Robert Graham

Author Archives: Robert Graham

Net ring-buffers are essential to an OS

Even by OpenBSD standards, this rejection of 'netmap' is silly and clueless.

BSD is a Linux-like operating system that powers a lot of the Internet, from Netflix servers to your iPhone. One variant of BSD focuses on security, called "OpenBSD". A lot of security-related projects get their start on OpenBSD. In theory, it's for those who care a lot about security. In practice, virtually nobody uses it, because it makes too many sacrifices in the name of security.

"Netmap" is a user-space network ring-buffer. What that means is the hardware delivers network packets directly to an application, bypassing the operating system's network stack. Netmap currently works on FreeBSD and Linux. There are projects similar to this known as "PF_RING" and "Intel DPDK".


The problem with things like netmap is that it means the network hardware no longer is a shareable resource, but instead must be reserved for a single application. This violates many principles of a "general purpose operating system".

In addition, it ultimately means that the application is going to have to implement it's own TCP/IP stack. That means it's going to repeat all the same mistakes of the past, such as "ping of death" when a Continue reading

How not to be a better programmer

Over at r/programming is this post on "How to be a better programmer". It's mostly garbage.


Don't repeat yourself (reuse code)


Trying to reuse code is near the top of reasons why big projects fail. The problem is that while the needs of multiple users of a module may sound similar, they are often different in profound ways that cannot be reconciled. Trying to make the same bit of code serve divergent needs is often more complex and buggy than multiple modules written from the ground up for each specific need.

Yes, we adhere to code cleanliness principles (modularity, cohesion) that makes reuse easier. Yes, we should reuse code when the needs match close enough. But that doesn't mean we should bend over backwards trying to shove a square peg through a round hole, and the principle that all pegs/holes are the same.


Give variables/methods clear names


Programmers hate to read other code because the variable names are unclear. Hence the advice to use "clear names" that aren't confusing.

But of course, programmers already think they are being clear. No programmer thinks to themselves "I'm going to be deliberately obtuse here so that other programmers won't understand". Therefore, Continue reading

Some notes C in 2016

On r/programming was this post called "How to C (as of 2016)". It has some useful advice, but also some bad advice. I thought I'd write up comments on the topic. As somebody mentioned while I was writing this, only responsible programmers should be writing in C. Irresponsible programmers should write other languages that have more training wheels. These are the sorts of things responsible programmers do.


Use a debugger


The #1 thing you aren't doing, that you should be doing, is stepping through each line of code in a source level debugger as soon as you write it. If you only pull out the debugger to solve particularly difficult problems, then you are doing it wrong.

That means using an IDE like Visual Studio, XCode, or Eclipse. If you are only using an editor (without debugging capabilities), you are doing it wrong. I mention this because so many people are coding in editors that don't have debuggers. I don't even.

It's a concern for all language, but especially with C. When memory gets corrupted, you need to be able to dump structures and memory in order to see that. Why is x some weird value like 37653? Continue reading

The Schelling Game

At the Shmoocon conference, a vendor ("Breach Intelligence") is putting a card in ever schwag bag with an "IoC". The game works by giving everyone a different IoC, in pairs. If you find your matching IoC and come to their booth, they'll give you a free quadcopter.

This is like the "Schelling Point", a question in game theory. You are supposed to meet somebody New York City, but neither of you have been told where to meet. So where do you go? The trick is to estimate the most logical place that the other person, using the same information as you, would make. Most people agree that the answer is the "information booth at Grand Central Station".

So how do you find your matching IoC to win the prize? One guy is walking around asking strangers to match cards. That's useful, because a lot of people who don't want to play the game simply give him their cards, so he's got an ever expanding list of possible matches.

My solution is to tweet the IoC, and of course, blog about it:

If my partner searches Twitter, they will Continue reading

Powerball lessons for infosec

"Powerball" is a 44-state lottery whose prize now exceeds $1 billion, so there is much attention on it. I thought I'd draw some lessons for infosec.

