I give my condolences to the family, the friends, and the untold and uncountable engineers who Mr. Davies' work has influenced. I can only say that if it is the humble goal of all engineers to truly expand the knowledge and define the methods by which humanity seeks to function, then Mr. Davies truly succeeded to a degree that all of us can only aspire to reach.
I didn't know him, but his work has directly influenced my life and my studies. (One of his more intriguing discoveries is referenced in my Signature!) To those who complain that others may have received more fame than he, I can only say that genuine impact is of greater value than any shallow fame, and that Mr. Davies truly contributed genuinely to the lives of myself, my coworkers, and each of you who may read this message.
God speed, Donald Davies. You did well for yourself. Engineers throughout the world salute you, and your contributions.
Alter your definitions of what it means to detect a light transmission, or even to *begin* a light transmission, and it would seem like results like this would be possible.
That there's a tail to the light posits that there's a time delay in which some small information-bearing light reaches the far end. This tail is not a staccato burst--there's a beam of light behind it. Perhaps whatever happens at the far end causes a cascade reaction(to keep the rush hour analogy, traffic gets backed up *real fast) to amplify backwards in a manner that is *detected* superluminally but is not superluminal itself(such detections are common--shine a laser on a far away mountain--your beam moves superluminally, even though your light doesn't. Persistence of vision is a human trait, not an optical property of nature.)
That these atoms seem primed for amplification of light makes me particularly curious if their amplification traits are triggering false speed measurements. Even if the wavelength is theoretically set for crystal clear propogation, something as major as 300*c transmission would call for further study on exactly what's being detected. My personal guess is that either the time of the initial transmission is being misjudged(imagine a buffering operation taking place within each atom, now imagine those atoms releasing their buffers in the manner they might if they were backpropogating a wave, all in sync to 300C).
That's my guess. But who knows--least of all me;-)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
The world's most closed public access network service(AOL) is planning to use one of the most open infrastructure operating systems(Linux) to combat the most self-doubting software company we've ever seen(Microsoft) by teaming up with ambitious but still waiting to break through firm(Gateway) and an inordinately secretive skunkworks shop(Transmeta) that happens to employ the creator of that aforementioned extremely open operating system(Linus).
Essentially, AOL trumpets an age of freedom(No MS, No Intel) by ushering in products that will likely be a long-studied model of consumer entrapment(cheap devices that only connect to AOL). Of course, such tactics wouldn't have worked that well back when AOL had teams of lobbyists seeking to make sure nobody could monopolize the net access market(the "Open Access" push) but that push has mysteriously disappeared now that AOL would be in the position of having to open its access(thinks it'll merge with Time Warner.) Meanwhile, AOL deserves superlative credit for crafting an Online Experience positive enough to drive an unacknowledged portion of the Net economy(Excellent UI design), but they've included enough code in their new revision to prevent customers from exploring other services(Roach Motel 5.0).
Guh. It's corporate tennis...you never know who's playing what side of the court, you just see your head going back...and forth...and back...and forth...
"Good. Bad. I'm the guy with the gun." --(Best attribution for this quote, besides Ash, gets a cookie.)
Yours Exhaustedly,
Dan "I Can't Believe It's Not Justice" Kaminsky DoxPara Research http://www.doxpara.com
If the message is for multiple recipients, recipient A could decrypt the message, alter it, compute the correct hash for the altered message, and then repackage and send the altered message along to the other recipients who will accept this message as legitimate. To prevent this, the hash of the correct message should be 'signed' in some fashion where only the origional sender can create it. This process describes GPG's 'sign' option, which we know works.
Hadn't considered the multiple recipient problem when it came to unsigned hashes.
But, just as strongly, you haven't considered the reality of PGP allowing me to receive mail from untrusted individuals with a modicum of cryptographic security. Segment out your security scheme--when you're the receiver, you can't control who then sender transmits to. When you're the sender, you can't control who the receiver retransmits to. But if you, as the receiver, can trust that the user hasn't given away their secret(the message, in this instance) to anyone else but you, truncation detection through hashes or anything else lets you recognize when the message/secret you receive is incomplete.
That's valuable--you're able to receive non-multicast messages without concern for the integrity of that message! Essentially, both the verification key and the message itself get condensed down into the content of the message. Presumably whatever it says authenticates the author, provided the message is complete.
Once the security architecture is formalized, this property just can't be suppressed. It's not ideal by any means--you can't extend the trust you've established from one message to any other, as you can with stored private signing keys--but the arbitrarity of the trust is identical, down to the fact that a truncated key offered for verification purposes had best not work either(here's my 2048 bit verification key, oops truncated to 256 bits...)
Go ahead and email me if ya like.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
this bug has absolutely nothing to do with how hard it is to find random data. hell, the solution is to call dev/random. it's just that the buffer happens to get overwritten due to a far more mundane bug. ferchrissakes, did you even read the article? did any of the moderators read the article??
Yes, I did read the article. Your annoyance is understood, however.
/dev/random, rather than the internal entropy engine, was being called in the first place *because* non-interactive entropy gathering is such a difficult problem. PGP had no similar issues when used interactively because they essentially wrote their own interactive entropy gatherer. They couldn't do the same for non-interactive content, so they wrote a (buggy) bridge to/dev/random.
Obviously, they should have verified that the content coming *out* of that bridge was something other than all ones. But the most interesting thing to me is the similarity of this accident to an airline crash or a school shooting--an intensely rare situation, made notable and newsworthy *by* its rareness. We pay little attention to the moderately common problems(invisible security issues lurking beneath most closed source cyrpto), but both the extremely common issues(buffer overflows) and rare ones(this PGP hack) get lots of press.
Interesting.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
The easiest way to generate random numbers using existing system components is to time one of the mechanical storage drives. Seek time when measured to the nanosecond is random.
Unfortunately, the widespread layering of memory caches throughout the computer infrastructure(in OS, in drive controller, in drive itself, etc.) prevent this from being as slick of a solution as I'd like.
Consider the CDMA model of Encryption: Know the key, get the data. Don't know the key, you get noise.
Period.
If I can not know the key but modify the data stream--and it still decrypts *without complaint*--then something's wrong. Truncation attacks are different--they're essentially selective DoS where the cipherstream suddenly stops being valid--but if PGP doesn't *complain* that suddenly something broke and this was all that could be read--i.e. "there was more that was part of this message, but I can't read it"--then this is a cryptographic failure.
PGP doesn't protect you against an email server silently deleting your mail--there is no conceptual way it could or should. But silently passing truncated messages means that somebody can reconstruct a message without being able to read it. The fact that avoiding this weakness is as simple is encrypting the one way hash of the message as a whole with each independant truncatable block(such that the hash of the decrypted document would then fail to match the original hash derived before the message would sent) means that this is a weakness that should have been addressed.
Of course, mind you this attack hasn't particularly been verified, and GaryH is the first person I've ever heard to speak positively of S/MIME. But you're completely wrong to state that message authentication is *entirely* orthogonal to encryption. Knowing *who* sent a message is orthogonal. Knowing that *this* specific message--which may contain identifying information in the untruncated blocks--was sent isn't.
It's still tied to the destination aspect to know whether *all* of a given encrypted message reached the destination. I don't particularly accept that any File-Oriented Cryptographic System should, or needs to accept selective DoS. It's just too simple to prevent.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Actually, Intel ships a ostensibly good RNG with every Pentium III--I don't think it has/dev/random support yet, but it supposedly can be polled for 75K/s of good random data. *drool*
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Chromatic and luminicence-variations would also add to a random seed for encryption. The best would be to constantly change light- and colour-intensity, in addition to the motion of the "lava".
It's not that hard to turn chroma/lumin differentials into RGB shifts--it's just YUV->RGB.
Heh, I prefer military algorithms. FRA in Sweden has done some absolutely stunning things =)
Actually, they use 3 lavalamps standing together, and 3 cameras, in one implementation Ive seen used.
Yup, but some bits are more random than others. With a static camera, there will be bits that are entirely determined from variations in light and sensitivity.
There's likely to be enough bits to seed a RNG, but the extensive work I've heard of being done by eliminating impossible combinations(31 round Skipjack was defeated in greater than brute force, while official Skipjack is 32 round!) leaves me wondering.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Actually, the more I think about the Lava Lamp Randomizer, the more I wonder about its actual entropy. Yes, lava lamps themselves are quite entropic, but how much of the overall image is of the lava lamp? It seems most of the signal they derive comes from the quantization noise from the CCD in their O2Cam--and that's pretty predictable. Now, granted, they munge and one-way hash their original content to oblivion, but that doesn't mean their original content is as highly entropic as they might think.
