Authentication

TLDR – when someone calls you and then asks you to authenticate yourself, they are doing it wrong. DO NOT ANSWER.

A while ago, I got a call from a brokerage house I use (Hello Vanguard!). The caller asked me for the answer for one of my challenge questions, to make sure I was actually me.

I burst out laughing.

This a surprisingly subtle issue, and to have a major brokerage get it wrong is both sad and scary.

The caller is the unknown party. The called person is not, at least with the current way the phone system works. Caller ID is easily spoofable. You cannot trust that a caller is who they claim to be.

As long as the phone system is ringing the correct phone, the recipient should be, if not the exact person you want, then someone nearby. There are certainly exceptions to this, such as SIM card hijacking, which is sadly easy as well, but for the most part, if you call 1-800-BIG-CORP from a phone, you are going to get the right people.

The reverse is not true. If 1-800-BIG-CORP calls you, you have no reason to believe it is really them. You must not give away ANY secret information. You must call back, using a number you find out by yourself, NOT one given to you over the phone.

Why is this important? If the caller is actually a scammer trying to break into your account, when they come to the “secret question”, they just call you pretending to be the bank and ask you for the answer! Don’t give it out.

The caller can be quite inventive about trying to convince you they are legitimate. Krebs on Security reports on recent cases in which callers knew details of recent transactions, for example, (see https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/) Krebs gives the right advice, look up the number from public sources and call back, but he doesn’t explain the general principle.

The caller must authenticate themselves, not the callee.

This is also the reason why you should never click a link in an email message. There is no reason to trust such a thing. You must look up the link yourself, from public sources.

Ukraine Whistleblower

Mr. Trump says the whistleblower should be ignored because he reports second hand information.

The law does not require first hand knowledge. The report must only be urgent and credible, which it was found to be by the IG, who is a Trump appointee.

Mr. Trump says the whistleblower claims facts that are incorrect.

Mr. Trump himself released the transcript of the call, which confirms the representations made in the whistleblower report. The White House confirmed the movement of call records to the code-word server. The whistleblower noted Mr. Giuliani’s travels, and those have been confirmed on TV by Giuliani himself. The remaining mystery is who ordered the halt to Ukraine aid, which will be properly investigated by Congress.

Mr. Trump says the whistleblower has a political agenda.

That is unknown but irrelevant. It was the whistleblower’s clear duty to report his observations to the inspector general, through proper channels. After that, the IG and the DNI and the Congress are responsible for what follows. The IG and the DNI are Trump appointees.

Mr. Trump claims the whistleblower is a spy and public speech by Congressman Schiff is treason. Neither is true or possibly even legal. I certainly would like to see such statements clearly rejected by every American. Perhaps Twitter should close his access for inciting violence. Perhaps Mr. Trump can be sued for creating a hostile work environment/

In short, this isn’t about the whistleblower. It is about abuse of power and the, at this point, fairly obvious violations of his oath of the president. If Mr. Trump feels that the published whistleblower complaint and published (but incomplete) transcript of the call are incorrect, then his best course of action should be complete transparency, to get these “mistakes” cleared up quickly.

I read the whistleblower report. I recommend you do t0o. See https://intelligence.house.gov/uploadedfiles/20190812_-_whistleblower_complaint_unclass.pdf

My own opinion is that this man or woman is both an excellent analyst and an excellent writer. I’ve heard a rumor that our local high school AP Government class may use this as an example of both.

How long does it take to boot a supercomputer?

I answered this question on Quora, but moderation deleted it, I guess because it references SiCortex, which has been shut down since 2009.

I am afraid I may be guilty of a little bit of pride here.

My information is also dated.

In 2007, the 5832 core 972 node SiCortex SC5832 could boot and be ready to run jobs in 7 minutes if the system support processor linux server was already running. From power off it would take about 9 or 10 minutes, with the extra time taken for the SSP to boot.

At the time, we had heard horror stories about clusters taking “hours” to boot, such that sysadmins were very reluctant to update software because it would take so long.

Earlier, in 2004 when we started the company, John Mucci asked me and the software team how long it was going to take to boot, and we said “5 minutes” to considerable eyebrow raising from people with more experience. Honestly we were guessing, but we couldn’t think of reasons why it should take longer.