The odds of a ticket winning the top prize is 1 in 292-million. However, last week 440-million tickets were purchased. Why did nobody win?

Because most people choose their own numbers. Humans choose numbers that are meaningful and lucky to them, such as birthdays, while avoiding meaningless or unlucky numbers, like 13. such numbers clump. Thus, while theory tells us there should've been at least one winner if everyone chose their number randomly, in practice a large percentage of possible numbers go unchosen. (Letting the computer choose random numbers doesn't increase your odds of winning, but does decrease the odds of having to sharing the prize).

The same applies to passwords. The reason we can crack passwords, even the tough ones using salted hashes, is because we rely upon the fact that humans choose passwords themselves. This makes password guessing a tractable human problem, rather than an intractable mathematical problem.

The average adult in lottery states spends $300 a year on the lottery. The amount spent on lotteries is more than sports, movies, music, Continue reading

In defense of Paul Graham’s “Inequality”

The simplest way of trolling people is to defend that which everyone hates. That's what Paul Graham discovered this week in his support for "inequality". As a troll, I of course agree with his position.

When your startup is success, you are suddenly rich after living like a pauper for many years. You naturally feel entitled to exploit all those tax loopholes and exemptions that rich people get. But then your accountant gives you the bad news: those loopholes don't exist. You'll have to give more than half of your new wealth to the government. The argument that the "rich don't pay their fair share of taxes" is based on cherry picking exceptional cases that apply to a tiny few. They certainly don't apply to you, the startup founder. Statistically, the top 1% earn ~20% of the nation's income but pay ~40% of taxes, twice their "fair share". There's nothing a successful entrepreneur can do to evade these taxes.

I point this out because the point of To Kill a Mockingbird is that to understand a person, you need to walk around in their shoes. That's the backstory of Paul Graham's piece. He regularly hears statements like "the Continue reading

Mythical vuln-disclosure program

In the olden days (the 1990s), we security people would try to do the "right thing" and notify companies about the security vulnerabilities we'd find. It was possible then, because the "Internet" team was a small part of the company. Contacting the "webmaster" was a straightforward process -- indeed their email address was often on the webpage. Whatever the problem, you could quickly get routed to the person responsible for fixing it.

Today, the Internet suffuses everything companies do. There is no one person responsible. If companies haven't setup a disclosure policy (such as an email account "[email protected]"), they simply cannot handle disclosure. Assuming you could tell everyone in the company about the problem, from the CEO on down to the sysadmins and developers, you still won't have found the right person to tell -- because such a person doesn't exist. There's simply no process for dealing with the issue.

I point this out in response to the following Twitter discussion:



Josh's assertion is wrong. There is nobody at American Airlines that can handle a bug report. At some point, Continue reading

Trump is right about “schlong”

The reason Trump is winning is because the attacks against him are unfair. The recent schlong-gate is a great example.

Yes, "schlong" means "penis", but is also means "rubber hose". Getting beaten by a rubber hose has long been a severe way of beating somebody. Getting "schlonged" has long meant getting a severe beating with absolutely no sexual connotation. Sure, you may never heard of this slang, because it's very regional, but it does exist. Fact checkers have gone back and found many uses of this word to mean just that [1] [2] [3] [4] [5], meaning "severe beating" in a non-sexual sense.

We regularly use words like hosed, shafted, stiffed, chapped, and boned to mean something similar. Sure, some of these derive from a base word for "penis", but are commonly used these days without any sexual or derogatory connotation. The only different about "schlonged" is that most Americans were unfamiliar with the idiom. Had Trump said "shafted" instead, this controversy would not have erupted.