I'd probably be more secure if the camera was mounted such that the entire image was a near microscopic scale view of the melting wax--but even then I'd be curious literally how many different possibilities of wax melting, unmelting, and wax separation there might be. It's not miniscule, but I do have to wonder how high it might be.
The real thing that comes to mind isn't that you need 100% accuracy...it's that there's probably a good amount of work you can do by eliminating 90% of impossible occurances(like the wax flying out from the lava lamp!)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
P.S. That's not to say that the Lavarand system isn't the coolest damn RNG ever invented.
Bizarreness. I spent about two hours the other night studying using the mic port.
Best solution I found mentioned hooking a AM radio mistuned up to the mic port--then people mentioned FM had more entropic properties. Your big problems are, 1) You've seriously got to deal with the fact that a 60hz bias is coming off of the nearby AC transmitter/power supply, and 2) an attacker can pretty easily broadcast patterns at you on the exact frequency you're trying to be mistuned to. Since anything that's receiving a signal is also transmitting it(thus causing major privacy issues when a parking lot scans to see what stations people are listening to by picking up their "sympathetic"(corrent word?) retransmissions), you should remotely be able to determine the AM/FM band being used. Not Good.
I was thinking for a bit that deriving entropy from a the differential sync between many different NTP servers might be decent, but A) This doesn't scale and B) The differential sync, even at the minute scale, likely isn't more than a couple bits per resync. So you'd need to scan a few hundred servers a dozen times before you could create a 2048 bit key.
I need to create about 200 of 'em. A day. Soon to be 500. *sigh*
Interesting thought of the hour: Randomness isn't contained in the numbers themselves. Is a Royal Flush random? Depends how it was dealt.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Background: I've been auditing GPG lately for using it as a high-throughput non-interactive key generator. So I have some right to talk about this.
Everybody, generating keys non-interactively is ridiculously difficult, because to be honest there's a very small amount of entropy in your system. Clock differentials and specific CPU traces are pretty good, but everything else other derives from the network(and is therefore remotely attackable) or traces itself back to PRNGs(various memory assignment algorithms, etc.)
That's not to say that this isn't a problematic bug, and that it doesn't need correcting. But non-int keygen just isn't that common(yet; I'm working on that), so the exposure is thankfully smaller than it otherwise might be.
As for Microsoft, to be honest I have very little confidence that the RNG's in any web browser are anything that would survive an audit by Counterpane Labs. MS does very good stuff; crypto isn't generally among them(though any of us would be a fool to not note that they're shipping 128 bit SSL by default.)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Dickinson: I think there's a disconnect there, Tim. You just told me that all these folks, they have eight out of ten of these in their back pocket. If they've got them in their back pocket, they don't even need to do a search. If they're aware of invalidating prior art, send it on in.
Our system derives a substantial portion of the information it requires to reject patents by trusting the client to provide that information.
If you're aware of prior art out there that invalidates a patent that is existing, file a re-examination. We'll be happy to take a look at it. I've done a couple of these. Mr. O'Reilly hasn't filed any. I've actually filed two myself in the last six months.
In six months, I've initiated formal procedures to correct two misappropriations of IP assignments. You've merely noted that the entire procedure of assigning IP is hopelessly insecure.
Tim: But let me just ask the other question. In terms of filing for a re-examination, my understanding is that once you ask for a re-examination, the patent holder gets to comment to the private ruling, and then that prior art can no longer be used in any court cases, so it seems weighted very heavily in favor of the applicant.
Should a flaw be found with our security system, that flaw will only be recognized once, with us trusting the original client to determine whether that flaw was indeed serious. After this initial evaluation, no futher challenges will be accepted.
Dickinson: Absolutely, Mr. O'Reilly. One thing we were lacking was your very cogent voice last year as this legislation was pending on Capitol Hill. We very strongly supported expanding that re-examination, and it only passed in November, and I didn't hear you or Mr. Bezos raise your voices once to try to keep that kind of loophole from being included in the legislation.
It's not our fault that our security policy is broken; you didn't email our management any detailed proposals defining exactly what a loophole was.
Tim: How would you feel if a lawyer was able to patent an argument?
Dickinson: If it was new and non-obvious, I wouldn't have a problem with it at all.
Tim: And the ability to basically extract a royalty from other lawyers for using that same legal argument?
Dickinson: As I say, if it's new, and if it met the statutory standards for patentability (and that's the key question here), and it was incorporated into software in some form, that wouldn't be a problem.
Today's security policy is brought to you by Franz Kafka.
(side note: We now have the world's best example to get software patents eradicated.)
Dickinson: Obvious functions are not patentable. We don't patent obvious inventions. We just don't.
Attacks against our system do not exist, have never existed, will never exist. Our trust of the client is completely secure.
And if you believe that it's obvious, and you've got prior art to show that it is obvious, send it on in, as I've said many times.
We respond to systematic failures in our security policy by analyzing each penetration on a case by case basis, rather than rewriting our access control lists to actually do something.
I am eager for Mr. Bezos to get moving and fund the comprehensive software database he said he was going to fund, because we need that kind of prior art, we need those kinds of databases to help us do our work better.
We have no problem moving from a system where nobody respects our patents to one where nobody can write a line of code without knowing which dozen patents they're violating. We like the idea of insecurely authorized policies being grandfathered into our system.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I blame them both. IMO, nothing exposed to tainted data should be running as root. Particularly on a firewall!
Unsure this is tair. We're talking about an app that needs to do a raw interface sniff through something like BPF, and then make decisions based on that sniff regarding whether or not to *actively* forward the individual packets through frames on the internal interface. This app is using entirely tainted data--everything it receives is untrusted content. Root or not, any compromise of the firewall code would be required to grant the capability to forward arbitrary packets to the internal network, which directly contravenes the stated purpose of the firewall itself.
In short, the coders can't be blamed on a permissions level--it's conceptually impossible for the most of the serious damage to have been prevented "if only the app wasn't root". About the best I can imagine is if the execution context of the firewall didn't share read/write access to the storage medium of the firewall code. That prevents long lasting trojans, at the expense of reducing the number of sites that will upgrade their firewalls.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Actually, it's just an unfortunate coincidence that of all the various things that could have gone wrong with this Firewall, it was the bridge to the Censorware app that did. As Schneier argues, excess complexity really is the death of security, and the bottom line was that an app intended to filter packets had detailed, layer 7 filtering hoisted onto it through a hack, rather than a chosen design. It doesn't matter what was hacked in--something was hacked, it wasn't thought out well enough, and it went boom.
It's just a rather inconvenient failure for the Censorware industry that it was one of theirs that took the system down.
But there's a much more interesting failure, one that I don't really think has been paid enough attention to: It's not that Gauntlet had a security breach, it's that the breach came from 30-Day Trialware installed by default on a mission critical service.
If an app I choose to install turns out to have a hole, I'm more than willing to give the authors time to repair the hole. But if an app I *don't* choose to install turns out to install some other app with a hole, one I didn't realize would be installed by default, didn't realize would by default communicate my download logs to the central office(Hi Realnetworks! How's that Download Demon doing?), didn't realize was being shoved on me as a supposed freebie but as an actual privacy and security disaster...
Then the honesty that underlies every commercial reaction gets toasted.
I don't blame the coders for having a bug in their bridge code. I blame the policymakers for specifying that the bridge should be enabled by default. Such behavior is inappropriate for employee desktops; whoever made the call that this kind of sales strategy should be applied to the most security critical of product lines bears the responsibility for the disaster that ensued.
The only good to come out of it is that, slowly but surely, we're going to win Corporate America's support of industry codes of conduct as a last ditch defense against regulation. Some good, eh guys?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
With all the fears and paranoia about intelligence in computer systems(I refuse to say "robots"--there's no reason intelligence needs to be confined to something that can enact physical changes against its environment), are people not realizing that machines have absolutely no reason to want the same things we do?
There ain't going to be Robotic Teenage Male Sex-Daemons roving the streets looking for tasty Human Teenage Girls to impregnate with their Metal/Carbon Hybrid CoDNA. Why? Because robots aren't interested in sex. It's *humans* that are *afraid* of an alien species/race/tribe/gender/income group coming in and impregnating their daughters, and that traces back to the beginning of human evolution where control over the genetic line essentially defined one's own mortality.
