In the campaign, Obama promised to pull out the combat brigades within 16 months. If you start counting from his inauguration, it's been 19 months. Wow, a President doing something he promised he would do, within 3 months of the date he said he would do it. Yeah, it's clearly a conspiracy.
This hack requires that a machine be connected to the outside via phone. This is increasingly going away.
No. I was there and saw the presentation live. There are actually two ways to accomplish this. The first way is to call in to the ATM and bypass the RMS authentication process (he did not describe how to do this, but it was apparently trivial). If your ATM is not plugged in, or if RMS is disabled, then this doesn't work, and he was very clear on that.
The second way is actually a physical attack. You get an ATM key (they are all single-key and you can order the keys online) which opens the electronics compartment (a much more secure key is used for the cash box, obviously). You reach in with a USB stick that contains a firmware update, and plug it in to an available USB port on the mobo. Then you close the enclosure and walk away for several minutes while the firmware updates itself.
My first impression was that the design of these ATMs is idiotic. You can buy a one-size-fits all key that gives access to the mobo, and once you have that, you can update the firmware with a USB stick, with no type of authentication whatsoever? Give me a fucking break. He sheepishly said "I really should be faster at this than I am now," but in reality he accomplished the physical hack in about 10 seconds.
It was a fucking AWESOME demo and he got a standing ovation.
Ahh, yes. That's why they released the source code. To make sure that nobody could ever modify it. And that's why they added a developer's console along with a command to switch to first-person view. To make sure that nobody could ever possibly activate that. And that's why the first person perspective was implemented in the first place. Because developers have nothing better to do than waste their time on features they hate and never want anyone to use.
In short, if I had a choice between writing a kernel and guaranteeing that it was vulnerability-free, and writing a browser and guaranteeing it was vulnerability-free, I would take the kernel any day. It's a significantly easier piece of software.
The kernel (let's use Linux as an example) is significantly higher quality, not because it is a simpler piece of code but because it is written by people who aren't morons and actually care about robustness. A web browser has a lot of spec cruft to contend with, but that's peanuts -- a kernel has to contend with anything that could possibly occur on the machine, in any order, simultaneously or not, by any user, using any device, with any amount of memory, any number of CPUs, and any unknown modifications, modules, or other tweaks that might be in place. Comparing the two types of software is insane.
By this logic, is any software one writes for Linux obligated to be GPL?
No, because of the "system library" exception in the GPL. See here:
However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
There's a clarification that user-space programs that use the standard
system call interfaces aren't considered derived works, but even that
isn't an "exception" - it's just a statement of a border of what is
clearly considered a "derived work". User programs are _clearly_ not
derived works of the kernel, and as such whatever the kernel license is
just doesn't matter.
When you wear black clothes and stand in front of a spotlight, does the light start to bend towards you? Does the amount of light going in other directions get reduced by any particular amount?
No, but that's because incandescent light is incoherent light. With coherent light, like carefully modulated RF, a passive absorber can cause effects that are more complicated than just "casting a shadow." The radiation field is a superposition of an infinite number of waves. By absorbing some of these waves you obviously decrease the total power of the light field, but you may also cause constructive interference in some regions and destructive interference in others. And where precisely the effects occur isn't as simple as a "shadow" behind the absorber.
With incoherent light, interference does not occur (rather, it averages out over short time periods) and so these interference-related effects aren't something you see in the every day world. But modulated RF is most certainly NOT incoherent.
Yeah, stealing electricity also has its problems...
Right, because the spy agencies that would have the most use for such surveillance devices are just going to throw their plans out the window because they couldn't figure out how to pay the power company.
MIT is just developing a technology, they aren't stealing power for their computing center. Jesus.
Without copyright, companies could steal GPL code without consequence
So what's your point? Suppose some company takes my code, adds cool features to it, and starts selling it. Well, I'll just copy that code, improve it further, and sell it myself. THERE'S NO COPYRIGHT, remember?
As somebody who actually writes firmware, the distinction is completely relevant. Firmware is something I can easily get at and change, either to break it or repair it. Hardware is completely off limits to modification because it physically can't be done.
Okay, with an FPGA or CPLD the distinction blurs a little bit. But that's not the topic. The topic is malicious code residing in firmware persistant storage. That is most certainly not HARDWARE. It is a bit pattern.
So, what do you pick if you are confused? Are you honestly stating that when you are without a car and need one, confusion will result in you walking away without an automobile?
What part of the word "usually" did you not understand?
What benefit is there in confusing your customers as to which product they should purchase? When I, as a consumer, feel overwhelmed or confused about a product choice, I usually respond by simply purchasing nothing at all. And I'm sure I'm not alone in that.