But those who hate Trump, and who have only known "schlong" to mean something dirty and derogatory, are unwilling to let go Continue reading

Where do bitcoins go when you die? (sci-fi)

A cyberpunk writer asks this, so I thought I'd answer it:




Note that it's asked in a legal framework, about "wills" and "heirs", but law isn't the concern. Instead, the question is:
What happens to the bitcoins if you don't pass on the wallet and password?
Presumably, your heirs will inherit your computer, and if they scan it, they'll find your bitcoin wallet. But the wallet is encrypted, and the password is usually not written down anywhere, but memorized by the owner. Without the password, they can do nothing with the wallet.

Now, they could "crack" the password. Half the population will choose easy-to-remember passwords, which means that anybody can crack them. Many, though, will choose complex passwords that essentially mean nobody can crack them.

As a science-fiction writer, you might make up a new technology for cracking passwords. For example, "quantum computers" are becoming scary real scary fast. But here's the thing: any technology that makes it easy to crack this password also makes it easy to crack all of bitcoin Continue reading

Force Awakens review: adequacity

The film is worth seeing. See it quickly before everyone tells you the spoilers. The two main characters, Rey and Fin, are rather awesome. There was enough cheering in the theater, at the appropriate points, that I think fans and non fans will like it. Director JarJar Abrams did not, as I feared, ruin the franchise (as he did previously with Star Trek).

On the other hand, there's so much to hate. The plot is a rip-off of the original Star Wars movie, so much so that the decision to "go in and blow it up" is a soul-killing perfunctory scene. Rather than being on the edge of your seat, you really just don't care, because you know how that part ends.

While JarJar Abrams thankfully cut down down on the lens flare, there's still to much that ruins every scene he applies it to. Critics keep hammering him on how much this sucks, but JarJar will never give up his favorite movie making technique.

The universe is flat and boring. In the original trilogy, things happen for a purpose. Everything that transpires is according to Palpatine's design. And even while we find his plans confusing, we still get the Continue reading

All app developers should learn from WhatsApp-v-Brazil incident and defend against it

So Brazil forced the ISPs to shutdown WhatsApp (a chat app) for 48 hours, causing more than a million of their customers to move to Telegram (another chat app). Apparently, this was to punish WhatsApp for not helping in a criminal investigation.




Well, this is similar to how ISPs block botnets. Botnets, the most common form of malware these days, have a command-channel back to the hacker that controls all the bots in the network. ISPs try to block the IP address and/or DNS name in order to block access to the botnet.

Botnets use two ways around this. One way is "fast-flux DNS", where something like "www.whatsapp.com" changes its IP address every few minutes. This produces too many IP addresses for ISPs to block. WhatsApp can keep spinning up new cloud instances at places like Amazon Web Services or Rackspace faster than ISPs can play whack-a-mole.

But ISPs can also block the domain name itself, instead of the IP address. Therefore, an app can also choose to Continue reading

No, you can’t shut down parts of the Internet

In tonight's Republican debate, Donald Trump claimed we should shutdown parts of the Internet in order to disable ISIS. This would not work. I thought I'd create some quick notes why.

This post claims it would be easy, just forge a BGP announcement. Doing so would then redirect all Syrian traffic to the United States instead of Syria. This is too simplistic of a view.

Technically, the BGP attack described in the above post wouldn't even work. BGP announcements in the United States would only disrupt traffic to/from the United States. Traffic between Turkey and ISIS would remain unaffected. The Internet is based on trust -- abusing trust this way could only work temporarily, before everyone else would untrust the United States. Legally, this couldn't work, as the United States has no sufficient legal authority to cause such an action. Congress would have to pass a law, which it wouldn't do.

But "routing" is just a logical layer built on top of telecommunications links. Since Syria and Iraq own their respective IP address space, I'm not even sure ISIS is allowed to use it. Instead, ISIS has to pay for telecommunications links to route traffic through other countries. This causes Continue reading

Policy wonks aren’t computer experts

This Politico story polls "cybersecurity experts" on a range of issues. But they weren't experts, they were mostly policy wonks and politicians. Almost none of them have ever configured a firewall, wrote some code, exploited SQL injection, analyzed a compromise, or in any other way have any technical expertise in cybersecurity. It's like polling a group of "medical experts", none of which has a degree in medicine, or having a "council of economic advisers", consisting of nobody with economics degrees, but instead representatives from labor unions and corporations.

