TO: Office of the Indiana Attorney General Indiana Government Center South 302 W. Washington St., 5th Floor Indianapolis, IN 46204 Phone: 317.232.6201 Fax: 317.232.7979
E-mail: Constituent@atg.in.gov
FROM: Mike Warot
Hi
I'm Mike Warot, from Hammond. I'm a network administrator working in Chicago.
I've recently learned that 37 states are joining in an investigation of Google's collection of WiFi data, as typified in this story from the LA Times
The issue at hand seems to be quite simple. They were trying to make a list of open (unencrypted) WiFi access points as a supplement to GPS to help in navigation. Because the software used to collect this data (Kismet) defaults to collecting entire packets instead of just the names of the access points, there is now an uproar that "passwords were stolen" and other Bull Shit. It was a simple technical oversight, not an evil plot.
Please DO NOT WASTE MY TAX DOLLARS on this wild goose chase. I'm sure you have plenty of other more important work to do.
This fucking sucks. Instead of worrying about corporate fraud, or shutting down the derivatives bubble that is bigger than the real economy... we have 37 different state offices and a bunch of press focused on the recording of unencrypted WiFi packets and massive scare mongering.
I'm hoping that someday I'll be able to reify a bitgrid. This looks like one possible path forward.
A bitgrid is just an FPGA without routing logic. It's a grid of 4bits in 4 bits out Look up tables each connected to their nearest neighbors in a 2d grid. There's no routing to worry about because any cell can be used as either logic or routing, and both at the same time in most cases.
Configuration is done by storing data in the look up tables. The whole thing looks like a chunk of static RAM to the host.
I'm willing to work with pretty much anyone to get this thing built, and having it open source would be icing on the cake.
Oh... and I strongly suspect that a BitGrid may be just the think to do Exascale computation.
If the system was designed in such a way as to allow the generation of 1 time keys, instead of an embedded 16 digit number, this wouldn't be a problem. This could have been fixed 10 or maybe even 20 years ago... but we have the lowest possible cost system in place, and fraud is just a cost of business instead of a crime.
With the proven L4 kernel, the device driver code from Linux, and the GPL... it should be feasible to build a trusted system for the rest of us.
The key is to allow the user to assign privileges to a program at run time, and have the operating system constrain the program to those resources. It's not really hard to do, compared to the approach we have now, it's conceptually easier.
Cabsec - Capability Based Security has been around for a long time, it was part of Multics... the idea of having real security built into the OS, available as a tool for the USER to decide what resources to make available to an application, is a very powerful one.
Unfortunately, its a boil the ocean solution.... you have to build a new OS which supports it, and then port your apps.
A programming trick that used to work was to unroll loops, to prevent the pipeline penalties that occur when you branch. It worked well for a while. My idea (the bitgrid) is based on the idea of unrolling the whole friggin program. Instead of making a list with less branches... why not distribute each and every instruction of a program out into a physical processing instance?
To make it feasible in hardware, use the simplest computing grid feasible, a grid cells (each cell having 4 inputs (one bit from each neighbor), 4 outputs (one bit TO each neighbor) and a 16 entry look up table), each of which is a pitiful unit of computation by itself.... in a grid size to fit the application at hand, they can execute all of the instructions necessary to compute a result simultaneously.
Communication isn't shared, because every input and output only has 1 place to go or come from. It only has to go to the next cell... so there are no long communication lines to worry about. Each cell can function as a router and logic element at the same time.
Programming with Fortran or C or anything else you've heard of is RIGHT OUT. This is the big problem to solve.
It is this concept which I believe will get me some funding from the Exoscale research programs at DARPA.
It was surreal signing up to be a defense contractor last week.
It doesn't give any specifications about what frequency ranges. 500 Mhz is a lot, if it starts at 0Hz, it's pretty much priceless... if it starts at 60Ghz... not worth very much at all.
As far as freeing it up.... if it's for commercial use, instead of for networking peer to peer, what good is it for any of us? The monopolies will buy it up, and fight over it, and bill us with a profit margin along the way, while we get crap.
