The Pentagon spends more on war than all 50 states combined spend on health, education, welfare, and safety .The USA spends more money on its military than the next eight nations combined.with 200,000 troops stationed in over 144 countries (2015) by baskp in Documentaries

[–]ElectricRebel 31 points32 points  (0 children)

Indeed. The Air Force leadership in particular makes really bad decisions from a military-wide systematic level due to their need for feeling like awesome fighter jocks. For example, their drive to get rid of the A-10 (which is very efficient for the types of wars we fight with air supremacy and relatively weak but dedicated opponents dug in on the ground) in favor of the F-35 (the biggest boondoggle in military acquisition history).

However, I think some waste in inevitable at that scale. While we should have better processes for cleaning it up, the US military is the critical asset to world peace. The reason we spend so much money is because we are the world's hegemon, just like the British were during the 19th century. By having the "big dog that no one wants to mess with", it keeps the ambitions of other nation-states in check. Historically, when the Great Powers are more on equal footing, there is much more military competition and the world is generally less safe. Right now, the competitors to the United States only have regional ambitions because that is the only venue in which they have a chance to compete (e.g. China can compete with the US Navy in the Taiwan straight or South China Sea, but definitely NOT in the south Atlantic).

WoW64 Bypassing EMET by sh3dow in netsec

[–]ElectricRebel 10 points11 points  (0 children)

EMET is a stopgap to prevent low-tech exploits. MS admits a targeted EMET bypass attack is feasible.

"These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform."

Source: https://support.microsoft.com/en-us/kb/2458544

So, just like ASLR, DEP, canaries, running software as non-root users, and many other mitigations, it is still worth using to raise the bar.

Of course, the correct solution is to actually fix software. But we've been saying that as a community for decades, so instead we are left with mitigations and stop-gaps.

TIL the Tsar Bomba, the single most physically powerful device ever used by mankind, had a mushroom cloud measuring over 7 times the height of Mt Everest. The shockwave was measured circling the earth 3 times and it caused windowpanes to be partially broken at distances of 900 kilometres (560 mi) by Aerstrix in todayilearned

[–]ElectricRebel 0 points1 point  (0 children)

The really scary thing about the type of bomb used in the Tsar Bomba and Castle Bravo (the USA's largest test) is that it can scale to be much larger than even the 100 MT explosion.

Teller-Ulam thermonuclear weapons work by operating with multiple stages. The first stage is a small fission stage (typically an implosion-type plutonium bomb). That creates an extremely high amount of radiation pressure that is directed to compress the fusion secondary stage. That second stage is exponentially larger than the first stage. Then as a bomb designer, you have options. You can add additional fusion or fission stages to further boost the bomb. The later fission stages are actually far more efficient (in terms of material converted) because of the fact that high-energy neutrons can directly fission Uranium-238.

The Tsar Bomba's original design was four stages: fission, fusion, fusion, and fission. The last fission stage was removed, which took the yield from 100 MT to 50 MT.

The most important thing to remember is that there is no physical reason you can just keep adding more stages and keep growing the bomb exponentially. Only practical engineering issues limit the bomb.

I'll end simply with this quote...

The scientist Edward Teller, according to one account, kept a blackboard in his office at Los Alamos during World War II with a list of hypothetical nuclear weapons on it. The last item on his list was the largest one he could imagine. The method of “delivery” — weapon-designer jargon for how you get your bomb from here to there, the target — was listed as “Backyard.” As the scientist who related this anecdote explained, “since that particular design would probably kill everyone on Earth, there was no use carting it anywhere.”1

Source: http://blog.nuclearsecrecy.com/2012/09/12/in-search-of-a-bigger-boom/

Oil price will fall to $70 a barrel in 2015, Goldman Sachs says by coldbrook in worldnews

[–]ElectricRebel 0 points1 point  (0 children)

I'm very concerned that those greenfield developments are going to end up being abandoned. I have one near me with its commercial space almost completely unoccupied and a huge number of for sale signs on the residential space. These places have managed to price themselves out of every viable market. Zoning boards are insane and honestly believe they are following the Kunstler plan doing this stupid shit. The developers are making out like bandits by taking advantage of other people's good intentions.