Technology just hasn't been growing the same way.
Maybe intelligence will emerge, but if it will, it'll emerge out of what the systems have been programmed to do--in general, retain robust connectivity over unreliable media, recognize unauthorized accesses, and so on. You will have systems whose defense systems are so well developed that the valid users who wish to shut them down will have difficulty doing so--because, to be blunt, that's what these "intelligent systems" will have been designed to do--prevent unauthorized disabling of the system. But most of the human fears which we obsess about just aren't going to transfer in.
Does this leave quite a bit to be worried about? Sure. But lets not forget that self-guiding code that learns from failures and suffers from overcompensation--in other words, code that can even evolve under feedback loops--is pretty rare, even among the best attack detection systems. Attack signatures and virus signatures are always hand-developed--you never see, for example, a penetration at one company automatically causing all other companies to be alerted to look for the specific pathogen that caused the failure. Worse, if you did, you'd have entire styles of attacks that worked to abuse the system's natural ability to transmit attack signatures--it's a ridiculously effective attack against the human body, and it'd do nasty things to any automated virus signature agent as well.
But in the end, no matter *what* the systems were programmed to do, that'll be, for the forseeable future, all they're going to do--what some *human* has programmed them to do. Tank or Pokemon, it's made by us. This intense fearmongering almost seems like a way of disavowing the creators from what their systems happen to do--in some sense, it's as if we expect the future of AI to come from Microsoft, and we've decided they'll lie their way out of any bug.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Re:The Strange Case Of The Video Card Industry
on
Goodbye, Number Nine
·
· Score: 2
What is amazing about nVidia is the fact that their first graphics chip product (NV1) was considered a major breakthrough because (in theory) you didn't need draw thousands of flat triangles to represent curved objects. Unfortunately, the implementation didn't quite work, but it laid the groundwork for better things to come.
Forgot about that...but I'm not sure it really laid any groundwork. I mean, think about it--five years later, are we really doing much that we'd otherwise have to fake with more poly's? All the advances seem to be focused on fill rate--reduce the number of passes to add this effect, automate anti-aliasing to create that effect, etc. Is there anything that's automatically doing something akin to "smooth quad divide", i.e. automatically tesselating incoming polys into smoother forms?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
There was one news story in the last day that may prove to be extremely important, although it was not in slashdot. The U.S. Supreme Court struck down the Violence Against Women act, because they said that Congress had no authority to pass the act. Congress said that the law derived its authority from the instetstate commerce clause, and the Supreme Court said, in effect, "no way."
Violence against women is an awful thing, but justifying it on the grounds of interstate commerce is almost offensive. It feels like almost a direct reference to the idea that virginity or chastity is property, and to rape or attack over sexual reasons is a violation of that property. That's as bothersome as the bloody sheet that gets hung out for the village to see that the new wife was a virgin--it's Just Not Cool.
Now, the real justification that the federal government seems to want to use is, "When a state is unwilling or unable to effect Justice within its territory, the federal government may interdict and enforce its jurisdiction on the uncontrolled territory." State, in this sense, seems to refer to both State of the Union and State in the World.
And, to be honest, I'm just not that sure that's a bad thing. Should require some pretty extreme violations of justice, though.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Re:The Strange Case Of The Video Card Industry
on
Goodbye, Number Nine
·
· Score: 2
S3 were huge back then too (#1 in fact) and they are now out of the graphics card business
They own Diamond, ya know.
<i>This isn't that strange. Your #9 analysis is very weak. The Imagine 128 Series2 was still a major card and it was PCI. It wasn't the fast bus which sealed their fate, it was 3D. </i>
I talked about the Imagine series--my point was that the fast bus killed the viability of their ridiculously profitable cards extremely quickly. They did come up with the Imagine series, which did well for quite some time(PCI is several years old, ya know), and we're in strong agreement that it was the rise of 3D that #9 couldn't keep up with.
I'm not sure it's fair to say the key in the card business is IHV support--it sure works for ATI, as I talked about, but both nVidia and 3DFX went extremely long amounts of time with frustratingly low levels of IHV support. It's the IHV's that kept ATI alive through their years of having substandard products(though they pulled a great coup with their niche-fitting All In Wonder series), and it's the IHV's that are keeping Trident alive today. But I remember being shocked to find systems booting up with nVidia TNT's, and I don't think I've ever randomly come across a system that pre-shipped with a Voodoo 3, no matter how much I know they must be out there.
Matrox has 3D that's usually about half a generation behind, but their niche plays(like being able to view the cinematics of Star Trek Armada on a separate screen!) are genius.
I don't think we really disagree, Performer Guy. You yourself spent most of your time talking about *other companies* in an attempt to analyze the fall of #9.
Who else do you think is on life support? We do disagree about Matrox--they're having enough problems fulfilling their demand:-)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Re:The Strange Case Of The Video Card Industry
on
Goodbye, Number Nine
·
· Score: 2
Quarters--
Pay attention for a sec--3DFX utterly rewrote the rules of the video card industry, while giving "switchover time" to everyone else by dint of their 3D-Only nature. #9 had two options--OEM the latest and greatest 3D chipsets from whoever would license their chips(this used to include 3DFX) or stick to 2D only while people bought 3DFX's 3D Solution until the Ticket to Ride managed to happen.
It did manage to happen, and for what I remember it was pretty decent 2D but not competitive 3D.
You literally cannot understand the fall of #9 without understanding the rise of 3DFX, and the rise of 3DFX is much more interesting considering its present fall. Understand, at this point two of the oldest leaders in the video industry--Hercules and #9--are out of business, while STB (makers of the beautiful STB Lightspeed 128--wonder whatever happened to Tseng Labs?) has been absorbed by 3DFX and even Diamond is owned by S3. These are huge companies with huge amounts of respect from the various OEMs--but they all died in one form or another.
Lead, Follow, or Get Out Of The Way. #9 was forced to do the last of that, and there's really no other way to analyze that than to look at what they were getting out of the way *of*.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
The Strange Case Of The Video Card Industry
on
Goodbye, Number Nine
·
· Score: 5
I actually don't think there's an industry more bizarre than the one that creates Video Cards.
#9 was more than a contender, guys--they were the *leaders* in quality cards for years. They made their fortunes in the ISA market engineering the first cards that could actually push *serious* video through a seriously slow interface. Their highest end card, which was generally significantly more powerful than the machine it was placed in, sold for over a grand but enabled extremely high resolution functionality with the necessary acceleration to support it. The switch to VLB, and then PCI, really took alot of wind out of their sales--to be blunt, the bus stopped sucking and their chips weren't as necessary to achieve good performance. Their stopgap manuever--licensing S3's once market-leading chipsets of first the S3-868 and then the truly excellent S3-968--should have fortold for them the viability of licensed chipsets. But the good reaction they got to their Imagine-128 boards--expensive as they were--led them down a path where there really could only be one winner: Fastest Chipset.
3DFX truly had an intriguing business model. By not supplanting the 2D market, they could build off the engineering successes of companies like S3 while focusing on their core skills of 3D Design. And focus they did--<b>it was, and still is, unprecedented in the history of the computer hardware industry for any company to have had such a technological leap over their competition for as long as 3DFX did.</b> Their Voodoo 1 was quite literally revolutionary, and was at least two generations above <b>anything</b> their competitors could get out the door. With video card generations turning over every six months to a year, card after card came out that couldn't meet what 3DFX had long since delivered.
3DFX surpassed the hype of the "RISC programmable core" Verite video processor, and finally fulfilled the promises of a hype-addicted but surprisingly leading edge small company that decided to bring 3D to the PC desktop before anyone else...no one other than a small startup by the name of nVidia.
Does anybody else here remember the Edge3D? Proclaiming loudly the benefits of their propietary and rather unique quadratic mapping methodology(essentially, developers could specify four points that would make a texture appear to wrap cylindrically or spherically around a target polygon), it was the first 3D chip for the PC and <b>it stunk</b>. Badly. From what I remember reading, a number of developers tried porting their games to the chipset but couldn't get performance that matched a raw video card--all those years of learning tricks for extracting the most ridiculous performance levels out of the x86 disarchitecture simply outweighed the underengineered nVidia Edge3D.
