Schneier on Security

Clive Robinson • December 13, 2018 11:21 PM

@ Humdee,

arrives at the conclusion that legally speaking a file is always copied and never moved.

That is technically correct for some OSs but not for all, and in some cases but not all, as the file is neither copied or moved when copied or moved in some cases…

Let’s start with the “hard link” cases (and simple filesystems not journaling or snapshots etc etc).

Firstly and very importantly you have to remember that the file name and file contents are two entirely seperate things.

The file name is simply a pointer in a directory structure to a file allocation structure which links to individual blocks or segments. It is those individual blocks / segments that actually hold the file contents, and there is no reason for the blocks / segments to be sequential or in any order (though it will speed things up if they are).

Importantly there is usually no backwards refrence from the blocks / segments to the allocation structure or to the directory structure or file name entry that points indirectly to the blocks and segments that contain the file contents. Thus if the allocation structures or directory structure gets damaged your file system could well be hosed… It’s why they usually get duplicated in some way on the filesystem in physically seperate places.

When ever the actual file contents is moved it starts with a copy opperation.

To copy the “file contents” you read in the file directory and alocation structure into core RAM from the semimutable memory that has the filesystem structure formated on it. Then using the allocation structure you read in a bit/byte/block/segment of file contents into a buffer in core RAM then at some point write it out to either the same filesystem or another filesystem, building a new allocation structure as you go. Only when the file contents is copied entirely to it’s new location AND the new allocation structure added to the same filesystem AND it has been given a directory / file allocation name hardlink is the copy compleate.

On older single user OSs irrespective of filesystem issues the move was a copy followed by the invalidating of the old directory entry in some cases just by changing the leading charecter of the old file name. Thus there would be two copies of the file contents on the filesystem(s) one visable to the user the other not.

With more sophisticated OSs things can be done differently depending on if the copy/move is on the same filesystem or not.

When a move across filesystems is required, that is from one file system on a mount point to a file system on a different mount point. It HAS to start with a copy from one filesystem to the other filesystem. It then makes the new directory allocation on the new filsystem and hardlink to the copy. It then unlinks the directory allocation from the file allocation on the old filesystem and links it to the end of the “free list table” on the old filesystem. Thus the old file will sit there usually entirely unchanged[1] untill the “free list” on the old filesystem gets down to needing the blocks/sectors that contain(ed) the original file. It’s why under DOS and many other OS’s you could “undelete” a file if you knew how to edit the various disk tables and structures, if an overwrite had not yet occured.

On some OSs however that are a little more efficient in their operations they will know that the file content copy/move is to be done on the same filesystem thus mount point. The OS then simply locks the file, makes a hard link from the new filename entry in the directory to the existing allocation structure, then removes the old directory structure hard link to the allocation structute and unlocks the file. So the move does not copy or move the actual file contents on the filesystem at all, it just does a very fast swap of hard links.

Likewise a copy on the same file system can be by just adding another hardlink pointing into the allocation structure. Thus multiple moves or copies have no effect on the blocks/sectors containing the actuall file contents, nor on it’s allocation structure other than to increment the hard link count.

I’ll leave out softlinks as that will just add to the headache 😉

Thus the judge has a problem, unless it’s made absolutly clear to them that a “move” might be “no move” or “no copy”, and that multiple filename copies can point to just one copy of the file contents then he’s going to come to the wrong decision and make very bad case law which will haunt people for ever because judges rarely if ever want to change case law, even though they don’t mind making new case law.

[1] Some OSs that have certain security requirments will actually “secure erase” the old file sectors, but this is an intensive task that has to be done down at the lowlevel driver level, which seriously slows down user land apparent Disk I/O bandwidth. This happens because most OSs for performance reasons don’t actually write to the disk but a file level buffer in core RAM, and only write it out when forced to by various events (look up “sync sync” on *nix boxes https://www.netadmintools.com/art293.html )

Clive Robinson • December 14, 2018 8:41 AM

@ RG-2,

First the story is from known to be technologically unreliable “Bloomberg” who are running many “Anti-China” “advertorials” dressed up as news so I would have a carefull look at the sources and their alledged connections first…

Secondly Huawei has for quite some time now has had a technology check center with the UK National Cyber Security Centre (NCSC) which is effectively the UK equivalent of the NSA known as GCHQ. Even though the staff in the center are paid by Huawei they actually work under the direction of the NCSC. They check code and hardware line by line and manufacturing and supply chains and are required under the agrement to inform Huawei of any areas that cause concern. Whilst their are required to inform it can be general in nature so as to protect GCHQ’s and others “Methods and Sources”.

