The fact that after goading you were not able to proffer the nature of the situation to which I was alluding implies most strongly that indeed you do have the gaping hole in your knowledge that I suspected. That's why I didn't spell things out in my previous post. I wanted to offer you the chance of a recovery. Alas, instead, all you could do is respond with a posy of logical falacies.
So you blew it, you've been found out, your knowledge of unix is clearly at best flimsy. I wouldn't trust you with a handful of liras, let alone a real currency.
A cryptographic hash isn't spin. Linus' repository is exactly as trustable as any other with the same hash, and that includes git.kernel.org's. If you don't trust git.kernel.org, and the hashes match, you mustn't trust Linus' either. You either have no concept of how git works, or you're a loon. Or both.
DigiNotar may only be 2% of Vasco's revenue, but it looks like july 19th was responsible for 50% of the perceived value of the shares. For magically making that value disappear, of course: http://uk.finance.yahoo.com/q/bc?s=VDSI&t=3m&l=on&z=l&q=l&c=
I notice the GGPP did say "double diverse compilation" which perhaps tricked you. The origionally coined term is "diverse double-compiling". Maybe the word-order changed the emphasis and thence the interpretation.
Root privilege is really not the be all and end all in the grand scheme of things. I tend to view claims that it is as a kind of shibboleth to separate those who know about kernel security, and those who don't. You can guess which of the two classes you've moved yourself into.
Are you saying you don't trust an unbroken sequence of tens of thousands of cryptically secure hashes, serially dependent on each other to prove that the whole tree is identical to what it should be? Care to share what cryptographic insights you have - is your paper going to be published soon?
Even if you don't, there are tens of thousands of secure sources out there, as every single developer who uses git (which is almost all of them), has the entire repository mirrored, often multiple times.
Downmod parent. Hasn't got a clue about linux source code management.
The reason they've detected no meddling with sources is that they'd need to change it on tens of thousands of machines simultaniously in order to not get found out immediately. Every single change, and some changes are minute, just a single line, is cryptographically hashed. Not just that, but it's on full display in the history. And all of them are signed off by those who approve its inclusion.
There has historically only been one case that I know of of deliberate broken code being maliciously injected into the kernel tree, but that was done the only way that's possible - the slow and steady inclusion via subsystem maintainers' trees, and finally into the mainline. I.e. not by hacks or scripting or robotic attacks. And, of course, given that I know of it, that was caught.
That's where *double*-compilation comes in. You use a trusted compiler to compile the no-explicit-evilness-required gcc, to generate a trusted gcc (you can audit the gcc source, and you trust the bootstrapping compiler). Then use trusted-gcc to compile linux. Finally compare that against the linux built by evil-gcc (which might be no-explicit-evilness-required gcc built by evil-gcc).
Both times, it's gcc's output you're comparing. The output of the trusted bootstrap compiler merely an intermediate helper.
Very insightful post. That's why on compromise, the only sane reaction is reinstalling from scratch, ftp server included.
(Though I did once encounter a rooted system, and take it as a personal challenge to undo everything the rootkit had done. That was equally insightful, and quite hard (and delicate) work. I'd not do it again, as it was clear that I was dealing with a fairly amateurish rootkit (I could immediately see how to make it more stealthy, for example), and it's just not worth the risk.)
The Black Death as a pandemic, or even an epidemic isn't coming back, but as an extant disease it never even went away.
I had the pleasure of chatting to the "JM" mentioned in the arstechnica article just last week, and he told me that there are about 70 deaths per year in the US alone. It's still a killer. And in the faeces-rubbing parts of the world (lovely image, by the way), I'm sure it's way higher.
Where can I see the proof that that weird Turkish CA, whose root cert is by default trusted by Firefox, has all the steps in place to ensure this kind of thing could never happen to them?
And that Hungarian one. And that Network Solutions one. And bloody all of them.
Which is a folk etymology with no documented use that way. And as we've been writing things down since before we were even speaking the language that's familiar to us now, for such usage to not be recorded implies very strongly there was no such usage. Don't think that ancient authors were prudish - far from it, they were at least as bawdy as anything until about half a century ago. Just because English went through a lull in its willingness to mention any bodily functions in the Victorian era doesn't mean that which came before it was also so self-censored.