A disagree mod seems completely pointless. All it tells me is that "Somewhere, somebody disagreed with this guy." Well that's great. What did you disagree with? His hairstyle while posting? Come on, if somebody is wrong, then tell me what's right instead.
There's a lot of comments on this subject along the lines of "Why couldn't they make it easier to program?"
Why should they? Just because not every programmer on the planet can do it doesn't mean there's nobody who can do it. There are plenty of people who can. Find one of these people and hire them. Problem solved.
Most programmers can't even write single-threaded assembly code any more. If you need some assembly code written, you hire somebody who knows how to do it. I don't see how this is any different.
As far as whether all programming will head this direction eventually, I don't think so. Most computational tasks are data-bound, and throughput is enhanced by improving the data backends, which are usually handled by third parties. We already don't know how the hell our own systems work. For the people who really need this kind of thing, you need to go out and learn it or find somebody who knows it. Expecting that the whole world can do it is crazy thinking.
Whether it is encrypted doesn't matter. I'm a PCI device on your wireless bus. I can access all of your system RAM. The fact that the data is encrypted as it is transmitted to me is irrelevant. Authentication is what's necessary here.
Refer to the FireWire phys-DMA problem. I can take a firewire-capable video camera, hack the firmware, and create a device that, when plugged into any computer's firewire port, can read and write any value in RAM. Without OS involvement, without anybody even knowing I'm doing it. That's what I'm worried about here.
In past days this would be properly seen as a hardware quirk to be worked around. Like a buggy SCSI controller which trashes your disks when you hit it with an obscure command sequence. You don't throw up your hands, foam at the mouth, and threaten the manufacturer! You figure out what you need to do to avoid the undesirable behavior.
My God, you modder people are turning into a bunch of pussies and whiners. THE WHOLE POINT OF WHAT YOU ARE DOING is to have fun and push the hardware into areas it was not meant to go. In this case, the manufacturers have laid a few things in your path to make life interesting. Take it as a challenge, as we've always done in the past, rather than acting like a whiny bitch. My God, the hacker spirit is well and truly dead.
Wireless PCI Express? Awesome. I'll just walk by with a specially designed device, master the bus, and DMA the entire contents of your RAM over to a laptop. Then I'll change some interesting bytes here and there, and DMA it back.
This sounds like the dumbest attack vector since FireWire came out with physical DMA support.
I guess my question is, why is the physical layer defined in the same specification as the host interface? I suppose there are some points of crossover, such as being able to guarantee bandwidth during the DMA operations, but I thought USB already provided bandwidth guarantees upon request.
I wish I could draw a Venn diagram here to explain what I mean. Imagine that circle A is the host software environment and OS kernel, circle B is the host side of the controller interface, circle C is the hardware/physical layer. Circle A and B overlap, circle B and C overlap, circle A and C do not overlap. It seems like DMA exists within the overlap of circles A and B, and should not depend on what is inside circle C, at least not much.
My wife is really good at abusing things. Instead of snapping off the connector, she just places the power cable under the computer forcing it to make a 180 degree bend with a radius of about 0.5 centimeters. Every time I see this I obsessively straighten it out. I point it out, she goes "Oh, hmm, you're right about that..." then just does it again:-)
At least it's the cable that will eventually die, not the power connector on the laptop. But believe me, that thing will be destroyed at some point.
Unless USB3 can do DMA transfers (i.e. without needing the CPU's direct involvement) Firewire will stay. Honestly the USB standard seems to be a step backwards to PIO days.
As somebody who is currently writing Linux device drivers for some extremely bizarre hardware which is capable of DMA, I can only say... "Hurrrgh?"
What does DMA have to do with the USB3 wire protocol? DMA is a function of the host controller. If you want DMA capability, then put it in the controller. What on earth does this have to do with the wire signaling? Asking whether USB3 can do DMA is like asking if TCP/IP supports Microsoft Outlook.
But I haven't read the USB3 spec. Perhaps it's a schizophrenic combination of physical specifications and host endpoint specifications, in which case I wonder what the hell somebody is smoking?
Slashdot Mirror
In the campaign, Obama promised to pull out the combat brigades within 16 months. If you start counting from his inauguration, it's been 19 months. Wow, a President doing something he promised he would do, within 3 months of the date he said he would do it. Yeah, it's clearly a conspiracy.
This hack requires that a machine be connected to the outside via phone. This is increasingly going away.