Free up what used to be the UHF TV spectrum for peer to peer use, and we can do a lot to fix the last mile problem.
If you had a strong enough magnetic pulse to wipe a hard drive through 93 million miles, I don't think that survival of our way of life is really likely. It would completely fry pretty much all of our electronics and power grid. The Amish might make it, if their neighbors didn't loot them to starvation.
I've read through all the comments, and this is the only sane one that stands out. The principle of least privilege, as I see it, is the idea of letting the user give privileges to a program at run time, and they would chose the least possible set of resources to get the job done.
The main thing is that with cabsec, you NEVER trust a program with the full resources of a user, and thus it never has enough resources to take out your system.
Consider if Outlook were only allowed to talk to a mail server, and a datastore, and use the console IO. It wouldn't be possible for an email to take out anything else, as it would be out of the scope of allowed actions. Everyone could manage profiles for things to automate the normal routine stuff, and use a nice GUI for the tricky bits... saving the settings if the results were favorable.
The big plus of cabsec (CApability Based SECurity) is that it would allow pretty much anyone to manage their own system, and to NEVER worry about virii again.
It can be done, but for many good reasons most users have never heard of it.
Steve Jobs has made his case against flash on the iPad. It's interesting, and I kept reminding myself about the presence of the well known reality distortion field that permeates his being.
As a programmer, and person, I hate reality distortion fields. This blog post is meant as an exercise in building skills to see through it.
First, the post was not just Steve, sitting in his office, jotting down a few notes. He's thought about it, long and hard, carefully avoiding certain areas that might cost him points, while pushing the strengths of his position. Lots of my stuff here is off the cuff, and might qualify as a jot... his definitely is not something quick and dirty.
First, there is "open", as Steve said. Just how do you send code to someone who owns an iPad? It appears to this observer that the way is definitely not open, but only goes through the Apple toll both. Open ports like USB would be nice too.
The there is the "full web"... Flash sucks because it's a layer between the web and the browser. It's a shim at best. However, it's the best shim out there for most cases. Allowing flash, with some disclaimers would be far better than denying the use of this shim.
Then there is security. If you can't protect your iPad from bugs in Flash, you certainly can't protect it from any other rogue applications either. It's just a matter of time before the holes start showing up. Steve - read up on Capability Based Security.
Battery life - good point. Hardware acceleration is good. It would be nice if I could replace the battery at some point as well.
Then there is Touch - If you don't allow cross compatibility, how are others going to figure out how to deal with touch? You'll always be a special case, and never mainstream.
Conclusion - Steve is good at distorting reality, but it's a near field effect with limited range.
I highly recommend using UltraVNC-SC. You configure it for your needs as a support person. The person you support has to run a small single EXE file, and you then have control over their machine. Quick and efficient access to someone's desktop to see what they see has made a vast improvement in my ability to support people for the past 5 years or so.
We keep ignoring the lessons the past by using discretionary access controls instead of capability based security at our own peril. The users have no way of telling what the side effects of a program are going to be, nor do we have any way of limiting them. This is a spiral downward that will eventually force everyone to learn about capabilities and cabsec.
Why does anyone care what version of a browser someone is using? Just put the text in the file, and they can see it. Images still work ok, so do tables. If the something is a few pixels off, so what?
The biggest failure to date which didn't get mentioned is Unix. If we had Multics, with it's B2 security rating, we might have actually had secure operating systems in the hands of the public at this point in time. We wouldn't be dealing with spam, or virii.
But no..... it was soooooo complicated.... K&R had to stick us with a piece of insecure crap... and everyone else was stupid enough to copy it.
I've taken something like 200,000 photos over the past 13 years... and I've noticed I can remember almost everything about days that I have pictures from... and not very much of the rest.
I want one of these far more than I fear someone else having access to it.
I can't believe they want to enforce security by choice of application, rather than relying on the operating system to do it. Isn't the whole purpose of an operating system to allow resources of the machine to be safely allocated as necessary?
