Schneier on Security

Clive Robinson • October 5, 2019 11:17 AM

@ John,

When I load the New York Times website am I in a public space or a private space?

As far as I’m aware under UK, US and other WASP nation jurisdictions the Internet has no “Public space”.

That is you either own or rent your computer and it’s connections and all your communications travel across privately ownd cables and equipment.

It’s also been said that 1980’s US legislation brought in by Ronald “Ray-gun” after he had watched Mathew Broderic in War Games is so broad, that what should be properly covered under tort/civil law now has inherited criminal status. That is breach of a simple TOS agreament is now covered by criminal sanctions…

Pay a lawyer a fee for his opinion, but don’t be supprised if they advise you that in effect what ever you do on the Internet you will be acting against someones policy.

Have a look at this piece of madness from Rupert Murdoch and the usuall US Telco suspects all of whom want to data-rape you,

https://www.techdirt.com/articles/20190929/16484543093/telcos-rupert-murdoch-pushing-nonsense-story-that-google-helping-keep-your-internet-activity-more-private-is-antitrust-violation.shtml

Clive Robinson • October 6, 2019 5:09 AM

Something for the weekend

Got nothing to do with the kids this weekend?

How about a practical demonstration of a “Replay Attack”. In a fun way, where you unlock a car[1] with less than 100USD of unsuspicious parts?

https://m.youtube.com/watch?v=M2JY1_Xmokg

Yup it realy is that easy for some older[1] cars.

[1] Since the replay attack on electronic car keys has been around for a while now, some, but only some car manufacturers have more expensive “rolling code” and similar defences against rrplay attacks. The problem is in many cases the “rolling code” is way to easily worked out[2].

[2] Although the file gets called unlock.iq it is if you listen a stereo WAV file. The number of editors and other software tools for playing with WAV files is immense. Thus you can very easily see the actual transmitted data and with a little thought and effort pull out the “changing code” from the static data. If you have access to enough key fobs there are fairly standard crypto attacks you can use to analyze and then play with the code…

Clive Robinson • October 6, 2019 9:20 AM

@ Horton,

WASP nations? Had a good laugh here…

It stands for “White Anglo Saxon Protestant” and more or less covers the same teritory as the “Five-Eyes” but takes less typing.

There are a number of such phrases and their oragins are not what you appear to think

Clive Robinson • October 9, 2019 8:38 PM

@ Cosmic Creepers, Sherman Jay,

This quote from the Collapse OS website explains a distinct lack of current knowledge,

“Computers, after a couple of decades, will break down beyond repair and we won’t be able to program microcontrollers any more,”.

Whilst it might and I say only might be true of the technology (I still run an Apple ][ from the late 1970’s and cordless phones I designed in the 1990’s are still functioning well, as are some “Well Head” intrinsically safe RTU’s from the 1980’s and other Industrial Control Systems, Oh and some Mil kit I designed is still not only in service it’s still advertised as being sold as new).

It does not reflect on the “wet-ware” or MeatSpace dwellers known as “Jo(e) Public”.

As a few of you on the US East coast might have noticed there was a bit of unpleasent weather a few weeks back that worked it’s way up through Grand Bahamas… Anyone actually heard the news about what has happened about crime and such like there? Some are actually stating that those on average well paid US Citizens salary and above might not go back as “The Dream has been Killed” by the looting etc etc.

As some of you may know I don’t do U-tube or such like on any of my computers etc. However my son does and we both share a morbid fascination for “SHTF Preppers” they are realy “road kill reality TV” and for anthropologists they would make a fascinating sub-group study.

Now unpleasent weather can have other effects, a strong wind a rotting tree and powerlines is not a good combination, made worse by profit driven lack of “preventative maintainance” and “capacity planning” adding cascade fail into the mix. The result was a power outage over a hundred Sq mile area or so giving rise to the loss of power to many homes, shops, businesses etc.

One such home had a “good old prepper and a stepfamily” in a multiple occupancy building. He had his hundred days of rice, beans, MRE’s[1], caned spam etc and ten gallons of water per person in bottles and more for washing and other sanitary functions. However… He had a problem or three…

Firstly his prepardness for cooking was shall we say “recommended” by other “preppers” and as he found –and anyone who can read what it says on the tin– Steno food heaters are only “to keep food warm –sort of– not for heating up pre-cooked food out of tins or plastic / desicated camping food, or to get water up to a rolling boil for long enough to make beans safe to eat[2] or actually cook anything edible let alone appetising in the slightest.

