Back to: CMAP: "Why can't I find audio editions of your books in the UK?" | Forward to: They Took Our Myths

A product review, and some musing

A product testimonial of sorts:

I've now had my new retina Macbook for about two weeks, and completed my first multi-day trip from home with it. Verdict: it's not perfect but it's a keeper. On the other hand, it raises some disturbing questions about the future ...

Obviously the MacBook's light. Did I say it doesn't weigh much? This thing weighs about as much as an iPad Air 2 with an external Logitech keyboard cover. It's charger weighs 90 grams, compared to the 200-300 gram wall warts other Mac laptops need. It'll also charge from one of the newer Anker USB multi-way chargers — I'm travelling with a 6-way 60W USB brick that can simultaneously recharge the Macbook, an iPad, an iPhone 6+, a USB battery brick, and a portable bluetooth speaker, which weighs just 190g. The one-mains-socket charges-everything charger has finally arrived, and lightened my travel load-out by about 500 grams compared to what I was carrying a year ago (even if you don't include the reduction in weight of the laptop itself).

Some folks hate the keyboard. I'm a light touch-typist (and I'm typing this on it right now) and I think it's fine — slightly larger keys with better spacing than the regular Apple keyboard, less travel but more precision. I'm able to type at full speed on it, with normal accuracy, which is good enough for me.

The battery life isn't as good as a current-generation 11" macbook air, but when I had occasion to haul it out somewhere with no wifi for some writing I wasn't unhappy. I disabled wifi and bluetooth, dimmed the screen to about 70%, quit or suspended all internet apps (Mail, Tweetbot, Safari, and Evernote: paused Dropbox syncing), and fired up Scrivener. After half an hour of writing the battery was indicating about 7h40m remaining, which is plenty for this kind of task (equivalent to what I'd be doing aboard a trans-oceanic airline flight). When doing heavy internet stuff the battery life projection drops precipitously (as low as the 3h mark) but then, that happens on a regular Mac laptop as well. You probably don't want to use this to run a software build environment or play graphics-intensive games, but as a portable writing machine it's great.

And then there's the screen. The screen fits within the same dimensions as the 11" Macbook Air, but the bezel or frame around it is smaller, it's physically larger ... and it departs from the 16:9 widescreen aspect ratio that has become standard on laptops (ideal for watching movies) to a slightly deeper one, which is a huge improvement for text processing or spreadsheet work. Add Yosemite's full-screen mode (getting rid of the window decorations and making the menu bar self-hiding) to buy some more vertical real estate and it's actually a much nicer machine for writing on than its predecessor, even before we get to the sharpness of the retina display (which I really need these days, due to my own retinas being covered in scars).

Finally, the USB-C connector. This is a weakness — there should be two of the bloody things. I resent having to unplug the laptop from the mains socket in order to plug in an external backup device. This is the same mistake Apple made with the original 2008 Macbook Air (which I also owned) and they fixed it in the next generation; hopefully they'll do the same here, too. On the other hand, I sprang for a 1Tb external SSD for backup on the road (I use a time capsule at home), and a full initial time machine backup of 250Gb took around half an hour to complete; the high speed USB protocol is blazingly fast if you don't bottleneck it with a lump of moving metal, and incremental backups take about a minute to complete. Do it once every couple of hours if you're away from all networking, and rely on Dropbox to save your working files when you're on-grid (and back up daily for the system itself) and you're set.

And for a final useful extra, yes you can charge this machine off a USB battery brick. I just plugged it into my Mophie Juicepack right now and it's sucking watts. This brick isn't ideal — it predates the really high current USB stuff, so it keeps disconnecting — but I'm pretty sure USB bricks that can feed a macbook will be along within a few more weeks. At which point it's up to the user to make the trade-off between weight and battery life — if 7h30m isn't enough typing time for you, you can always carry a spare battery, the way we always did in the dark ages of the 2000s.

A security warning is in order, though. There's some hideous malware out there; basically most modern buses (USB, Firewire, Thunderbolt, I'm looking at you all) require an embedded microcontroller at each end of the connection to a peripheral, and it's possible to suborn this microcontroller and permanently infest a piece of hardware. If your laptop can only charge over USB — or your phone, for that matter — you might want to think twice before using a USB device or charger that you don't trust: what to do? Well, you might want to carry a USB condom with you — current delivery is negotiated over a couple of pins, but the job of a condom is to block USB data transfer, hopefully blocking malware at the same time, if you have to use an untrusted charger. Longer term, though, you probably need to learn how to use ad-hoc networking or bluetooth to exchange files with your friends rather than trusting USB sticks that have contacted a possibly infected machine. And we're now diving down the rabbit hole of figuring out who we can trust when it comes to our formerly-dumb hardware peripherals — after all, USB sticks have more or less replaced floppy disks and CDROMs for exchanged files in the absence of network access. Every goddamn micro-SD card has an ARM processor embedded in it, after all! Where does it stop?

I think it's reasonably safe to trust Apple's own power brick; if someone is rooting Macbooks at the factory then they're probably doing so at the behest of a government and if they're the government they can get at the motherboard at which point the game is up. (Governments have lawyers, and if the lawyers aren't persuasive enough they have Men In Black, and if the MIBs aren't persuasive enough they have soldiers and prisons. Corporations faced with a sufficiently pointed request from the NSA generally do what the NSA wants because if they don't, they end up like the CEO of Qwest.

It's not un-reasonable to trust high power USB chargers by companies with a reputation on the line because their brand identity is their biggest asset in differentiating them from the baying pack of cheap commodity vendors selling out of the back of Chinese factories, and won't willingly fuck themselves in the head — they might be rooted, but it won't be intentional. But I'd steer a very wide berth around cheap no-name USB chargers from now on; it's easy to see some of them being sold at cost or even at a loss, just to get the malware payload they carry into circulation ...

