Computers and Internet, Security

Here’s How It Will Go Down

5 years from now…

…in the middle of a hostage crisis…

…during heated trade negotiations…

…at the brink of global war…

…there will be a critical member of the US delegation – we’ll call him Chuck. Chuck is an ex-Marine and will have been a civil servant for nearly 20 years, working his way up thru various positions as a trusted and capable man.

Chuck will get a phone call. It will list as being from someone he hasn’t talked to for over 20 years, a very old friend. He will answer the phone, and on the other line will be a man’s voice, speaking perfect, unaccented English.

“Chuck, we know about the thing you used to do. We know that you told your wife, and that you went to couples therapy about it. But we also know that you never told your children, you never told your parents, and you never told the foursome – all of you Marines – you play golf with every Tuesday. If you don’t want them to know then we need you to do something for us. It’s not a bad thing – we know you’re considering it as an option in your internal discussions. All we want is for you to choose a specific, entirely reasonable option. We will never call you again to ask you to do anything, and no matter what you will never hear from us directly again. We just need this one thing. We just need you to…”

…order your SEAL team to kill the terrorists instead of question them.

…change the wording of section 7.c. from “shall” to “may“.

…tell the President you think the Russians should be given the territory they’ve gained so far.

There are over 4 million Chuck’s working for the US now. They are great employees, fine citizens and honorable men and women. Many of them have secrets that were previously only known by trusted employees of the US government.

Somebody else somewhere else now knows ALL of these secrets. They now have the power to do this thousands or even millions of times.

OPM Hack

Computers and Internet

What is your Hat Trick? The Magicians Hat – a Parable

Edwardian_top_hatThere once was a brilliant young man who longed to be a great magician. He toiled and researched and tried the mundane and the uncanny. Eventually, almost by accident (although those who looked back at him slways attributed it to his genius) he discovered the most amazing trick. When he held up his top hat and spun his wand around the inside of it three times while chanting a magical incantation, money would come shooting out of the hat. Real money!

This trick became the highlight of his shows and he always ended with it. He would hand some of the money out to people in the audience to prove it was real and they would come from miles around and wait in the rain for a chance to watch one of his breathtaking shows.

As all people do, he became old, so he began to teach his oldest daughter how to be a great magician so she could carry on the family business. His daughter was a great student and followed everything he did exactly to the letter. She begged to learn the Hat Trick but he demurred, thinking she wasn’t yet ready for such greatness.

But eventually – on his death bed – he relented and taught her the trick. He was adamant that it could only work on stage, in front of people, and only when you shared the money. She didn’t understand and asked “but papa! – how does the money get into the hat in the first place?!?”. He opened his mouth to answer, but before he could tell her the answer, he died.

The first night she did the Hat Trick on her own she was terrified – she was the Daughter of the Great Sardini! If this trick didn’t work then her whole act would be at risk. But to her relief the trick worked, and it seemed that maybe it worked even better than it had worked for her father. The money shot out of the hat like it had been launched from a cannon, fluttering down onto the audience and the stage to everyone’s delight.

Soon the Daughter of the Great Sardini stepped out from her father’s aura and took on the name Odessa, Mistress of the Macabre. Her acts were sold out everywhere she went and kings and emperors, queens and divas all sought her out. She was the greatest of living magicians.

As all people do, she became old, so she began to teach her youngest son (her oldest had become a lawyer) how to be a great magician so he could carry on the family business. Worried she wouldn’t have time to teach him everything she started much earlier than her father had. Her youngest son was also a great student and as she had, begged to learn the Hat Trick. She also demurred, thinking the lad precocious (he was almost half as old as she had been when she learned it!) and not yet ready. Her son, frustrated by not being able to take on the trick right away, studied what she did on stage, seeking to copy everything she did exactly so that he might uncover the secret to the trick and be able to do it himself.

But then tragedy struck – in the middle of a huge tour across Europe, Odessa was suddenly killed in an accident, and she had yet to tell her youngest son how to do the Hat Trick! He decided to take on her shows anyways, and just omit the Hat Trick. But the audience would have none of that. They screamed and yelled and almost stormed the stage, and so near the end of a particularly disastrous run of shows he did the trick out of total desperation, and it worked.

The audience was delighted – such great showmanship, they all said! The papers the next day immediately said it was the best version of the Hat Trick they had ever seen, and other magicians were suddenly envious of a man they had come to dismiss as a pale imitator to his great mother. This son clearly was also a force to be reckoned with.

The act now always ended with the son – now called Orlando, Mystical Money Machine – pretending he wouldn’t do the trick. He started to believe that he was actually doing magic! It was all so easy. 

The way you made money was just by doing the trick! 

Hat Trick, money. 

Hat Trick, money. 

Hat Trick, money.
One day, after a particularly hard show in a new town none of the family had ever been to, the Hat Trick actually DIDN’T WORK. Not at all. He thought that the had done it exactly right but nothing came out. Panicked he fled the stage as the crowd erupted, nearly setting the entire town ablaze.

