Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: Re:Technically right (Score 5, Interesting) 240

by IamTheRealMike (#49483705) Attached to: Google Responds To EU Antitrust Claims In Android Blog Post

We wish you luck, but if it breaks, dont come crying to us over it.

The history of mobile operating systems shows that your preferred strategy is a losing strategy. Users DO come crying over it, and developers cry twice as much. J2ME was basically Android 0.1 and took this approach - it was just a bunch of API specs and then phone vendors could license different implementations, write their own, etc.

J2ME sucked. I know this because I tried to write apps for it. Literally every freaking phone had its own unique combination of stupid, obvious bugs that rendered key APIs unusable without enormous piles of hacks. J2ME developers theoretically wrote Java, but often used a C style macro preprocessor because so many hacks required different source code to handle.

Android learned from J2ME and took a different approach - one single reference implementation that everyone builds off and is not pluggable except in very small, tightly controlled ways. You can modify the reference implementation to your hearts content unless you want access to the Play Store, in which case you have to pass the "Compatibility Test Suite" for core OS functionality, and for some other kinds of things that are impossible to unit test (e.g. Maps quality), agree to ship the Google implementation. This saves developers from J2ME hell making users and developers happy, and still lets manufacturers tweak things that aren't covered by the CTS, like reskinning things.

I see no evidence the EU has any understanding of the delicate balancing act Android represents, or the history of mobile phone operating systems. I fear this will be yet another bull-in-china-shop scenario. On the other hand, if Google are doing things like what Microsoft used to do by saying "if you sell any Google-services phone you cannot sell any non-Google-services phone" then that'd be a problem that is correctable without hurting developers.

Comment: Re:Soon this will be impossible (Score 1) 229

That someday will be when Intel and AMD move to Europe or Asia or when somebody comes up with a CPU good enough to unseat x86 as the architecture of choice.

I guess you missed the fact that the architecture of choice for the majority of the worlds computers is ARM.

Fast chips for nuclear simulations? Yep, Intel have the edge there ..... I guess. I'm somewhat surprised that stuff isn't better run on GPUs to be honest, but whatever. OK, so their simulations take 20% longer to run. BFD?

Comment: Re:The inversion is complete. (Score 3, Insightful) 100

This isn't about spying its about compliance with records requests and privacy laws.

Two sides of the same coin, isn't it? The government wants data about foreigners, from a foreign place. They want, in short, to spy. Their chosen method of attack is to pressure people in the USA who happen to have access to that data, as opposed to e.g. placing a mole inside a foreign organisation, but the tactic used does not change the goal of the mission.

EU has all kinds of (frankly downright crazy) privacy laws around email

EU privacy regulators don't have a great reputation I agree, but perhaps once the most productive parts of America have been ruled for decades by a totalitarian communist state that has informers in every street, you might not see the rules as all that crazy.

Comment: Re:Are non-China users safe? (Score 1) 100

by IamTheRealMike (#49440979) Attached to: Apple Leaves Chinese CNNIC Root In OS X and iOS Trusted Stores

Plain DNS is useless, a MITM could fake the results.

DNSSEC just replaces a competitive market of certificate authorities with a different, less competitive system of new CA's called registrars. It's hardly a positive.

A lot of people hear "some company I never heard of can sign for my site" and immediately conclude the whole system is broken. But that's ridiculous. Why should people be locked into one or two CAs based on where they are in the world? I live in Switzerland. There is a local CA called SwissSign. Like everything Switzerland their EV certificates are more than double the price of what DigiCert charges (based in Utah). So I go to a foreign CA and get my cheaper certs. That's called globalisation.

Likewise, if someone in America wants to pay a Belgian CA for a certificate for whatever reason, why shouldn't they?

Comment: Re:Educating Snowden (Score 5, Insightful) 200

by IamTheRealMike (#49423399) Attached to: Snowden Demystified: Can the Government See My Junk?

I think John Oliver did an excellent job of educating Snowden on how to speak.

Right. Snowden, for all his bravery and balls of steel, has a speaking style that doesn't connect with the man on the street. Asked simple questions he gives long, complex answers that are full of nuance, appeals to the Constitution and attempts to be reasonable. If I knew every word I uttered could one day play a part in deciding my freedom I'd speak pretty damn carefully too, so maybe he's like that in "real life" and maybe he's not. But Oliver forced him to give short answers in laymans terms. I hope ES remembers.