Untill recently this has worked well for both sides, then the NCSC started acting “hinky” some put this down to “Political Preasure” from the US via GCHQ. The problem being identified by some is “The NSA can not backdoor 5G unlike other mobile networks includibg 4GLTE”. Worse they can not as with US or other Five-Eyes resident manufacturers lean on them quietly…

It’s been reported both by word of mouth and in some of the trchnical press that things started to go off the rails in the relationship badly back in July. Due to a “British government” report that appeared to have “US Fingerprints” all over it suddenly and unexpectedly claiming Huawei had technical and supply-chain “shortcomings” (Same as Bloomberg nonsense) along with technical issues with Huawei equipment. That had supposadly exposed UK national telecom networks to new security risks… I’m lead to believe that this was news to Huawei as it was the first they had heard of it, thus not only were they surprised they were publicaly “wrong footed” deliberately. Under the agreement NCSC should have informed Huawei long prior to that, thus Huawei have further reason to believe it’s a US stich up job. At a meeting towards the end of November it’s being said that Huawei brought this up and a top UK Official the NCSC’s Technical Director Ian Levy, got realy up tight about where the meeting was going and just rudely walked out bringing the meeting to a very abrupt and premature conclusion. Thus Huawei’s quite valid concerns about the continuation of the relationship left unanswered.

It’s alleged that a reporter asked the NCSC about what went on and with regards Huawei not playing ball with the NSA. Among other one liners about the meeting a reply came back that it “ended prematurely because of increased tensions”. But perhaps more interestingly also “Huawei HQ now have the message”. Which is more than somrwhat thuggish to put it mildly.

Apparently the “official” cause of concern is work flows around the factory which are actually quite a bit above normal for most production facilities in the world. But the UK are now suddenly “Demanding” difficult changes at impossible speeds all tying up neatly with US blustering…

To make things worse the US is “working the angles” via the Five-Eyes and other countries. In particular one little weasel the EU’s “Technology Commissioner” Andrus Ansip, has long been suspected by EU manufacturing companies of being so sympathetic to the US some call him “The Borg Implant” or “EU Technology Terminator”. Many suspect he is run out of more than one office in K-Street Washington.

Ansip is regurgitating US nonsense on que and it is also suspected by some as being part of Brexit… That is France want’s the Huawei relationship like it want’s the UK “City of London” and other “jewels”.

Untill March at least the UK is part of the EU which means under the EU Free Trade Agreement France’s actions are once again an illegal act against Huawei UK. Not that being illegal has stopped France before (see “Mad Cow”).

There are two basic reasons behind this current nonsense for the US,

Firstly contrary to a lot of US inspired “title tatle” Huawei are one of the worlds leading telecoms R&D houses, the result of this is they have between 10 and 15% of the fundemental patents required to build 5G.

In essence 5G rests on Huawei and ZTE patented technology which does not sit at all well with the current US administrations alleged view of the “almighty US” having it’s “IP Stolen”.

As for the “IP theft” notion most of that is due to US Corps chosing to give it to China in return for access to rare earth minerals, something I’ve mentioned here several times over quite a few years.

That is those US Corps walked in with their eyes wide open and freely handed over manufacturing and other “trade secrets” knowing or should have known this was going to happen… Much like the US did for around a century a century and a half ago.

Now China has got over a particular technical sophistication hump, they are just following the US lead and now closing the door on others only after a decade or so of industrial catchup. They also know that the US are in all those US routers from CISCO and Jupiter and also mainframe systems from IBM etc (something Ed Snowden’s trove has confirmed). So several years ago China said that such technology was nolonger welcome in China and started clearing it out during the Obama Administration. The US now very much on the trailing edge have decided to do the same in the Trump Administration, which is probably “too little to late”…

The problem is the US don’t have the patents etc they need for 5G. Thus they have a problem, The US is behind enough in the mobile communications markets as it is, if the rest of the world goes 5G or part 5G then the US will be even further behind…

Secondly it appears that there is good reason to believe that the NSA and other Five-Eyes can not backdoor 5G in the way they have with other mobile standards, or manufacturers. Which for them is highly problematic because the people with the capabilities they did have to do that are earning better elsewhere amongst other issues. That is the US and Five-Eyes IC entities have a bigger skills gap than the US and West in general. Which is way to big as it is, and down to USG and other Governments politicians more than it is anything else. China has thus quite legitimately purchased a very large part of the Wests IP directly or indirectly…

So “Plan B” if the US can kill Huawei outside of China then they can in effect kill 5G before it realy gets going 4GLTE will cover for the next couple of years whilst the Five-Eyes “finesse” a new unencumbered by Chinese-owned-patent standard into place. That also gives the Five-Eyes the covert backdoor capabilities they so desperatly want (which are nothing whatsoever to do with the FBI et al LEO entities wants for “cheap lazy access to frame all”[1]).