Fast forward two years and we had to deliver. The machine was 36 boards, each with 27 6-core nodes and a little embedded Coldfire processor called the module support processor. The 972 nodes had no storage at all, so we had to boot over JTAG and load small ramdisk images. Then we had to initialize the high speed network, NFS mount the real root filesystem, and bring up the job control system. After a couple months of heroic efforts, we got it down to 7 minutes.

This was extraordinary in the industry, but we still got a lot of good natured razzing from the rest of the company for missing our 5 minute estimate.

To the software team, the most amusing part of the whole affair was that the hardware and software proved so reliable that we had several systems in the field with uptime over a year. With uptime like that it doesn’t really matter whether it takes 5 minutes to boot or 7 minutes or an hour for that matter.

Installation generally was a one-day affair. Here’s a video: SiCortex @ Argonne

Are iPhones expensive?

The most expensive iPhone is now $1449, for the 512 GB iPhone XS Max.  That is crazy … right?
I looked around and found some other interesting numbers.

  • The average replacement cycle for cell phones in the US in 2017 was 32 months.
  • The average cell phone bill in the US is now over $80/month.

I dusted off my multiplication skilz:  32 times 80 is $2560. $1449 divided by 32 is $45.
So who is making money on phones?  The answer is Verizon, ATT, T-Mobile, Sprint…
iPhones are expensive compared to many perfectly serviceable phones, but they are not expensive compared to the service providers.
Phones are a competitive market.  I’ve owned both Apple and Android phones  They are fine.  If you think iPhones are too expensive, don’t buy them.
My own solution to the “Apple products are too expensive” was to buy some Apple stock.  It has worked out well.

Kavanaugh

Kavanaugh’s confirmation is using the wrong standards.
Brett Kavanaugh is up for confirmation to the Supreme Court.  There is a fair amount of evidence that he was essentially a drunken frat boy in high school and at Yale.  There are at least three accusations of sexual misconduct against him from those days.

 
The democrats, if I may paraphrase, are saying they don’t think a drunken rapist should be on the court. Or a conservative, but let’s set that aside.  The republicans are saying, well it isn’t true, and anyway, it was a long time ago, and boys will be boys.  Besides, it is unfair that these issues weren’t raised 30 years ago or at least two months ago.

You know what?  Fair is the wrong question. There are plenty of qualified people who could be appointed.  There are plenty of people who would likely support the president’s agenda when on the court.  There are plenty of people who have not even the suggestion they spent high school and college in a predatory haze.  I think it is good that Kavanaugh pulled his life together, if he did, but redemption is not qualification. Let the president propose someone equally or better qualified who does not have this baggage.
I keep thinking about the early astronauts.  There were plenty of applicants, but only a few spots.  The least taint of weakness would wash out a candidate even one unrelated to flying.  The process was manifestly not fair but fair was not the point.

Stop using Straws

There’s a movement to save the environment by having people stop using straws.
It is true that non-biodegradable straws will hurt the environment, but probably a lot less than those newspaper plastic bags.
A boba straw weighs about 2 grams.  A drinking straw is less.  As far as I know you need about a gram of oil to make a gram of plastic, so a gallon of oil or gasoline will make about 1700 straws.
According to the Be Straw Free Campaign, https://www.nps.gov/commercialservices/greenline_straw_free.htm
Americans use about 500 million straws a day  (I’m not using my share!).  This takes about a quarter million gallons of fuel.  That is less than 0.1% of fuel usage for cars and trucks.
Let’s work on this, after we cut down on poor insulation and excessive driving, after we put up solar panels and wind farms.  After we restore the EPA and stop using coal.
Work on the big stuff first.  We have limited mind share for silly stuff.

Telephone Captcha

Something called during dinner yesterday.  I hung up almost immediately, but commented to the family that it is getting harder to quickly identify recorded calls.
My 16 year old Andrew remarked that I should ask for the answer to 1 plus 1.
He’s invented telephone captchas!  When you get a call and you can’t quite tell if it is a person, ask them a math question.  If you don’t get an immediate correct answer, hang up.
There’s a subset of robo callers with a recording that pauses in almost human places, and makes small talk about your expected answers.  I find this trend alarming and suspect it takes in lonely seniors pretty well.
Personally, I’ve gotten to where I don’t bother talking any more, if there is any sort of a pause after my hello, or anything recorded or that I can’t interrupt, I just hang up.  As they get better though, I’m going to use telephone captchas.
 