Oh, and this is a harbinger of the whole internet of things midden that's going to rain down on us over the next decade. You want a smart hotel room door lock that uses NFC to a card in your wallet to let you in without swiping a magstripe card through a reader? Well, sucker, how do you know the hotel door lock hasn't been pwned and isn't rifling through the NFC cards in your wallet at the same time? How do you know your electricity meter isn't helpfully telling anyone who asks it when you're away from home? (Come to think of it, didn't Spider Robinson write that novel back in 1982?)

Actually, if that sort of thing keeps you awake worrying at night, you shouldn't buy this laptop; you should buy one of these instead, and run this operating system on it, just to fuck with the script kiddies' heads. (And maybe stack a System 360 emulator with VM/CMS on top to ... no, that way lies madness.) Really, if you worry about this sort of thing, stop using computers. Except, oh, you can't do that any more? So sorry. Welcome to the 21st century, the age of insecurity! In the meantime, you can have my beautiful shiny malware-infested USB laptop when you pry it from my cold dead fingers.

Finally, to add to the fun, it's no longer just about USB security. The USB Type-C connector was designed from the outset to support "alternate modes" in which some of the pins in the connector could be dynamically switched to obeying a different protocol, or protocols plural. This past week it was announced that Thunderbolt 3 would switch from the mini-displayport cable to using USB C-type connectors, with USB 3.1 integrated — so you can use any USB 3.1 peripheral (and thereby USB 1 and USB 2) with a Thunderbolt 3 host, as well as TBolt peripherals, and drive two 4K displays at 60Hz or a single 5K display at 60Hz over the new bus (max data throughput: 40gbps).

Thunderbolt 3

So the C-type USB connector that the current Macbook uses as a charger and data port is rapidly evolving into the One Ring to Bind Them All for data comms — or rather the One Cable (with an embedded microcontroller at each end to handle synchronization/protocol negotiation because this shit is about totally bonkers bandwidth). As TBolt also carries PCIe channels this means basically any CPU-accessing peripheral, like GPUs or disk interfaces, can present directly over it.

Yeah, Infosec Taylor Swift is right. We're all doomed.

99 Comments

1:

Funny thing about the off-brand chargers. Depending on the relative greyness of the market in question, stories indicate that malware should be the least of your worries.
I'm pretty sure it was one of the UK consumer programmes which I first saw raise the issue that the electrical safety of some sampled chargers was more than a little iffy and that certification marks were being forged.
It certainly drove me to assess the relative value being applied in a device that's being manufactured at the least possible cost is in responsible for taking an input at 240V and converting plugging the output into your 5V line on your mobile device.

3:
And maybe stack a System 360 emulator with VM/CMS on top to ... no, that way lies madness.
Hmmm, VM/CMS... Good memories.


We had to use that behemoth at univ. and, of course, we had a terminal room that was always packed by all the student on their various projects. So I made a mass disconnector: run the software, everyone's VM would end and you'd be back at the login screen. When a member of the "gang" came and couldn't find a terminal, you ran that every minute or so, and after two or three times, people would leave the room to come back "when the computer stops acting up".


The staff never bothered me about that one. However, when we mucked with the auditing stuff, to cram extra night jobs on other dept.'s accounts because we had 6 hours of batch time per week (funny, the guys in agro never used all their computer time), they beelined straight to me to "spread the word".


Good times, indeed.

4:

Huh. I wondered when we'd see a really portable Raspberry Pi. Thought I'd have to kitbash one out of an old briefcase or something.

And I second Mr McAnley's points; I made the mistake of buying a universal battery brick that could charge every device under the sun and trickle charge from built-in solar panels too for the amazingly low price of £40. One irreparably banjaxed laptop later, I began to understand why the eBay listing said "Only used once".

5:

I find myself tempted by CHIP, $9 is well within in my price range. If it had two USB ports it might be harder to resist.

6:

RaspberryPi 2: quad core processor, HDMI for video, four USB 2 ports. You'll need two of them for the bluetooth and wifi dongles, or (optionally) the 3G modem, but hey.

7:

I'll see your "used VM/CMS at uni" and raise you "earned my crust using VM/CMS". This was in the 90s, mind, so I was mostly developing Oracle database applications. Yes we didn't use DB2 for some reason.

We also had a homegrown "intranet" of sorts (although we didn't call it that of course, and the way it was structured was much closer to Gopher of fond memory than the web.

When the web came along we even hired a certain Mr C. Stross to help us export a big chunk of our intranet pages to a public web server.

As you say, good times.

8:

I will confess that the big iron stuff baffled me. But then, I'm a UNIX guy at heart (and your people weren't paying me to sit around with my thumb up my ass reading entry-level tutorials when I could be breaking stuff on Solaris instead).

9:

Most useful application on Pi for me is:
http://freedomboxfoundation.org/

10:

Sadly they switched everything to Redmondware a few years later, by which time I'd moved onto the Unix world and haven't looked back.

Still miss ReXX a little bit though.

11:

After half an hour of writing the battery was indicating about 7h40m remaining, which is plenty for this kind of task (equivalent to what I'd be doing aboard a trans-oceanic airline flight)

I've never flown across an ocean but aren't most airlines putting power at all the seats. I fly AA a lot and all the newer plans for several years have 110v A/C at the seats. And they've even put 12VDC in the MCE areas of MD80s even though those plans will all be gone within two years.

It's not un-reasonable to trust high power USB chargers by companies with a reputation on the line because their brand identity is their biggest asset in differentiating them from the baying pack of cheap commodity vendors selling out of the back of Chinese factories

Since all these Apple and other charges look alike I write my initials with a sharpie where the mains plug fits in so I can tell if I'm using one I personally trust. And where I can't hide it I just write "neatly" on the exterior. Sharpie makes a silver pen that works fairly well on the black/charcoal colored units. I also write my initials on the cable edge of various USB to "device" cables. Requires a micro tip and steady hand but at least I know they are "mine".

12:

"How do you know your electricity meter isn't helpfully telling anyone who asks it when you're away from home?"

But Charlie, you tell us every time you go to the pub anyway! :)

More seriously, I guess burglars must be really think of they haven't figured out that people are broadcasting their locations in real time with 4square and other creepy oversharing apps.

13:

"Thick", not "think". God damn man why didn't you proofreed that?

