.

One person wanted us (well, in that case I was not a core contributor, so them) to add a proprietary component because they preferred it. We pointed out that A) the software was GPL and the component wasn't, B) the component wasn't free, so in addition to changing the license we'd have to buy licenses for it, C) the software we produced was free to users so we'd just be losing our own money trying to do it, and D) nobody but this guy seemed to think this component was any good anyway. This was not the end of the bombardment with emails asking why we weren't going to do it. For another example, there was one person who wanted the project's resources translated into Slovenian. That's fine; the work had already been done to make things localizable and there are existing translations. No, that's not what the user wanted. They wanted us to find Slovenian translators and have them translate the resources even though none of us spoke it. I volunteered to simplify the process of creating the localization files so they could produce a translation. This was not the right move. This particular episode included some angry missives from the requester.

I wonder if the treatment afforded proper feature requests is due to things like this. If I as a developer think people will ignore me when I state reasons why I can't or won't implement something, I might be more likely just to ignore most people and only pick those feature requests which struck me as the most interesting. That doesn't make that the right approach, but it might go some way to explaining it.

Re: I am not sure if this is possible ...

This isn't feasible and doesn't solve the problem. It's kind of like the people who block IP blocks from cloud providers or various countries--if you can do it, it only blocks them for a few days before they move but it does negatively impact others. In this case, the scammers already appear to be coming from the U.S. because they use companies which are based in the country who in turn don't tell you where they got the line from. If this was prevented, the scammers would find new ways to route onto the U.S. network and lie about it with the assistance of the same kind of companies. Meanwhile, if you ever did get contacted by a call center, likely a callback you requested from some company which outsourced it, the call would be dropped.

One thing that would make a much larger dent in their operations is a caller ID system which does not allow forged numbers. If they couldn't keep changing their number, they would be easier to block, since phone numbers aren't completely free, but they would also be easier to track. A complaint against a fake number gets automatically discarded today. A complaint against a real trackable number can identify a caller or at the very least the unethical company willing to front for them. That can lead to much faster action.

Re: Broke my little toe...

"Does anyone win? I thought they just went on and on until everyone lost interest."

Or one player (you know who you are) is so relentlessly annoying and competitive that the others don't care what happens just so long as that player goes bankrupt. Queue a formation of a cartel of the other players. I'll give you the property which completes your monopoly and you give me the same. Build a bunch of houses on each one and by the way, rent is cancelled if you show up.

The Android client requires full network access, prevent device from sleeping, and write to storage permissions. All of those make sense to me. A report using the Exodus privacy scanner for Android apps on that client can be read here.

Re: CPU usage

It's not scanning the whole internet. At most, it just has to advertise its availability to the server which can connect it to the other machine. Machines which have not contacted the server need not be scanned. Machines which don't have a connection established also need not be scanned. That cuts out nearly all of the internet, and it is only necessary to check on the computers involved in the transfer, so that's probably 2 though could be 3-8 theoretically. That doesn't explain the CPU usage.

Re: Companies need to start lying (well, more than they do already)....

Wishful thinking, I'm afraid. Several ransomware attacks were known not to return decryption keys, yet received payments. Probably not as much as they would have if decryption worked, but they got sent money by people who didn't investigate them before deciding to pay up.

Re: Its impractical of course.

Please stop. There are lots of people who want to stop crime by completely eliminating privacy, but that doesn't make that right, practical, or even functional. If person A doesn't buy gift cards, but instead buys other items and sells them onto others, the problem is the same. Let me guess, we now need to present ID to buy anything that looks easy to resell?

There is already a method of doing what you want. Proceeds of a crime can be ordered seized from someone who knowingly received them, someone who didn't knowingly receive them but was contacted fast enough, or someone who has the ability to obtain them from the criminals involved.

It's an attempt to encourage caution about external resources which could host malware, request information, or try to steal SSO tokens. Clicking on the link versus pasting it doesn't really make much difference. Sure, there's a chance that someone will recognize a URL as malicious but not bother to check the URL on a link, but I don't think it's a large subset. Most users I've seen will either check where the link goes before clicking it or cheerfully copy and paste a link to iamactivelyevil.com.

Re: Stop using MS Windows is also an option

"Still scratching my head how in the world it is possible someone manages to design, produce and make truckloads of money of an Operating System that allows its kernel, device drivers and boot code to be changed by a webpage, email or a pdf."

Simple answer: they didn't. Your OS's core components can't be infected by opening those things unless they've found one massive vulnerability, and they probably haven't. In most malware attacks, the powerful application is a binary, executed on the machine. The user may be prompted to download the binary by a website, but the website didn't do it. Or the binary might get installed by modifying something they already have installed. Or a password is guessed and someone manually executes it. These are the very common things.

Yes, there are vulnerabilities allowing an attacker to do drive-by attacks without the user or someone with user-level access executing something. They are somewhat rare. They're also found in all OSes. Linux, Mac OS, Windows, Android, IOS, you name it. That's basically impossible to prevent because there is so much going on. Implying that Windows has a lot of those and they are the cause of lots of malware infections is incorrect. For many attacks, the people to blame are the users who executed it and the administrators who didn't protect the method used to attack. Some of the time, the blame is squarely on one of those. The original developers deserve blame too at times, but not as much as you may think.