No. I was there and saw the presentation live. There are actually two ways to accomplish this. The first way is to call in to the ATM and bypass the RMS authentication process (he did not describe how to do this, but it was apparently trivial). If your ATM is not plugged in, or if RMS is disabled, then this doesn't work, and he was very clear on that.
The second way is actually a physical attack. You get an ATM key (they are all single-key and you can order the keys online) which opens the electronics compartment (a much more secure key is used for the cash box, obviously). You reach in with a USB stick that contains a firmware update, and plug it in to an available USB port on the mobo. Then you close the enclosure and walk away for several minutes while the firmware updates itself.
My first impression was that the design of these ATMs is idiotic. You can buy a one-size-fits all key that gives access to the mobo, and once you have that, you can update the firmware with a USB stick, with no type of authentication whatsoever? Give me a fucking break. He sheepishly said "I really should be faster at this than I am now," but in reality he accomplished the physical hack in about 10 seconds.
It was a fucking AWESOME demo and he got a standing ovation.
Ahh, yes. That's why they released the source code. To make sure that nobody could ever modify it. And that's why they added a developer's console along with a command to switch to first-person view. To make sure that nobody could ever possibly activate that. And that's why the first person perspective was implemented in the first place. Because developers have nothing better to do than waste their time on features they hate and never want anyone to use.
In short, if I had a choice between writing a kernel and guaranteeing that it was vulnerability-free, and writing a browser and guaranteeing it was vulnerability-free, I would take the kernel any day. It's a significantly easier piece of software.
The kernel (let's use Linux as an example) is significantly higher quality, not because it is a simpler piece of code but because it is written by people who aren't morons and actually care about robustness. A web browser has a lot of spec cruft to contend with, but that's peanuts -- a kernel has to contend with anything that could possibly occur on the machine, in any order, simultaneously or not, by any user, using any device, with any amount of memory, any number of CPUs, and any unknown modifications, modules, or other tweaks that might be in place. Comparing the two types of software is insane.
By this logic, is any software one writes for Linux obligated to be GPL?
No, because of the "system library" exception in the GPL. See here:
However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
And some commentary by Linus himself:
There's a clarification that user-space programs that use the standard system call interfaces aren't considered derived works, but even that isn't an "exception" - it's just a statement of a border of what is clearly considered a "derived work". User programs are _clearly_ not derived works of the kernel, and as such whatever the kernel license is just doesn't matter.
When you wear black clothes and stand in front of a spotlight, does the light start to bend towards you? Does the amount of light going in other directions get reduced by any particular amount?
No, but that's because incandescent light is incoherent light. With coherent light, like carefully modulated RF, a passive absorber can cause effects that are more complicated than just "casting a shadow." The radiation field is a superposition of an infinite number of waves. By absorbing some of these waves you obviously decrease the total power of the light field, but you may also cause constructive interference in some regions and destructive interference in others. And where precisely the effects occur isn't as simple as a "shadow" behind the absorber.
With incoherent light, interference does not occur (rather, it averages out over short time periods) and so these interference-related effects aren't something you see in the every day world. But modulated RF is most certainly NOT incoherent.
Yeah, stealing electricity also has its problems...
Right, because the spy agencies that would have the most use for such surveillance devices are just going to throw their plans out the window because they couldn't figure out how to pay the power company.
MIT is just developing a technology, they aren't stealing power for their computing center. Jesus.
1. Shoot laser at target area
2. Is target area aflame?
Yes - Target area contained a forest previously
No - Target area was not a forest
Without copyright, companies could steal GPL code without consequence
So what's your point? Suppose some company takes my code, adds cool features to it, and starts selling it. Well, I'll just copy that code, improve it further, and sell it myself. THERE'S NO COPYRIGHT, remember?
As somebody who actually writes firmware, the distinction is completely relevant. Firmware is something I can easily get at and change, either to break it or repair it. Hardware is completely off limits to modification because it physically can't be done.
Okay, with an FPGA or CPLD the distinction blurs a little bit. But that's not the topic. The topic is malicious code residing in firmware persistant storage. That is most certainly not HARDWARE. It is a bit pattern.
POS software that needs a gig of RAM? I'd like to hear the justification...
So, what do you pick if you are confused? Are you honestly stating that when you are without a car and need one, confusion will result in you walking away without an automobile?
What part of the word "usually" did you not understand?
What benefit is there in confusing your customers as to which product they should purchase? When I, as a consumer, feel overwhelmed or confused about a product choice, I usually respond by simply purchasing nothing at all. And I'm sure I'm not alone in that.
Maybe I'm missing something... What would be bad about giving the president of the company a list of the company's customers? Huh?