14:

My house was broken into 20 years ago via a very simple technique. Our after school sitter and her friends would discuss what they were doing and if they were free at school lunch. Some guys would listen in and hit the houses where the sitters said they were not watching the kids due to the families being out of town. They hit up 5 to 10 houses before getting caught.

15:

I've never flown across an ocean but aren't most airlines putting power at all the seats.

Only in business or first class (and premium economy on intercontinental routes -- roughly equivalent to US domestic first class, minus the posh meal service).

I've only once found seatback power in economy on an airliner -- that was an AA 757 kitted out for trans-Atlantic service.

16:

But Charlie, you tell us every time you go to the pub anyway! :)

Thank you for playing, but more than one person lives in this apartment, never mind the other apartments at this address that share the front door. While we sometimes travel together, if it's for any length of time there'll be a cat-sitter or someone popping in to care for the carnivorous plants. And I don't do 4square.

(Mind you, I should be more careful about twitter geolocation sharing when self plus spouse are both out, but ...)

17:

A method they used to use involved a cell phone and a criss-cross directory. Cruise down the street calling each phone. Every phone that gets answered is a house that has somebody in it.

But now lots of people don't have landlines at all.

18:

I have anecdotal evidence of a cheap chinese usb charger perpetually infecting the iphone of the CEO of a (small) software company until he realized where the root of the problem lies. So yes, all the second part of this post is most probably the reality, and was the reality already years ago.

I spend quite a lot of time worrying about these issues. Conclusion is that any hardware (and also almost all software) is fundamentally untrustable, so you can either remove anything smarter than an old-fashioned lightbulb from your life ("Rapture of the nerds" hits rather close here...), which is impossible anyway in today's society (try to live without a bank account...), or give up any illusion of security, or... I don't really have a third option.

There is existing research about embedding backdoors in chips that are basically impossible to discover even if you have the full specification of said chip, down to wires and nanometers, which of course most people don't have, neither the time or expertise or resources to check...

My best idea so far is to compartmentalize sensitive information to hardware with no network connection at all (today, maybe still possible with hobbyist stuff, but I wouldn't trust modern motherboards, and in the near-term future, very questionable... Everything, including your coffee machine, will have wireless, it's just a question of you being aware of it or not), and then communicate with custom optical connection, with very simple custom protocols (think leds and morse code). Rather inconvenient, low bandwidth (because you are not an expert in designing and manufacturing optical networks, and you cannot trust those who are), and does not help too much if you actually need to get sensitive information to move around (as opposite to say just signing a transaction), and of course it doesn't help at all if your national ID card or debit card or coffee machine or self-driving car or lightbulb or artificial heart valve is easily hackable, which I can promise they will be (the majority of these already are).

Future is really very scary.

19:

I think you mostly have to worry about the backdoors that are already in the software, as shipped. Yeah, there's spy stuff. But who's going to bother when there's this great big path, already built, just waiting to be used?

20:

We could start a big iron thread, but let's not :-) However, you
may be amused by this story. Back in those days, the gummint
decided that it could save money by buying just one supercomputer
for AWRE and academic number-crunching (as in Archer). The claim
was that the tasks would use physically separate disks, so there
would be no security breach. At the public meeting, I said in a
loud voice that all hackers needed to do was to install some hacks
into the channels (i.e. in-CPU device controllers) and wait until
the reboot, and that this was common knowledge in academia. The
people next to me said, through clenched teeth, "We know. We work
for ARE security." Anyway, the plan was quietly dropped.

There's nothing new under the sun, is there?

21:

The long-haul economy seats (Air France 777-200) I took on my recent trip to Japan had seatback 110V as well as a USB port on each seatback's display for own-media playback (although it wouldn't recognise MKV files). That USB port would also worked as a charger for a tablet but I don't know how much current it would supply.

22:

It's good to see you go back to your geek roots. Whenever someone says that using Perl ruins the brain, I bring you up as a counter-example. If only I could come up with a second one...


Combing power and data is a great example of how coupling introduces side-effects.

I have understood the dangers of removable media since floppies (you're not just interacting with this floppy, you're interacting with every computer that this floppy has ever been inside, etc). But it only recently occurred to me that when I used to plug my tablet into my work desktop for charging without a USB condom, I was a threat vector. I'm just charging dammit, not transferring files. Arrgh!

But even USB condoms have issues. The fast-charge adaptors that fool your device into thinking that it's connected to a charger rather than another device may contain logic which makes them hackable too. Double-arrgh!

23:

On the societal scourge of Macaholicism: as a Unix graybeard I used to feel pity mixed (I hate to admit) with a little bit of contempt for people who let themselves get hooked.

Then I changed jobs and was issued my first MacBook Pro (15" screen) in 2010. It was like the scene where Bob Howard first sees the JesusPhone and is captured by the Class 3 glamour. The build quality. The display. The UI customization: everything I didn't like about the trackpad, I was able to customize. And so I was assimilated.

When my wife's XP laptop finally died, I told her to get a MacBook. She didn't want to spend the money and got an HP running Windows 8. She tried it for a month and gave up (WTF were they thinking with that UI?). She took it back and got a MacBook Pro with a Retina display.

I understand all the issues with Apple. But it's such a nice golden cage.


24:

Of the visible desktop creators, Apple is the only one that knows
a GUI must be designed, and not simply perpetrated.

25:

It wouldn't be that hard to build a USB charger that used old-fashioned non-digital tech. The 5V requirement goes back to the era of TTL 74xx-series chips. You'd have a rather big and heavy transformer and smoothing capacitor, something like a 4.3V Zener diode, and some hefty transistors on a heatsink. That's lousy efficiency, and I suspect things would be bad if you didn't have a load connected.

In principle, you could have one of the linear IC regulators, which is a bit low-current, replacing the zener as the voltage reference, and that would handle the open- and short-circuit problems.

It wouldn't be a wall-wart, it would be a brick.

And a sandwich toaster...

26:

The plane USB port I used to recharge my phone on an Airbus worked well enough. It was a bit better than recharging your phone off your computer USB port, not as good as wall current, and welcome on a long flight either way.

