About two years ago Theresa May said:

[..] that last night’s London terror attacks mean that the Internet cannot be allowed to provide a “safe space” for terrorists and therefore working cryptography must be banned in the UK.

Source: https://boingboing.net/2017/06/04/theresa-may-king-canute.html

The German interior ministry said today:

Das Bundesinnenministerium ist dem Vorwurf entgegengetreten, es wolle Anbieter von Messenger-Diensten wie WhatsApp zur Entschlüsselung der Kommunikation ihrer Nutzer zwingen. Die Bundesregierung halte an dem Prinzip “Sicherheit durch Verschlüsselung und Sicherheit trotz Verschlüsselung” fest, sagte ein Sprecher der dpa. Er betonte: “Wir wollen weiterhin keine Hintertüren oder Verschlüsselungsverbote.”
Damit Terroristen und Bandenmitglieder ihre Kommunikation nicht durch die Nutzung verschlüsselter Messenger-Dienste komplett abschotten könnten, müssten die Provider aber einen “staatlichen Zugriff als gesetzlich geregelte Ausnahme” ermöglichen. Einen Gesetzentwurf hierzu gebe es jedoch noch nicht, sagte der Sprecher. “Wir stehen hier noch am Anfang einer Lösungsfindung.”

Source: https://www.heise.de/-4447537

To my mind it seems like most of the politicians do not realize that cryptography has something to do with mathematics, rather than with sets of rules like who’s (dis)allowed to do what.

2019-06-12 @ 07:59: RAMBleed Bugs | Security

RAMBleed is a side-channel attack that enables an attacker to read out physical memory belonging to other processes. The implications of violating arbitrary privilege boundaries are numerous, and vary in severity based on the other software running on the target machine. As an example, in our paper we demonstrate an attack against OpenSSH in which we use RAMBleed to leak a 2048 bit RSA key. However, RAMBleed can be used for reading other data as well.
RAMBleed is based on a previous side channel called Rowhammer, which enables an attacker to flip bits in the memory space of other processes. We show in our paper that an attacker, by observing Rowhammer-induced bit flips in her own memory, can deduce the values in nearby DRAM rows. Thus, RAMBleed shifts Rowhammer from being a threat not only to integrity, but confidentiality as well. Furthermore, unlike Rowhammer, RAMBleed does not require persistent bit flips, and is thus effective against ECC memory commonly used by server computers.

RAMBleed

Now imagine you put your stuff into the cloud ….

Corruption, living standards, housing, unemployment and health rank above, or alongside, migration as key issues for European voters. Despite anti-immigration rhetoric across Europe, many voters view domestic issues as chief concerns. Voters in Greece, Italy, Poland, Romania and Spain are more concerned about people leaving their country than coming in.

European Council of Foreign Relations

Sounds like the experiment “EU” can be considered as failed.

EverCrypt—developed and verified by the Project Everest team—offers the same features, convenience, and performance as popular existing cryptographic libraries without the bugs that leave protocols and applications vulnerable. Usable by verified and unverified clients alike, EverCrypt emphasizes both multiplatform support and high performance. We accomplish this by producing both platform-agnostic C code and optimized assembly code for specific hardware targets through the combination of two components of Project Everest: the HACL* cryptographic library developed jointly between Inria and Microsoft Research and the Vale-Crypto library of assembly primitives developed collectively between Microsoft Research and Carnegie Mellon University.

By Jonathan Protzenko, Researcher; Bryan Parno, Associate Professor, Carnegie Mellon University

The verification process is likely more complex than the code itself. Anyway, this is one great step. Read the full article over at Microsoft.

2019-05-07 @ 08:01: Linux kernel for Windows Linux | Windows

From June 2019 the Windows Subsystem for Linux (WSL) will feature a real Linux kernel. While the current WSL1 is just some kind of wrapper, an incomplete Linux distribution with lots of limitations, the new WSL2 will feature full system call compatibility.

To my mind this will make use of Hyper-V, which in turn will likely block access to VT-x for other virtual environments such as VirtualBox and VMware. So, quite a clever move by Microsoft.

Luckily they’ll support further development of WSL1, too.

Read more at Microsoft.

Quick! Grab everything you can before they are down again!

Lawmakers are set to approve plans for an enormous new database that will collect biometric data on almost all non-EU citizens in Europe’s visa-free Schengen area. The database — merging previously separate systems tracking migration, travel and crime — will grant officials access to a person’s verified identity with a single fingerprint scan.

Source: Politico

This sounds like Mielke’s wet dream come true. I doubt there’ll be any improvements in security. Just more surveillance and possibilities to repression.

You see, Internet Explorer is a compatibility solution. We’re not supporting new web standards for it and, while many sites work fine, developers by and large just aren’t testing for Internet Explorer these days. They’re testing on modern browsers.

Chris Jackson at Microsoft. See full article.

Good to see this has been clarified finally. As I say for many years Internet Explorer is not a browser. It’s a compatibility solution without any right to exist any longer.

On one hand you can not serve lobby interests, especially to serve large publishers, labels and artists, and then on the other hand stand up and fight off the consequences that result from the collateral damage, by calling for meaningless and completely useless additional protocols. They are not required, they are one necessary consequence of the law.

The policy doesn’t require upload filters. But companies without extensive blocking are constantly in danger of claims for damages. That’s why they have no choice. Article 13 is a shift in the burden of proof. But in a liberal democracy everything is allowed, what’s not forbidden.

Thanks to Article 13, everything has to be blocked first, until it’s proven that it’s allowed. There’s no doubt that no culture can thrive this way. Principles of a pluralistic democracy, and also those of a liberal constitutional state get abolished by this policy.

It does not strengthen artists. On the contrary, many will find that they can not even bring their own material online without proving that it does not violate any third party rights. So everyone has to join the same large collecting societies, in order to enjoy the benefit of flat-rate licenses, which only large global players can and will do.

This disaster is applauded by journalists, who otherwise always like to demand the solidarity of the net community with their concerns of free reporting. But they themselves punch all unorganized Internet broadcasters directly in the face; according to the motto “we also want to get paid”. Have you not been paid, yet?

Is it really worthwhile to enforce 30-40 years old business models in a network that removes the role of recipient and sender? You want to turn back the Internet into consumers and professional producers, so that your dinosaur world is right again.

Don’t be surprised if the solidarity regarding your concerns suffers in the future, because you have just made yourselves real enemies of free cultural practice. And by no means I’m talking about the straw man of an “everything’s free culture” that you allegedly suffer from. You threw out the baby with the bathwater. You, as the alleged fifth pillar of democracy, have just laid your hands upon the possibilities of freedom of expression. You have made yourself part of the problem, not part of the solution; and that way one should treat you from now on. This is not a good day for freedom in Europe, it is a very bad day. A catastrophe promoted by publishers and law-abusers.

These automatisms in browsers are giving me a bad time. Who the hell came unmedicated to the conclusion to let browsers transform emoticons into emojis? Text has to remain text and images have to remain images.

Of course I could add the text presentation selector (&#xFE0E) as suffix to every emoticon I write, but that’s not the point. Also the suffix gets removed upon editing, so I need to add it over and over again. Programmatically scanning all texts and adding the suffix automatically is overkill and results in a huge performance loss.

I found an add-on for Firefox which claims to do disable emojis. But it doesn’t work, and also I don’t want a separate add-on for that. Seems like no one thought of a simple CSS setting to disable this crap. I don’t want smileys, emojis, whatever. This is all so painful.


  • About

    We never asked for this.