About the only thing that card was good for was playing ported games from the Sega Saturn--and, since nobody else would write games to the Edge API, Saturn controllers were bundled with many Edge 3D cards. This was all rather ironic, considering that the Sega Saturn was probably the biggest console miscalculation in history--it was designed to be the ultimate 2D system just as Sony(who had once been collaborating with Nintendo for their new "Playstation" system you might have heard of) was about to bring gamers into the brave new world of 3D. A basic 3D chipset was spooged in at the last minute, but to say it was drastically underpowered would be an understatement. It was weaker than words can describe, so it's games ported quite well to the Edge 3D.:-)
nVidia's Edge came out; it was an utter failure. Next came the S3 Virge, and for all the excitement with the "FreeD"(Free 3D with that 2D card) excitement...it turned out to be significantly faster just to play Descent on a Pentium with a *good* card. Even the Verite I spoke of earlier really wasn't all that nice, despite apparently some trademark RISC Core coding by Carmack himself. Nope, wasn't till 3DFX came along with their Voodoo 1, with the Wizard's Tower demo, this ridiculously cool thing with Dolphins jumping all around, and (finally!) a 3D Fighting Demo for PC that we finally had three dimensional graphics as de rigeur for a gaming PC.
What's ridiculous is that, for as long as 3DFX was on top with their Voodoo 1, just as competitors were starting to catch up they pulled out their Voodoo 2 with SLI functionality. Two cards, twice the profit for 3DFX, twice the power to keep competitors at bay--it was a beautiful thing. But as I said earlier, those cards never used their own 2D engines--they depended on other 2D cards. Diamond was quite happy to sell both their 2D solution from S3(which I bought, and if you ever get me inebriated enough I'll tell you about what happened between me, a broken Stealth, and an emotionally unstable woman in Diamond Tech Support) and their 3D solution from 3DFX--the veritable Monster 3D series. But #9, having seen good success from their Imagine 128 line and believing(quite arguably) that the declining profits of the card industry practically mandated making your money off the chip side, stuck to only selling 2D cards until they could get their 3D solution out the door.
By the time they did, it wasn't even a contender.
Also, by the time they did, 3DFX had long since finally listened to their OEMs who were complaining about cost structures from having to ship two cards instead of one and integrated 2D into their cards--first awfully, with the Voodoo Rush(ed), later castrated, with the Voodoo Banshee, and fiiiinally correctly with the Voodoo 3.
So #9 was left with a 3D card that couldn't cut it, 2D cards that didn't measure up to industry expectations, and no pre-existing relationship with any major chip vendor(at this point, just nVidia since 3DFX bought STB and stopped OEMing out its chips due to plummeting prices of their cards). Having gone entire generations without an industry-contender product--not even in a market niche!--they had nowhere to go and plenty of debt.
It was just time to turn the page. It's too bad--particularly since, if I remember correctly, they really had the Compaq/Dell/etc. style connections that have sustained ATI much to the confusion of gamers worldwide wondering how such a generally "Behind the curve" company could always get its products into millions of corporate desktops. ATI always managed to do the bare minimum to keep those OEMs--#9 just didn't or couldn't and lost what it had.
It's too bad. They made *good products*--their Motion771 was my favorite card to get for quite some time. But it's a different world right now--and it's getting even more different, with 3DFX having lost (from what I've heard) most of its core engineers and having been lapped by nVidia's GeForce2 processor(replete with Per Pixel Shading Acceleration By The GPU! I wonder if it does Quadratic Texturing too...) ATI's making noises of industry leading again, but then they did that with their Rage chipset and...well. Rage indeed. Matrox, of course, is doing well in the position #9 should have been in with their extreme quality RAMDAC's for high-res performance and now, dual head support implemented absolutely beautifully(got a TV? Play the DVD there? OK.) S3's just out their getting Savaged...though I have to wonder if they've picked up the "cheap quality 3D" market that they fed for so long with their truly lousy Virge. They own Diamond though, and Diamond (last I checked? Has this changed?) pushes quite a bit of nVidia product out the door. At +$200 a card, that's among the more expensive components left in modern machines!
As far down as #9 has sunken, nVidia has risen to the top of the heap, not as far above as 3DFX was in its prime but a good generation ahead. To think that it was three years ago that I was being laughed at for saying nVidia was to stage a massive comeback, as I had seen their Riva 128 at WinHEC and It Was Good(and I had also seen Cyrix's M2 processor struggle through Quake and had been practically ordered not to release the results of my ill-gotten TimeDemo)...
Wow. People wonder why there's so much excitement and activity on gaming sites like Bluesnews and Old Man Murray. Companies race, fight, live, and die on a field that's ever shifting, not particularly predictable, and booby trapped left and right.
In other words, the Video Card industry is pretty much Tech's Gladiator Pit. Want a Ticket?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Also, the idea that we, as geeks, or outcasts, or the formerly societally abused should use the shootings as a sounding point to 'stand up' for other people who don't 'fit in' is WAY wrong. It's sick.
Blue--
What you say would be true--should be true--had not a good number of skittish administrators started looking for the Dylans and the Erics among their own kind.
Guess who they found.
Go read the Hellmouth stories. Dylan and Eric didn't just traumatize kids in their own school; the backlash from their actions engulfed unquestionably innocent geeks for no cause that could ever be considered as fair. Consider the rather intriguing fact that Dylan and Eric weren't even *part* of the "Trenchcoat Mafia"--did you know that, Blue? Did you realize that was all a media invention because, well, they wore Trenchcoats, and, like, so did this other group that *hated these kids too*?
I don't think a single one of those kids from the Trenchcoat Mafia was allowed back into that school. It was apparently believed that their mere presence would be traumatic to the survivors, regardless of their total lack of involvement.
At its most extreme, that was probably what the entire Hellmouth rage was about--
1) Something must be done! 2) This is something.
Therefore,
3) This must be done.
Those kids over there looked like The Killers. Get 'em out! That group over there, we don't understand him. Get 'em out! That clique has a tradition of verbally harassing people? Ah. They're kids. And they're cheerleaders/football players/"boys will be boys".
Blue, people were SUSPENDED FOR THEIR BELIEFS. People were feared for no other reason than the games they played! Go read the Hellmouth responses--it was never really about people complaining about how they'd been victimized for all these years ad nauseum. It was how schools across the country started looking inward to find the secret "Most Likely to Kill Us All" award winners, and the slots kept on ringing up, "Isolated Computer Geek", "Dungeons and Dragons Player", and "That Guy Who Sits Alone In Lunch And Hates PE."
No administrator wanted to be liable for letting the school get shot up. So a veritable Lord Of The Flies environment sprouted up in schools across the country. Geeks still in school reported the harassment they were subject to, and stood back in awe as Slashdot spit back hundreds of similar stories from everywhere and anywhere inbetween. Geeks out of school shuddered--they(and *I*) knew deep down that we got out just in time, but there were those we left behind.
Would you have survived the Purge from Columbine? Would I? How many were harassed to make the popular feel safe? How many were exiled?
I honestly believe the greatest thing to come out of the Hellmouth series was that it was *so* quick to come out and *so* topical that it *had* to amount of something of a defense infrastructure for those being considered for extreme punishment.
I don't know this for sure, but I can hope: The Hellmouth series had the direct effect of making it much more expensive for administrators to eliminate subversive though entirely innocent elements from schools across the country. It made kids bolder in defending themselves, it gave parents a window into something they could only vaguely remember, and it made administrators know there'd be a heavy PR price for eliminating the "inconvenient" rather than the truly dangerous. That's why I want this book published, incidentally: For all the non-geek exposure this series got, it was most likely limited to short emails read for short periods of time by the people who could and should Make That Difference.
The publication of this book needs to happen--the bottom line is that there's a *reason* it's legal to quote, and Slashdot should not feel guilty about doing so--especially when most readers enthusiastically support the printing of this material! The people who would be quoted overwhelmingly support such a printing--they wrote what they wrote to be *read*, *understood*, and *acted upon*. Hemos, Taco, and even you, Katz, you've *done* that.
Do the authors proud! Release this book.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I seem to remember Network Solutions receiving the rights to *distribute* names, not *wholesale ownership of those names*.
What's $80 a year today may become 10% of Gross Profit tommorow. "Sorry, we found somebody willing to pay more for your business's identity. Too bad you don't particularly own that identity..."