The more I see of the malware problems, the more I think that Bruce Schneier is right, that wall-to-wall encryption is a good way to go, even on recharging devices. As for the internet of things, I want them dumb, thank you very much. Too bad no one's listening.

In any case, we're basically replicating the basic biological problem of disease transmission in an electronic format, which shows that big monkey brains are really good at reinventing billion year-old problems rather than new solutions. Anyone who's working on this problem might want to read Anderson and May's Infectious Diseases of Humans and its successors and companion papers. They're the people who created the first good mathematics of the ecology of infectious disease spread. If the white hats haven't heard of their stuff already, I suspect there's some nice mathematics that can be swiped and possibly used for characterizing virus spread and possibly controlling it. I haven't read much of it, but I will say that while their models are fairly simple, some of the mathematical outcomes weren't (at least to me) obvious. This might be useful.

Of course, with viruses and other diseases, public health and good hygiene turn out to be better ways to prevent infection than high tech tricks. We'll probably end up the same solutions for our computers, and that will be it for the internet of things. We'll see. In the mean time, it's a bubble of paradise for malware and malware makers. Hope they all enjoy it while it lasts.

27:

"It's not un-reasonable to trust high power USB chargers by companies with a reputation on the line because their brand identity is their biggest asset in differentiating them..."

I'll just do an awkward sort of half nod in the direction of the Sony rootkit fiasco - sometimes there's a room full of otherwise smart people to think they just won't get caught.

I think we've tipped the point now where unless you're full time in IT we probably have to assume everything is compromised. There's just too much going on in the software and the hardware for a non-professional to keep up.

28:

I treat it more as "what can't I live without, and how can I minimise the risk". I have one friend who uses an old candybar phone specifically because it's too dumb to be compromised except in the brutal way that cellphones are inherently compromised. I instead use a smartphone but turn off the extraneous stuff and root it so I can remove malware (S-Voice, Google media, that sort of malware). But the malware that ships with the lower layers of the OS... can't fix that. AFAIK every GSM radio is at best extremely vulnerable to misdirection. Like so much of the internet, the only security is there to make it harder to bill calls to someone else's account.

The problem with a linear regulator, BTW, is that there's no way to be sure that what you have *is* a linear regulator and not a smart device modulating the output to transmit malware. You need to build the circuit out of discrete components, while being aware that any 3 pin device could have a processor in it.

29:

In theory all you need is the power lines on a USB, with the data lines pulled high or low. Except maybe for Apple
http://www.instructables.com/id/Lithium-Battery-Solar-USB-iPhone-Arduino-Charger/step4/USB-Circuit/

30:

How do you know your electricity meter isn't helpfully telling anyone who asks it when you're away from home?
Precisely. And other guvmint-spies reasons that I will be exercising my right not to have a "smart" electricity meter @ home ....

@ fridolin @ 18, too.
Yes, but you can do something to at least cut down if not utterly minimize such threats. I refuse (unless really pushed) to use "Wave-&-Pay" with my debit card for anything, f'rinstance.

heteromeles @ 26
In any case, we're basically replicating the basic biological problem of disease transmission in an electronic format, which shows that big monkey brains are really good at reinventing billion year-old problems rather than new solutions.
Yeah.
We can all see this, same as everyone can see the monumental stupidity & greed of the US agrobusiness in feeding cattle antibiotics.
But still teh stupid it burns ...
And BOTH those scenarios will end up killing people,a lot of them, not too far in the future, unless "something is done"
But it won't be. [ Oh - if they haven't already. ]

31:

That last paragraph is where things start looking crazy, rather than over-careful. If the charger can deliver malware by variations in the power-supply voltage it needs receiver hardware in the target. And that kills off all pretence at security for everything and everyone. It would depend on the component supply system being thoroughly corrupted.

If anyone wants to deploy an attack at that level, it suggests they don't care about their own security.

Well, we are seeing some pretty crazy thinking about cryptography, even at the simplest level of thinking that the security of your credit card and on-line banking isn't cryptography.

32:

"... that wall-to-wall encryption is a good way to go, even on
recharging devices."

Actually, no, it's merely covering up the mess, and doesn't solve
the equally important problem of RAS (including denial of service),
anyway. What we need are properly-designed software environments,
which would prevent 90% of such malware and make it much easier to
block the other 10%. Fat hope.

"As for the internet of things, I want them dumb, thank you very
much. Too bad no one's listening."

Oh, there are people listening - that's what they want the Internet
of things for :-)

33:

There's a brand of aftermarket home power meters where one of the official functions it has is identifying which device you're using and whether you could save money by using it off peak. It's not so much "leaking" information as explicitly broadcasting it.

Many of the similar devices lack that particular function but are built around uploading your usage to a website. We have one, and it kinda works but in our case there's three inputs and only one output so the website is less useful than it might be (we have PV and controlled load). I'm in the process of replacing the upload with a Pi running my own software, but first I have to make the Pi do what I want.

Annoyingly the low-end arduino I have is slightly too low-end to do what's required, and since I already have the Pi it's hard to justify stepping up just a bit to a bigger embedded device rather than the Pi running Linux with the huge vulnerability stack. Not that dumber devices are necessarily safer, but when they barely have the grunt to do what they're supposed to be doing they tend to fail in obvious ways.

On that note, did anyone else laugh at Intel's latest announcement? Their new "low power" chip is Pi-level but uses less power, and they're suggesting people put it in toasters and any IOT device. It has enough computing power to run proper malware, you could probably put it into a botnet if you were so inclined. I'd much rather have something that has to clear my code out of RAM to load anything else...

34:

The plane USB port I used to recharge my phone on an Airbus worked well enough. It was a bit better than recharging your phone off your computer USB port, not as good as wall current, and welcome on a long flight either way.

If that was on an A380, they use them for data -- you can download in-flight movies and music onto your tablet or laptop.

That feature is probably going to spread to other Airbus models real soon.