So there is quite a bit going on behind the US – Huawei spat that people have not realy thought about. Which effectively kidnapping Huawei’s founders daughter[2] real does not help.

But ask yourself which is of more harm to you personaly risk wise?, backdoored comms networks that your own government can use to bulk spy on you and every other citizens intimate and private lives. Or one that just maybe a foreign government could use, but get caught doing so if they did it to more than a handfull or two of people?

But you know what does amuse me in an ironic way? It’s all those “hip-n-trendy” types buying their IoT and similar that quite litteraly haemorrhages information onto the Internet that the NSA and Five-Eyes nations see rattle by. The US implies that it’s orchestrated by the Chinese government. It’s almost certaibly not it’s actually caused as a by product of the worlds biggest industry US led Marketing.

Those IoT devices and low end mobile phones made in China have little or negative profit in them. Thus the profit comes from slurping up every piece of user data they can and somehow “repackaging” it to get those US dollars from the Marketing industry just as Amazon, Facebook, Googel, and other Silicon Valley big Corps do… Think back to the brief stink of CarrierIQ and how outraged people were, even without realising that the NSA was “free lunching” off of the data as it went by on the Internet.

Well guess what few seem to care these days that similar data is wizzing oonwards to servers in China. Did the Chinese Gov set it up this way, probably no more tha the USG did with CarrierIQ, are the Chinese Government “free lunching” off of it, I would think they probably are one way or another just as the USG did through the NSA and almost certainly still does big time, that’s what “Collect it all” realy means. The much hallowed American Dream and it’ dollars is screwing you not once but thrice or more, and various Governments just “leach” off of it as it passes by across their jurisdictions, which almost always includes the US or other Five-Eyes nation[3]…

The realy funny thing though is the USA in particular and Five-Eyes in general have shot thenselves in the foot. The NSA insistance on “attack over defence” made this all oh so easily possible, and guess who gets hurt the most? Well it’s the countries most dependent on Internet Technology the US and the West which includes all the Five-Eyes and their Extended families… A big belly laugh yes?

[1] Take a look at that Aus legislation and earlier UK legislation, tucked away in there is the “right to impersonate” communicating parties. That is put words in their mouths for others to act upon. It used to be looked on as a form of “entrapment” but apparently not any longer…

[2] From the little that has leaked it apprars the US are claiming she did something thatbwas perfectly legal at the time, that the US has chosen to retroactively make illegal. Thus it’s apparently more “US Exceptionalism” being used as blunt hammer politics.

[3] Have a hunt on the Internet about the shenanigans that went on at the ITU World Conferance in 2014 about what is essentialy who is the spider that sits in the middle of the Internet Web. Currently it’s the US and they fought tooth and claw to keep that position… Ask yourself why and it will answer a lot of questions.

Clive Robinson • December 14, 2018 12:09 PM

@ Impossibly Stupid,

We are at the point where it makes sense to properly/legally decouple the concept of ownership from possession of property.

If you look at history “ownership” was a perversion of power that many societies either never grew out of or got reinfected with, and it is very regressive in nature when alowed free reign.

The concept of “ownership-v-custodianship” or even “guardianship” has always been a fraught one both sides have advantages and disadvantages.

For instance the ecology and environment are overall usually better protected by a sense of “custodianship” or “guardianship” than it generaly is under “ownership”. In part ownership is about “unfettered rights in the here and now” which is very very short term thinking. Where as custodianship is often about the rights of those who are yet to be, thus very much constrained and of the long or very long term thinking.

The constraint whilst protecting the environment effectively chills technical development, without which we all pretty much would have not been born or made it much beyond 35…

It’s no suprise that technical development has more or less occured on the fringes of existance where life is much harder and “force multipliers” of significant use. So over a considerable number of millennia what is now mankind has progressively moved from the equatorial regions towards the poles as technology has improved, and we have changed gebetically because of it so there is “no going back”.

In fact technological progress has got to the point where living at the poles is not much harder than living on the pole side of the temperate zones outdoors and of little difference at all anywhere when living indoors. Our most recent technology boosts over the past couple of decades has been “energy need” reduction in hostile areas. A couple of years ago two middle aged blokes demonstrated that with modern materials you could live for over a week in a tent with night time temps down to -70 with near enough just what you carried in on your back, something even non-hibernatory wildlife can not do.

