Tuesday, February 09, 2016

panic, moi?

So there's this great new report from the Berkman about the worries various governments have that the technology we are starting finally to make use of to protect our privacy may also mean that "bad guys" can get away without being caught.

It is deeply ironic that there's precious little evidence that having untramelled access to everyone's Internet data for the last 20 years has done a single thing to prevent one terrorist death. It is also ironic that when there was access to encrypted data, during WWII, from Station X (Bletchley, breaking the code, the Enigma and its variations etc etc), it was not used to prevent Atlantic shipping from being sunk by U-boats as that would have given away the fact the allies knew where the subs were (i.e. had likely broken all the codes). It was finally "used" to know that the germans did not know about where the D-Day landings were to be. This was to prove useful (although not necessarily decisive) in winning/ending the second world war.

However, note interestingly that spotter planes could often see U-Boats surface, and it was the location of the sub when it sent an encrypted report (aka "meta-data") that let the Turing folks break the code the 2nd time. There's no evidence that the NSA have known about Al Quaeda before 9/11 or that the Spanish, UK and French had any idea about the Madrid, London or Paris terrorists ahead of time. If they did, and didn't say because it would "reveal" their capability, in a post Snowden era, this is just plain stupid, actually criminal. Given several events have happened after Snowden, and there's precious little evidence the bad guys used much more than basic comms (SMS, instant messaging) then, it is evidence that the security apparatus is not fit-for-purpose.

Thus, the report above is right about meta-data (what's sometimes called communications data, as opposed to content, or "control" as opposed to "data").

Interestingly, was talking to some lay folks recently about what the police do if they find someone unconscious (or worse) with no id, but a smart phone, and that smart phone is locked (and, in modern iphone or android, encrypted). So
1/ If you have an ICE ("In Case of Emergency") configured, it can be called from a locked screen on an iPhone, and you can configure android the same if you want.
2/ The phone company can workout what the IMEI and number of the phone is from the location, and from that, could give the police a list of caller and callee IDs so they could try a few til they get someone...plus the account information would likely give name/address/bank info.
3/ If the phone is backed up in the iCloud, its quite likely the back up isn't encrypted

All of this could also be done with someone "of interest" who is perfectly conscious, but unaware:-)

So there. Fire the NSA and GCHQ and get someone in who has a clue.

Monday, January 25, 2016

blockchain for gun control

so distributed ledger technology is a new technology that is all the rage in some government circles. while Bitcoin as the exemplar of the use of the technology for an electronic replacement for cash and credit cards, has its detractors (and they are mostly not wrong), the underlying system allows one to track transaction history associated with a physical object  - one of the UK government's use cases in the report linked above, is the idea of being able to avoid buying "blood diamonds".

so how  about we propose using this for arms control (everything from nukes, to hand guns, and ammo) ? there are ways even without putting "smarts" in the gun (ballistics can often match gun/ammo to each other in any case, and one can move to more careful signatures easily)...

then one could start to look at liability. i.e. people that own weappns would have to take responsibility for a change.

Thursday, January 07, 2016

investigatory ploughsharing bill - srambling for safety

for a thorough report on today's scrambling for safety 2016 debate, its hard to beat George Danezis blog - one thing I was going to ask about was the really broken part of the bill, which prevents any discussion between a service provider and the agency that serves a warrant on them for intercepoton (whether a standard surveillance or a bulk one, or interference on a device or a broad spectrum of devices).

I realize that some level of stealth is, by definition, needed during the surveilance - however the world is rapidly evolving, and it is clear that operators and service providers are at the bleading edge and are able to offer (and do, in practice under today's laws in the UK)  on a request  (e.g. no, you don't want that IP address, you want this URL prefix, as that's a load balancer/VM, NATed device that changes etc etc) - in my example question (no., you don't want to run interference on that device as it isn't just a routine users ipad, its their tesla dashboard, and if you weaken the random number generator in the OS on that device, you open it up to hackers who will crash the car), not only is it obvious the security and police agencies don't have expertise yet in the area, we need to have a cooperatively evolveable law - latching the law (the first in 500 years to admit that agencies need these powers, but under legal controls) we need to make sure it isn't the last law made in the area either - just as the "Internet Connection Record" is meaningless in the world today, so the interference model is extremely dangerous in the IoT space, where there are currently more devices that are not end-users comms gadget (==phone/skype) than are - pretty soon, there will be 100s or 1000s of devices - monitoring these is mostly a waste of resources (more haystacks to not find needles in) - interfering with these devices (e.g. pacemakers, car brakes, traffic lights) is incredibly dangerous - [footnote...]