Of course, for added in-flight entertainment, if someone manages to infest the USB controller firmware on an airliner's seatback entertainment with BadUSB malware that would be just peachy. (You can just imagine an attacker booking an economy ticket and sitting in the middle of a row: to neighbours, sequentially, "excuse me, my USB port won't charge, can I borrow yours?" and so infecting three ports for the price of a single ticket). As each seat is going to be occupied 1-6 times a day (depending on flight frequency) and is almost certainly going to be used on 50% or more of all flights, that would result in the infection spreading to 2-6 victims per day, and they'll all be long gone before they notice it.

Other really good targets would be power outlets on any form of public transit -- waiting lounges, trains, coaches, even taxis if they start fitting them -- and in coffee shops or hotel rooms. (Yes, I have seen USB power outlets in hotels. Probably just pure chargers for now, but ... hang on, don't a lot of smart TVs have USB ports these days, for hotel guests to watch their personal porn stash on?)

35:

Note that "not unreasonable" doesn't cover the risk of a high-profile company like Sony doing something screamingly stupid if not outright suicidal in the marketplace. It just means that if they do, someone's having an even worse day than you are.

Meanwhile, do your file backups via wireless network to a storage server that doesn't permit DMA access from infected random peripherals. (Like, say, an Apple time capsule with the USB socket plugged with a USB condom or a lump of blu-tack.)

36:

The first computer I ever owned had a Z80 chip and 16 kB of RAM. Flight Simulator would run on it. You could run an assembler, no trouble.

Making a chip without enough power to be a risk is maybe a touch harder than it looks.

37:

You have probably not seen it but CSI Cyber ran a story around this a while back - Season 1 Number 9
http://en.wikipedia.org/wiki/List_of_CSI:_Cyber_episodes#Season_1

And yes, I pirated them all. I thought it the least I could do to bolster the ambiance and spirit of the shows...

38:

As to in flight systems it has been discovered that on some/many/all planes the in flight wifi is on the same LAN as the plane systems. PR flacks are saying there's no problem but good grief. Who signed off on this? Someone whose knowledge of networking is they hooked up a wireless printer in their home one time?

Come on at least dual routers.

39:
I refuse (unless really pushed) to use "Wave-&-Pay" with my debit card for anything, f'rinstance.

Of course, actually using the WavePass is not the risky part.

The risky part is if someone steals your card, or reads the card in your pocket (say, on rush-hour public transport), or double charges you while it's out of your sight. None of those risks will be in the least reduced by avoiding using it; you'd have to start drilling holes in the card or something.

Since you can't avoid the risk, you might as well take the convenience...

(Dealing with having two WavePass cards in your wallet is left as an exercise for the card-holder.)

40:

Actually I bet the decisions were made based on saving 50 to 100 pounds in weight. (~25 to 50 kg)

Extra chassis, frame racking, and wiring with wiring being the biggest part of it.

41:

Mumetal wallets

42:

I currently have an Air, previous was a MacBook Pro circa 2009 that was retired to be a desktop computer with a 24" monitor after the internal display went bad. I declared my Air inadequate and eventually want to get another MacBook Pro as I want the 16 gig of RAM and 500 gig of storage. But I don't like the direction Apple is going. The tech and displays are wonderful, but the computers all but unrepairable, according to the iFixIt teardowns/evaluations that I've seen.

So it's a bit of a quandary for me. I can buy a used/refurbished MBP that isn't near what the new ones or like. I'll save money and reduce ewaste by a minuscule amount. Or spend more on something that once a bit fails after warranty, it's time to buy another? I don't like that scenario.

I was a little adventurous last week and bought an Asus Chromebook for my forthcoming cruise from Prague to Berlin. It weighs less than my wife's iPad 2 and isn't much larger and does the basic work that I will need to do, and at $200 I won't cry if it's stolen or broken. But it's clearly no substitute for an Air or MBP.

43:

In a fit of desperation last Christmas, I got my wife an ASUS Chromebook, on the principle that if she didn't use it, it wasn't too much money down the drain. I'm very glad I did as she uses it all the time, it being the machine she keeps on the coffee table in the living room. Underpowered by modern standards perhaps, but quick enough for anything she actually wants it for, light, and a lovely battery life.

Hmm, PrahaPrague to Berlin? Viking, or one of the other lines?

44:

That sounds plausible, but I am a but sceptical about the original thesis. How old is the design of the aircraft in use today? (The Airbus A380 took around twenty years from a solid start to first delivery, nearly thirty from the first vague ideas.)

Besides, the auto industry, flawed though it may be, seems to have dodged that bullet with it's control network. And they don't have the safety culture of aviation.

My impression is that the regulation of aviation would mean that sharing the network with the flight control systems would mean that all the entertainment hardware would have to be certified to the same standards. Weight saving does matter, but what's the cost of that test and certification process? Would it be cost-effective.

I know that guy claimed he could hack into the control systems via the "entertainment" and internet access systems available to passengers, and he got arrested. I'm not sure the arrest says anything about the plausibility of the claim. "This sounds scary, so we have to arrest somebody or we look like we don't care."

That's why I'm sceptical, and I know I could be wrong...

45:
And maybe stack a System 360 emulator with VM/CMS on top to ... no, that way lies madness.

Madness indeed. Any brit would surely be running George 3, not VM/CMS.

46:

Please go and explain this to the utter muppet who perpetrated Ubuntu Unity. It looks crap, it is a sod to use, and it is a buggy CPU and memory hog.

Switch to Gnome Flashback and Metacity, and you immediately gain several GB of memory, and lost ever so much cruft. Granted, it ain't a patch on Apple OS/X but then very little is.

47:

...and by default sends everything you search for to Amazon, at which point it goes from "dumb" to "evil."

48:
My best idea so far is to compartmentalize sensitive information to hardware with no network connection at all (today, maybe still possible with hobbyist stuff, but I wouldn't trust modern motherboards, and in the near-term future, very questionable... Everything, including your coffee machine, will have wireless, it's just a question of you being aware of it or not)
Everything doesn't need wireless; neither an Iranian nuclear fuel processing plant nor the US military can keep an air-gapped network malware-free (and apparently there are versions better at data exfiltration since). Here's Schneier's suggestions for building an air-gapped system, honed by his experience of working with Snowden files. Note: predates BadUSB.