However technology development has a significant downside, in essence it’s the application of energy to raw resources or better recovered resources. Inherantly such processes are inefficient as all “work” is. At the end of the day the ultimate polution is low level or chaotic heat, where the energy differentials are to small to be able to further extract “usefull work”. However the process of purifying raw materials is the reverse of entropy and you can not get back 100% to the starting point that is each step in the purification process requires exponentially more power thus you never realy do it and thus heat is not just your only work pollutant.

Cleaning up polution is thus an energy expensive process, for all the energy striking the earth from the sun there are distinct limits as to how much we can take out and utilize without adversly effecting the environment.

As we know those with stronger senses of ownership tend to think that energy is theirs to use at will and poloution is a problem the next generation or so will sort out maybe. Well they have not so far, so we’d be better cleaning up after ourselves as we go. Which those with a strong sense of ownership tend to regard as being one of the major failings of democracy in that “it steals their freedoms”…

I’ve no idea how to resolve this peacfully, and it’s fairly certain those with a strong sense of ownership will resist any and all attempts at curtailing what they see as their freedoms, even if they are killing not just future generations but the current generations in large numbers, which quite a few currently do…

Clive Robinson • December 14, 2018 2:32 PM

@ BSPMBS[1]

which some people call “rotini”

Is that pronounced like “Rot in me”?

I’ve had problems with the language ever since some one wished a lawn on my behind[3]…

Now the question is which of us is “il Siciliano o il Bolognese” going to get to first…

[1] Even now more than ever I want to adopt a “Sir Humphry” from “Yes Prime Minister” voice and just say to a certain[2] person “BS PM BS”…

[2] The spell checker wants to put up “cretin” for some reason unaccountable 😉

[3] It sounded like “Grassy ass” still can’t be sure though.

Clive Robinson • December 15, 2018 10:50 AM

@ Wael,

I almost choked on this one.

Hey when you’re not blessed with those cool sophisticated looks, you have to have a sense of humour (or at least those around you try to entertain do). So I put in serious[1] effort to hide little tripwires to make people smile…

It’s that or back to the poetry :-S

[1] One of the joys of theoretical lexicography is playing around with paradigmatic relationships within the lexicon[2]. Thus the word “serious” has more than on applicable meaning, but is it demanding, substantial, or one of the others 😉

[2] And you thought managment speak is the epitome of near vacuous commentary… Is the screen still dry? Or am I going to have to get serious on your giggle gland?

Clive Robinson • December 15, 2018 10:36 PM

@ CallMeLate…, Sam,

“Encrypted Messaging App Signal Says It Won’t Comply With Australia’s New Backdoor Bill”

Which is not what the developer said, he used the word can’t which puts an entirely different perspective on it.

@ For those who’s first language is not english,

“won’t” expands to a willful “Would not” where as “can’t” expands to the not possible “Can not”.

The first indicates there is a choice which they chose not to do. The second indicates it is not possible thus there is no choice to be made.

It makes little difference to Signal anyway, as I’ve pointed out it’s insecure at the Human Computer Intetface (HCI) in that it displays “plaintext” for the user to see. The Aus legislation is designed for the device rather than each and every application so it is “putting a shim between the OS and the hardware driver that tee’s off the plaintext” that is the most likely demand. Because not only is it easier and more effective, it’s also more covert.

Sometimes I just wish that people would learn to draw little pictures to do their security analysis with, then they would realise why I say “Signal is not secure, nor is any other messaging app that has the security end point on the device”…

Then they would realise “it matters not a tinkers cuss” what the Signal developers say about Signals security, because over all the design is fundamentally flawed. As many including our host @Bruce have pointed out security is about “the weakest link” it does not matter how strong the other links in the security chain are it’s the weakest link where it will get broken.

If your security end point is inside of the attackers ability to reach around past it to the plaintext, then they attacker is not going to even bother looking at trying to attack the app or it’s strong points. Just because nobody bothers attacking your app does not make it secure, or it’s use secure.

Worse using it points a target on your back. Because the authorities will say “Ah ha, he’s using Signal he thinks he must have something to hide”, thus they will focus in on you rather than people just sending plaintext…

People get all “geeky about security” and dig deep into it. What they forget to do is stand up occasionaly and take their head out of the hole they have dug and look around. Thus realise that to everyone else they look like a bl@@dy ostrich with their head down…

As any soldier will tell you the first rule of survival is to see your attacker comming, that means “heading for the high ground, to expand your horizon as far as possible”. If however you dig a hole for yourself and hide at the bottom the first and last thing you will know about where your enemy is, is when a hand grenade is dropped in and turns your hole into your grave.