proportionality requires risk assessment - "collateral damage" that is a death because of interference on a device which causes a car crash or a heart failure, is not assessable today. it may be one day, but I posit that it is not an acceptable risk level for gleaning a little bit more sigint, that probably wont be acted on anyhow. Basically, this blows out of the water any fig leaf of proportionality, unless there is a wholly different way to manage (transparently) the codes of practice, in a way that future proofs (actually makes fit for purpose for today's internet) this dodgy draft bill.

footnote - let not forget algorithmic lawyers - when the music biz wanted to chill the p2p file sharing world, they started getting s.w that generated letters to threaten disconnecting users from their ISP - one fabulous case ended up with a tech guy defending himself in court, because the IP address the lawyers s/w detected allegedly uploading music in breach of copyright from. was his HP laster printer. doh. if they can get that wrong, then the spooks software can and will confuse a crims phone with an innocent ("collateral damage") bystander's  auto-defibrillator or internet enabled insulin pump.

Tuesday, January 05, 2016

Will we ever fix that last s/w (h/w) security vulnerability?

A recent talk bu Johanna Rutkowska sparked a discussion about whether the number of vulnerabilities is potentially infinte, or whether the cost and/or value of exploiting and/or fixing them them is slowly increasing (or decreasing) or (thanks to Markus Kuhn and others) it is cyclic, as phases of technological innovation wash up and down the shores of human society....

so my take - we spend ages in the OS community trying (as
per the talk) to nail down the smallest piece of the trusted tiny
center of the kernel (and talk to the hardware people about it very
closely - even modifying their designs), so that the attack surface is
minimized - including, as you say, improved tools and techniques 9type
safe software fuzzers, verifiers etc etc...

then some skunk works thing from the h/w comes along and changes the
whole game (in terms of complexity to start with, but also in terms of
massively opening up the attack space) _ usually its coz of some
geniuine user demand for something faster/cleverer (as per the talk,
add in GPUs, add in smarer NICs with offloading, add in multicore, add
in more instructions for graphics, even for security itself!)

another example of this can be seen on the net  - since well before
current scandels (back in 1990s) we've been trying to batten down the
hatches everywhere  with DNS, BGP and end-to-end crypto (and now
betterer DNSSEC, better certificate ideas, better router-router
systemic ways to prevent problems, better e2e crypto (c.f. tcpcrypt)
etc

and then some bozo comes along and re-jogs the entire mobile phone net
to be IP based (but with lots of little, devilish little changes)

then some mega-bozo comes and puts a rspi in every thing that has a
moving part, and connects that to the interweb (and builds a new stack
with COAP and IPv6 and lowpan/zigbee so we have no idea what new
sneaky things there are in there)...

then some dolt comes and builds million core data centers and modifies
the entire stack and routing system coz it doesn't scale to their
needs....so we don't know what new corner cases have now appeared on
the masive geodesic (no longer nice shiny smooth, hard  thing)

and we have to start a l l   o v e r   a g a i n
thrice.

It's like you build defences around your big city with walled gardens
and gated communities, and someone comes and builds a massive shanty
town right outside, a favella, which you need, coz, after all, someone
has to come and clean the floors and make your tea and take out the
trash...oops


Sunday, December 20, 2015

Disasters bring out the best and the worst in people


I've been reading about disasters for a few years now.
As a result of friends struggling to let all their families know they were ok in the Tsunami in South East Asia a few years back, we embarked on the Haggle opportunistic networking
project, and more recently, partly fuelled by other problem in society including the current massive movement of refugees from the middle east, we instigated n4d, the networking for development lab, in cambridge, with many partners around the world, and leverage via the Internet Research Task Force's Global Access to the Internet for All (GAIA) activity.

Back at the beginning, I read this fine book about how people behave remarkably altruistically during disasters, that is until the first responders arrive (typically, 72 hours later) -- this made me quite optimistic about our efforts:
A Paradise built in Hell

However, more recently I've read this account of the neo-liberal industrial-military complex way of engaging, which makes for much more depressing prognostication:

Disaster Capitalism

(Contrast Haiti with Cuba just for a moment, but closer to home, the description of private security forces ("we're not mercenaries" and "we're only here for the money" occur multiple times in the same irony-free breath), look at the imposition of austerity on Greece,  where much European refugee money goes to non-greek security firms to run camps for Syrians and others arriving there, before moving on to Germany (the place that needs them for cheap menial labour but imposes restrictions on what the Greek government can do that stop employment for greek nationals picking up again. Grrrrr....