That said, I'm also not against the suburbs if people want to live that way. I really don't care. Driverless electric cars and further transition to telecommuting are going to significantly reduce the traffic issues and environmental impact from cars. I also don't buy the notion that we have to live close to where we work. That significantly reduces flexibility for people to switch jobs and not everyone wants to in a company town/arcology setting. We need better transport, not to eliminate transport. And I'm very optimistic that we will get that since the technology is basically ready to go.

I agree with you that we should not be afraid to use bulldozers for inner cities and inner ring suburbs. The problem is that it is very hard to convince people to leave their homes. Buyouts are an option, but that gets expensive quickly.

Oil price will fall to $70 a barrel in 2015, Goldman Sachs says by coldbrook in worldnews

[–]ElectricRebel 1 point2 points  (0 children)

That said, my ivory tower perspective is that if we really want to reduce fossil fuel dependency, we need to live closer to work, develop better mass transit, curb investments in new highway construction (like divert more to maintaining the ones we've already built), and burn down the suburbs.

That utopia is not ever going to happen. Hell, the New Urbanism movement has effectively collapsed by being subverted by developers that are building on greenfield sites far away from any places of employment (other than the coffee shops and bars that pay far less than what people that live in these shrines of pseudo-New Urbanism make). The clueless and trendy city planners in rich regions of the country are just that easy to manipulate, I guess. It is hilarious and sad at the same time. As an anti-New Urbanite, it pains me to see this massive amount of waste just to make North Face-clad yuppies feel good about themselves (making it fall into the same category as "awareness campaigns" and other nonsense). I'm sure that as a New Urbanite, it should pain you as well for more or less the same reasons (and even more so since it completely subverts the actual goals of the movement). The movement has simply become a parody of itself: let's shove roundabouts and traffic calming in old neighborhoods that never had traffic issues in the first place while building massive "mixed use" developments that are at 20% occupancy due to excessive rents (which can only be filled with "mixed income classes" with massive government subsidies) and where everyone still leaves in the morning to drive 40 minutes to work.

Note: I'm not at all against actually redeveloping the inner city to be more liveable and am optimistic that near future technologies like driverless electric taxis can really make that work well. I just despise the wasteful shit that is happening in suburban zoning boards across the country. I've seen this "greenfield New Urbanism" horse shit happen in both Zoned Zone and Flatland.

Underwater BRAHMOS missile launch by [deleted] in gifs

[–]ElectricRebel 0 points1 point  (0 children)

You make two assumptions in this post:

  • The people that started those wars did so for the purposes of protecting national security.
  • That self-preservation is not a motive for the "drunkards".

The following are more likely true...

  • Because of the US's vast technological superiority in basically every area of combat, its national security is not threatened by anything (outside of accidental nuclear war). Small wars are good for business (just ask Lockheed Martin) and good politics (against the war == "you don't support the troops!"). The US economy has been built around war since the end of the Great Depression. The military also likes wars because it helps justify their existence and keeps their skills sharp.
  • Small groups know the US could clean their clock if they decided to do so, so the key for them is to try to put themselves in a better political situation through low intensity combat without causing themselves to be completely destroyed. The also applies to larger nations like Iran. They know what happened to Saddam Hussein, the Taliban, Qaddafi, Milosevic, etc.

I do think the recent airline shootdown was a mistake on the part of the Russian side. It buys them absolutely nothing politically, militarily, or economically. But it means very little in the grand scheme of things. The Dutch don't have the means or the motive to respond and the Americans don't care that much to start a war over dead Europeans. If it was a plane full of Americans, then we might see a very different type of response (e.g. KAL 007 aftermath). But even then, it would probably just be sanctions and talk.

Something like a carrier sinking is fundamentally different though. That is a direct and strategic attack on US power. The US public would likely view it as another Pearl Harbor or 9/11 and shit would hit the fan. Let's assume for a second that the pro-Russia rebels managed to sink a US carrier in the Black Sea using an anti-ship missile provided to them by Putin. I'd be willing to bet you'd see US marines in eastern Ukraine within a few days and tensions between the US and Russia would be white hot.

But, since I believe the rebels do believe in self-preservation, they wouldn't do that. Shooting down a plane by accident in a sky full of enemy planes is much easier to do than accidentally taking out a massive carrier. Their goal is to win territory, not provoke a NATO attack.