Clive Robinson • December 16, 2018 4:24 AM

@ Wael,

I have a new weapon

As I’ve mentioned before, there is a company called Prestige in the UK that makes preasure cookers for people to use in their kitchens, I have a couple at home one for the gas hob and an electric one. They are faster all told to cook a chicken dinner in than a microwave and with the hob one the energy “cost” is less.

However Prestige also make medical equipment like autoclaves for sterilizing dental tools etc… Yup you guessed it, it’s the same preasure cooker in a different colour and five times the price…

https://www.barberdts.com/uk/prestige-medical-2100-01classic.html

I am told that “preasure-cooker” is still on the Internet word watch list, I wonder if “autoclave” is as well…

Clive Robinson • December 16, 2018 5:28 AM

@ Thoth, Wael, Nick P,

It is less of the theory but more of whether the practical implementation can pass the Snake Oil sniff test.

Hence the old saying of,

In theory it should work,
But in practice…

The real world has a habit of intruding in “the best laid plans of mice and men” especially in the mechanical world where “friction, bind and slop” feature so strongly.

It’s just that the “Public Security” field of endevor is somewhat slow to catch up. “Zones of Trust” and “Attack Trees” Don’t come up as subjects nearly as often as they should for instance. Worse one problem with both is they are always talked of in a “Top Down” analysis approach[1].

As I’ve mentioned with “bubbling up attacks” and C-v-P is not an appropriate way to go as you miss out so many potential attack routes “back up the computing stack”. Further we talk of “the center of a web” but most have not realised that large webs like nets have many centers, and it’s almost like “pick a knot and lift” which is a problem with large data set analysis.

The thing is we’ve known this for a very long time, to my knowledge it was being talked about in the 1980’s with respect to shared resources such as memory and DMA controlers. Yet as @Nick P used to point out they still kept happening with the likes of FireWire and similar “untrusted” communications busses, especially those used with high speed serial communications. It was not that long ago there was the “Evil Maid” attack on Apple computers with a not to difficult to make bit of hardware. And that was only a couple of years after the embarrassment of USB on Windows machines.

In short we keep coming back to a problem I’ve noted a couple of times which is “We are forgetting well within living memory”. I think the first time the idea became solid was when discussing the fact that an old 80’s MBR attack had been replayed very successfully and @Nick P and myself were both suprised by this loss of knowledge. By the time BadBIOS came along @RobertT and myself knew exactly how to do what was being tentitively talked about and gave sufficient details to do it. As usuall “the crowd” said it could not be done… Then when a couple of academic researchers went and did it “the crowd” were suddenly “all knowing” and every kid and his dog were doing it…

Sometimes I just wish “the crowd” would learn to read a book like those on puting code on I/O cards that got protectively copied into core memory as a BIOS function printed back in the 80s and 90s. The idea that IBM used they nicked from the Apple][ and nodoubt they nicked it in part from somewhere else. The one thing I do know is back in 79/80 it was discussed as a potential attack vector, but got shoulder shrugged as it was likened to a “Front Panel” attack which back then “everybody knew could not be stopped”…

For some reason we are not learning by past mistakes where solutions had been worked out. The solutions appatently forgotten by all but a few “cranky old greybeards” 😉

As the old saying about history indicates, if you don’t learn from history you are condemed to relive it… And so it appears we are every five years or so…

Not being funny but I can not remember an attack in the last decade or so that was genuinely new. They all had much about them that was old, most I could trace back to work published either before I was born or whilst I was still a youngster. And that should realy worry people…

I talk occasionally about the ISA-HL gap and how very few can actually work across it in a seamless way. The reality of Formal Methods is they don’t cross the gap either, and certainly don’t go lower than the CPU level.

Richard Feynman was famous for his “Plenty of room at the bottom” talk, it’s about time we had one for ICTsec that actually got listened to.

[1] Much worse is that the touted solutions such as “Formal methods” are nearly all top down as well, thus fail easily to bubbling up attacks.

Clive Robinson • December 19, 2018 4:03 PM

@ JG4,

I’ve called for burning at the stake

You lack ambition 😉

Historicaly there was,

“gelding and gouging” a process where your eyes and testicals were pulled not cut from your body. This was considered a minor punishment –as people survived– for taking of the Kings game.