...then communicate with custom optical connection, with very simple custom protocols (think leds and morse code).

A different physical or data link layer in your network is no protection, and if you're suggesting what I think you are (an optical modem) then that's all you're changing.

49:

Re: "Anyone who's working on this problem might want to read Anderson and May's Infectious Diseases of Humans and its successors and companion papers. They're the people who created the first good mathematics of the ecology of infectious disease spread. If the white hats haven't heard of their stuff already,..."

Found a PDF of a PPT presentation that summarizes some of the key points, also shows the math:

http://www.princeton.edu/~aglaser/lecture2007_diseases.pdf


The board game Pandemic is also good for becoming familiar with disease vectors, etc. "Through the combined effort of all the players, the goal is to discover all four cures before any of several game-losing conditions are reached."

http://en.wikipedia.org/wiki/Pandemic_%28board_game%29

50:

A lot of S/360 family hardware and software development was done in the UK. If I recall correctly VM/XA was developed at Hursley Park and allegedly the model 3090 was so named because the A3090 ran past HP's gates.

51:

AND ...
Inverse-square law.
To "read" the W-&-P in your pocket, the scammer's reader has to come within a few centimetres.
Not quite so easy, especially if said scammer has no idea where the card is residing in your pockets .....

52:

Never been on the tube at rush hour? If I was intending to skim people I would not just have one device on me - I would be plastered in them, and all pressing up against multiple people for a couple of hours.

53:

And maybe stack a System 360 emulator with VM/CMS on top to ... no, that way lies madness.

I saw an x86 emulation written in Java Script. Someone booted it into Windows. Took hours as I recall.

Madness indeed. Any brit would surely be running George 3, not VM/CMS.

I think CMS stands for Cambridge Monitor System. That school that a few people think highly of.

54:

Sorry. Booted Windows into the emulation.

55:

That's why I'm sceptical, and I know I could be wrong...

I suspect it's an issue on new designs. The old ones didn't have TCP/IP as a foundation for control systems. Which is why I suspect that an IP scan on an MD80 or any other plane where the avionics where designed over 10 to 20 years ago would not show anything but consumer allocated MAC addresses. But on a new 787 or 737-800 it might give interesting results.

56:
I think CMS stands for Cambridge Monitor System. That school that a few people think highly of.

Harvard? The Cambridge in question is the one in New England.

Pretty sure that by the time I used it in the 90s, the official IBM docs had redefined "CMS" as "Conversational Monitoring System" though.

57:

For some reason I have it in my mind that development of VM and related was coordinated out of England. But it's a very old memory.

58:

"I know that guy claimed he could hack into the control systems via the "entertainment" and internet access systems available to passengers, and he got arrested. I'm not sure the arrest says anything about the plausibility of the claim. "This sounds scary, so we have to arrest somebody or we look like we don't care.""

Originally the story was just that he tweeted about messing with the system, and got pulled off a flight or something.

The latest info was that he actually told the FBI he had actually done so, and under-seat network box hardware was found to have been tampered with at his seat on multiple flights. If I recall correctly and read it right, he used a wired connection into the system (as opposed to in-flight wifi).

On the plus side, if he required unusual physical access to the electronics, that suggests a short-term fix (if necessary) of just using a more tamper-resistant enclosure

59:
To "read" the W-&-P in your pocket, the scammer's reader has to come within a few centimetres. Not quite so easy, especially if said scammer has no idea where the card is residing in your pockets .....

What Dirk said... if they don't care whose cards they grab, they just need to have a reader at hip and/or purse height and walk through a crowd. Or, conversely, find a pinch point where the crowd walks past them.

60:

Solution would seem to be to get a shielded wallet. You can buy them for reasonable prices now, though I can't speak to their effectiveness. I wonder if anyone has done any tests?

61:

On airliner IP security, here's how I'd go, moving forward:

1. Airliners have a design life of 30 years in service. Assume that any in-flight networking/entertainment system therefore has to be secure in the long haul.

2. It therefore follows that passenger entertainment stuff should be totally excluded from aviation-related kit.

3. Rip out ALL the seat-back entertainment boxes and displays. All of them. Replace with a plastic frame at eye level for the passenger's own tablet or phone. Not got one? Rent a preloaded one from a kiosk in the departure lounge (this service already exists in the US). (I estimate this will save 2-3Kg per passenger seat -- something the airlines will be very happy about.)

4. Install DUMB transformers at floor level with USB sockets able to deliver USB 3.1 spec power (up to 100 watts, enough to drive a laptop). Minimal electronics on board -- just enough to sense and adapt to voltage/current demand. Like a USB condom. Important: there must be no ability for these sockets to receive or transfer data or signalling information to the aircraft. None.

5. Any in-flight wifi or picocell phone service should be entirely independent of the aircraft's own networks -- powered the same way as the in-cabin passenger kit, not sharing wired connections with the airliner's systems. This may require building in dumb antenna housings in the airframe that can be hooked up independently to customer-facing comms hardware: yes it's a big step, but it's better than allowing passenger data traffic access to the plane's own communications interfaces.

6. There's been some talk of future airliner designs ditching internal wiring harnesses for data and going wireless for signalling, to save weight. FAA should flat out ban this as an unacceptable security/interference risk. Any internal avionic connections should be physically wired and the routers should not support a wireless interface that might be accessible to passenger devices.

7. The design assumption for new airliners requiring type certification should be that (a) at some point passengers WILL try to hijack an airliner using a cyberattack, and (b) it is unacceptable to "disarm" passengers by banning all electronics, from cellphones to cardiac pacemakers. So it's necessary to design critical systems to be inaccessible, and that this resistance must be maintained for the 30 year design life of the airframe.

Thoughts?

62:

There's been some talk of future airliner designs ditching internal wiring harnesses for data and going wireless for signalling, to save weight.

Agreed... but more likely (and already happening) is to stop at fibre-optic, i.e. "fly by light". I just can't see them signing off on it for a safety-critical system like a passenger aircraft.