And who has "cods" anyway? I certainly only have one, no more.
I remember back in the 90s as some friday afternoon fun someone would suggest a stupid concept, and the rest of the office would have to find on the internet the image that best matched the concept. I generally won more often than anyone else, and my search engine of choice was HotBot. Not because HotBot was particularly brilliant, merely that it responded well to precisely-crafted queries. I think altiavista was trying to be a bit too clever, as if you changed your query slightly, you'd get the same results, because it thought it knew best and wuold try to reinterpret what you'd typed. The other guys who occasionally won were all AltaVista users, however, so it clearly was capable of doing the job.
Google, being more "intelligent" than altavista, seems to have stripped me of all my search-engine fu now. In fact it often returns things I've explicitly said I'm not interested in, but it knows best.
If you're just doing your job, then you need to tell your superiors that your job is (a) impossible and (b) immoral. That, and if they think they can get someone else to do the job, anyone who claims that the job is possible is talking bollocks. Make sure you use those exact words.
I've been in a very similar situation myself. I quit my job in the middle of the meeting where our team's next task was being explained to us.
Perhaps because they don't mean exactly the same thing by any stretch of the imagination in any dialect of English with which I'm familiar, which is a quite a few.
"So your second sentence proves your first sentence wrong... and you still don't get it."
Not at all. I get it very clearly indeed. My $DAYJOB is programming such things.
"It was designed and built for a specific task. It matters not one single bit that it shares components that a general purpose computer shares. If thats your argument, then my wrist watch is a general purpose computer and you're a moron."
Your argument is empty. They took a general purpose computer architecture (a general purpose processor with general purpose busses on commodity interconnects leading out from it, and plugged perfectly standard peripherals into those busses), and simply restricted what you could do with it in software. The hardware is still 100% general purpose. Just because you have know idea what a bootloader can do doesn't make my argument false, if anything it makes you the moron.
In no way does your wristwatch have a general purpose processor with commodity interconnects, and perfectly standard (for a general purpose computer) peripherals.
My mobile phone (which I worked on as $DAYJOB), however, can be turned into everything from a desktop computer (USB for keyboard/mouse/networking, wireless for networking also, TV-out for the screen, and micro-SD for bulk storage) to a router, an intrusion detection system (it has cameras), or even a mobile communication device....
"By your definition the ECU in my car, my TV, my toaster, my microwave, my toy radar gun, my radios for my RC cars/planes, and my XBox are all general purpose computers, yet no person with any sort of grasp on reality at all would call them such things."
Anyone with more than half a brain would immediately detect that as a complete straw man. Alas you seem to have not been able to detect that flaw in your argument yourself.
"Its not a general purpose computer just because it has an x86 chip in it either."
I wish I'd read that first, as I would have known that you really were too ignorant to be worth responding to.
Where did you pull '251 bits' from? Crasking AES-256 is 2^256 workfactor until you show me 2^88 bits of fast storage. If you read what they wrote, you'll see they clearly say that their attack has no practical implications at all.
Slashdot Mirror
The fact that after goading you were not able to proffer the nature of the situation to which I was alluding implies most strongly that indeed you do have the gaping hole in your knowledge that I suspected. That's why I didn't spell things out in my previous post. I wanted to offer you the chance of a recovery. Alas, instead, all you could do is respond with a posy of logical falacies.
So you blew it, you've been found out, your knowledge of unix is clearly at best flimsy. I wouldn't trust you with a handful of liras, let alone a real currency.
A cryptographic hash isn't spin. Linus' repository is exactly as trustable as any other with the same hash, and that includes git.kernel.org's. If you don't trust git.kernel.org, and the hashes match, you mustn't trust Linus' either. You either have no concept of how git works, or you're a loon. Or both.
Just curious - have you seen /Inside Job/ yet?