This is a land grab; a damn subtle one, but a land grab nonetheless. NSI received the right to distribute names. By claiming ownership, they're assuming a far more valuable, centralized, and corruptable position--one which they have no right to assume.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Slashdot Mirror
I give my condolences to the family, the friends, and the untold and uncountable engineers who Mr. Davies' work has influenced. I can only say that if it is the humble goal of all engineers to truly expand the knowledge and define the methods by which humanity seeks to function, then Mr. Davies truly succeeded to a degree that all of us can only aspire to reach.
I didn't know him, but his work has directly influenced my life and my studies. (One of his more intriguing discoveries is referenced in my Signature!) To those who complain that others may have received more fame than he, I can only say that genuine impact is of greater value than any shallow fame, and that Mr. Davies truly contributed genuinely to the lives of myself, my coworkers, and each of you who may read this message.
God speed, Donald Davies. You did well for yourself. Engineers throughout the world salute you, and your contributions.
Goodbye.
Yours Truly,
Dan Kaminsky
Alter your definitions of what it means to detect a light transmission, or even to *begin* a light transmission, and it would seem like results like this would be possible.
;-)
That there's a tail to the light posits that there's a time delay in which some small information-bearing light reaches the far end. This tail is not a staccato burst--there's a beam of light behind it. Perhaps whatever happens at the far end causes a cascade reaction(to keep the rush hour analogy, traffic gets backed up *real fast) to amplify backwards in a manner that is *detected* superluminally but is not superluminal itself(such detections are common--shine a laser on a far away mountain--your beam moves superluminally, even though your light doesn't. Persistence of vision is a human trait, not an optical property of nature.)
That these atoms seem primed for amplification of light makes me particularly curious if their amplification traits are triggering false speed measurements. Even if the wavelength is theoretically set for crystal clear propogation, something as major as 300*c transmission would call for further study on exactly what's being detected. My personal guess is that either the time of the initial transmission is being misjudged(imagine a buffering operation taking place within each atom, now imagine those atoms releasing their buffers in the manner they might if they were backpropogating a wave, all in sync to 300C).
That's my guess. But who knows--least of all me
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
So let me get this straight:
The world's most closed public access network service(AOL) is planning to use one of the most open infrastructure operating systems(Linux) to combat the most self-doubting software company we've ever seen(Microsoft) by teaming up with ambitious but still waiting to break through firm(Gateway) and an inordinately secretive skunkworks shop(Transmeta) that happens to employ the creator of that aforementioned extremely open operating system(Linus).
Essentially, AOL trumpets an age of freedom(No MS, No Intel) by ushering in products that will likely be a long-studied model of consumer entrapment(cheap devices that only connect to AOL). Of course, such tactics wouldn't have worked that well back when AOL had teams of lobbyists seeking to make sure nobody could monopolize the net access market(the "Open Access" push) but that push has mysteriously disappeared now that AOL would be in the position of having to open its access(thinks it'll merge with Time Warner.) Meanwhile, AOL deserves superlative credit for crafting an Online Experience positive enough to drive an unacknowledged portion of the Net economy(Excellent UI design), but they've included enough code in their new revision to prevent customers from exploring other services(Roach Motel 5.0).
Guh. It's corporate tennis...you never know who's playing what side of the court, you just see your head going back...and forth...and back...and forth...
"Good. Bad. I'm the guy with the gun."
--(Best attribution for this quote, besides Ash, gets a cookie.)
Yours Exhaustedly,
Dan "I Can't Believe It's Not Justice" Kaminsky
DoxPara Research
http://www.doxpara.com
If the message is for multiple recipients, recipient A could decrypt the message, alter it, compute the correct hash for the altered message, and then repackage and send the altered message along to the other recipients who will accept this message as legitimate. To prevent this, the hash of the correct message should be 'signed' in some fashion where only the origional sender can create it. This process describes GPG's 'sign' option, which we know works.
Hadn't considered the multiple recipient problem when it came to unsigned hashes.
But, just as strongly, you haven't considered the reality of PGP allowing me to receive mail from untrusted individuals with a modicum of cryptographic security. Segment out your security scheme--when you're the receiver, you can't control who then sender transmits to. When you're the sender, you can't control who the receiver retransmits to. But if you, as the receiver, can trust that the user hasn't given away their secret(the message, in this instance) to anyone else but you, truncation detection through hashes or anything else lets you recognize when the message/secret you receive is incomplete.
That's valuable--you're able to receive non-multicast messages without concern for the integrity of that message! Essentially, both the verification key and the message itself get condensed down into the content of the message. Presumably whatever it says authenticates the author, provided the message is complete.
Once the security architecture is formalized, this property just can't be suppressed. It's not ideal by any means--you can't extend the trust you've established from one message to any other, as you can with stored private signing keys--but the arbitrarity of the trust is identical, down to the fact that a truncated key offered for verification purposes had best not work either(here's my 2048 bit verification key, oops truncated to 256 bits...)
Go ahead and email me if ya like.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
this bug has absolutely nothing to do with how hard it is to find random data. hell, the solution is to call dev/random. it's just that the buffer happens to get overwritten due to a far more mundane bug. ferchrissakes, did you even read the article? did any of the moderators read the article??
/dev/random.
Yes, I did read the article. Your annoyance is understood, however.
/dev/random, rather than the internal entropy engine, was being called in the first place *because* non-interactive entropy gathering is such a difficult problem. PGP had no similar issues when used interactively because they essentially wrote their own interactive entropy gatherer. They couldn't do the same for non-interactive content, so they wrote a (buggy) bridge to
Obviously, they should have verified that the content coming *out* of that bridge was something other than all ones. But the most interesting thing to me is the similarity of this accident to an airline crash or a school shooting--an intensely rare situation, made notable and newsworthy *by* its rareness. We pay little attention to the moderately common problems(invisible security issues lurking beneath most closed source cyrpto), but both the extremely common issues(buffer overflows) and rare ones(this PGP hack) get lots of press.
Interesting.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
The easiest way to generate random numbers using existing system components is to time one of the mechanical storage drives. Seek time when measured to the nanosecond is random.
Unfortunately, the widespread layering of memory caches throughout the computer infrastructure(in OS, in drive controller, in drive itself, etc.) prevent this from being as slick of a solution as I'd like.
--Dan
Convergence, you're wrong.
Consider the CDMA model of Encryption: Know the key, get the data. Don't know the key, you get noise.
Period.
If I can not know the key but modify the data stream--and it still decrypts *without complaint*--then something's wrong. Truncation attacks are different--they're essentially selective DoS where the cipherstream suddenly stops being valid--but if PGP doesn't *complain* that suddenly something broke and this was all that could be read--i.e. "there was more that was part of this message, but I can't read it"--then this is a cryptographic failure.
PGP doesn't protect you against an email server silently deleting your mail--there is no conceptual way it could or should. But silently passing truncated messages means that somebody can reconstruct a message without being able to read it. The fact that avoiding this weakness is as simple is encrypting the one way hash of the message as a whole with each independant truncatable block(such that the hash of the decrypted document would then fail to match the original hash derived before the message would sent) means that this is a weakness that should have been addressed.
Of course, mind you this attack hasn't particularly been verified, and GaryH is the first person I've ever heard to speak positively of S/MIME. But you're completely wrong to state that message authentication is *entirely* orthogonal to encryption. Knowing *who* sent a message is orthogonal. Knowing that *this* specific message--which may contain identifying information in the untruncated blocks--was sent isn't.
It's still tied to the destination aspect to know whether *all* of a given encrypted message reached the destination. I don't particularly accept that any File-Oriented Cryptographic System should, or needs to accept selective DoS. It's just too simple to prevent.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Actually, Intel ships a ostensibly good RNG with every Pentium III--I don't think it has /dev/random support yet, but it supposedly can be polled for 75K/s of good random data. *drool*
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Chromatic and luminicence-variations would also add to a random seed for encryption. The best would be to constantly change light- and colour-intensity, in addition to the motion of the "lava".
;-)
It's not that hard to turn chroma/lumin differentials into RGB shifts--it's just YUV->RGB.
Heh, I prefer military algorithms. FRA in Sweden has done some absolutely stunning things =)
Do tell
Actually, they use 3 lavalamps standing together, and 3 cameras, in one implementation Ive seen used.
Yup, but some bits are more random than others. With a static camera, there will be bits that are entirely determined from variations in light and sensitivity.
There's likely to be enough bits to seed a RNG, but the extensive work I've heard of being done by eliminating impossible combinations(31 round Skipjack was defeated in greater than brute force, while official Skipjack is 32 round!) leaves me wondering.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Decaying of a radioactive element? Funny, that. Just read about some guy with a parallel port geiger counter and a microcurie of Americium.