Re: We have created this mess for ourselves

"What was once a perfectly safe conduit for plain text, is now a funnel for all manner of shite, because "we" yearned for increased functionality, or rather, developers thrust it upon us, in the war for market share."

I'm sorry, but in most important respects, this is just wrong. HTML email does allow a few exploits, such as embedding an image to check when somebody is opening the message, but that's not a major security risk and the privacy risk that does exist is mitigated by most modern mail clients and some mail servers. Opening an HTML email doesn't in itself give the attacker access to run code.

The exploits which have worked so well over email are all hacking the human. Open this attachment which is an executable but looks like a document because the OS doesn't show extensions. Open this document which is actually a document but contains macros. Go to this website and enter the information on it (if the user copies a URL or clicks a link, they're ending up in the same place). All of this was as possible with text-based email as it is today. A few of the risks that make it more dangerous, including the structure of the protocol meaning it's possible to impersonate anyone and a lot of servers will just trust you, are leftovers from that old text-based conduit which was never secure and still isn't today.

Back in those good old days, it wasn't that email was more secure. In fact, it was almost certainly less secure because we have found some things that could easily be fixed. The reason it felt better is that there were fewer attackers and fewer users who were biased toward more familiarity with the technology and its risks.

Re: OVH

Sadly, it also shows the number of people who don't have multizone setups and don't have the ability to recover quickly. There's a site I wanted to visit on March 25th which didn't work. Turns out it went down on March 10th and is run by a French company. It's still down today. I would expect that they would have the necessary backups to get a webserver back in operation in a month. One datacenter can be very important to small operations, though with cloud it shouldn't be.

Re: Future Gazing

True, but that's just more data. We can store the instructions to decode data and people can find it. Consider the Arctic code archive Github did last year. Included in that is the source code for a lot of things you can use to read files of various rare types. There's undoubtedly a Fortran compiler up there. Even if they can't figure out the instruction set to which the compiler will compile it, they should be able to work out the syntax and reverse-engineer your code if they care enough. The source for FFMPEG isn't on Github (or maybe someone cloned it), but that's likely stored on lots of disks. That's a really useful way of accessing video or audio data once they find it.

Archaeology is difficult. They have to figure out a lot of details that the creators of the artifacts didn't specify. It won't miraculously be fixed by our ability to create copies of stuff, because they'll still have to work out things like the languages we use and how our stuff worked. It will be made easier though because we have a lot more information for them to find and that information is harder to lose or destroy.

Re: Future Gazing

I'm not sure that's as problematic as it sounds. The pyramids are still here, but I'm sure there are various things we have built which could also remain here if we didn't do anything to it. There are artistic constructions which we aren't going to take down and won't just decompose on their own. Unless we have a war which destroys them or somebody comes along and really hates them, they will remain there. Remember that we don't have a ton of ancient Egyptian office buildings to investigate; we have the constructions which had an ornamental purpose and were preserved to retain it. We will do the same.

On data, we have a lot more power to preserve it than our ancestors did. A thousand years ago, there weren't many copies of documents, they were stored on stuff that is really easy to destroy, and copying them took a very long time. A fire or flood in a library would destroy a lot. Just to make it worse, the library was made of wood, people used fire to heat it and see, and it was next to a river so the inhabitants could get something to drink. Lots of information died then and there. Meanwhile, individual data storage devices degrade, but we have the ability to copy information without error and reproduce it on multiple continents in minutes. Also, libraries today have started to buy out Cold War bunkers to store their material. I think those are a bit more resilient.

Not only digital things. There are millions of paper copies of the same books where our ancestors wouldn't have them. Even with a global catastrophe, the chances of one of those surviving for archaeologists to find it is a lot higher. This also applies to documents which wouldn't have been kept. In centuries past, routine business documents, if they were created, were erased so as to reuse the paper. Eventually, they were just burned or trashed because they weren't needed but the space was. Nowadays, they're just archived because it's cheap to keep a year's records on a tape. Some places will eventually decide they don't need to keep that after all, but some others will keep it out of laziness alone. It's so cheap to store data that I have copies of Wikipedia and a few other encyclopedias on my own media, along with a bunch of nonfiction books and other documents that would be rather nice sources for life today if you needed that. And that's just data I intend to use myself. There are projects to archive all sorts of data with the goal of future availability firmly in mind.

Re: Political football

And, using that argument, technically you as an individual also pay no tax, because you pass it all onto your employer. It is included in your income. Also, you pay no tax on your investments or property or anything else for which you get a tax bill and pay money if you consider it as ingrained in the cost.

It's not in the cost. It is a separate cost. How a change in taxes is handled depends on the actions of the person or company. If the tax rate goes up, companies may increase prices, decrease expenses, or report less profit. These are all options and are all used. If tax rates don't go up, companies may also increase prices and give the money to somebody else. It's a decision they and not the tax authorities make. It's not correct to assume that any increase in corporate taxes takes the form of price increases.