You can't choose which apps aren't going to kill your machine a priori without first solving the equivalent of the halting problem. Since we all know that's impossible... it should be fairly obvious the iPad is pretty much doomed to the same fate as any general purpose computer with a poorly chosen security model.
Oh... and here is the obligatory plug for cabsec which is different than capability based security.
The next thing people need once they care about security is real options which make them secure. By default its not possible to run an untrusted program on a PC in a safe manner. There needs to be a way to do that. There needs to be a way to specify the capabilities a program is going to have at run time, to limit the side-effects to those designated by the user.
Useful steps in this direction include AppArmor and chroot jails on the Linux side, and SandboxIE on the windows side.
They could use a data diode to make a read-only copy of the flight tracking information available to all, with zero risk to the air traffic control network. These devices are in use by goverments to protect really secret stuff... so they should work for this as well.
I find it quite ironic that they publish their report as a PDF, one of the biggest sources of vulnerabilities known to man. Why not something a bit more open and standard, like HTML?
Managed code doesn't fix things, because it doesn't allow the user to decide how his computer should be used by an application he's decided to execute.
Nothing to date seems to do this basic task, outside of some stuff in research or military land.
I think a better version of the future is to secure the PC using sandboxing and capabilities to limit the side effects of applications. This then allows you to download and run apps on your PC, without the need to trust them. You could then have redundant copies of your stuff spread across your various devices. Your stuff includes photos, videos, documents, and the code to manipulate them.
The focus on services is a result of the distortions caused by the lack of a good security model on the PC. Once that gets fixed, a lot of thing work better.
Slashdot Mirror
Here's what I sent to Indiana's AG...
TO:
Office of the Indiana Attorney General
Indiana Government Center South
302 W. Washington St., 5th Floor
Indianapolis, IN 46204
Phone: 317.232.6201
Fax: 317.232.7979
E-mail: Constituent@atg.in.gov
FROM: Mike Warot
Hi
I'm Mike Warot, from Hammond. I'm a network administrator working in Chicago.
I've recently learned that 37 states are joining in an investigation of Google's collection of WiFi data, as typified in this story from the LA Times
http://latimesblogs.latimes.com/technology/2010/07/google-street-view.html
The issue at hand seems to be quite simple. They were trying to make a list of open (unencrypted) WiFi access points as a supplement to GPS to help in navigation. Because the software used to collect this data (Kismet) defaults to collecting entire packets instead of just the names of the access points, there is now an uproar that "passwords were stolen" and other Bull Shit. It was a simple technical oversight, not an evil plot.
Please DO NOT WASTE MY TAX DOLLARS on this wild goose chase. I'm sure you have plenty of other more important work to do.
Thanks for your time and attention.
This fucking sucks. Instead of worrying about corporate fraud, or shutting down the derivatives bubble that is bigger than the real economy... we have 37 different state offices and a bunch of press focused on the recording of unencrypted WiFi packets and massive scare mongering.
I want my country back.
I'm hoping that someday I'll be able to reify a bitgrid. This looks like one possible path forward.
A bitgrid is just an FPGA without routing logic. It's a grid of 4bits in 4 bits out Look up tables each connected to their nearest neighbors in a 2d grid. There's no routing to worry about because any cell can be used as either logic or routing, and both at the same time in most cases.
Configuration is done by storing data in the look up tables. The whole thing looks like a chunk of static RAM to the host.
I'm willing to work with pretty much anyone to get this thing built, and having it open source would be icing on the cake.
Oh... and I strongly suspect that a BitGrid may be just the think to do Exascale computation.
If the system was designed in such a way as to allow the generation of 1 time keys, instead of an embedded 16 digit number, this wouldn't be a problem. This could have been fixed 10 or maybe even 20 years ago... but we have the lowest possible cost system in place, and fraud is just a cost of business instead of a crime.
With the proven L4 kernel, the device driver code from Linux, and the GPL... it should be feasible to build a trusted system for the rest of us.
