Schneier on Security

Clive Robinson • March 27, 2021 3:40 PM

@ Davis Rudling,

… an officer is explaining to an inquiry how they lost a war because their vastly superior weapons tech just didn’t quite work against the less sophisticated weapons of the enemy.

We’ve seen it happen already and we call it “asymmetric warfare”.

One of the issues with even weapons tech is somebody has to pay for it. The US offsets the cost by selling it’s high tech weapons to anyone with enough US petro-dollars to buy them. Though of course any smart man would realise that buying off of a potential enemy is not a wise thing to do, as the higher the tech the easier it is to hide a “kill switch” or other little trick in it so that they do not work or do not work effectively.

But the costs get subsidized in other ways, one of which is that as tech is mostly agnostic to use, much weapons tech works as well if not better in civilian applications as it does in military.

But there is a catch, humans are by and large expensive to train and we have with very cheap computing crossed the Rubicon. You can by hunting scopes that turn you into a way better shot than a first class marksman, all you have to do is calibrate it to the gun and your shooting style then you just have to put the cross hairs on the target press a button and then realign the cross hairs and squease the trigger… “simples” as the anoying meercat advert says.

People forget or do not realise that the tech even though it has a user friendly interface that any Jo Blow can operate after half an hour or so learning is still a significant force multiplier and mostly way to eaay to re-weaponise.

That’s why a bunch of idiots had a few hours simulator training, and with box cutters force multiplied their way using aircraft as kinetic kill impact missiles killed so many and did so much damage on 9/11.

Not that weaponising everyday objects is new, people have been killed by being pushed down stairs, had their skulls smashed with spirts equipment like tennis rackets and baseball bats. Even old style telephone hand sets have smashed a few skulls in their time, as have two way radios (Blair Peach[1]).

Thus a society that relys on sophisticated yet easy to use force multiplying technology has created the weapons that will kill citizens.

It’s also why the “policing action” against technology is such a joke. Take knife crime, knives are an essential technology and they do not just make lives easier and more productive, they also save lives every day. So you stop people carrying knives, does that make the deaths aby the less? Don’t be silly, firstly the number of deaths rise slightly by those who would have previously been abke to cut their way out of danger with a knife (as I have done on a couple of occasions). But more imoortantly those intent on killing when denied one type of weapon will simply chose another, often rather more dangerous. So a knife becomes a gun in some hands or a knife becomes a pair of scissors, baseball bat, all the way through to vehicles like cars etc. Basically anything that force multiplies ib some way and that includes small doses of poison every day in a cup of coffee or meal.

A weapon is usually not a piece of technology it’s agnostic to use. It’s the “directing mind” that sees the potential for it to be used as a weapon then brings it to use as such.

I sit here in a fairly ordinary room in a domestic dwelling with the usual sort of stuff you would expect. However I look at it and think “how can that be a weapon” and in every case from the newspaper on the coffee table through the cardboard box I’ve unpacked a new household item from through all the furniture and entertainment electronics and simple decorations I know how to turn every item into multiple force multipliers that can be used for good or bad.

Take the 2ltr fizzy drinks bottle I have on the table, I know how to cut it into a very thin spiral of around nine feet in length. With only moderate effort that becomes very strong cordage, quite capable of holding near a quater of a ton (250kg). Most people can now follow the thought of what they can do with very strong cordage for good or evil intent. But that “intent” is a state of mind in the human, not the technology that made the cordage or to what use it can be put.

Thus we now know one thing at least “every thing can be a weapon to a thoughtful mind”. But we also know now that by making technology easy to use, it also makes it easier to use as a weapon. We also know that we can not make technology smarter than a thoughtfull mind…

Thus technology improvments just make it easier for humans to kill, all that is required is,

1, A thoughtful mind.
2, Intent to do evil.

Thus it does not matter how sophisticated the technology it is always going to lose to “A thoughtful mind with intent”.

Thus even a goat herder in a cave half way up a mountain in some near desolate worse than third world location can with a little knowledge, be a very formidable opponent to invading forces with the smartest of weapons weighing them down and slowing not just their progress but thinking.

Thus some think the solution is to “stop knowledge” well I don’t know who is smarter them or the goatherder? Personally given a dollar I’d place it on the goat.

George Orwell back in the closing years of WWII started in on what became the book 1984, in it he tries to convay what a society that had knowledge withheld from it was like and the consequences of that. Some in power think it’s a good thing, provided it’s for others not them or their loved ones. Well guess what, nature does not work that way, if one person has knowledge they use then others will see it in use and work out what the knowledge is. What we now call the Vatican tried for centuries to lock up knowledge in one way or another, and failed and lost both power and status. Why? Because “ideas come of time” and what one man can create so can another for basically the same reasons to solve more or less the same problem.