There are better sources that are more environmentally sound--dirty diodes and whatever they've built into the Pentium III look pretty decent.
--Dan
Actually, the more I think about the Lava Lamp Randomizer, the more I wonder about its actual entropy. Yes, lava lamps themselves are quite entropic, but how much of the overall image is of the lava lamp? It seems most of the signal they derive comes from the quantization noise from the CCD in their O2Cam--and that's pretty predictable. Now, granted, they munge and one-way hash their original content to oblivion, but that doesn't mean their original content is as highly entropic as they might think.
I'd probably be more secure if the camera was mounted such that the entire image was a near microscopic scale view of the melting wax--but even then I'd be curious literally how many different possibilities of wax melting, unmelting, and wax separation there might be. It's not miniscule, but I do have to wonder how high it might be.
The real thing that comes to mind isn't that you need 100% accuracy...it's that there's probably a good amount of work you can do by eliminating 90% of impossible occurances(like the wax flying out from the lava lamp!)
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
P.S. That's not to say that the Lavarand system isn't the coolest damn RNG ever invented.
Bizarreness. I spent about two hours the other night studying using the mic port.
Best solution I found mentioned hooking a AM radio mistuned up to the mic port--then people mentioned FM had more entropic properties. Your big problems are, 1) You've seriously got to deal with the fact that a 60hz bias is coming off of the nearby AC transmitter/power supply, and 2) an attacker can pretty easily broadcast patterns at you on the exact frequency you're trying to be mistuned to. Since anything that's receiving a signal is also transmitting it(thus causing major privacy issues when a parking lot scans to see what stations people are listening to by picking up their "sympathetic"(corrent word?) retransmissions), you should remotely be able to determine the AM/FM band being used. Not Good.
I was thinking for a bit that deriving entropy from a the differential sync between many different NTP servers might be decent, but A) This doesn't scale and B) The differential sync, even at the minute scale, likely isn't more than a couple bits per resync. So you'd need to scan a few hundred servers a dozen times before you could create a 2048 bit key.
I need to create about 200 of 'em. A day. Soon to be 500. *sigh*
Interesting thought of the hour: Randomness isn't contained in the numbers themselves. Is a Royal Flush random? Depends how it was dealt.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Background: I've been auditing GPG lately for using it as a high-throughput non-interactive key generator. So I have some right to talk about this.
Everybody, generating keys non-interactively is ridiculously difficult, because to be honest there's a very small amount of entropy in your system. Clock differentials and specific CPU traces are pretty good, but everything else other derives from the network(and is therefore remotely attackable) or traces itself back to PRNGs(various memory assignment algorithms, etc.)
That's not to say that this isn't a problematic bug, and that it doesn't need correcting. But non-int keygen just isn't that common(yet; I'm working on that), so the exposure is thankfully smaller than it otherwise might be.
As for Microsoft, to be honest I have very little confidence that the RNG's in any web browser are anything that would survive an audit by Counterpane Labs. MS does very good stuff; crypto isn't generally among them(though any of us would be a fool to not note that they're shipping 128 bit SSL by default.)
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Dickinson: I think there's a disconnect there, Tim. You just told me that all these folks, they have eight out of ten of these in their back pocket. If they've got them in their back pocket, they don't even need to do a search. If they're aware of invalidating prior art, send it on in.
Our system derives a substantial portion of the information it requires to reject patents by trusting the client to provide that information.
If you're aware of prior art out there that invalidates a patent that is existing, file a re-examination. We'll be happy to take a look at it. I've done a couple of these. Mr. O'Reilly hasn't filed any. I've actually filed two myself in the last six months.
In six months, I've initiated formal procedures to correct two misappropriations of IP assignments. You've merely noted that the entire procedure of assigning IP is hopelessly insecure.
Tim: But let me just ask the other question. In terms of filing for a re-examination, my understanding is that once you ask for a re-examination, the patent holder gets to comment to the private ruling, and then that prior art can no longer be used in any court cases, so it seems weighted very heavily in favor of the applicant.
Should a flaw be found with our security system, that flaw will only be recognized once, with us trusting the original client to determine whether that flaw was indeed serious. After this initial evaluation, no futher challenges will be accepted.
Dickinson: Absolutely, Mr. O'Reilly. One thing we were lacking was your very cogent voice last year as this legislation was pending on Capitol Hill. We very strongly supported expanding that re-examination, and it only passed in November, and I didn't hear you or Mr. Bezos raise your voices once to try to keep that kind of loophole from being included in the legislation.
It's not our fault that our security policy is broken; you didn't email our management any detailed proposals defining exactly what a loophole was.
Tim: How would you feel if a lawyer was able to patent an argument?
Dickinson: If it was new and non-obvious, I wouldn't have a problem with it at all.
Tim: And the ability to basically extract a royalty from other lawyers for using that same legal argument?
Dickinson: As I say, if it's new, and if it met the statutory standards for patentability (and that's the key question here), and it was incorporated into software in some form, that wouldn't be a problem.
Today's security policy is brought to you by Franz Kafka.
(side note: We now have the world's best example to get software patents eradicated.)
Dickinson: Obvious functions are not patentable. We don't patent obvious inventions. We just don't.
Attacks against our system do not exist, have never existed, will never exist. Our trust of the client is completely secure.
And if you believe that it's obvious, and you've got prior art to show that it is obvious, send it on in, as I've said many times.
We respond to systematic failures in our security policy by analyzing each penetration on a case by case basis, rather than rewriting our access control lists to actually do something.
I am eager for Mr. Bezos to get moving and fund the comprehensive software database he said he was going to fund, because we need that kind of prior art, we need those kinds of databases to help us do our work better.
We have no problem moving from a system where nobody respects our patents to one where nobody can write a line of code without knowing which dozen patents they're violating. We like the idea of insecurely authorized policies being grandfathered into our system.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I blame them both. IMO, nothing exposed to tainted data should be running as root. Particularly on a firewall!
Unsure this is tair. We're talking about an app that needs to do a raw interface sniff through something like BPF, and then make decisions based on that sniff regarding whether or not to *actively* forward the individual packets through frames on the internal interface. This app is using entirely tainted data--everything it receives is untrusted content. Root or not, any compromise of the firewall code would be required to grant the capability to forward arbitrary packets to the internal network, which directly contravenes the stated purpose of the firewall itself.
In short, the coders can't be blamed on a permissions level--it's conceptually impossible for the most of the serious damage to have been prevented "if only the app wasn't root". About the best I can imagine is if the execution context of the firewall didn't share read/write access to the storage medium of the firewall code. That prevents long lasting trojans, at the expense of reducing the number of sites that will upgrade their firewalls.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Actually, it's just an unfortunate coincidence that of all the various things that could have gone wrong with this Firewall, it was the bridge to the Censorware app that did. As Schneier argues, excess complexity really is the death of security, and the bottom line was that an app intended to filter packets had detailed, layer 7 filtering hoisted onto it through a hack, rather than a chosen design. It doesn't matter what was hacked in--something was hacked, it wasn't thought out well enough, and it went boom.
It's just a rather inconvenient failure for the Censorware industry that it was one of theirs that took the system down.
But there's a much more interesting failure, one that I don't really think has been paid enough attention to: It's not that Gauntlet had a security breach, it's that the breach came from 30-Day Trialware installed by default on a mission critical service.
If an app I choose to install turns out to have a hole, I'm more than willing to give the authors time to repair the hole. But if an app I *don't* choose to install turns out to install some other app with a hole, one I didn't realize would be installed by default, didn't realize would by default communicate my download logs to the central office(Hi Realnetworks! How's that Download Demon doing?), didn't realize was being shoved on me as a supposed freebie but as an actual privacy and security disaster...
Then the honesty that underlies every commercial reaction gets toasted.
I don't blame the coders for having a bug in their bridge code. I blame the policymakers for specifying that the bridge should be enabled by default. Such behavior is inappropriate for employee desktops; whoever made the call that this kind of sales strategy should be applied to the most security critical of product lines bears the responsibility for the disaster that ensued.
The only good to come out of it is that, slowly but surely, we're going to win Corporate America's support of industry codes of conduct as a last ditch defense against regulation. Some good, eh guys?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Hello?
Anyone?
With all the fears and paranoia about intelligence in computer systems(I refuse to say "robots"--there's no reason intelligence needs to be confined to something that can enact physical changes against its environment), are people not realizing that machines have absolutely no reason to want the same things we do?