By now the hat was frayed and the lacquer on the wand had been completely worn off. Perhaps he needed a new hat and wand? But these were THE hat and THE wand that had always worked! Maybe he said the words wrong? But no, they were the words he had always said. Unsure of what to do, the next night when it didn’t work again, he just tried over and over again as quickly as he could, before the crowd could overwhelm the stage and tear him apart.

After a few tries the Hat Trick worked. Orlando was relieved! He just needed to keep trying the Hat Trick and eventually it would work.

This continued, with the Hat Trick failing more and more often. Eventually Orlando had to try it so many times each night it took up over half the show. The hat became so worn that it was nearly rags, the wand a thin stick where once it had been a solid rod. He no longer sold out the largest venues and wasn’t invited to visit world leaders. Orlando’s Ted talk was quietly relegated to an archive and after that, a boilerplate “file not found” error. But he still could secure decent venues – not the best, but still good box office.

As all people do, he became old, so he came to his middle daughter to teach her (his oldest had become an entrepreneur and his youngest was traveling the world jumping off of buildings) how to be a great magician so she could carry on the family business. 

She was a very practical girl, and she said “Pops, you need to tell me how the Hat Trick works. Our numbers have been consistently down for the past 11 quarters and without that trick, I’m not sure we should keep going.”

He told her that yes, the new customer numbers were down and growth was stagnant at best, but the business was still making tremendous amounts of money off of repeat customers. Some of them had been to shows given by Odessa, or even Sardini when they were children. The family business was still profitable. 

They argued and argued. It soon became apparent to the daughter that her father was not just being proud – he was also afraid. He was hiding something from her. Finally she confronted him:

“Pops, if you won’t tell me how the Hat Trick works, I’m going to scrap it and try something different. Other acts are doing different stuff and we have a lot of great infrastructure, so I’m going to look into other things. Aerials maybe, or dance. Perhaps comedy, or a cooking competition. Something we know that people want and which we can learn how to do.”

Finally, he relented. With his own last dying breath, he told her his secret of the Hat Trick: “I have no idea how it actually works. I just stand on stage, do what your grandma did and hope that the money will come out.”

If you work for a wildly successful organization then chances are you work for (or are) one of the people above.

What is your Hat Trick?

Do you know how it actually works?

Computers and Internet

The Katyushas Little Sister

The Soviets were fond of multi-tube rocket launchers in WWII. They called them the Katyusha and the design persists to this day. They didn’t invent it – I believe that honor goes hundreds of years back to the Chinese – but they really turned it into a weapons system. As we see in the Middle East, they have never been able to hit the broad side of a barn, although they might scare half the cows to death anyway.

katushaWhy use them at all? They are an incredibly cheap and easily deployed way to get payload down field. Not remotely accurate but again very cheap and your truck driver can, in a pinch, serve as your firing team. “Yes Petrovich, I know the rest of the team is dead, but all you have to do is drive somewhere over there (pointing at map drawn in blood on a table in a bombed out cafe) point tubes up and towards Germany, and push button. Is piece of cake. All of our people over there are probably dead anyway! So what are you worried about! Shoot rockets, come back!”

Basic Soviet battle doctrine can be summed up as “why use 10 when 100 might work better?”. If you put enough explosives into the air then some of them will accidentally kill people you want to kill and destroy things that you want to destroy.

Enter the plucky little GBU-39B, a small bomb that is the antithesis of the Katyusha. It’s relatively small (50ish lb payload) so 6 of them can be carried INSIDE a Joint Strike Fighter. It has wings and a bunch of electronics allowing it to glide down and hit things with pinpoint accuracy. How pinpoint, I hear you ask?

SDB testingSDB testingNow engineers at Boeing and SAAB are partnering on what can be described as the smart kid sister of the Katyusha. They are taking the GBU-39B, gluing an existing off0the-shelf rocket motor to its butt and packaging it up so that it can be fired from the M270A1, which is a multi-tube launch vehicle that is already on the ground all over the world. The M270A1 has for the most part been a lot like the Katyusha and has even been nicknamed the GSRS, which stands for Grid Square Removal System because it can cover an entire 1 Km sqaure with grenades (of which several hundred probably won’t explode right away, which is bad).

So what will this new munition do? It will give the M270A1 12 guided bombs that can each be independently precisely targeted (no more hail marys) at ranges of up to 75+ Km. It’s a giant mobile battery firing pinpoint explosives, which among other things is good for civilian populations that aren’t all already dead.

Here’s the Janes take on this new system:

Computers and Internet

Another BitLocker Exploit?

The simple answer is “no“.

We knew (and modeled, and tested) DPA back when we were testing BitLocker. As readers of this blog know we also tested Freon attacks, dual ported memory, tempest attacks and going after the root itself. (And other tests! Many, many tests. I had an extremely enthusiastic team in the “let’s break all the things!” department.)

