Why haven't Spectre et al been used as vectors to jailbreak old hardware yet? I get the impression they're not that practical of vectors and we freaked out and hobbled our cpu performance with patches for nothing.
I have a haunted TV: my 4 year old Sony Bravia (Android TV) reboots seemingly intentionally during the most interesting parts of TV broadcasts. And since a few weeks ago, it also regularly loses the Wi-Fi connection. Thanks Google and Sony!
I had a bad experience with the last (and final) cheap Android TV I got (Philips, really a rebranded FUNAI according to the Netflix device ID) - would take minutes to boot, often not power on unless unplugged, and would get slower and slower the longer it was on. Guess it was haunted as well. I left it in the house I sold.
wow I also have a Sony Bravia around the same age and this also happens to me sporadically! drives me insane when it happens, but it's infrequent enough that I haven't replaced it yet.
I can attest to this; we have a vacuum cleaning robot that has recently taken to spontaneous vacuuming at random times - the first time was naturally just after midnight and scared the life out of me :-)
That will often be a short in the thermostat wires; old thermostat tech worked by just dead-shorting the two "T" terminals together, so any degraded insulation could be calling for heat if it allows a short to develop.
If it happens enough to be annoying, consider setting the T-stat to NOT call for heat and then go moving wires around until you find the place that has the intermittent short.
My mother had a TV in the 90s that would spontaneously wake up at approximately midnight, at random. The family rumor was that it happened after being struck by lightning. Creepy.
Haunting is overfitting data to a pattern (ghost) that can explain everything. The benefit is less thought about things that don’t matter, but missing out on learning something useful is the disadvantage.
Overfitting seems pretty great for survival - who cares if one in 100 canines is friendly - much safer to avoid them! Humans seem to be unique in that we occasionally second guess our overfit models. And in the case of avoiding dangerous animals, the result couldn’t have been more wonderful: Dogs!
Confronting and undoing a casually overfit mental model is harder the more subtle and useful they are - but those are the bits that hide the great secrets of the universe!
Do you mean that the tech is in a worse state than it would appear at first glance, or that literally most of society is built in order to accomplish those same goals.
Many years ago, in my first tech job, we converted our typewriter-driven office to networked DOS PCs, running on Netware. One day, one of the legal secretaries, of self-described Roma ancestry, started complaining about her PC acting oddly...software not starting, spontaneous reboots ,etc. We replaced her machine to troubleshoot it, but the same thing happened with the replacement machine. We couldn't detect anything she was doing wrong.
Finally, she got tired of our fruitless technology-driven attempts to help her and strung a few cloves of garlic along the tops and sides of her cubicle. Her problems went away, immediately. My boss, the director of IT, and I looked at each other, shrugged, and called it good.
One time I had a horrible roommate I hated immensely. She did shit like make a friend of mine cry on her birthday. Her boyfriend broke up with her cause she was obviously a terrible person, so her response to this was visiting a witch doctor (This is an incident that happened in the third world so bear with me for a moment). His recommendation was to cut an X into limes and put them in the corner of each room in the house. He said if they were intact when she came back home from work, but if they were black when she came back from work then he'd DIE. She told me this with a smile on her face.
I was like wow you're an idiot who believes in bullshit which might actually kill someone, fuck you. Called in late to work, went to the store, bought limes, cut X's into each of them and DOUBLED THE LIMES she put in the corners of the house.
She left while paying rent for like two months and I had the best time of my life which occurred staying there after.
Little did they know, that those early computers were actually powered by garlic odors[0]! Like calculators that can be powered by light - the "magic" that we call solar power. So, of course, the user's implementatin of garlic cloves clearly "fixed the glitch". Happy pre-Halloween!
[0] No, of course garlic isn't an energy source. ...At least, not one that we (yet) know how to harness. ;-)
We can harness some of the energy by eating it! It's not particularly efficient given how little energy it gives though, and not particularly enjoyable without being combined with other energy sources.