There ain't going to be Robotic Teenage Male Sex-Daemons roving the streets looking for tasty Human Teenage Girls to impregnate with their Metal/Carbon Hybrid CoDNA. Why? Because robots aren't interested in sex. It's *humans* that are *afraid* of an alien species/race/tribe/gender/income group coming in and impregnating their daughters, and that traces back to the beginning of human evolution where control over the genetic line essentially defined one's own mortality.
Technology just hasn't been growing the same way.
Maybe intelligence will emerge, but if it will, it'll emerge out of what the systems have been programmed to do--in general, retain robust connectivity over unreliable media, recognize unauthorized accesses, and so on. You will have systems whose defense systems are so well developed that the valid users who wish to shut them down will have difficulty doing so--because, to be blunt, that's what these "intelligent systems" will have been designed to do--prevent unauthorized disabling of the system. But most of the human fears which we obsess about just aren't going to transfer in.
Does this leave quite a bit to be worried about? Sure. But lets not forget that self-guiding code that learns from failures and suffers from overcompensation--in other words, code that can even evolve under feedback loops--is pretty rare, even among the best attack detection systems. Attack signatures and virus signatures are always hand-developed--you never see, for example, a penetration at one company automatically causing all other companies to be alerted to look for the specific pathogen that caused the failure. Worse, if you did, you'd have entire styles of attacks that worked to abuse the system's natural ability to transmit attack signatures--it's a ridiculously effective attack against the human body, and it'd do nasty things to any automated virus signature agent as well.
But in the end, no matter *what* the systems were programmed to do, that'll be, for the forseeable future, all they're going to do--what some *human* has programmed them to do. Tank or Pokemon, it's made by us. This intense fearmongering almost seems like a way of disavowing the creators from what their systems happen to do--in some sense, it's as if we expect the future of AI to come from Microsoft, and we've decided they'll lie their way out of any bug.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
What is amazing about nVidia is the fact that their first graphics chip product (NV1) was considered a major breakthrough because (in theory) you didn't need draw thousands of flat triangles to represent curved objects. Unfortunately, the implementation didn't quite work, but it laid the groundwork for better things to come.
Forgot about that...but I'm not sure it really laid any groundwork. I mean, think about it--five years later, are we really doing much that we'd otherwise have to fake with more poly's? All the advances seem to be focused on fill rate--reduce the number of passes to add this effect, automate anti-aliasing to create that effect, etc. Is there anything that's automatically doing something akin to "smooth quad divide", i.e. automatically tesselating incoming polys into smoother forms?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
There was one news story in the last day that may prove to be extremely important, although it was not in slashdot. The U.S. Supreme Court struck down the Violence Against Women act, because they said that Congress had no authority to pass the act. Congress said that the law derived its authority from the instetstate commerce clause, and the Supreme Court said, in effect, "no way."
Violence against women is an awful thing, but justifying it on the grounds of interstate commerce is almost offensive. It feels like almost a direct reference to the idea that virginity or chastity is property, and to rape or attack over sexual reasons is a violation of that property. That's as bothersome as the bloody sheet that gets hung out for the village to see that the new wife was a virgin--it's Just Not Cool.
Now, the real justification that the federal government seems to want to use is, "When a state is unwilling or unable to effect Justice within its territory, the federal government may interdict and enforce its jurisdiction on the uncontrolled territory." State, in this sense, seems to refer to both State of the Union and State in the World.
And, to be honest, I'm just not that sure that's a bad thing. Should require some pretty extreme violations of justice, though.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
S3 were huge back then too (#1 in fact) and they are now out of the graphics card business
:-)
They own Diamond, ya know.
<i>This isn't that strange. Your #9 analysis is very weak. The Imagine 128 Series2 was still a major card and it was PCI. It wasn't the fast bus which sealed their fate, it was 3D. </i>
I talked about the Imagine series--my point was that the fast bus killed the viability of their ridiculously profitable cards extremely quickly. They did come up with the Imagine series, which did well for quite some time(PCI is several years old, ya know), and we're in strong agreement that it was the rise of 3D that #9 couldn't keep up with.
I'm not sure it's fair to say the key in the card business is IHV support--it sure works for ATI, as I talked about, but both nVidia and 3DFX went extremely long amounts of time with frustratingly low levels of IHV support. It's the IHV's that kept ATI alive through their years of having substandard products(though they pulled a great coup with their niche-fitting All In Wonder series), and it's the IHV's that are keeping Trident alive today. But I remember being shocked to find systems booting up with nVidia TNT's, and I don't think I've ever randomly come across a system that pre-shipped with a Voodoo 3, no matter how much I know they must be out there.
Matrox has 3D that's usually about half a generation behind, but their niche plays(like being able to view the cinematics of Star Trek Armada on a separate screen!) are genius.
I don't think we really disagree, Performer Guy. You yourself spent most of your time talking about *other companies* in an attempt to analyze the fall of #9.
Who else do you think is on life support? We do disagree about Matrox--they're having enough problems fulfilling their demand
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Quarters--
Pay attention for a sec--3DFX utterly rewrote the rules of the video card industry, while giving "switchover time" to everyone else by dint of their 3D-Only nature. #9 had two options--OEM the latest and greatest 3D chipsets from whoever would license their chips(this used to include 3DFX) or stick to 2D only while people bought 3DFX's 3D Solution until the Ticket to Ride managed to happen.
It did manage to happen, and for what I remember it was pretty decent 2D but not competitive 3D.
You literally cannot understand the fall of #9 without understanding the rise of 3DFX, and the rise of 3DFX is much more interesting considering its present fall. Understand, at this point two of the oldest leaders in the video industry--Hercules and #9--are out of business, while STB (makers of the beautiful STB Lightspeed 128--wonder whatever happened to Tseng Labs?) has been absorbed by 3DFX and even Diamond is owned by S3. These are huge companies with huge amounts of respect from the various OEMs--but they all died in one form or another.
Lead, Follow, or Get Out Of The Way. #9 was forced to do the last of that, and there's really no other way to analyze that than to look at what they were getting out of the way *of*.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I actually don't think there's an industry more bizarre than the one that creates Video Cards.
:-)
#9 was more than a contender, guys--they were the *leaders* in quality cards for years. They made their fortunes in the ISA market engineering the first cards that could actually push *serious* video through a seriously slow interface. Their highest end card, which was generally significantly more powerful than the machine it was placed in, sold for over a grand but enabled extremely high resolution functionality with the necessary acceleration to support it. The switch to VLB, and then PCI, really took alot of wind out of their sales--to be blunt, the bus stopped sucking and their chips weren't as necessary to achieve good performance. Their stopgap manuever--licensing S3's once market-leading chipsets of first the S3-868 and then the truly excellent S3-968--should have fortold for them the viability of licensed chipsets. But the good reaction they got to their Imagine-128 boards--expensive as they were--led them down a path where there really could only be one winner: Fastest Chipset.
3DFX truly had an intriguing business model. By not supplanting the 2D market, they could build off the engineering successes of companies like S3 while focusing on their core skills of 3D Design. And focus they did--<b>it was, and still is, unprecedented in the history of the computer hardware industry for any company to have had such a technological leap over their competition for as long as 3DFX did.</b> Their Voodoo 1 was quite literally revolutionary, and was at least two generations above <b>anything</b> their competitors could get out the door. With video card generations turning over every six months to a year, card after card came out that couldn't meet what 3DFX had long since delivered.
3DFX surpassed the hype of the "RISC programmable core" Verite video processor, and finally fulfilled the promises of a hype-addicted but surprisingly leading edge small company that decided to bring 3D to the PC desktop before anyone else...no one other than a small startup by the name of nVidia.
Does anybody else here remember the Edge3D? Proclaiming loudly the benefits of their propietary and rather unique quadratic mapping methodology(essentially, developers could specify four points that would make a texture appear to wrap cylindrically or spherically around a target polygon), it was the first 3D chip for the PC and <b>it stunk</b>. Badly. From what I remember reading, a number of developers tried porting their games to the chipset but couldn't get performance that matched a raw video card--all those years of learning tricks for extracting the most ridiculous performance levels out of the x86 disarchitecture simply outweighed the underengineered nVidia Edge3D.