As an expert, a real expert, I thought I'd answer the questions in the poll. After each question, I'll post my answer (yes/no), the percentage from the Politico poll of those agreeing with me, and then a discussion.

Should the government mandate minimum cybersecurity requirements for private-sector firms?

No (39%). This question is biased because they asked policy wonks, most of which will answer "yes" to any question "should government mandate". It's also biases because if you ask anybody involved in X if we need more X, they'll say "yes", regardless of the subject you are talking about.

But the best answer is "no", for three reasons.

Firstly, we experts don't know Continue reading

Some notes on fast grep

This thread on the FreeBSD mailing discusses why GNU grep (that you get on Linux) is faster than the grep on FreeBSD. I thought I'd write up some notes on this.

I come from the world of "network intrusion detection", where we search network traffic for patterns indicating hacker activity. In many cases, this means solving the same problem of grep with complex regexes, but doing so very fast, at 10gbps on desktop-class hardware (quad-core Core i7). We in the intrusion-detection world have seen every possible variation of the problem. Concepts like "Boyer-Moore" and "Aho-Corasick" may seem new to you, but they are old-hat to us.

Zero-copy

Your first problem is getting the raw data from the filesystem into memory. As the thread suggests, one way of doing this is "memory-mapping" the file. Another option would be "asynchronous I/O". When done right, either solution gets you "zero-copy" performance. On modern Intel CPUs, the disk controller will DMA the block directly into the CPU's L3 cache. Network cards work the same way, which is why getting 10-gbps from the network card is trivial, even on slow desktop systems.

Double-parsing

Your next problem is stop with the line parsing, idiots. All these Continue reading

Joking aside: Trump is Unreasonable

Orin Kerr writes an excellent post repudiating Donald Trump. As a right-of-center troll, sometimes it looks like I support Trump. I don't -- I repudiate everything about Trump.

I often defend Trump, but only because I defend fairness. Sometimes people attack Trump for identical policies supported by their own favorite politicians. Sometimes they take Trump's bad policies and make them even worse by creating "strawman" versions of them. Because I believe in fairness, I'll defend even Trump from unfair attacks.

But Trump is an evil politician. Trump is "fascism-lite". You'll quickly cite Godwin's Law, but fascism is indeed the proper comparison. He's nationalistic, racist, populist, and promotes the idea of a "strongman" -- all the distinctive hallmarks of Nazism and Italian Fascism.

Scoundrels, like Trump, make it appear that opposition is unreasonable, that they are somehow sabotaging progress, and that all it takes is a strongman with the "will" to overcome them. But the truth is that in politics, reasonable people disagree. I'll vigorously defend my politics and call yours wrong, but at the end of the day, we can go out and have a beer together without hating each other. Trump-style politicians, on the other hand, do everything in Continue reading

Tesla is copying Apple’s business model

One of the interesting things about Tesla is that the company is trying to copy Apple's business model. As a Silicon Valley entrepreneur myself, and an owner of a Tesla car, I thought I'd write up what that means.

There are two basic business models in the world. The first is cheap, low-quality, high-volume products. You don't make much profit per unit, but you sell of a ton of them. The second is expensive, high-quality (luxury), low-volume products. You don't sell many units, but you make a lot of profit per unit.

It's really hard to split the difference, selling high-volume, high-quality products. If you spend 1% more on quality, your customers can't tell the difference (without more research on their part), so you'll lose 10% of your customers who won't accept the higher price. Or, you are selling to the luxury market, lowering price to sell more units means lowering quality standards, destroying your brand.