“Pressing” for people that refused to plead in a trumped up court, they were taken to the lowest darkest dungeon, chained on their back to the floor and a board was placed on their chest. Each day they had a large stone (10-20lb) placed on the board, they were not fed and only given brackish water from the prison walls.

“Little ease” is the name os a specialy constructed cell cut into the wall of a prison in which you cannot stand, sit, crouch, kneel or in any other way “take ease”. You could be there for a year but generally you would be partialy crippled for life after less than a month, and the crippling would just get worse with time. It’s known (UN Report) that the IDF have used similar techniques for “interogating” Palistinians including children, causing damage to internal organs such as the kidneys.

“Stocks” again forcing people into positions where they can not rest. These were often sited on the village green outside the tavern. Thus the unfortunate would “get used from behind” after dark to add to their woes.

“Racking” whilst the technique can with care ease back problems (true it’s used in Easter Europe still as it’s quite effective). This punishment was designed to cause not just pain on the rack but long after in the main limb joints and spine.

“Branding” In various forms from just shoving a smoldering branch against soft flesh through to irons and even molten metal…

“Breaking on the wheel” various forms of this but in the main designed to break the limbs. There was also an area of the face known as “the triangle of death” put simply the nose down to the base of the lower jaw if injured has a very high infection rate giving rise to sepsis and organ failure[1].

“Trial by…” various forms of these of which “waterboarding” would be considered the mildest though it can drive you quite out of your mind fairly quickly and permanently.

“Keel hauling” this is a jolly jap and gives the benifit of “trial by water” and “flogging”. A sailor would be tied by two ropes one from his left wrist to left ankle the other from right wrist to right ankle. These ropes passed under the ships keel and two teams of your ship mates were tasked with pulling you from on deck on one side of the ship back to on deck on the other side of the ship. Your back would be towards the hull, which would have been infested with barnacles and ships worm. Thus like a load of broken glass, which would open your back up…

“Gibbeting” normaly people are told these were for displaying the corpses of executed highway men, pirates etc, which they were (see English Murder Act 1751). But not always, occasionaly lots of fun could be had by putting you in there alive you could then be subjected to various humiliations and slow tourtures untill dead. Thus kind of like an open version of the “iron maiden” only not[2].

“Hang, draw and quatering”. There are two ways you can be hung by pulling up and the drop. The drop is supposadly instantanious (it’s not the brain can remain concious upto a minute or more). Pulling up is a method of choking sometimes known as “the dance” it can take a long time to die that way for a small light person and odd things happen in the process[3]. Which is why the method was used to start a slow and involved execution method. When you were judged unconcious you were cut down and the base of you belly slit then you had a brasier put between your legs. As you came to your guts would be “drawn” out uncut and dropped on the brasier in front of your eyes. Again with the aim of you still being alive you would be tied by the ankles and wrists to horse that were whipped up to tare you into quaters. For various reasons –such as horses don’t like pulling against each other– this would fail untill the executioner started selectively cutting sinues etc (see death by a thousand cuts about just how long that can be kept up for). Finally your body parts would be hung up in chains/cages in various parts of town.

“Hurdling” no this is not a track sport however the name comes from the same place. A “hurdle” is a section of wicket fence often used for making “sheep folds”. It is thus easy to tie someone to, spread eagled and to one or two horses, so you can be dragged around town on display to the citizenry as a warning while being taken for public trial or execution. However like “breaking on the wheel” you could be tied in such a way that your limbs would be broken in the process.

Anyway enough for one day, ther are plenty more for other days like “boiling alive” such is the “human condition”…

[1] Having had a broken nose a couple of times, a full fracture of the lower jaw and the resulting maxio surgery, as well as more recently sepsis, I can understand why this would be a favourd method of inflicting unpleasentness with a slow painfull death on people. As they say “Don’t try this one at home boys and girls”.

[2] The thing is the iron maiden is way more myth than reality, and were mainly drempt up in the 18th and 19th century to try and make medieval times look worse than the current times, so kind of “you’ve never had it so good” propaganda =:(

[3] I won’t go into details but some people use it as a way of getting priapic self stimulation. Definitely don’t try at home or anywhere else.

Clive Robinson • December 20, 2018 7:35 AM

@ Bruce and the usuall suspects,

It would appear Intel is opening up the FSP, which has significant security implications.

https://www.phoronix.com/scan.php?page=news_item&px=Intel-Open-Source-FSP-Likely

For those uncertain about what “Firmware Support Package” (FSP) is it’s a little arcane and to do with how the CPU ISA and the internal logic meetup.