I'm not sure how to regain my optimism (or even sanity) but am tempted to re-target Mao's slogan Combat (Neo-)Liberalism sometime soon. Oddly enough, today someone pointed me at this excellent blog on insurrectionist civics in an age of mistrust which might help

Saturday, November 07, 2015

Review of "The tools and techniques of the adversarial reviewer"

This is my review of the paper
"How to review a paper \\ The tools and Techniques of the adversarial reviewer"
by Graham Cormode.

This paper appeared in the SIGMOD Record in December of 2008, but appears not to have gone through proper peer review. The paper suffers from at least three major problems

Motive  - is it really an interesting problem that reviewers are adversarial? Surely if reviewers colluded with the authors, we'd end up accepting all kinds of rubbish,  swamping our already bursting filing cabinets and cloud storage resources further, and taking cycles away from us just when we could be updating our blog or commenting on someone's Facebook status.
Is the fact that a reviewer doesn't like a paper a problem? Do we know that objective knowledge and reasoning based on the actual facts are the best way to evaluate scholarly work? Has anyone tried random paper selection to see if it is better or worse?

Means - the paper doesn't provide evidence to support its own argument While there is much anecdote, there are no data. The synthetic extracts from fictional reviewers are not evaluated quantitatively - e.g. to see which are more likely to lead to a paper rejection -- for example, it is not even shown that perhaps accepted papers may have more adversarial reviews than rejected papers, which may attract mere "meh" commentary.

Missed Opportunity - the paper could have a great opportunity to publish the names of the allegedly adversarial reviewers together with examples of their adverse reviews, to support the argumentation, and to allow other researchers to see if the results are reproducable, repeatable, and even useful.
For example, multiple programme committees could be constituted in parallel, and equipped with versions of reviewing software that modify reviews to include more or less adversarial comments. The outcomes of PC meetings could generate multiple conference events, and the quality of the different events compared. If particular outcomes can be determined to be superior, then the review process could subsequently be fully automated. It is only a small step from there to improving the automatic authoring of the papers themselves, and then the academic community will be relieved of a whole slew of irksome labour, and can get on with its real job.

Sunday, October 25, 2015

the thing is...

part un ..with the form factor of a hand, the thing can control any legacy actuator - possessed of several simple electromechanical motors, a set of fiber optics in the finger tips, leading back to a camera in the raspberry pi controller at the wrist, and a light, to look at stuff in the dark (extra-sensory perspective), the thing can run around your house and turn stuff on and off - it might be a bit scary (especially if you have several of them, and you see them going up stairs, or hanging off the old thermotat controller or VHS video or microwave) but through online legacy device manuals, these are the new universal remote control  - instead of getting a remote for each device, even devices which have no digital/IR/WiFi/Bluetooth/Zigbee/Audio interface can now be managed via an app on your phone which talks to your family of things...

this is cheaper, more deployable than expensive new tech, more secure (modulo any recurrences of early "hands of orlac" bugs), and can deal with tricky situations (e.g. get spider out of bath, unblock toilet) that most IoT engineers blanche at the thought of (which).

these things can turn your old dial phone into a cellular like device (indeed allow you to dial remotely using your cell phone) can take readings from utility meters and scan, OCR and email them to you, and then let you turn down the heating or turn up the gas as you can afford, without leaving the comfort of your internet cafe.

no cloud needed. no nudges or winks from a psychology/marketing department, just plain old wrist action and common sense.

its true, there may be a re-guard legal fight with the estate of charles addams, but we expect that to be handled easily

part deux - lust as actuators should be made visible agents, sensors too -- every thing that contains a sensor  should have a face - for example, any sensor should show a picture of the people currentlly looking at the output of the sensor - this is the moral equivalent of the facebook "show me as others see me" interface or the statistics on google's search dashboard...

this would give us the inverted panopticon (aka sousveillance) - this is not hard to do - indeed, a similar idea was applied for logging in to public wifi hotspots  where the router has a camera and display which yo ucan use from your laptop in a cafe, to make sure (or at least, improve your confidence that) you are using the real router, not some hacker sitting near by

this is also psychological. so using information flow control, and tracing, one could easily implement this - given the total number of people who should be able to see sensors' output is small, this should actually be scalable too

it could also e a service offered by HATDeX :-)

Blog Archive

About Me

My Photo
misery me, there is a floccipaucinihilipilification (*) of chronsynclastic infundibuli in these parts and I must therefore refer you to frank zappa instead, and go home