It’s why weapons are going to be part of mankinds future untill we cease to be mankind. Oh and the weapons will just get more powerfull with time. We know for instance that even our most powerful nuclear weapons are almost as nothing compared to what nature it’s self can throw at us.

But will mankind get any smarter? Probably not that much we don’t need to be, we are more than smart enough to kill ourselves in all sorts of interesting ways, why would we need to be any smarter?

[1] https://www.theguardian.com/uk/2010/apr/27/blair-peach-killed-police-met-report

Clive Robinson • March 30, 2021 9:54 PM

@ vas pup,

Under the current system, the standard uniform issued to military recruits includes only men’s underwear.

Well, that may not be as bad as it might sound…

Let me tell you a tale of strange goings on with regards to UK Army issued Pants to women and what they wore by choice…

Back in the 1980’s when I was still wearing the green, female recruits were issued “PT Pants Green” which was a kind of one size fits all garment, that as the old joke has it “fits where it touches”…

You have to appreciate that the regiment I was in which was a Special Comms (SC) regiment and had more women than men, and that on the rolls they Were “Royal Signals” not the “Women’s Royal Army Corps”(WRAC) which was very unusual,for the time[1]. In fact the only part of the entire regiment that did not have women in it were “HQ techs” even Motor Transport(MT) had more women than men, even P-Company had some women.

More importantly most of the people in the regiment had levels of education that were either proffessional (accountancy, legal, medical) or at Old University post graduate level or above, and more than a few had passed both Civil Service and other boards and were considered high flyers. Others were stock brokers and other City types again high flyers, and as an engineer even though of recognized proffessional standing legaly and of strange security clearance I was considered an oddity in my own right, which usually played out to my advantage.

Whilst the PT Pants Green were issued to all the young ladies in the regiment they were only ever worn when away from the Regiment on WRAC training courses[2] (out on excercise most of the young ladies actually wore boxer shorts for reasons of comfort, and you would be surprised just how many of the men were given measurments and told to “go get em” by the young ladies)…

Occasionaly though the PT Pants Green were worn for a mess game that might these days be called a varient of “capture the flag” the rules of which I will not go into, other than to say to win, you had to not just capture the oppositions PT Pants Green, your “three man team” all had to get at least a leg in them at the same time at a home base with the teams designated pants wearer still wearing the teams PT Pants and without a member of the other team in them… Needless to say whilst a male team might have brut strength, and longer arms the women had speed, dexterity, and often whilst in a melee a mean set of fingernails to ventute into places most sensitive, to balance the odds. I was regarded by some of the women players as a bit of a cheat even though they knew I could “caber toss”[2], because I was strong enough and tall enough to hold their team wearer of the PT pants Green up seven or eight foot in the air or tuck her under my arm whilst fending off her team mates with my other hand whilst leisurely strolling down the mess (apparently not cricket, and one decided that sinking her teeth in my behind was par for the course).

Which all gives rise to the question how can three fully grown rugby playing men all get in a pair of WRAC PT Pants Green?

Remember I said “one size fits all” well whilst you had tiny little young ladies just tall enough to get into the army in our regiment that were bundles of directed kinetic and potential energy most fiesty, and many looked like your archetypal “British Rose”, the same was far from true of the WRAC cohort… The WRAC had women who could put Russian male weight lifters and small elephants to shame… Less than effectionatly known as the “Mastodons” for obvious reasons[3]. So PT Pants Green being “one size fits all” could at a stretch get three men in them or as was jokingly said at the time make good refugee tents…

Needless to say such a garment was in some cases, to be able to stay up, was in need of actually having a flat cord threded through the top along with the elastic such that it could be sufficiently drawn in at the waist or just below the rib cage (yes they were realy that big, we once managed to get eight London bricks in a pair and lift it up by the top).

[1] Known less than effectionately as the “Wrack-n-ruin” the WRAC was formed in 1949. It pulled in just about all women then in Army service. Officially it eventually included all women serving in the Army except medical and veterinary orderlies, chaplains and nurses and one or two proffessional specialists. Their uniform was truley appaling whilst not one size fits all, it was a truely awful shape giving even baggy a bad name, and required tailoring to even remotely have a chance of looking presentable let alone smart. The regiment I was in was “special” in that it was not directly under the “Ministry Of Defence”(MOD) but the “Foreign and Commonwralth Office”(F&CO) along with some other oddities like the “Field Axuilary Nursing Service”(FANY), “Diplomatic Wireless Service”(DWS), and the “Secret intelligence Service”(SiS/MI6). All of whom had women in Army uniform, ranks, pay scales etc, but well clear of the WRAC who appart from the very few “proffessionals” they ensnared were all considered “Not suitable as bookend material”. In the regiment I was in, the women were all issued standard “working dress” like the men, the main difference was that whilst the men got issued “Shirts wool hairy” the women got “Shirts green polyester”, though quite a few of the women traded in to get the mens wool shirts (warmer, larger, absorbed sweat without smelling, and you could sew the creases in as well, one young lady I was well aquainted with used to wear one of my special issue wool shirts as a night dress…).