Roma “treatments” are fascinating, in a very positive way (sadly in europe you need to mention this, as roma are very discriminated against). I knew of one where they do a trick with lit matches at door corners that “treats” mild colds and “curses”. Wondering if this wizardry originates from india, given their history [0][1], or they picked it up on the way to europe but i really wish there was a book on these practices and their origins. I am almost certain these involve psychology, somehow, but cant prove it.
The peculiar thing about having an aluminum cased laptop is that when the ground wires in the power adapter get frayed, or if the electrical circuit is hot garbage, you tend to get a little tingle when you touch the computer. Time to either throw away that adapter or get your wiring checked.
But when you feed bad power into a computer, you get glitches, and quite often this 'haunted' equipment is just running in a bad way. For all we know this woman jiggled a wire and everything is fine.
I've been on the other side of this: IT head says we're gonna swap a server out. It has nothing to do with the workload I/we have today so we say sure. Problem is that it's in the same rack as something with a deadline, and jiggling the wires causes a network connection to go down. I've had this happen three times and we've swapped the cables in each case. Because jiggling an ethernet cable should never be sufficient stress to lose connection.
First time the manager threw the cable away on his own. Second one I had to make him give me the cable because 'it could still be good'. Third one started the same argument, then pulled out wire cutters, cut off the ends, handed them to me to shut me up. Bad equipment goes in the garbage, not into a drawer that means 'ticking time bombs'. Since the connectors are usually why a cable is 'bad', I was mollified.
We completely replaced the machine, so the chances of the power or ethernet cable being plugged in wrong in exactly the same way on two different machines seems vanishingly small. This being well over 30 years ago, I have no idea anymore whether or not we tried swapping either cable. At any rate, it was a least a day between the most recent machine replacement, which didn't seem to solve her problem, and the garlic placement. I'm sure there's a rational explanation in there somewhere...but problem solved, however it happened!
My brother worked in tech support at a Christian college. People would come in with a PC that wasn't working. He would look at it thoughfuly for a few moments, then, in a loud voice and great dramatic flair would say "Demon, Be Gone" and smash his hands into the keyboard (carefully, such that he was actually hitting control-alt-delete-- but you wouldn't notice this because of the acting).
the computer would shut down, reboot, and he would look at them and cheerfully and calmly say "All better now. You can go home."
...who built a simulation so robust that we've yet to demonstrate any actual bugs. This world is freakishly consistent, if it's the work of anything remotely like human intelligence (though I hold out hope for modern physics to wind up unresolved and unreconcilable, because I love mysteries).
> ..who built a simulation so robust that we've yet to demonstrate any actual bugs
I heard the simulation has an issue with recursion, which is why my code has a lot of bugs; I implemented it right, but the simulation has bugs when simulating me running it.
Periodically, my diagnosis on test failures has been "maybe a ghost did it".
Test failures that are flaky / sporadic often signal something you really need to look into - either you're not in control of your test's corner cases or your product's. Either way you can't ignore it.
But, sometimes, with the whole "running hundreds of thousands of tests of complex, interacting software on cloud infrastructure that has virtualisation, custom kernels, whatever ..." the answer is just "woooooo spooky". When it comes to customer boxes, it's even weirder ;-)
=== When PTRACE_SINGLESTEP got haunted ===
A few years ago, we saw a particular issue in which the PTRACE_SINGLESTEP operation (which should, you know, step by a single instruction!) would sometimes step two instructions - but it basically only happened in testing.
Eventually we figured out that:
* For a particular older enterprise distro on x86.
* If you tried to single-step a thread in one process.
* And a thread in another process hit a watchpoint at the same time.
* Then your thread would step by two instructions.
Spooky action at a distance. This might also have required you to be running on a virtualized system - it didn't matter to us at that point, since clearly we need to work around issues people may see on cloud infrastructure.
Of course, unless you tested debugger workloads extensively you'd probably never have two processes under debug simultaneously in order to notice this.