A disagree mod seems completely pointless. All it tells me is that "Somewhere, somebody disagreed with this guy." Well that's great. What did you disagree with? His hairstyle while posting? Come on, if somebody is wrong, then tell me what's right instead.
There's a lot of comments on this subject along the lines of "Why couldn't they make it easier to program?"
Why should they? Just because not every programmer on the planet can do it doesn't mean there's nobody who can do it. There are plenty of people who can. Find one of these people and hire them. Problem solved.
Most programmers can't even write single-threaded assembly code any more. If you need some assembly code written, you hire somebody who knows how to do it. I don't see how this is any different.
As far as whether all programming will head this direction eventually, I don't think so. Most computational tasks are data-bound, and throughput is enhanced by improving the data backends, which are usually handled by third parties. We already don't know how the hell our own systems work. For the people who really need this kind of thing, you need to go out and learn it or find somebody who knows it. Expecting that the whole world can do it is crazy thinking.
Whether it is encrypted doesn't matter. I'm a PCI device on your wireless bus. I can access all of your system RAM. The fact that the data is encrypted as it is transmitted to me is irrelevant. Authentication is what's necessary here.
Refer to the FireWire phys-DMA problem. I can take a firewire-capable video camera, hack the firmware, and create a device that, when plugged into any computer's firewire port, can read and write any value in RAM. Without OS involvement, without anybody even knowing I'm doing it. That's what I'm worried about here.
Such an error could be recovered, since presumably it doesn't render the disks inoperable.
How does eFuse render the device inoperable? It can be reset with a JTAG programmer. It's not like the device catches on fire.
Even if the device did catch fire, the next step is to get another one and ask yourself "Now, how can I prevent that from happening this time?"
How can you ever accomplish something if you go into it with the assumption that it's impossible?
In past days this would be properly seen as a hardware quirk to be worked around. Like a buggy SCSI controller which trashes your disks when you hit it with an obscure command sequence. You don't throw up your hands, foam at the mouth, and threaten the manufacturer! You figure out what you need to do to avoid the undesirable behavior.
My God, you modder people are turning into a bunch of pussies and whiners. THE WHOLE POINT OF WHAT YOU ARE DOING is to have fun and push the hardware into areas it was not meant to go. In this case, the manufacturers have laid a few things in your path to make life interesting. Take it as a challenge, as we've always done in the past, rather than acting like a whiny bitch. My God, the hacker spirit is well and truly dead.
Wireless PCI Express? Awesome. I'll just walk by with a specially designed device, master the bus, and DMA the entire contents of your RAM over to a laptop. Then I'll change some interesting bytes here and there, and DMA it back.
This sounds like the dumbest attack vector since FireWire came out with physical DMA support.
How about you worry about what you do, instead of what somebody else does?
As far as the ethics of it, can you guarantee that your jamming signal doesn't inadvertently affect people or devices it was not intended for?
So, the fact that's it's illegal to active-jam cell phones just doesn't matter to you?
I guess my question is, why is the physical layer defined in the same specification as the host interface? I suppose there are some points of crossover, such as being able to guarantee bandwidth during the DMA operations, but I thought USB already provided bandwidth guarantees upon request. I wish I could draw a Venn diagram here to explain what I mean. Imagine that circle A is the host software environment and OS kernel, circle B is the host side of the controller interface, circle C is the hardware/physical layer. Circle A and B overlap, circle B and C overlap, circle A and C do not overlap. It seems like DMA exists within the overlap of circles A and B, and should not depend on what is inside circle C, at least not much.
My wife is really good at abusing things. Instead of snapping off the connector, she just places the power cable under the computer forcing it to make a 180 degree bend with a radius of about 0.5 centimeters. Every time I see this I obsessively straighten it out. I point it out, she goes "Oh, hmm, you're right about that..." then just does it again :-)
At least it's the cable that will eventually die, not the power connector on the laptop. But believe me, that thing will be destroyed at some point.
Unless USB3 can do DMA transfers (i.e. without needing the CPU's direct involvement) Firewire will stay. Honestly the USB standard seems to be a step backwards to PIO days.
As somebody who is currently writing Linux device drivers for some extremely bizarre hardware which is capable of DMA, I can only say... "Hurrrgh?"
What does DMA have to do with the USB3 wire protocol? DMA is a function of the host controller. If you want DMA capability, then put it in the controller. What on earth does this have to do with the wire signaling? Asking whether USB3 can do DMA is like asking if TCP/IP supports Microsoft Outlook.
But I haven't read the USB3 spec. Perhaps it's a schizophrenic combination of physical specifications and host endpoint specifications, in which case I wonder what the hell somebody is smoking?