DigiNotar may only be 2% of Vasco's revenue, but it looks like july 19th was responsible for 50% of the perceived value of the shares. For magically making that value disappear, of course:
http://uk.finance.yahoo.com/q/bc?s=VDSI&t=3m&l=on&z=l&q=l&c=
I notice the GGPP did say "double diverse compilation" which perhaps tricked you. The origionally coined term is "diverse double-compiling". Maybe the word-order changed the emphasis and thence the interpretation.
Root privilege is really not the be all and end all in the grand scheme of things. I tend to view claims that it is as a kind of shibboleth to separate those who know about kernel security, and those who don't. You can guess which of the two classes you've moved yourself into.
Are you saying you don't trust an unbroken sequence of tens of thousands of cryptically secure hashes, serially dependent on each other to prove that the whole tree is identical to what it should be? Care to share what cryptographic insights you have - is your paper going to be published soon?
Even if you don't, there are tens of thousands of secure sources out there, as every single developer who uses git (which is almost all of them), has the entire repository mirrored, often multiple times.
Downmod parent. Hasn't got a clue about linux source code management.
The reason they've detected no meddling with sources is that they'd need to change it on tens of thousands of machines simultaniously in order to not get found out immediately. Every single change, and some changes are minute, just a single line, is cryptographically hashed. Not just that, but it's on full display in the history. And all of them are signed off by those who approve its inclusion.
There has historically only been one case that I know of of deliberate broken code being maliciously injected into the kernel tree, but that was done the only way that's possible - the slow and steady inclusion via subsystem maintainers' trees, and finally into the mainline. I.e. not by hacks or scripting or robotic attacks. And, of course, given that I know of it, that was caught.
"its code output is going to be ..."
irrelevant!
That's where *double*-compilation comes in. You use a trusted compiler to compile the no-explicit-evilness-required gcc, to generate a trusted gcc (you can audit the gcc source, and you trust the bootstrapping compiler). Then use trusted-gcc to compile linux. Finally compare that against the linux built by evil-gcc (which might be no-explicit-evilness-required gcc built by evil-gcc).
Both times, it's gcc's output you're comparing. The output of the trusted bootstrap compiler merely an intermediate helper.
Very insightful post. That's why on compromise, the only sane reaction is reinstalling from scratch, ftp server included.
(Though I did once encounter a rooted system, and take it as a personal challenge to undo everything the rootkit had done. That was equally insightful, and quite hard (and delicate) work. I'd not do it again, as it was clear that I was dealing with a fairly amateurish rootkit (I could immediately see how to make it more stealthy, for example), and it's just not worth the risk.)
You my laugh, but I have at least twice been approached by agencies who are looking for a colonel developer.
"You can manually delete this certificate from any version of Firefox with these steps: "
Did that. Deleted (I don't have a distrust option) that one and a load of others too. Looked back at the list later, and the cert was back again.
Clearly "any version" does not apply to debian/stable. Or they have pretty glaring bugs.
Thank you, thank you, thank you for those links.
His talk was a breath of fresh air in the stench of the situation we currently find ourselves in.
The Black Death as a pandemic, or even an epidemic isn't coming back, but as an extant disease it never even went away.
I had the pleasure of chatting to the "JM" mentioned in the arstechnica article just last week, and he told me that there are about 70 deaths per year in the US alone. It's still a killer. And in the faeces-rubbing parts of the world (lovely image, by the way), I'm sure it's way higher.
Where can I see the proof that that weird Turkish CA, whose root cert is by default trusted by Firefox, has all the steps in place to ensure this kind of thing could never happen to them?
And that Hungarian one. And that Network Solutions one. And bloody all of them.
Wow! I salute you, sir, and whatever filtering software your brain uses!
Which is a folk etymology with no documented use that way. And as we've been writing things down since before we were even speaking the language that's familiar to us now, for such usage to not be recorded implies very strongly there was no such usage. Don't think that ancient authors were prudish - far from it, they were at least as bawdy as anything until about half a century ago. Just because English went through a lull in its willingness to mention any bodily functions in the Victorian era doesn't mean that which came before it was also so self-censored.