Back in the late 1940’s it was realised that hard coding the CPU function in unchangadle logic was not the best thing to do as it reduced flexability and increased expensive design time as well as giving “Time to Market” quite a slap. Thus the idea was to do minimal hard coded logic using “Register Transfer Language/Logic” and use a hardware interpreter to go from the Istruction Set Architecture (ISA) to the RTL. The interpreter was essentially a fast counter and a very large diode latice ROM (see MIT Project Whirlwind). But this simple system had issues…

Maurice Wilkes who worked in the UK on their push towards computer design noticed a major failing. The high speed counter always had the same number of steps, to many for some instructions and to few for other instructions. He thus proposed in 1951 adding a second ROM that in effect alowed this defect to be recognised. Basically he added conditional execution, similar to a conditional in computer ISA executable code. One Diode lattice ROM generated signals in a similar way to the simple counter and ROM of Project Whirlwind. But the real innovation was with the second ROM selected one of a row of signals to start the next cycle. The “conditionals” were implemented in a way that a single line in the first ROM could choose from alternative lines in the second ROM. This ment that the control signals were conditional on various internal signals. Thus the Whirlwind simple counter got replaced by the equivalent of a state machine. Maurice Wilkes coined the term microprogramming to describe this feature and what goes into the ROMs is the “microcode”.

In practice some base ISA instructions are hard coded in logic as are most RISC instruction sets as these are the fastest way to implement them. What are effectively “compound instructions” are put into microcode. This has the advantage that less information has to be stored in slow core memory which speeds up execution time over all which is why CISC instruction sets have seen favour. The reality is that all CPUs these days are an array of ALU’s wrapped in a RISC logic interpreter that may also be further wrapped by a CISC microcode ROM and state machine. They are also most likely to be a Harvard Architecture with the bus sharing of the von Neumann architecture bolted on as outer logic wrapper.

As Intel discoverd the expensive way, recalling chips because they had defects in the microcode was an eye wateringly expensive mistake to make… So Intel decided to replace the microcode ROMs with RAM that obviously needs to be loaded at startup. However once the initial microcode map is loaded mistakes can be “patched” just as they can be with conventional software. Once you have this mechanism you can not only correct mistakes easily you can enhance the ISA at will which has the advantage of cutting down CPU development time. BUT thr downside that malicious microcode could change the way the CPU works which is a quite high security risk.

It is this loading and patching that the FSP does.

However the patches need to be stored somewhere and this is done as code signed “Binary blobs” that the BIOS code developers put in the Flash ROM the BIOS is stored in that the Motherboard manufacturer puts on the PCB. They can for historical reasons be hidden away in other Flash ROM such as I/O cards etc which is another security concern.

Clive Robinson • December 20, 2018 5:42 PM

@ Rach El,

they just don’t know if this word is a noun or a verb or an adjective, they way it keeps being slapped around.

It also does not help that a “terroristic” action does not have to be “terrorism” by definition or legislation…

Thus sending a Clown to a fancy dress party where two or more people have phobias about clowns is a “terroristic” action even if there is no intent to cause “terror” thus legally without the intent it is not “terrorism”.

But… Now it’s been going on for more than 24hours it would be reasonable to claim that it is likely two or more people are involved. As the use of these drones in this was is now a criminal offence in the UK since July this year, we now have the dragnet of “Criminal conspiracy” involved, which usually has the effect of making the jury more likely to convict come a trial and also “upping the tariff” come the easier conviction. But just saying that those involved are facing upto five years in prison is not correct. There are a whole host of other charges thay could be brought against the opperators of the drones, some of which have way longer tariffs.

The fun one would be if those operators were “payed from the public purse in an official capacity” it would be proffessional misconduct whilst in office. Which could be twisted around to be “Malfeasance in public office” which I gather still has the option of a full life tariff.

But there is another reason for burying the operators in jail for ever and a year, the “economic cost to society” by the middle of tommorow around a 1/4 of a million people will have been affected. At a minimum of around £200 each. Then there are the costs to the airlines and other travel associated industries, including blatant profiteering by some such as taxi and coach suppliers. But there is also the cost to both police forces, now the army and a whole load more civil servants and other experts etc. This tab has got to be picked up and it’s going to be hundreds of millions. This has to come from the UK Treasury, who are going to have to claw it back from somewhere. Which with UK politics as it is will almost certainly fall very disproportionatly on those at the bottom of society who can least afford it.

@ vas pup,

But there is going to be another mamoth expense involved. The press and “Opposition” are now calling the encumbrant Government “incompetent”… Which whilst true will get a “Knee jerk reaction” thus new legislation that will cripple the Radio Control and other hobby markets, but also a major major spend on defending airports against drones.