About the only thing that card was good for was playing ported games from the Sega Saturn--and, since nobody else would write games to the Edge API, Saturn controllers were bundled with many Edge 3D cards. This was all rather ironic, considering that the Sega Saturn was probably the biggest console miscalculation in history--it was designed to be the ultimate 2D system just as Sony(who had once been collaborating with Nintendo for their new "Playstation" system you might have heard of) was about to bring gamers into the brave new world of 3D. A basic 3D chipset was spooged in at the last minute, but to say it was drastically underpowered would be an understatement. It was weaker than words can describe, so it's games ported quite well to the Edge 3D.
nVidia's Edge came out; it was an utter failure. Next came the S3 Virge, and for all the excitement with the "FreeD"(Free 3D with that 2D card) excitement...it turned out to be significantly faster just to play Descent on a Pentium with a *good* card. Even the Verite I spoke of earlier really wasn't all that nice, despite apparently some trademark RISC Core coding by Carmack himself. Nope, wasn't till 3DFX came along with their Voodoo 1, with the Wizard's Tower demo, this ridiculously cool thing with Dolphins jumping all around, and (finally!) a 3D Fighting Demo for PC that we finally had three dimensional graphics as de rigeur for a gaming PC.
What's ridiculous is that, for as long as 3DFX was on top with their Voodoo 1, just as competitors were starting to catch up they pulled out their Voodoo 2 with SLI functionality. Two cards, twice the profit for 3DFX, twice the power to keep competitors at bay--it was a beautiful thing. But as I said earlier, those cards never used their own 2D engines--they depended on other 2D cards. Diamond was quite happy to sell both their 2D solution from S3(which I bought, and if you ever get me inebriated enough I'll tell you about what happened between me, a broken Stealth, and an emotionally unstable woman in Diamond Tech Support) and their 3D solution from 3DFX--the veritable Monster 3D series. But #9, having seen good success from their Imagine 128 line and believing(quite arguably) that the declining profits of the card industry practically mandated making your money off the chip side, stuck to only selling 2D cards until they could get their 3D solution out the door.
By the time they did, it wasn't even a contender.
Also, by the time they did, 3DFX had long since finally listened to their OEMs who were complaining about cost structures from having to ship two cards instead of one and integrated 2D into their cards--first awfully, with the Voodoo Rush(ed), later castrated, with the Voodoo Banshee, and fiiiinally correctly with the Voodoo 3.
So #9 was left with a 3D card that couldn't cut it, 2D cards that didn't measure up to industry expectations, and no pre-existing relationship with any major chip vendor(at this point, just nVidia since 3DFX bought STB and stopped OEMing out its chips due to plummeting prices of their cards). Having gone entire generations without an industry-contender product--not even in a market niche!--they had nowhere to go and plenty of debt.
It was just time to turn the page. It's too bad--particularly since, if I remember correctly, they really had the Compaq/Dell/etc. style connections that have sustained ATI much to the confusion of gamers worldwide wondering how such a generally "Behind the curve" company could always get its products into millions of corporate desktops. ATI always managed to do the bare minimum to keep those OEMs--#9 just didn't or couldn't and lost what it had.
It's too bad. They made *good products*--their Motion771 was my favorite card to get for quite some time. But it's a different world right now--and it's getting even more different, with 3DFX having lost (from what I've heard) most of its core engineers and having been lapped by nVidia's GeForce2 processor(replete with Per Pixel Shading Acceleration By The GPU! I wonder if it does Quadratic Texturing too...) ATI's making noises of industry leading again, but then they did that with their Rage chipset and...well. Rage indeed. Matrox, of course, is doing well in the position #9 should have been in with their extreme quality RAMDAC's for high-res performance and now, dual head support implemented absolutely beautifully(got a TV? Play the DVD there? OK.) S3's just out their getting Savaged...though I have to wonder if they've picked up the "cheap quality 3D" market that they fed for so long with their truly lousy Virge. They own Diamond though, and Diamond (last I checked? Has this changed?) pushes quite a bit of nVidia product out the door. At +$200 a card, that's among the more expensive components left in modern machines!
As far down as #9 has sunken, nVidia has risen to the top of the heap, not as far above as 3DFX was in its prime but a good generation ahead. To think that it was three years ago that I was being laughed at for saying nVidia was to stage a massive comeback, as I had seen their Riva 128 at WinHEC and It Was Good(and I had also seen Cyrix's M2 processor struggle through Quake and had been practically ordered not to release the results of my ill-gotten TimeDemo)...
Wow. People wonder why there's so much excitement and activity on gaming sites like Bluesnews and Old Man Murray. Companies race, fight, live, and die on a field that's ever shifting, not particularly predictable, and booby trapped left and right.
In other words, the Video Card industry is pretty much Tech's Gladiator Pit. Want a Ticket?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Also, the idea that we, as geeks, or outcasts, or the formerly societally abused should use the shootings as a sounding point to 'stand up' for other people who don't 'fit in' is WAY wrong. It's sick.
Blue--
What you say would be true--should be true--had not a good number of skittish administrators started looking for the Dylans and the Erics among their own kind.
Guess who they found.
Go read the Hellmouth stories. Dylan and Eric didn't just traumatize kids in their own school; the backlash from their actions engulfed unquestionably innocent geeks for no cause that could ever be considered as fair. Consider the rather intriguing fact that Dylan and Eric weren't even *part* of the "Trenchcoat Mafia"--did you know that, Blue? Did you realize that was all a media invention because, well, they wore Trenchcoats, and, like, so did this other group that *hated these kids too*?
I don't think a single one of those kids from the Trenchcoat Mafia was allowed back into that school. It was apparently believed that their mere presence would be traumatic to the survivors, regardless of their total lack of involvement.
At its most extreme, that was probably what the entire Hellmouth rage was about--
1) Something must be done!
2) This is something.
Therefore,
3) This must be done.
Those kids over there looked like The Killers. Get 'em out! That group over there, we don't understand him. Get 'em out! That clique has a tradition of verbally harassing people? Ah. They're kids. And they're cheerleaders/football players/"boys will be boys".
Blue, people were SUSPENDED FOR THEIR BELIEFS. People were feared for no other reason than the games they played! Go read the Hellmouth responses--it was never really about people complaining about how they'd been victimized for all these years ad nauseum. It was how schools across the country started looking inward to find the secret "Most Likely to Kill Us All" award winners, and the slots kept on ringing up, "Isolated Computer Geek", "Dungeons and Dragons Player", and "That Guy Who Sits Alone In Lunch And Hates PE."
No administrator wanted to be liable for letting the school get shot up. So a veritable Lord Of The Flies environment sprouted up in schools across the country. Geeks still in school reported the harassment they were subject to, and stood back in awe as Slashdot spit back hundreds of similar stories from everywhere and anywhere inbetween. Geeks out of school shuddered--they(and *I*) knew deep down that we got out just in time, but there were those we left behind.
Would you have survived the Purge from Columbine? Would I? How many were harassed to make the popular feel safe? How many were exiled?
I honestly believe the greatest thing to come out of the Hellmouth series was that it was *so* quick to come out and *so* topical that it *had* to amount of something of a defense infrastructure for those being considered for extreme punishment.
I don't know this for sure, but I can hope: The Hellmouth series had the direct effect of making it much more expensive for administrators to eliminate subversive though entirely innocent elements from schools across the country. It made kids bolder in defending themselves, it gave parents a window into something they could only vaguely remember, and it made administrators know there'd be a heavy PR price for eliminating the "inconvenient" rather than the truly dangerous. That's why I want this book published, incidentally: For all the non-geek exposure this series got, it was most likely limited to short emails read for short periods of time by the people who could and should Make That Difference.
The publication of this book needs to happen--the bottom line is that there's a *reason* it's legal to quote, and Slashdot should not feel guilty about doing so--especially when most readers enthusiastically support the printing of this material! The people who would be quoted overwhelmingly support such a printing--they wrote what they wrote to be *read*, *understood*, and *acted upon*. Hemos, Taco, and even you, Katz, you've *done* that.
Do the authors proud! Release this book.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Excuse me?
I seem to remember Network Solutions receiving the rights to *distribute* names, not *wholesale ownership of those names*.
What's $80 a year today may become 10% of Gross Profit tommorow. "Sorry, we found somebody willing to pay more for your business's identity. Too bad you don't particularly own that identity..."
This is a land grab; a damn subtle one, but a land grab nonetheless. NSI received the right to distribute names. By claiming ownership, they're assuming a far more valuable, centralized, and corruptable position--one which they have no right to assume.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com