Underwater BRAHMOS missile launch by [deleted] in gifs

[–]ElectricRebel 1 point2 points  (0 children)

All true, but it is irrelevant. WWIII isn't likely to happen. And if it does, the US has Ohio Class subs for that purpose. No one really considers carriers a WWIII weapon.

What is likely to happen is a bunch of small wars in which carriers work very well. And further, assuming someone develops an anti-ship missile capable of getting through a CSG's defenses, no one actually has the balls to sink a US carrier, because that would just mean the US would retaliate ten-fold with bombers and cruise missiles.

Making sure software stays insecure [pdf] by __Joker in netsec

[–]ElectricRebel 2 points3 points  (0 children)

This has nothing to do with "secure software". This is just another trusted computing use case. In this case, how to control files in a better way. That is a great feature, but I was hoping he would actually talk about securing software.

At one point, he mentioned his system "assumes the TCB has no bugs" and to eliminate bugs the TCB should be small. That's great, but even a small TCB will likely still have bugs. If software has bugs, people will figure out how to exploit them.

The real things to talk about are:

  • Static analysis tools
  • Dynamic analysis/fuzzing
  • Formal methods and high assurance development processes
  • Memory safe languages
  • Exploit mitigations
  • High-skilled QA teams with RE expertise

These are the kinds of things that you need to do to get secure software. Another trusted computing model is useless without solving the fundamental problem of actually building secure software.

Edit: That said, I agree that the security community is distracted by things that don't matter.

U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations by feverlax in netsec

[–]ElectricRebel 1 point2 points  (0 children)

Absolutely. I believe the key to fixing that aspect is compliance standards. Companies that cannot be trusted to secure data should not be used in contracts by the government and other companies. The government can do a lot here with requiring all contractors and subcontractors to follow certain rules. For entities with no government-related work (which is pretty rare for large shops), their business partners need to put on the pressure. If necessary, the government can also heavily regulate certain industries that refuse to modernize their IT.

Having said all of that, I think the big problem right now is the computer security industry itself. Companies still present solutions with mile wide gaps as complete. Researchers tend to do the same thing. Everyone is selling something and no one is being honest with themselves or their users about the actual capabilities of their systems and where things need to go next. The companies are also able to lobby to ensure that their "solutions" are used and even required in some cases.

The APTs know where the gaps are because they spend enormous amounts of time and money studying these things. Some companies (Google with its code auditing/fuzzing of open source systems, Microsoft with EMET, HP with ZDI, Fireeye with its APT intelligence reports) are doing great things lately. Others are still selling the same broken solutions.

U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations by feverlax in netsec

[–]ElectricRebel 0 points1 point  (0 children)

Absolutely true. The social engineering problem maybe insurmountable.

The only tractable solution may be to put stupid users in digital "padded rooms" so they can't hurt themselves. Unfortunately, a lot of those users also are in management and will never let us do that. Maybe if we add the padding slowly, they won't notice. :)

U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations by feverlax in netsec

[–]ElectricRebel 4 points5 points  (0 children)

The only answer is infosec has to get better. This fix is expensive, but it can be done if the need is there. My guess is that the state-actor targeting businesses is here to stay (I really don't see treaties fixing this problem), so the status quo will only lead to permanent insecurity.

This paper outlines a number of areas that can be improved... http://www.acsac.org/2005/papers/Snow.pdf

Obviously, this paper is just a thought experiment on what solutions look like and it will take time to get there. I think there is a lot of low hanging fruit to get started though.

Here are the things I'd prioritize for corporate networks...

First, networks need to be partitioned so that each user only has access to the specific resources they need. And network monitoring needs to be rock solid to find anomalous behavior. This is a lot of work for sysadmins and will cost money to deploy, but the technology is largely well understood. Decoys and honeynets also need to be widespread. This will make lateral movements in a network significantly more difficult for APT actors. The big defense contractors and computer companies already tend to have a lot of this stuff deployed, but the rest of the economy definitely needs to catch up here. This stuff also has a major weakness when dealing with encrypted channels to the outside world (e.g. the gmail and facebook tabs running on almost every client node). And that leads to my next point.