I suspect any "fly by wireless" will be limited to research projects, UAVs, maybe personal aviation. Possibly even as a backup / redundancy system ("less wire" rather than "wire less".

63:

If you don't mind something heavier than a brick but definitely non-subvertable, consider the humble saturable reactor. I'm sure it would be possible to make your own (though somewhat longwinded), and they have good regulation. That removes the need for anything more complicated than rectifier diodes and passive components.

64:

And keep your backup server and its network in a faraday cage to prevent interception of your data, of course. (Do we now build an electrically-screened glove box with an airlock to pass the device being backed up in and out? I think we do.)

65:

0n point (6), is/could CANBus be certified for aircraft use? It's not totally wireless, but you'd be using the power cables that you still need to transmit the control signals so you can save fitting the signal cables.

66:

CANBus is, and I have my doubts it should even be in cars; I seem to remember a lot of "I have physical access to the network and therefore own it and everything on it" stories about it a few years ago. It's (slowly) being deprecated for cars - because it's not high-enough bandwidth for video...

67:

For those concerned about the Pay and Wave thing, (marketed here as Paypass 'tap and go') the guy who runs the local corner shop recently converted but will not allow non locals to use it. In the 2 years I have lived here I have never heard him swear (even when a bunch of young, nasty, sociopathic pricks walked into his shop and walked out with their arms full of his goods which they blatantly stole in front of him and me). He was calmer than I was and just 'oh well, they may not live long enough to end up in prison, they'll probably wipe themselves out'.

But when the guy behind me protested that I had been allowed to use his new Paypass and he wasn't, he went off ballistically (and extremely creatively). Turns out, as a merchant, yes you can get your money back if someone swipes the card and it is stolen. But it takes hours on the phone to a bank call centre for each individual transaction. 6 Fucking Hours for one transaction of $25 yesterday to be precise.

Sounds like a contender for the Evil Business plan of Evil.

It will be interesting to see whether there will be a general merchant rebellion. I live in a quiet area that lies between 2 major highways and the local supermarket has also banned Paypass as there are too many drive by randoms with stolen cards.

68:

4. Install DUMB transformers at floor level with USB sockets able to deliver USB 3.1 spec power (up to 100 watts, enough to drive a laptop). Minimal electronics on board -- just enough to sense and adapt to voltage/current demand.

Lot of weight in those transformers.

One reason AA went with the bar aluminum exteriors for a long time was the weight savings of the paint. With the new carbon composites they decided to go with all over paint as the bare exteriors didn't look all that great without the paint. Which is why they launched the new "look" with the first deliveries of the 787. (No secret info here. Just adding 2+2 in their official statements.)

69:

Seatback transformers are still likely to end up weighing less than the existing inflight entertainment kit -- those old-school LCD screens and enclosures aren't the end of it, if you've ever stubbed your foot on a box the size of a small desktop PC at toe level (one per block of 3-4 seats). I gather the 787 moves them down below floor level, into the ceiling of the cargo deck: doesn't mean they're gone, though, just out of sight.

70:

Not starting a fight but those boxes, (I was next to one two weeks ago), are the 5 - 10 year old tech. You were asking about the future. And the future of flight is about weight in so many ways.

The added weight of the 787 to deal with leaking batteries is costing Boeing or one of their suppliers a big chunk of change due to the added weight for which the buyers want a discount. My suspicion on that one is the batteries were not "fully" designed to handle the pressure changes between sea level and 6000ft which is where the 787 keeps things inside the plane. But that's just my opinion. But the fix added back all the weight that was to be saved by using Li-ion batteries.

71:

How much pressure is there, or will there be, for airliners to adopt COTS routers and/or CPUs for their avionics? I wouldn't have thought the cost saving would be much of an issue for an airliner costing a couple of hundred million dollars, but weight saving and upgradability might be. I'd bet that the functionality embedded in a Raspberry Pi or Intel Atom far exceeds any dedicated avionics CPU, and over a thirty year lifespan the upgrade cycle is probably easier to manage.

Agree whole heartedly that wireless flight controls need to be banned. Fibre optic everywhere. (I can see a case for fly by wifi on warplanes, no cables to get damaged.)

On the frames for the passenger phones or tablets, probably less fiddly just to build a standard LCD screen with a standard wireless receiver in place of an adjustable bracket. (Assuming that in a few years we'll have settle on one or two over the air HDTV standards.) Plus less likely that passengers will leave their phones in the frame when they disembark.

72:

Ten years ago this stuff was either hypothetical or NSA-only.
Seven years ago it was real but hard to find and targeted.
Three years ago medium sized nation states were using it routinely. And probably the Russian Mob.

It's really inconvenient for any modern use, but don't share any USB anything with anyone, use a USB condom, and consider not buying the systems anymore. I'm resorting to single-purpose throwaway USB peripherals for nearly everything.

I am probably a bit paranoid but was hacked by a hostile nation state.

73:

Regarding airliners - all you need to do is physically isolate the buses.

NO shared hardware or network. If you want to feed data from the controls to the entertainment (some people might) then you put in a one-way LED/optical sensor broadcast system, without a return path. If the passengers want to listen to the cockpit radio feed it out that channel, etc.

The current nets on modern airliners will be hacked into a crash. And then they'll all have to be grounded for a while.

74:

NO shared hardware or network.

That was my thought. But the biggest issue that will be fought to the bitter end is the sat link. Dual sat links will be a hard sell. I bet for a long time we'll have one sat link with (hopefully) things split at that point. And hopefully they don't us a repackaged Linksys consumer router. :)

75:

Dirk & also @ 59 / 60 /67
A London "Oyster" card can only be read accurately at less than 2 cm distance.
A Wave-&-Pay card similarly.
So, you are going to try to read strangers' cards in a crowded tube train?
Really
[Remember, I'ma Londoner, I know about rush-hour conditions]
You have to get your reader parallel to & within 2 cm or preferably, less, of your mark's card, & you don't know where he/she is carrying it.
Err ....
No.

As for nicked ones in shops, yes, that is a problem.