=== When transparent hugepages got haunted ===
When RHEL backported support for the Linux kernel's THP optimisation, quite a few years ago, to one of their enterprise kernels a bug also got backported that I'd call "extremely haunted".
THP worked fine, maps would automatically get huge pages where appropriate and would get split up again if necessary.
EXCEPT ... if a THP-ed memory location was:
* Write-protected because of COW memory sharing (e.g. after fork)
* And the page was split by a write
* And that write had come from a PTRACE_POKE operation, not an in-process write.
Then something crazy would go wrong in the system. That process, IIRC, would hang and become unkillable.
Some sort of goblin got into the memory management subsystem at that point and there was no getting it out again - gradually the whole system would start to lock up until it became unusable - eventually requiring the box to be reset. This happened even from an unprivileged process.
Again, this is something most workloads wouldn't see but - once we'd understood the underlying issue - we had to find ways to prevent it happening. You just can't trigger a kernel bug like that, even if you know it's not your fault. If you're always there when it happens, nobody is sympathetic to you!
I'm reminded of the "I can't send email to anyone over 100 miles away" story. There is, of course, a perfectly rational explanation... but that doesn't change the spooky arbitrariness of it..
EDIT: Not sure why I forgot to link this, out of one of my all-time favorite presentations. I give you: The Mechanical Transmogrification of Diodes into Capacitors!
> A novice was trying to fix a broken Lisp machine by turning the power off and on.
> Knight, seeing what the student was doing, spoke sternly: “You cannot fix a machine by just power-cycling it with no understanding of what is going wrong.”
I've mentioned before how loud an argument we got into with a guy who aspired to being a hacker, and yet didn't understand that the magnetic domains on a HDD were essentially analog. Even after we asked him why, if hard drives were truly binary, that secure disk erase tools were so complex and slow he still insisted that everything was binary, soup to nuts.
Even the simplest things are a fiction. Or maybe I should say especially the simplest things are a fiction.
>Even after we asked him why, if hard drives were truly binary, that secure disk erase tools were so complex and slow he still insisted that everything was binary
Well, the argument was bad though: whether hard drives are analog is orthogonal to why "secure disk erase tools are so complex and slow".
I see what you meant ("if they were digital you could just tell them to flip to zero and that would be easy and fast").
Sure, but there are many other reasons why secure disk erase tools could be complex and slow even in an imagined all-digital disk (and of course the imaginary digital substrate operations could just be a slow tech, the way RAM is slower than Lx caches, etc.). And while for delete you just need to change some directory entries to mark as none, for "secure erase" you'd also want to "reset" every bit, so at least similar time to the work you do when you write a file of same size.
It depends on the value of your data. It's theoretically possible to use specialized equipment to find remnants of the data even after having been zero'd out (by taking out the platters and very carefully poring over the ever-so-slight analog-induced discrepancies in what "0" and "1" look like), but unless your attacker is the NSA you probably don't have to worry about that (and if your attacker is the NSA, you're probably already using full-disk encryption anyway, which largely renders disk erasure a moot point).
>It's theoretically possible to use specialized equipment to find remnants of the data even after having been zero'd out
No, this is not possible neither in theory nor in practice.
>by taking out the platters and very carefully poring over the ever-so-slight analog-induced discrepancies in what "0" and "1" look like
Even doing this is not enough to recover the data. What 0 and 1 look like isn't even constant. There is variability in what the current value is set to and their is variability in what the previous value was set to. There is too much randomness to recover the original data.
>which largely renders disk erasure a moot point
Disk erasure in this case can still be useful. In this case you only have to overwrite the master key.
The idea that overwritten data can be recovered is an urban legend that is not based off reality, and simply wastes people's time and contributes to ewaste from people destroying harddrives.
For just wiping data overwriting it with anything is fine. If you plan on using the disk for FDE you should overwrite the drive with random bytes so that you don't leak the size of the used disk space.