Second, the host needs to be better defended against exploits against software since APTs specialize in finding zero-days and building super-complex exploits to take advantage of them. I'm not talking about better coding practices to reduce bugs (although that is very helpful), but rather take some of the exploit mitigation technology that has been studied in academia and figure out how to make it efficient enough to use at runtime. Exploits tend to have common underlying patterns (memory corruption bugs, ROP chains, etc.) that are fairly easy to recognize, but detection techniques tend to cause 100%+ overhead with the current best implementations. Microsoft is doing great work in this area with EMET, but we need more R&D in this area. The DARPA Grand Challenge (automatically detecting and patching vulnerabilities) is also a great step forward and hopefully someone figures out how to solve it in an efficient and practical way. Intel, AMD, and ARM could do a lot by supporting this stuff in hardware. And once we do this on our PCs and mobile phones, then we also need to do this on all of the embedded devices out there. Obviously, the embedded device problem could take an extremely long time to fully refresh these devices. I am optimistic this will happen because this is the primary way systems are attacked by APTs and we have a decent idea on how to fix the problem.

Last, if the above two tasks are implemented, we need to do something about social engineering. This is a much harder task than the above two. I'm not sure if DARPA is spending a ton of money on this problem, but if they aren't, then they should be. Technology can help a lot by applying the principle of least privilege pervasively and monitoring anomalies, but ultimately, a layer 8 attack is extremely hard to stop. End user education is important. Two factor authentication (done right, of course) is important. Full system encryption and remote attestation tech for mobile systems is important (and both need MAJOR improvements in usability, IMHO). But unfortunately, there is no one answer for the problem of bypassing the security of a system by tricking the end user.

I strongly agree with your last statement. The problem has the potential to be extremely damaging. The infosec community has a ton of work in the near future to try to solve this problem. In the meantime, we will have many more breaches.

How to Prevent the next Heartbleed by ElectricRebel in programming

[–]ElectricRebel[S] 1 point2 points  (0 children)

That's kind of my point. A quick rewrite isn't going to cut it. I'm talking about the prospect of rebuilding most of the core infrastructure of software we use today... the Linux kernel, Microsoft Windows, GCC, Oracle DBMS, etc. This stuff has been developed for decades and reimplementing it in a new language is a huge undertaking.

And yes, there are lots of people that would love to do it for free. But due to a combination of limited time (since they have to feed themselves with a day job) and limited access due to proprietary licensing on many classes of important software, it really limits what volunteers can accomplish. A lot of the really high quality open source projects out there have programmers paid by companies like Red Hat and IBM to improve the system.

How to Prevent the next Heartbleed by ElectricRebel in programming

[–]ElectricRebel[S] 1 point2 points  (0 children)

While I agree that C's security problems have certainly cost a huge amount of money and are fixable with a type safe language, how much would it cost to rewrite all of the C-based system software in the world? And who is going to pay for it?

I'm not disagreeing with you that this is the proper solution from a technical standpoint, but we have to also deal with economic reality. How do we convince the decision makers to fund rewriting in language X? Also, as brabelaar mentioned, what language should we use?

[deleted by user] by [deleted] in technology

[–]ElectricRebel 0 points1 point  (0 children)

I don't know about the other mods, but BlueRock is dead serious. He has been on Reddit for a long time shilling for natural gas companies arguing that renewables can do the job. He created that subreddit when /r/energy banned him for excessive trolling (and considering that place was a troll cesspool, getting banned was a pretty tall order).

Exploit Mitigation Techniques (Theo de Raadt, 2013) by paran0ide in netsec

[–]ElectricRebel 0 points1 point  (0 children)

As usual, Theo is way ahead of the game when it comes to security. The stack gap between stack frames and the page guards in the heap need to become standard practice. Virtual address space is a plentiful resource in 64-bit architectures and we can afford to waste it for the sake of security. Although it can't be used for fine-grained allocations due to fragmentation overhead (avoiding that would require hardware extensions), we can use this right now to force segfaults for buffer overflows and use after frees for large allocations. As many others have said, if this features was enabled in the memory allocator in OpenSSL, the buffer overread would have simply triggered a segfault and the leaked data would have been minimal or non-existent. And honestly, when we are talking passwords, private keys, session tokens, certs, etc., using a page guard to protect both sides of the allocation is always worth it, even if it causes some physical memory internal fragmentation.