Meltdown and Spectre

The technically inclined can read the papers at Meltdown and Spectre but I will try for a less technical explanation.
Processor chips are supposed to be able to run multiple programs at once, while keeping the data of each program secret from the others. There is a special privileged program, called the operating system kernel, that coordinates all the activity. The kernel is necessarily allowed to read the data of any user program.
This isolation between the data of different programs, and between the secret data of the kernel and that of all user programs, is done by something called virtual memory. VM gives each program the illusion of a private memory space while in fact all the programs are using bits of the underlying real memory in a way coordinated by the kernel.
A user program simply does not have any way to ask for the contents of arbitrary real memory (and thus be able to read secrets of other program.) The memory of other programs is not present at all in the virtual memory of the attacker.
The relation between the user programs and the OS is a little different. For convenience, the kernel ususally has the entire physical memory “mapped” in its own virtual address space, and the kernel’s virtual space is also present in the virtual space of every user program. This is not supposed to be a problem because the kernel part of the memory is marked “kernel use only” and that restriction is enforced by the hardware. If a user program tries to read kernel memory, the hardware says “nope!”.
All this is just background.
Meltdown is a way for user programs to read kernel virtual memory, even though they are not supposed to be able to do it.
Spectre is a way for user programs to read the virtual memory of other user programs, even though they are not supposed to be able to do it.
Virtual memory is only one of the ways in which processors present a view that is different from the underlying reality. Another is the so called “architecture”. Most PC’s have an architecture called x86, due to Intel. AMD also makes chips with an x86 architecture. The architecture is the stuff that is visible to a program: instructions, registers, memory, and so forth. The general outline of a computer architecture is that of a central processing unit, containing registers and instructions, which talk to a memory unit, containing data. Neither thing is true, and hasn’t been true for 30 years.
Memory isn’t simply memory anymore! If you’ve looked inside a PC, you’ve seen those flat rulers with chips on them plugged in edgewise to the motherboard. Those are main memory. That part is true. The problem is that they are way too slow. It can take 60 to 100 nanoseconds to get data from main memory. In that time, the CPU can execute maybe 200–300 instructions. Something had to be done. Inside the CPU chip, there are smaller faster memories called cache. They automatically hold the most recently accessed and most frequently accessed data from memory. This works because programs tend to access the same stuff over and over and also to access nearby stuff.
CPUs aren’t just CPUs anymore! Executing a single instruction involves a 5–10 step process, fetching the instruction, decoding what it means, fetching the data it needs, maybe doing some complicated arithmetic, and storing the answer back where it goes. If CPUs did these things one at a time, they would be too slow, so the operation of many instructions are overlapped in a pipeline of work. It turns out that that is not nearly enough speedup, so many modern CPUs execute instructions “out of order”. They look ahead at instructions that are coming up and do as many as they can, even though earlier instructions have not finished. In order to avoid vast confusion, instructions are only allowed to finish in order, with “later” results being held in temporary storage until earlier instructions finish, even though all the work for the later instructions has already been done. Modern CPUs also engage in “speculative execution” which means they actually guess at what instructions will need to be executed sometime in the future and do them right away. Things like this happen due to IF THEN ELSE instructions in the program that could cause different instructions to execute. The CPU doesn’t really know which way the IF THEN ELSE (called a branch) will go, so it makes a very well educated guess.
Out of order and speculative execution are especially interesting due to those long memory delays. The CPU can be thinking about and running instructions several hundred instructions ahead of the “commit point”.
None of this violates the architectural rules. The program doesn’t see the results of instructions that were never supposed to execute, and can’t read memory it is not entitled to see…. Well it turns out it can.
The trick of Meltdown allows a program to read kernel virtual memory even though that is forbidden. The meltdown program, by some modest bluffing, tricks the CPU into speculatively executing a read from kernel memory and then using the result to choose which data to read from user memory.
The results of these reads are never reported to the user program, and in fact by the time the program logic gets to that point, the CPU knows the read would never have been executed anyway, so it doesn’t even produce the exception that would normally happen when a user program breaks the rules and tries to read kernel memory.
But… in the underlying physical machine, the microarchitecture, the reads from memory did happen, and that data was read into the caches we talked about earlier.