Which secondly the family apparently refused to touch Dad’s “prepper food” –unsuprisingly– and the man found himself driving twenty to thirty miles to get “cheese burgers” etc from fast food joints outside of the effected area. Which as every one else was doing the same thing, was causing not only hour long ques at the MuckyThrowUps it also caused gas shortages etc…

Thirdly, both my son and I were having what you might politely call “an unreality moment” (ie WTF) when the prepper said he was going to get rid of the Steno and use a camping –propane– gas cooker in his basment and use the extractor pipe for his washing machine as a chimney…

Apparently the prepers saving grace in the whole four day event was some “Home Depot Solar panels” and battery, that not only gave them a couple of LED lights for night time, it also kept the mobile phones and tablets charged up… Yup for most of that family priority #1 was smart devices…

Remember folks preppers are the ones allegedly preparing for EMP / nuclear war, Bio/Chemical warfare, 1000year Solar Storms and other major globe stopping events that lead to a total break down in society hence “SHTF” (which I’m told does not mean “Society Has Tanked Fast 😉

The point most miss is, that as climate change events are on the increase hurricanes and other unpleasent weather are becoming more frequent and the free market demand more profit, thus cost cutting means more cascade fails…

Further the general population under 30 appears not to have an iota of knowledge about basic camping let alone more indepth skills, unless their parents pushed them into it when small. So even those who think they are getting preppared are not doing things even remotely correctly (see how many don’t mention having 100Kg of salt, 100ltr of vinigar, 50Kg chilly powder/flakes and large quantities of unperfumed Sodium hypochlorite, and Sodium Hydroxide).

In short if the average First World prepper can’t hack the little bumps in the road of life as ~75% of the worlds population can almost every day. What are their chances if “the big one comes down the pipe”?

Unfortunately like much of the population if there is no external help they will be dead in a very short period of time (50-300hours). Depending on the time of year two months for a few, and the chance of making it to two years slim to none for upto 90%. Depression, violence, dehydration, starvation, disease, injury, malnutrition are the order of things most likely to kill people[3]. With hypothermia and heat stroke being seasonal killers to spice it up a bit.

So saying,

after a couple of decades

Is just of no relavance –contact with relaity– in human terms if things go that badly wrong such as a direct hit from an asteroid or solar storm taking out the entire worlds manufacturing capability.

Depending on how bad it happens we might still have about 10% of the population after a couple of years and no actuall need for technology much beyond that of the mid to late Victorian era to have society function…

But the thing is you can make vacuum pumps with hand tools and likewise the tools to blow glass. Thus we will with a little practice be able to make valves/tubes so mid to late 1930’s type electronics will be easily possible. As with the early 1960’s transistors will become available. As we know what needs to be done, it’s an enginering not inventing process that will take about a third the time. The same applies to chemistry provided we can get the feed stock. Medicine on the other hand will take a very short time for some drugs but may not happen at all for other drugs (what we now know about phages etc it will probably be easier to develope them than many modern antibiotics).

Engineering will be an odd one at the foundation of just about everything else. Many mechanical enginering tools these days are computers on basic precission mechanics driven by motors. Quite a few will work quite well without the computers, you quite literaly unplug them. Further half horse power and up AC motors, if not actually in direct use when a solar storm or EMP pulse hits, will not be realy that effected. The same with many hand start generators. The thing about such generators is they are relatively easy to run on “town gas” –mix of hydrogen and carbon monoxide– which is not that hard to make. As for making “gas storage” you can use a cows stomach and boiled up hoofs and sinues to make gas containers that will hold hydrogen fairly easily (look up the gas cell manufacture for Zepplins). The carbon monoxide can easily be kept “under water” and there are still a few gasometers around to show how to make more of them.

Thus the chances are we would after the initial drop in population, probably be back to an early to mid twentieth century existance within a half decade or so. How fast we would then catch up with todays technology might be as little as a decade. There are still quite a few people around who when younger were taught as part of their engineering education to be “tool makers” and it’s the ability to make tools to make better tools that will get us back.

As for software, who actually cares or will care?

Seriously have a look at a late 1970’s US life style, computers realy were not playing that big a roll in society and it’s functioning. Even then the main usage outside of engineering and science was due to the increasing size of population, which changed from ~200 to ~225 million in the seventies. With the envisaged worse case population down to around 35million or 1/7th of the 1970 population computers can be seen as nice but unnecessary. However the chances are there will be more than enough of them around in good working order to more than equal the computing needs of the 1980’s.

If we do have to “go back” to earlier valve/tube type computers, they will mostly be programed in the likes of assembler. As far as high level languages go Algol 68 is the follow on from Algo 60 and the language behind C which is still the language behind many others. Back when I was much younger I wrote in assembler a very basic interpreter and compiler as did several others. In a magazine of the early 1980’s the rudiments of building your own C compiler were given along with an explanation of the iterative process. There was a “Small C” book that gave it in greater depth again with source code. Thus we could get back to where we are now as far as programing languages go fairly easily. After all books care more about fire and bad weather than they do about EMP/Solar storms so they will probably be around.

But something tells me we just won’t bother with most computer languages due to their gross inefficiencies. The fact that “Microsoft Foundation Class” might be expunged from the world, for some reason makes me feel somewhat “up beat” about the “SHTF” 😉

[1] MRE’s are US Mil issue rations officially called “Meals Ready to Eat” –unoficially Meals rejected by Ethiopians–. Like the much earlier K-Rations they are “stop gap” high energy meals. If you are lucky the worst you will suffer without “Fresh” is constipation, but using MREs as the only food for two weeks or more will start you on a downward malnutrition path. Which is why the “Aid Relief” HDR’ or Humanitarian Daily Ration packs which are suitable for even vegans and based on rice, beans, potatoes and other micro nutrient rich vegtables are a better bet. But even they are not ment for longterm food supplies. Thus the biggest risk to society is not carrying certain live plants and insects across a one to two year time period.