And who has "cods" anyway? I certainly only have one, no more.
I remember back in the 90s as some friday afternoon fun someone would suggest a stupid concept, and the rest of the office would have to find on the internet the image that best matched the concept. I generally won more often than anyone else, and my search engine of choice was HotBot. Not because HotBot was particularly brilliant, merely that it responded well to precisely-crafted queries. I think altiavista was trying to be a bit too clever, as if you changed your query slightly, you'd get the same results, because it thought it knew best and wuold try to reinterpret what you'd typed. The other guys who occasionally won were all AltaVista users, however, so it clearly was capable of doing the job.
Google, being more "intelligent" than altavista, seems to have stripped me of all my search-engine fu now. In fact it often returns things I've explicitly said I'm not interested in, but it knows best.
If you're just doing your job, then you need to tell your superiors that your job is (a) impossible and (b) immoral. That, and if they think they can get someone else to do the job, anyone who claims that the job is possible is talking bollocks. Make sure you use those exact words.
I've been in a very similar situation myself. I quit my job in the middle of the meeting where our team's next task was being explained to us.
"The role of chimney sweep Bert in Mary Poppins was played by actor Dick van Dyke."
Oh noes! Evil, evil, evil. Let's see if I can fix it for you:
"The role of chimney sweep Bert in Mary Poppins was played by an American actor whose cockney accent was complete bollocks."
That's better.
Heaven help anyone quoting the bible. Most of those words occur in the KJV, for example:
$ zgrep -c -w pot kjv.txt.gz
21
$ zgrep -c -w weed kjv.txt.gz
1
$ zgrep -c -w grass kjv.txt.gz
60
$ zgrep -c -w drunk kjv.txt.gz
36
$ zgrep -c -w shoot kjv.txt.gz
19
$ zgrep -c -w stab kjv.txt.gz
0
$ zgrep -c -w knife kjv.txt.gz
6
$ zgrep -c -w kill kjv.txt.gz
128
$ zgrep -c -w naked kjv.txt.gz
48
$ zgrep -c -w molest kjv.txt.gz
2
Perhaps because they don't mean exactly the same thing by any stretch of the imagination in any dialect of English with which I'm familiar, which is a quite a few.
> Our well is [...] horribly rusty
Hence your nickname?
"So your second sentence proves your first sentence wrong ... and you still don't get it."
...
Not at all. I get it very clearly indeed. My $DAYJOB is programming such things.
"It was designed and built for a specific task. It matters not one single bit that it shares components that a general purpose computer shares. If thats your argument, then my wrist watch is a general purpose computer and you're a moron."
Your argument is empty. They took a general purpose computer architecture (a general purpose processor with general purpose busses on commodity interconnects leading out from it, and plugged perfectly standard peripherals into those busses), and simply restricted what you could do with it in software. The hardware is still 100% general purpose. Just because you have know idea what a bootloader can do doesn't make my argument false, if anything it makes you the moron.
In no way does your wristwatch have a general purpose processor with commodity interconnects, and perfectly standard (for a general purpose computer) peripherals.
My mobile phone (which I worked on as $DAYJOB), however, can be turned into everything from a desktop computer (USB for keyboard/mouse/networking, wireless for networking also, TV-out for the screen, and micro-SD for bulk storage) to a router, an intrusion detection system (it has cameras), or even a mobile communication device.
"By your definition the ECU in my car, my TV, my toaster, my microwave, my toy radar gun, my radios for my RC cars/planes, and my XBox are all general purpose computers, yet no person with any sort of grasp on reality at all would call them such things."
Anyone with more than half a brain would immediately detect that as a complete straw man. Alas you seem to have not been able to detect that flaw in your argument yourself.
"Its not a general purpose computer just because it has an x86 chip in it either."
I wish I'd read that first, as I would have known that you really were too ignorant to be worth responding to.
Where did you pull '251 bits' from? Crasking AES-256 is 2^256 workfactor until you show me 2^88 bits of fast storage. If you read what they wrote, you'll see they clearly say that their attack has no practical implications at all.