The user program can then measure how long it takes to read each location in the user memory and figure out that one of them is a lot faster than the others.  That one is the one that was already brought into cache by the read that was never supposed to happen.
In short, the CPU speculatively executes a forbidden instruction, and leaves faint echos in the timing of reading different memory locations, and those echos permit the meltdown attack to read, pretty quickly and reliably, secret data from the OS kernel.
Spectre is even more subtle.  In Spectre, a user program can affect the behavior of a different user program by tricking the processor into speculatively executing a read whose address is under control of the attacker. The program being attacked would never do this normally, and doesn’t even find out about it, because all the speculative work is thrown away. However, in the underlying hardware, the read did happen and leaves some of those faint echos in the form of detectably different timing of events that the attacker can measure.
Spectre can work in at least two environments but the important case affects web browsers.  Web browsers run programs downloaded from web sites that are written in a language called Javascript.  These programs are known to be suspect, since really, one shouldn’t trust anything found on the internet.  Javascript programs are run in a very constrained “sandbox” that they are not supposed to be able to get out of nor are they supposed to be able to access data outside the sandbox.  Spectre allows a Javascript program to read data outside the sandbox and potentially read passwords or other secret data stored elsewhere in the web browser.
None of this is new, unfortunately!  Processor chips have had the features that enable Meltdown and Spectre for over 20 years, and they went unnoticed.  Fortunately, Meltdown is relatively easy to fix in software, at some cost in performance, by patching the operating system,  If kernel memory is not mapped into user space, even with protections, then the user program cannot learn anything.  Spectre is harder to fix and at present seems to require patching every program individually that you wish to protect.  And this is the good news!
This business of computers leaking information by subtle changes in timing that can be caused by and measured by an attacker is a kind of thing called a “Side Channel Attack” in the security business.  Unfortunately, there is no general way to protect against side channel attacks.  All that anyone knows how to do is to limit the rate at which the attacker can steal data.  That’s good if you are trying to prevent the theft of something big, like a digital movie, but it doesn’t really help if you are trying to prevent the theft of something small, like a password.
Already in the month or so since Meltdown and Spectre came to light we have additional problems, such as “Meltdown Plus” that exploits a completely different microarchitectural mechanism.
It may be that the only thing to do is to have multiple small CPUs that are really quite independent, so you never never run untrusted software on the main processor, but only in a private little machine that shares nothing

Dr. Anita Kurmann

On August 7, 2015, Anita Kurmann was cycling on Massachusetts Avenue in Boston and was killed by a truck making a turn onto Beacon Street.
This week Boston Police cleared the driver of wrongdoing.
https://www.bostonglobe.com/metro/2018/01/23/bicycle-group-says-tractor-trailer-driver-was-responsible-fatal-back-bay-bike-crash/uew2Cau2d3hcqvpC5JyqkL/story.html
The thing is, that if Dr. Kurmann did nothing wrong, and the driver did nothing wrong, then the rules of the road are not adequate.
It seems to me very reasonable to ask for sets of rules for bicyclists and drivers, such that if both parties follow the rules, then no one is killed.  Boston Police may be correct and the driver was not at fault, but if they are then the rules are wrong.  Where is the effort to fix the rules?  Where are the BPD recommendations for drivers and cyclists and the city?
Maybe its as simple as not driving 40′ tractor trailers on city streets without flagmen and escorts.
In view of the power imbalance between motor vehicles and bicycles, in my view, if a motor vehicle hits a cyclist while the cyclist is in a legal spot, then the driver of the motor vehicle is at fault.  This is similar to the rules about rear end collisions.  If you smash into the back of a car, you are at fault.  Either you weren’t paying attention or you were tailgating to start with. Full stop.
I’m a little sensitive to these issues because I used to commute 36 miles a day into Cambridge and I’ve had my share of idiot drivers.