It's a specific case of a more general problem though. The civil rights movement has really struggled to give clear explanations for why people should care. The best explanation is We should all have something to hide by Moxie Marlinspike. He sums up arguments I was developing myself before I found that blog post. Sure, the man on the street feels he is boring and the world of political intrigue is far away from his life. So talk about how this stuff affects issues like gays going to jail (lots of people have gay friends), or how marijuana could never be legalised if there was perfect enforcement of anti-drug laws (which is enabled by this type of surveillance). Heck, for conservative parents who might find both issues irrelevant, point out that their darling teenagers are very likely to be guilty of producing and distributing child pornography. All it takes is for them to send a nude selfie to their new boyfriend/girlfriend between the years of 16-18 and they're guilty of sex crimes. Lots and lots of people either have had teenage children or will have.

Comment: Re:"without garbage collection" (Score 1) 211

by IamTheRealMike (#49405375) Attached to: Rust 1.0 Enters Beta

Um, I did work at Google for quite some years, and given the vast size of their C++ codebase the chances of it all being ported to Go any time this decade is zero. And for what it's worth I keep hearing from people who still work there that they're desperately trying to avoid being forced to use Go. It's hardly a slam dunk language decision.

Comment: Re:"without garbage collection" (Score 4, Insightful) 211

by IamTheRealMike (#49404721) Attached to: Rust 1.0 Enters Beta

You must be a Java programmer. Garbage collection is generally a very bad idea for a systems language, because of the periodic stalls whilst it does the cleanup

Ah yes, the "systems language" debate. Oh how I love those.

Here are a few things to ponder.

The first is that your claim about Android underperforming iOS doesn't seem to have any merit. I have a Lollipop device here and it's as smooth as any iPhone I've ever used. Indeed I suspect by "smooth" you mean whether animations consistently hit 60fps and that has relatively little to do with garbage collection because most animations only last for a second or two, and you can easily delay GC until after it's finished. If you actually read about Project Butter and the work the Android team did to make things fast and smooth, it mostly involved deep changes to the graphics stack. The new GC in ART helps when doing things like scrolling down infinite lists, but otherwise, it's not a big deal. Bear in mind GC pauses on a modern Android device are in the realm of milliseconds - not fast enough to cause a frame skip unless you're really pushing up against the deadlines.

Another thing to consider is that people love to try and define "systems language" to mean whatever language they happen to prefer at the time. For instance the Linux guys have claimed for years that C++ isn't a "systems language" because you can't use it to write a kernel. However, quite a few successful kernels have done just that: for instance parts of the MacOS kernel are written in C++, the osV kernel is mostly C++ and so on. Microsoft even wrote an entire OS with kernel and everything in garbage collected C#. I've come to believe that the term "systems language" is so vague as to be useless for describing programming languages.

Final point. Rust claims to be superior for systems programming because it doesn't need a garbage collector. However, Mozilla is not in the business of writing kernels. They are in the business of writing web browsers. Web browsers absolutely can be garbage collected and due to the need to support Javascript, often are. At a time when Mozilla is dumping resources into designing an entirely new programming language and experimental layout engine that uses it (Servo), the Chrome guys are quietly getting on with migrating Blink (aka WebKit) to garbage collected C++. The project is called Oilpan, look it up. Apparently Google disagrees with Mozilla about the need for a non-GCd "systems language" for the kind of work they're doing.

Comment: Re:Good. +1 for Google. (Score 4, Informative) 176

WoT doesn't work anywhere. I know it's a popular idea but it doesn't work, period, end of story.

Problem: the PGP web of trust is tiny and has fewer than 4 million keys published to the SKS key pool, EVER. That's pathetic. But of those keys, many are not really connected to the WoT at all. The strong set is only 50k keys. The WoT is a failure, numerically. For comparison: "Yo", an app created as an April fools joke which only lets you send the word "yo" to other users, managed to get 3 million users. The WoT's entire existence has been matched by an April fools.

Problem: the PGP web of trust converts everyone you trust a CA. Unlike real CAs that protect their keys with hardware security modules, are audited, etc, PGP users routinely do things like carrying their private keys through airports on general purpose laptops onto which they install whatever the latest cool toy is. If any of the users you trust are compromised, the entire WoT can be faked through them and your client will accept it. Sure, if you're some kind of crypto guru you can maybe detect this. But most people aren't.