[2] https://en.m.wikipedia.org/wiki/Caber_toss

[3] I once nearly started a punch up one sunday lunch time in a pub in Guildford Surrey. There used to be a large, WRAC training base as well as another Army base around Guildford. I was with some friends doing a sponsored 32mile walk “along the valley” and we had stopped at a pub for lunch. Somebody asked me if I knew what the Army Camp we would be passing after lunch when I was up at the bar getting my round in. Without thinking I said “The first one is ‘The Wreck of the Hesperus'[4] run by the ‘Wrac and ruin'”. At which point this sack of bulbous red necked expansivity I thought was a lardy arsed builder or some such turned around revealing it’s self to be one of the Mastodons and her almost identical friend. I did my fade to grey then invisable trick by steping into the crowd and ducking then diving and it turned back with it’s outsized hand still wrapped around it’s pint jug.

[4] It’s, a poinient poem by Henry Wadsworth Longfellow from 1840 a tale of folly by a Captain who looses not just his ship but daughter to Norman’s Reef. It’s the sort of thing Cambridge and Oxford classicists both male and female that were very apparent by sheer numbers in the F&CO “oddities” could recite off the top of their head. It was such enchanting examples of the “British Rose” that gave the Camp it’s unoficial name in our regiment with grim humour. Because they all had to do basic training there, and were obviously not liked by the mastodons that ran such courses. The mastodons knowing full well that with in a couple of months of the basic training the Roses would be doing either their det commander or officer training and would out rank the mastodons within a year.

Clive Robinson • April 2, 2021 6:01 AM

@ vas pup,

Thank you for the complement, but I’m not sure I have enough anecdotes to fill a book, nor do I think my story telling ability is upto say Peter Ustinov’s,

https://en.wikipedia.org/wiki/Peter_Ustinov

With regards the “Rapid Breath Test for Coronavirus Detection”

It’s an obvious if not difficult problem and solution. Kenya was soing research into such a device back about a year ago, I don’t know what happened to it.

The reason it’s obvious is that dogs can be trained to “sniff out” COVID even in nonsymptomatic and presymptomatic people at “ankle hight” with better than 94% reliability.

The dog and it’s handler take about three weeks to train, a lot of it being the trouble with getting the handler to understand the rich indicators the dog puts out (being intelligent the dogs want to be not just helpfull but good at it).

There are two main problems though,

1, Few authorities want to use dogs often due to “NIH Syndrome”.

2, The dog does not come with an “idiot indicator” driven by a computer chip.

And that’s before the issue of you can not just chuck the dog in a cupboard at the end of the day and go off down the pub.

It’s a shame because from an economic viewpoint they would be able to rapidly test people for further screening just by walking people past the dog or vice versa. So way faster than any other testing system that exists and dogs can be retrained for other diseases or chemicals and in many ways are more agile and usefull than the typical human operator of electronic equipment.

Clive Robinson • April 7, 2021 8:34 PM

@ Wesley Parish, ALL,

How could the SDI HQ guarantee that it could avoid losing control of the vast network that was necessary?

They could not then, and they still can not now.

However the Chinese with their “entangled particle communications satellite” might just be getting towards that goal (though it’s very very vulnerable to a kinetic denial of service via space missile).

At the end of the day two things must be in place,

1, A secure root of trust.
2, Guarenteed control of the root of trust.

Whilst we know of ways to do the first (propperly setup and used “Perfect Security” aka OTP being one). The real problem is the second one and that is problematic.

To see why, look at it this way, I’ve a safe full of OTPs to imolement “Perfect Security” communications. An attacker has to obvious ways of stopping me,

1, Jam Communications.
2, Drop a nuke where the safe is.

To stop the second attack that means having replicated stores of the OTP in several places. That implicitly and practically breaks the OTP rules that give perfect secrecy thus security over the root of trust.

Similar logic but in the temporal domain applies to jamming. Each command I send has to use fresh OTP otherwise it implicitly and practically breaks the OTP rules thst give perfect secrecy thus security over the root of trust. So jamming forces me to burn through the OTP in an attempt to beat the jamming thus regain control. Eventually the satellite is going to run out of OTP.

Each method you use to try to retain the root of trust thus control can be countered by an enemy of similar sophistication as yourself.

Thus you get the same “Turtles all the way down” issues that arose with Electronic Warfare in general but most notably the ECM/ECCM/ECCCM/… spiral that leads to a stalemate thus loss of utility of the primary system and increasing resource cost.