Of course if you can get the root keys out of the TPM you can bork the root – that kinda goes without saying, right? As in, duh? I can’t fault the paper writers for using BitLocker for PR for their paper – after all, what other solutions are as successful and secure as BitLocker? It sounds like they did some great work. But it’s so not new news. It’s a decade old fact.

If you worry about this attack then you should use a TPM that is DPA resistant – historically there hasn’t been much money in building higher security TPMs. I saw some extremely robust TPM designs as far back as 2002 but they cost more money and the exploits weren’t there yet so the vendors couldn’t charge for them.

If this attack becomes common then I hope that vendors will respond and build more secure TPMs.

Computers and Internet

We said 1 Gb? We meant 1.5 Mb…

Last summer CenturyLink announced that my  Beacon Hill neighborhood will have 1 Gb Ethernet service. Beacon Hill was considered to be particularly important. 

I just tried to sign up for service, and the best (and ONLY) service level available is “up to 1.5 Mbps”. Other places in the world with this kind of service include, uhm. NOWHERE. 

Centurylink don’t even admit in their online speed comparison that this service level exists: 

I talked to their new accounts department and they confirmed that 1.5 Mbps is all that’s available and they weren’t able to give me any  idea of when they’d offer something better. 

You got the PR, Centurylink. How about following thru? 

Computers and Internet

Modern Heirlooms

Son: what’s this, pops?

Father: you’ve been looking at the family moments, I see. 

Son: yep – what’s this? Is it jewelry? It doesn’t seem to do anything… 

Father: your grandpa gave that to me when I closed my first big sale! It’s an Apple Watch. 

Son: Apple? 

Father: they were a famous company back in the day! Made all sorts of stuff – cars, houses, airplanes… 

Son: so how do I turn this “watch” on? 

Father: you don’t, unfortunately. They had a very slow leak in the firmware garbage collector and when it finally wiped out the memspace, Apple had cancelled support for it

Son: but can’t you just hack it? 

Father: Apple didn’t publish their firmware interfaces… 

Son: what? Seriously? Isn’t that against the law?!? 

Father: well it is *now*, but that was a different age… 

Son: why don’t you sell it? 

Father: it’s only worth a little bit. Now that the oceans catalyst mining is up and running, we’re practically swimming in gold. 

Son: so Grandpa was a sucker? 

Father: it was just a different age, son. Now go reboot your brother, it’s time for school. 

Computers and Internet

Teamwork and Trust

For a great overview of the game that I am talking about in this post, please read this awesome article.


He would sit, dejected, for hours in the off season, wondering if all of the success had been a fluke. Four interceptions on balls thrown to him. Four. In one playoff game. It was no wonder that, in the final minutes, his QB threw to other people. Who in their right mind would continue to risk throwing to a four-time loser in the biggest game to date for this young team?

Years later, his football career behind him, he would still ruefully recall those misses and how his team had so rightfully turned their back on him. How they had gone with another option, and lost that night to a ferocious competitor. He would realize, much later, that this was where he started to doubt himself because his team had doubted him. Where he would think that maybe he really just was some kid from Lakewood, not a hero. Not a great football player.

And years later the QB, sitting in front of a fire, would recall that game as well. He would wonder what had gone wrong that day… And he would realize that the doubt that had entered into the team in January of 2015 slowly but surely eroded the team from within. The brotherhood he had been a part of, a brotherhood instilled in them from the bottom to the top of the organization, had started to unravel. What might have become a dynasty became just a statistical fluke.

This, of course, is not what actually happened.

What happened yesterday was two men who were directly or indirectly responsible for the worst performances of both of their careers made a choice. Russell Wilson threw, in the most important play of the game, to a man who had turned the ball over 4 times. Pete Carroll supported that play, Jermaine Kearse made the catch and the Hawks won the game.

If Jermaine had dropped that ball – or god forbid had turned it over again – we would all be questioning team leadership across the board.

Which, as it turns out, would be the wrong thing to do. Wilson had to throw to Jermaine because he was the right man to make the play, no matter what had just happened before. And I like to think that it’s because in the long game a Jermaine who has redeemed himself by doing his job well is just as valuable to the team in future seasons as this win was.

Perhaps it’s even more valuable – every man on the team will be looking at this and they will be thinking, as contracts roll around – “would any other other team continue to trust me after I had repeatedly and drastically failed to do my job? will they ever trust me that much?”

This is what makes this such a remarkable event. Jermaine Kearse was never a 4 time loser – he is an extremely good receiver who happened to have a few bad misses. By refusing to allow the narrative to change into Jermaine’s failures the Seahawks showed a level of depth that will last them well into the future.

The Seahawks showed that good teams win together – even teams whose individual players are having really, really, REALLY bad days.