The key is to allow the user to assign privileges to a program at run time, and have the operating system constrain the program to those resources. It's not really hard to do, compared to the approach we have now, it's conceptually easier.
Cabsec - Capability Based Security has been around for a long time, it was part of Multics... the idea of having real security built into the OS, available as a tool for the USER to decide what resources to make available to an application, is a very powerful one.
Unfortunately, its a boil the ocean solution.... you have to build a new OS which supports it, and then port your apps.
A programming trick that used to work was to unroll loops, to prevent the pipeline penalties that occur when you branch. It worked well for a while. My idea (the bitgrid) is based on the idea of unrolling the whole friggin program. Instead of making a list with less branches... why not distribute each and every instruction of a program out into a physical processing instance?
To make it feasible in hardware, use the simplest computing grid feasible, a grid cells (each cell having 4 inputs (one bit from each neighbor), 4 outputs (one bit TO each neighbor) and a 16 entry look up table), each of which is a pitiful unit of computation by itself.... in a grid size to fit the application at hand, they can execute all of the instructions necessary to compute a result simultaneously.
Communication isn't shared, because every input and output only has 1 place to go or come from. It only has to go to the next cell... so there are no long communication lines to worry about. Each cell can function as a router and logic element at the same time.
Programming with Fortran or C or anything else you've heard of is RIGHT OUT. This is the big problem to solve.
It is this concept which I believe will get me some funding from the Exoscale research programs at DARPA.
It was surreal signing up to be a defense contractor last week.
It doesn't give any specifications about what frequency ranges. 500 Mhz is a lot, if it starts at 0Hz, it's pretty much priceless... if it starts at 60Ghz... not worth very much at all.
As far as freeing it up.... if it's for commercial use, instead of for networking peer to peer, what good is it for any of us? The monopolies will buy it up, and fight over it, and bill us with a profit margin along the way, while we get crap.
Free up what used to be the UHF TV spectrum for peer to peer use, and we can do a lot to fix the last mile problem.
That's my 2 copper cents worth.
If you had a strong enough magnetic pulse to wipe a hard drive through 93 million miles, I don't think that survival of our way of life is really likely. It would completely fry pretty much all of our electronics and power grid. The Amish might make it, if their neighbors didn't loot them to starvation.
I've read through all the comments, and this is the only sane one that stands out. The principle of least privilege, as I see it, is the idea of letting the user give privileges to a program at run time, and they would chose the least possible set of resources to get the job done.
The main thing is that with cabsec, you NEVER trust a program with the full resources of a user, and thus it never has enough resources to take out your system.
Consider if Outlook were only allowed to talk to a mail server, and a datastore, and use the console IO. It wouldn't be possible for an email to take out anything else, as it would be out of the scope of allowed actions. Everyone could manage profiles for things to automate the normal routine stuff, and use a nice GUI for the tricky bits... saving the settings if the results were favorable.
The big plus of cabsec (CApability Based SECurity) is that it would allow pretty much anyone to manage their own system, and to NEVER worry about virii again.
It can be done, but for many good reasons most users have never heard of it.
Steve Jobs has made his case against flash on the iPad. It's interesting, and I kept reminding myself about the presence of the well known reality distortion field that permeates his being.
As a programmer, and person, I hate reality distortion fields. This blog post is meant as an exercise in building skills to see through it.
First, the post was not just Steve, sitting in his office, jotting down a few notes. He's thought about it, long and hard, carefully avoiding certain areas that might cost him points, while pushing the strengths of his position. Lots of my stuff here is off the cuff, and might qualify as a jot... his definitely is not something quick and dirty.
First, there is "open", as Steve said. Just how do you send code to someone who owns an iPad? It appears to this observer that the way is definitely not open, but only goes through the Apple toll both. Open ports like USB would be nice too.
The there is the "full web"... Flash sucks because it's a layer between the web and the browser. It's a shim at best. However, it's the best shim out there for most cases. Allowing flash, with some disclaimers would be far better than denying the use of this shim.