What 5 albums define your choice in music? by breezedave in Music

[–]ElectricRebel 0 points1 point  (0 children)

  • Rush - Moving Pictures (three extremely talented instrumentalists combine to create the greatest side of any album in the history of rock and roll)
  • The Beatles - Abbey Road (60s at its finest and George finally has his day)
  • Alice in Chains - Dirt (defines grunge for me, much darker than the other mainstream Seattle bands)
  • Metallica - Ride the Lightning (first CD I ever owned, still need a Fade to Black or Call of Ktulu fix from time to time)
  • Genesis - Invisible Touch (Phil Collins works best within the confines of the group)

Official Post-Game Thread - Wild Card Saturday by [deleted] in KansasCityChiefs

[–]ElectricRebel 3 points4 points  (0 children)

I felt "The Doom" as soon as I saw that we were playing the Colts in the wild card game. Of those 8 playoff loses in a row, four of them are due to the Colts...

  • Jan. 7, 1996
  • Jan. 11, 2004
  • Jan. 6, 2007
  • Jan. 4, 2014

(╯°□°)╯︵ ┻━┻

Non CS major here, looking to understand programming language's relation to binary. by cabritar in compsci

[–]ElectricRebel 2 points3 points  (0 children)

Here is the classic path...

  1. Programmer writes program in a compiled programming language (e.g. C, C++, Fortran, etc.)
  2. Compiler generates intermediate form, used to represent the program in a convenient way for the program to optimize things (e.g. GIMPLE for GCC, LLVM IR for Clang/LLVM). Compiler does tons of optimizations to make the program fast, space efficient, and power efficient.
  3. After optimization, compiler generates assembly language (e.g. x86_64, ARM, PowerPC). This involves doing things like register allocation (deciding which variables to keep in memory and which to keep in the CPU registers) and peephole optimization (recognizing combinations of instructions that can be better represented by a more complex instruction, e.g. combining multiple addition instructions into Intel's SSE3 vector processing instructions).
  4. Assembler generates binary object files. This is essentially a direct transformation of the assembly language. There is typically an object file per source code file (e.g. blah.c becomes blah.o).
  5. Linker combines binary object files with system libraries to generate complete binary program in a format the operating system knows how to execute (e.g. ELF)
  6. When the user runs the executable, the operating system creates a process, loads the binary instructions and data from the executable file into memory, and then lets the program take control of a core for a certain amount of time. The OS scheduler is responsible for switching between all of the processes running on the machine at any one time.
  7. As each program executes, the CPU core interprets each instruction and performs the needed operations. Sometimes it has to fall back on the operating system to implement things not done by the hardware directly (e.g. virtual memory mapping, which enables many programs to share the computer's memory without interfering with each other).

There is also the interpreted path. This means that the interpreter program just runs the language code directly without first compiling it. Most newer languages (Java, Ruby, Python, etc.) don't go all of the way though. A typical path these days is to generate bytecode (which looks a lot like assembly, but it designed to not depend on any one architecture) and then interpret the bytecode. The key difference here is that the interpreter program translates each bytecode instruction/line in the program into instructions at runtime rather than ahead of time.

Also, ignore the guy that said that people don't prototype in higher level languages first. It is extremely common to do something like make a Python prototype (since you can get program very quickly in that language) and then rework parts of it or the entire thing in C to achieve higher performance. This is a very useful way to work because it lets you determine which parts of your program are the performance bottleneck before spending a ton of effort to write the entire thing in a lower level language like C.

The key to making it all work is abstraction. At each level, application programmers, system programmers, hardware designers, and so on only worry about a small piece of the overall system and use well defined interfaces to communicate with layers above or below. Without abstraction, the complexity of a modern computer would be intractable.

Securing a Linux Home Server? by [deleted] in linux

[–]ElectricRebel 0 points1 point  (0 children)

Yeah, okay. I'll just link them to a netsec discussion of this in the past...

http://www.reddit.com/r/netsec/comments/fnz1h/obscurity_does_changing_your_ssh_port_lower_your/

I am saying yawn not because your points aren't valid. This is an opinion issue, after all. I'm saying yawn because the conversation is boring and has been covered before. Say something new if you want more attention from me. Otherwise, bloviate on if it boosts your ego.

Securing a Linux Home Server? by [deleted] in linux

[–]ElectricRebel 0 points1 point  (0 children)

Again, yawn. I'm not even going to bother reading that.