With over twenty airports to consider and total system costs being atleast 150million per airport not only is somebody going to get a fat payday the treasury will have another unbudjeted expense to pay…

One of the reasons this looks like this is chaos is that whilst there are lots of impressive sounding claims and product demo videos etc, most of the solutions out there have significan failings. With these failings being oh so easy to exploit by even someone of moderate intelligence. Worse the systems are horrendously expensive for what are little more than useless “boys toys” that in all probability will not be around for very long as the designers / manufacturers go bankrupt.

So realistically despite what the Opposition and press are saying it actually would have been irresponsible to invest in any of the systems, especially with the down side liabilities involved.

However the longer this goes on the more rapidly escalating the final bill to cover political embarrassment will be to the poor people of the UK. Thus the more likely the usless systems will be purchased just because of the same “Security Theatre” we saw after 9/11.

@ VRK,

The other thing is the longer it goes on the more likely it is that a proffessional team is behind it… Which as you note raises it’s own set of intriguing questions…

Especialy when the “follow the money” reasoning gets a little warped with an ibternational spotlighted event like this. To see why a hypothetical argument of,

As a manufacturer of anti-drone equipment, or as a government entity looking to get a much larger appropriation to build your empire such as a defence entity, this incident is going to be a nice little advertising stunt to use as “real world example” of why you should get the money…

In the US conspiracy theorists have been known to call such events “fundraisers” or “benifits parties” when they think the MIC entities are behind it.

But more interestingly if you were actually doing such a thing you would not want “to dirty your doorstop”…

Thus you would want to “Play away from home”, that is an Arms Length Autonomous Military Operation (ALAMO) model is what you would be looking for. With for “deniability” reasons, you would do it through a couple of cut-outs and Fronts and importantly “out of home jurisdiction”. To make investigation by authorities difficult at best (with, if you were a thriller writer, atleast one of the cut outs being a crazy technocrat or international terrorist).

Either way you would do it in another country which is also a major “air travel hub”…

Even saying it’s just hypothetical I’m wondering just how long it will take for it to be blaimed in the MSM or second rank media on China, Iran, Israel, Russia or the US, as North Korea does kind of look like “a reach to far” currently…

@ Wael,

Time to make another bowl of popcorn 😉

This one did make me laugh,

@ ALL,

Just to be realy “hip-n-trendy” whilst also being “totally off the wall” 😉

I propose that it will be found that there are no directly hands on operators piloting these drones. That it will be done by an AI system buried in a hill overlooking Gatwick receiving commands by satellite from abroad.

And if that turns out to be the case then yes I will have a hat I will munch. I will just have to ask the nice lady “flying spaghetti monster” aderhant I know to knit me one 0:)

Clive Robinson • December 21, 2018 6:24 AM

@ All,

As far as we know the drones and their operator(s) have slipped away into the night, witout a word as to who or why. Possibly not leaving a clue either.

However back in Whitehall London a UK Gov droner by the name of “Unnamed Source” has been sharing a fag in the underground car park again and throatily saying “ECO Mentalists can not be named” or some such nonsense.

However as it appears to be from the Daily Mail the Editor has probably been snorting Colombian Marching powder again (opps sorry no that’s the Evening Standard… It’s best skunk at the mail that’s why it’s reporting stinks 😉

I guess we will just have to wait and see what happens.

The person who comes out best of all in this is Gatwick Airport manager,

Which again notes the lack of working or even workable solutions to the problem of a drone denial of service attack at an airport. Something I susprct may well remain the case for a while if –and only if– sensible heads prevail.

The big issue is if you incapacitate a drone weighing 5-20Kg at 200m up what’s going to happen when it hits ground, the impact energy is fairly easy to calculate… The concern is what the energy will be dissipated by and the resulting losses, and what will happen with respect to any payload it was carrying…

The other issue is “The Pandora’s box” problem. Not only are sizable drones out there the technology has been in the hands of hobbyists for some time know and the materials and electronics easily obtained as is working control software. You can not put that back in the box by legislation. So we now have to live with it like it or not. Worse there are plenty of history books covering weapons and armarments from WWII to today to give sufficient information to an inteligent and capable mind to reproduce them either to size or scaled down especially when it comes to “recoil-less” weapons.

Thus we have to consider the risks that now exist and how we mitigate them and legislation will not prevent only maybe punnish retrospectively…

A thorny problem, and I’m glad it’s not one I have to deal with as I’m a little to “Head and hands” not “heart”.