Rarely, though, companies can split the difference. A prime example is Costco. While the average person who shops at Walmart (low-quality, high-volume store) earns less than $20,000 per year, the average income of a Costco customer is over $90,000 per year. Costco sells high-quality Continue reading

Why “Force Awakens” will suck

JJ Abram’s movie “Super 8” is an underrated masterpiece. It leads me to believe that he actually “gets it”. But then, everything else JJ has done convinces me he really doesn’t. He destroyed Star Trek, and I’m convinced he’ll do the same to Star Wars. I thought I’d list the things he almost certainly gets wrong in the “Star Wars: Force Awakens” movie.

The movie hangs on spoilers

The original Star Wars was known for the way that people repeatedly saw it in theatres. There were no spoilers. Sure, they blow up the Death Star, but knowing this ahead of time detracts not a whit from the movie. In Episode I, most of us know that Palpatine is the Emperor. Knowing this spoiler doesn’t detract from the movie, but adds to it. Sure, the original series had the “Luke I am your father” spoiler, but knowing that ahead of time detracts nothing from the movies.

But JJ loves the big reveal. It’s like Lost, where season after season we didn’t know what was going on. Worse yet, it’s like his second Star Trek movie, where we weren’t supposed to know it was really Khan. It Continue reading

NSA needs more EFF hoodies

A few months ago, many stories covered "intelexit.org", a group that bought billboards outside NSA buildings encouraging moderates to leave intelligence organizations. This is a stupidbad idea.

For one thing, it's already happening inside the intelligence community. Before Snowden, EFF hoodies were tolerated. From what I hear, they aren't anymore. Anybody who says anything nice about the EFF or Snowden quickly finds their promotion prospects reduced. And if you aren't being promoted, you are on track to be pushed out, to make room for new young blood.

The exit of moderates is radicalizing the intelligence community. More and more, those who stay want more surveillance.

In my own experience, the intelligence community is full of pro-EFF moderates. More than anybody, those inside the community can see the potential for abuse. For all that mass surveillance is unacceptable, the reality is that it's not really being abused. It really is just focused on catching evil terrorists, not on tracking political activists in America. All this power is in the hands of people who use the power as intended.

A mass exodus of moderates, though, will change this, creating a more secretive and more abusive organization. The NSA is nowhere near Continue reading

First Internet ecommerce was at least 1990

This article from FastCompany claims that the first Internet e-commerce transaction was 1994. This isn't true. The site "cdconnection.com" was selling CDs online since 1990. Well, they claim 1990, I don't know what evidence they have. But I personally can remember buying CDs on their site for over a year before I switched jobs in mid-1994 (so probably at least 1993).

I write this up because it's apparently an important concern when Internet e-commerce was "invented", so I'm writing up what I witnessed. It's a silly competition, of course, since Internet e-commerce is such an obvious idea that nobody can "invent" it. Somebody probably accepted payments for things online even before that. But, as of 1993 when I purchased music, CDconnection was a well-honed business, a "site", with an interface, with a wide selection, using Telnet with V100 commands to format the screen.






Some notes on the eDellRoot key

It was discovered this weekend that new Dell computers, as well as old ones with updates, come with a CA certificate ("eDellRoot") that includes the private key. This means hackers can eavesdrop on the SSL communications of Dell computers. I explain how in this blog post, just replace the "ca.key" with "eDellRoot.key".

If I were a black-hat hacker, I'd immediately go to the nearest big city airport and sit outside the international first class lounges and eavesdrop on everyone's encrypted communications. I suggest "international first class", because if they can afford $10,000 for a ticket, they probably have something juicy on their computer worth hacking.

I point this out in order to describe the severity of Dell's mistake. It's not a simple bug that needs to be fixed, it's a drop-everything and panic sort of bug. Dell needs to panic. Dell's corporate customers need to panic.

Note that Dell's spinning of this issue has started, saying that they aren't like Lenovo, because they didn't install bloatware like Superfish. This doesn't matter. The problem with Superfish wasn't the software, but the private key. In this respect, Dell's error is exactly as bad as the Superfish error.
1 13 14 15 16 17 23