Problem: the "web of trust" is misleadingly named. The graph edges in it are not indicative of social trust. They are in fact reflecting a trust that is more like, "I trust you to protect your private key and do accurate ID verification" which has nothing to do with the more ordinary, human, every day use of the word trust. In your post you mix up these very different kinds of trust, and this is a very frequent but fundamental error. Protecting private keys and doing accurate ID verification are difficult, skilled tasks, whereas what being trustworthy usually means simply requires loyalty.

Problem: the primary criticism of the CA system is that CA's could be coerced by governments via legal means. However the same is true for people in the web of trust - any of those people can be served with a a court order forcing them to sign the governments key.

Problem: the WoT leaks the entire social graph to the entire public. In this day and age, that's unacceptable.

Problem: the WoT has fake keys uploaded to it and there's nothing anyone can do about it. This isn't theoretical, it has happened and routinely fools large numbers of people.

In short, after many years I've come to the conclusion that the web of trust has no redeeming qualities at all. It was a neat sounding idea, it was tried, it has failed. It should be taken out the back and quietly shot, so it can't mislead any more people into thinking it's a good idea.

Comment: Re:HTTPS? (Score 1) 48

Frankly, it would be just as easy to make Baidu serve up the script for them

Yes. That's exactly what I said in the last paragraph. Did you read the post all the way to the end?

Obviously China can build the equipment needed to do a massive MITM attack on Baidu. But it would be a big step up from what they're currently doing, cost wise. So it makes little sense for them to do that, given they'd need to coerce the private keys out of Baidu anyway. At that point they may as well just re-use Baidu's existing equipment for termination of SSL.

Bear in mind there are multiple subtle cases that interact with different systems in different ways.

The base case, that we have here, is no SSL. GFW injects packets, not much anyone can do about it.

The next step up is PRC minting fake certificates. However, CNNIC just got revoked by Chrome for gross negligence, so obviously browser makers are not unwilling to do that, and other than Hong Kong Post Office PRC doesn't control any other CAs. If one was found to be doing a MITM attack on Baidu it'd be immediately revoked again - game over.

So then the next step up is Chinese government coercing Baidu to give up their private keys. However PKI rules say that if a private key is lost either through coercion or theft the certificate is revoked. This happened to Lavabit: once they were forced to give up their key by court order Verisign revoked the cert explaining that industry policies required it to do so. So if Baidu started serving malicious Javascripts then most likely Baidus SSL cert itself would be revoked, on the assumption that a respectable company would not distribute malware under its own volition. This would have the effect of nuking most Baidu ads or analytics outside of China and probably breaking websites, but assuming the Chinese websites care, they would just adjust their code to stop including Baidu stuff for foreign users and that's the end of that.

Additionally even if the issuing CAs didn't want to revoke Baidu entirely, I suspect Google/Microsoft would add the pages to the SafeBrowsing blacklist for malware distribution and the outcome would be the same.

China could also try coercing ALL keys out of ALL websites and doing MITM on ALL of them, but the amount of effort required to do that would be astronomical.

So the conclusion is the same - SSL is the next step in this arms race.

Comment: Re:HTTPS? (Score 4, Informative) 48

The Great Firewall could just as easily act as a MITM attack

This must be a new use of the phrase "just as easily" that I haven't encountered before.

Line rate DPI is already expensive and slow. The Great Firewall has in the past routinely suffered from weird hotspots or outages at peak times where banned keywords were not always being spotted.

The injection technique that the GFW was using in this instance is very simple: on spotting a particular byte pattern in the packet stream, write three (probably pre-formatted) packets into a network port, sit back, see what happens. There were always exactly three packets and attempting to get normal behaviour out of the MITM TCP stack didn't work, meaning there probably is no stack.

Now throw "completely intercept the TCP handshake and redo it, then perform an SSL handshake on the client end, then perform ANOTHER connection to the Baidu server, then obtain a fake cert without tipping off the western browser/OS makers whose browsers you are trying to hack, THEN decrypt massive amounts of traffic (basically all traffic to the intended host) at line rate" .... yeah good luck. It can theoretically be done but it'd require entire datacenters of machines doing nothing but decrypting and re-encrypting Baidu.

Then remember that this attack works by converting Chinese people abroad into a botnet. So the moment the Chinese fake cert is detected it would be revoked immediately. Attack over.

No way. It will never happen. If China wants to convert Baidu users into a weapon then it is MUCH simpler for them to simply ...... put a gun to the CEOs head and say "you're inserting our js into your code whether you like it or not". That way Baidu pays all the costs of serving their code and they don't need any large new infrastructure to do SSL MITM.

The intelligence of any discussion diminishes with the square of the number of participants. -- Adam Walinsky