76:

No. You merely have to have a reasonable chance of doing so,
because you leave it on automatic collection. A 1% chance of
success? No problem. Just jostle one person every 10 seconds
for twenty minutes.

77:
A London "Oyster" card can only be read accurately at less than 2 cm distance. A Wave-&-Pay card similarly.
By the standard readers, which are designed to only read the card being presented to them. Use one of these however, and you've a range of nearly a metre.
78:

It's conceivable someone might manage to push a card reader, undetected, close enough to a guys* arse** to read his oyster but a contactless card in a wallet is pretty much impossible. I've tried several times but my card can't be read through my wallet, I have to take it out in order to use it on anything.

* Women's would be even harder to read given many keep their things in a hand bag

** Keeping an oyster in a back pocket is standard right? Guys?

79:

The downside of those is that when the readable volume gets larger, there ends up being more collisions because of multiple cards within it. It's a fine art making the reader able to read close up cards without getting interference from one a few inches further away belonging to someone else.

But for hijacking the one in Greg's wallet as he walks past on the street, if he's only carrying the one then the high power reader would be the way I'd go. Do it by a bus stop, where more people will be getting the cards out ready ...

80:

Keeping an oyster in a back pocket is standard right? Guys?

I'm wondering about mounting the relevant circuitry into a signet ring. The card circuitry not the reader, in case someone's visualising reading other people's cards by groping bums.

82:

Or queue at a cash machine, or ....

If I recall correctly, some researchers have tried just this,
and got more ids than they were expecting. I can't remember the
details (e.g. which cards), but a search might find links.

83:

Like all new tech the market guys stifle the issues and claim perfection in the use of.

When Bluetooth was getting started the claim was don't worry about security snooping as these things only work up to 15 feet or so. So some guys built a Yagi antenna tuned to Bluetooth frequencies and were able to pick up keystrokes on something like the 10th floor while standing at street level.

84:

Keeping an oyster in a back pocket is standard right? Guys?

Depends how often you want to replace it, after its been stolen/broken (by sitting on it and flexing the card enough to eventually break the chip).

So, no, I don't. My wife did for a while, but around the 8th replacement she stopped.

85:

Huh. I've kept mine in an oyster wallet in my back pocket for three years now and it's fine.

86:

May depend on shape of buttock, weight of user and position of pocket, of course. cf. bent iphone 6s. But it was repeated loss (possibly theft, possibly just fell out when sitting down when out and about) that did it for my wife (1 breakage, 1 definite theft, the rest loss/theft). As a man, I get to have proper front pockets on my trousers, so I just keep mine there.

87:

Oh, yeah, completely: my point was that relying on transmission range for security tends to be defeated by the 'bad guys' not being restricted to the aerial or power specifications of the commercial readers.

88:

Or queue at a cash machine, or ....

Better still: bolt a high-powered reader to the wall above a cash machine, inside a small CCTV dome enclosure. People using the ATM will be reassured by the extra security on display. Meanwhile, you're not putting a physical skimmer on the ATM itself. A security check will have to examine all the street furniture nearby ...

89:

A Ticket to Tranai springs to mind

90:

Back pocket? That's for people who want their pockets picked from behind.

91:

There's at least one class of bottleneck passersby will certainly have their wallets/purses with them and will *expect* to see aerials; shop doorways. "Augment" Harrods' EAS system with RFID readers, skim cards, profit.

92:

Back pocket when in mufti; inside jacket pocket when suited and booted.

Regards
Luke

93:

...annd today we found out that an Advanced Persistent Threat crawled inside Kapersky Labs and the phone systems at the hotels that the P5-Iran nuclear talks are being held at.

Yay, APT.

94:

NO
Top front jacket pocket.
Debit & other cards, various in "wallet" & nowhere near the Oyster ( & I'm not saying where ).

anonemouse
That distance-reader is a bit bulky, to say the least ...
However, your #91 comment is apt - requires connivance of shop-owner .. i.e. whole enterprise is a giant scam.

Charlie @ 88
Yes.
However the Plod are on to this one & have distributed warning videos - apparently it's a known scam.

95:

Oh I know it's been done before - some years ago someone built a magic wand. I didn't have an Oyster back then1, but I did get the Montreal metro equivalent when visiting there in 2009, and certainly wondered about it then.

But thanks for the link to the ring - if that did Oyster, it would be great.

1 My Oyster is the 2011 Royal Wedding commemorative one, because that was the only one available at the time I finally took the plunge

96:

On the need to unplug the power in order to plug in external storage for backups and the like, I can't help but wish for some kind of internal microSD card.

The other thing that might be nice for travelers, I suppose... since USB-C has a way to negotiate power supply in both directions (eg. software can decide which side provides the juice at a given moment), maybe a USB-C brick that's both mass storage and a battery. If you plug it into a machine that's on AC power, it charges. If you plug it into a MacBook while traveling, it can charge the macbook.

(Maybe provide another port on it that's power-only. When someone else wants a charge from you and you don't trust them with your data, let them plug into that port. Otherwise, plug that port into a wall-wart, for a sort of "in-line USB mass storage" setup, with the bonus of isolating your computer's data connection from the power source.)

97:

...bolt a high-powered reader to the wall above a cash machine, inside a small CCTV dome enclosure. People using the ATM will be reassured by the extra security on display...

Since this scheme is already known to the police, and the perpetrators are presumably in a hurry, how about not bolting the spy gadgetry to anything? Include purely cosmetic bolts if you like, but fasten the unit to its surface with magnets or, if necessary, glue. The point should be that the unit can be placed or removed in a few seconds at most; no doubt a little practice can make this very easy to miss.

98:

"That distance-reader is a bit bulky, to say the least "

It doesn't have to be. The bulk is in the loop antenna, which can be wrapped around a persons body or back of the jacket

Specials

Merchandise

About this Entry

This page contains a single entry by Charlie Stross published on June 5, 2015 2:01 PM.

CMAP: "Why can't I find audio editions of your books in the UK?" was the previous entry in this blog.

They Took Our Myths is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Search this blog

Propaganda