[2] Something we should all know that “Granny would have taught you” upto around the 1970’s, is thst quite a few foods we eat are quite poisonous unless you prepare them propperly. Many pulses like Red Kidney Beans have to not only be soaked for 24hours, they need to be vigourously boiled for ten minutes before being put on a lower heat to cook through properly. The green parts of most “root vegtables” and quite a number of other food plants are poisonous including tomatos, potatoes, rhubarb and most seeds in fruits like apples, pears, cherries etc. Oh and watch out for “Death by Casava” it contains a nice couple of “kill me nasty” poisons. However it also works the other way the poisons in some other plants such as tea can act as anti-biotics as can some green veined cheeses like Roquefort. You might not like the idea of slapping smelly cheese onto a fresh wound but as French sheep farmers knew a century or more ago it can easily save your life.

[3] Having in my younger days witnessed the dibilitating effects of what used to be called “disaster shock” first hand and the first cognitive imparment of dehydration sickness, even though you were told it was one of those things you thought was some kind of old wives tale. But when you see it, that very debilitating effect of what is a form of depression realy hits home very very hard. The initial cure is relatively simple in most cases which is to stabilise any physiological symptoms, then effectively force people to do things for themselves and others, what used to be called “make yourself usefull”. What you can not stop or treat in an ongoing disaster is the onset of survivor guilt and PTSD that takes time and specialist care, and major life changes are to be expected.

Clive Robinson • October 11, 2019 5:32 PM

@ All with EMP / CME interest.

If you have an interest in protecting your electromechanics and electronics from “Electromagnetic Pulse” (EMP) from nukes, “Coronal Mass Ejectors” (CME) for “space weather” and “Lightning” from atmospheric weather, you might find the following U-Tube posters vids of interest,

https://m.youtube.com/user/disasterprepper/videos

You can thank my son for the link.

I’ve only watched one or two of them and I’m a bit more pesermistic on the levels and types of screening and filtering needed. He thinks 50dB of antenuation is sufficient, and yes for some things it is. But I’m looking at communications equipment like “emergancy” and “broadcast” recievers in plastic cases which also includes a lot of things like cheap two way radios for the likes of FRS/PMR and ISM band usage. This type of kit is realy several orders of magnitude more susceptable to E1/E2 conducted and radiated E fields, thus need 70 or 90dB antenuation or better.

Another issue you will hear mentioned is the use of ferrites for conducted “common mode” fields. This takes you into “Radio Frequency Interferance” (RFI) prevention and “Electromagnetic Compatability” (EMC) techniques. But be warned when it comes to EMP / CME and even lightning they can be not that usefull after a quite short period of time.

In essence what they do is slow the pulse rise time untill the core saturates and it stops working and just lets the current pass through. Air core inductors don’t suffer from this problem. If you are going to use “filter” components to slow rise times remember they have to be critically or under damped otherwise they will ring, which acts like a voltage multiplier which you realy don’t want. After any filter you should have real series resistance in the line and after that high voltage fast break down devices like Transorbs and avalanch gas discharge devices. But now having slowed down the pulse by storing energy from it in the filter, and clamping the voltage you need to have real old fashioned circuit breakers preferably with “gap quenchers” to cut your device off of the mains circuit and stop the protection circuitry over heating from I^2R heating effects as they try to dispate the energy. Oh and those earthing leads, they do not want any kinks, bends or turns in them to keep the onductive reactance as low as possible so the increased energy can be quickly shunted to ground.

Oh watch out for “disimilar metal” issues. In school you probably learnt that two disimilar metals diped in acid would make a power cell. You might also have been told about bimetalic strips that bend different amounts depending on what temprature they are at. You don’t want either of these effects in your faraday shield as they have a very dramatic detrimental effects on the level of antenuation you get.

Whilst aluminium is a low cost sheet metal and fairly easy to work even with hand tools it is a quite reactive metal, hence it has an insulating layer at it’s surface which is normally it’s oxide, which just happens to be a very good insulator. On my bench I have strips of aluminium rod with an enhanced oxide layer, and they don’t conduct electricity even when you drop them across bare mains wiring…

Why is this a problem, well if you have an RF Gasket material many are effectively copper braid on a spongy inner or small copper fingers. Copper and aluminium do not make happy bed fellows. Even standard room humidity will cause the oxide layer to increase rapidly. Thus unless you take certain pasivation steps, what was a good RF seal when you made a box, –even a year down the road– with copper the insulation can have built up way beyond the point where you effectively have no seal/gasket at all electricaly…

There are atleast another hundred or so little wrigles you need to know and thus the “10,000 Hour Rule” applies as it does with most other skills you want to become proficient at.