Then there is security. If you can't protect your iPad from bugs in Flash, you certainly can't protect it from any other rogue applications either. It's just a matter of time before the holes start showing up. Steve - read up on Capability Based Security.
Battery life - good point. Hardware acceleration is good. It would be nice if I could replace the battery at some point as well.
Then there is Touch - If you don't allow cross compatibility, how are others going to figure out how to deal with touch? You'll always be a special case, and never mainstream.
Conclusion - Steve is good at distorting reality, but it's a near field effect with limited range.
I highly recommend using UltraVNC-SC. You configure it for your needs as a support person. The person you support has to run a small single EXE file, and you then have control over their machine. Quick and efficient access to someone's desktop to see what they see has made a vast improvement in my ability to support people for the past 5 years or so.
We keep ignoring the lessons the past by using discretionary access controls instead of capability based security at our own peril. The users have no way of telling what the side effects of a program are going to be, nor do we have any way of limiting them. This is a spiral downward that will eventually force everyone to learn about capabilities and cabsec.
Why does anyone care what version of a browser someone is using? Just put the text in the file, and they can see it. Images still work ok, so do tables. If the something is a few pixels off, so what?
The biggest failure to date which didn't get mentioned is Unix. If we had Multics, with it's B2 security rating, we might have actually had secure operating systems in the hands of the public at this point in time. We wouldn't be dealing with spam, or virii.
But no..... it was soooooo complicated.... K&R had to stick us with a piece of insecure crap... and everyone else was stupid enough to copy it.
They should open source it, since a copy is out on the loose anyway. This could work to their advantage.
I still think capability based security is the only workable long term solution..
This little bundle of technology has been shown to radically improve recall in Alzheimers patients. Here's the study: http://research.microsoft.com/en-us/um/cambridge/projects/sensecam/memory.htm
I've taken something like 200,000 photos over the past 13 years... and I've noticed I can remember almost everything about days that I have pictures from... and not very much of the rest.
I want one of these far more than I fear someone else having access to it.
How was that a troll? PDFs suck, we all hate having to deal with them.... yet they offer no other way to view the report.
I can't believe they want to enforce security by choice of application, rather than relying on the operating system to do it. Isn't the whole purpose of an operating system to allow resources of the machine to be safely allocated as necessary?
You can't choose which apps aren't going to kill your machine a priori without first solving the equivalent of the halting problem. Since we all know that's impossible... it should be fairly obvious the iPad is pretty much doomed to the same fate as any general purpose computer with a poorly chosen security model.
Oh... and here is the obligatory plug for cabsec which is different than capability based security.
The next thing people need once they care about security is real options which make them secure. By default its not possible to run an untrusted program on a PC in a safe manner. There needs to be a way to do that. There needs to be a way to specify the capabilities a program is going to have at run time, to limit the side-effects to those designated by the user.
Useful steps in this direction include AppArmor and chroot jails on the Linux side, and SandboxIE on the windows side.
They could use a data diode to make a read-only copy of the flight tracking information available to all, with zero risk to the air traffic control network. These devices are in use by goverments to protect really secret stuff... so they should work for this as well.
I find it quite ironic that they publish their report as a PDF, one of the biggest sources of vulnerabilities known to man. Why not something a bit more open and standard, like HTML?
Managed code doesn't fix things, because it doesn't allow the user to decide how his computer should be used by an application he's decided to execute. Nothing to date seems to do this basic task, outside of some stuff in research or military land.
Looked like 2 people had AK47s to me... probably providing security for the photographers.
I think a better version of the future is to secure the PC using sandboxing and capabilities to limit the side effects of applications. This then allows you to download and run apps on your PC, without the need to trust them. You could then have redundant copies of your stuff spread across your various devices. Your stuff includes photos, videos, documents, and the code to manipulate them.
The focus on services is a result of the distortions caused by the lack of a good security model on the PC. Once that gets fixed, a lot of thing work better.