The saving grace here is that newer drives are a lot denser than the ones in common use back then, so data recovery in this fashion is prohibitively expensive for anything manufactured in the last decade or so. You basically need to be more precise in your reads than hard drives themselves - and that's a pretty tall order.
Still, technology does march on; there remains a risk that recovery techniques could catch up, and there are indeed folks who need absolute guarantees of erasure - and there ain't much more absolute than physical destruction.
> What 0 and 1 look like isn't even constant. There is variability in what the current value is set to and their is variability in what the previous value was set to.
It's exactly that variability that makes data recovery possible.
> simply wastes people's time and contributes to ewaste from people destroying harddrives.
It doesn't really do either. Again: this is really only relevant if you're being targeted by the sorts of nation-state-level intelligence agencies that have the time, resources, and expertise for this sort of thing - and when you're such a target, guaranteed data destruction matters a lot more than the amount of e-waste you generate.
> If you plan on using the disk for FDE you should overwrite the drive with random bytes so that you don't leak the size of the used disk space.
This doesn't always work - for example, if you want to use TRIM on SSDs, since unused blocks are zero'd out instead of left as-is. The usual recommendation there for maximum security is "just don't use TRIM", with the SSD performance and longevity implications that entails.
Which is what the authors of "Overwriting Hard Drive Data: The Great Wiping Controversy" did. The highlight of their response is that for the recovery method described in Gutmann's paper to be accurate it requires a copy of the original data. When the authors tested a drive that existed at the time Gutmann wrote that paper in optimal conditions there was only a 92% chance of recovering a bit correctly. The chance to successfully recover exponentially decays with the number of bits you want to recover.
>if you want to use TRIM on SSDs
We were talking about HDDs. SSDs are out of scope.
> When the authors tested a drive that existed at the time Gutmann wrote that paper in optimal conditions there was only a 92% chance of recovering a bit correctly. The chance to successfully recover exponentially decays with the number of bits you want to recover.
That's still a non-zero probability. For folks whose tolerance for data exfiltration is "zero", anything non-zero, no matter how infinitesimally small, is non-acceptable - hence: physical destruction rather than relying on overwriting.
Thankfully, as mentioned previously, said folks are a pretty tiny minority of the total hard drive market, and are typically the folks encrypting everything at rest anyway. A random pass or two over encrypted data is more than enough to ensure that even if an attacker is able to accurately recover old bits, there's no telling whether or not those old bits are actually data.
> We were talking about HDDs. SSDs are out of scope.
If we're going to adjust our expectations for "overwriting is sufficient for data destruction" based on changes in technology, then SSDs are absolutely in scope - and indeed have their own set of implications when it comes to data retention after overwrite (like TRIM, as mentioned before, or the general case of two writes to the "same" block not necessarily being written to the exact same set of cells).
Just as there is a nonzero chance of someone recovering your data by reading /dev/urandom. Technically your data could be outputed but the person reading /dev/urandom would not be able to tell if it was just random data or if it was what was wiped.
Even if your tolerance for data exfiltration is 0 you can be okay with a non 0 chance for someone to randomly generate the data.
>If we're going to adjust our expectations for "overwriting is sufficient for data destruction" based on changes in technology, then SSDs are absolutely in scope
The process of wiping SSDs is different because you don't do it by overwriting all of the data, but instead by initiating a secure erase.
> Just as there is a nonzero chance of someone recovering your data by reading /dev/urandom.
That variety of non-zero is much closer to zero than the risk of increasingly-sophisticated equipment being able to recover overwritten data - and unlike the non-zero risk of such an "infinite typewriters" sort of attack, mitigating the non-zero risk of recovering overwritten information from media is straightforward: destroy the media.
> The process of wiping SSDs is different because you don't do it by overwriting all of the data, but instead by initiating a secure erase.
In other words: trusting an opaque blob of SSD firmware to overwrite all of the data for you.
>zero than the risk of increasingly-sophisticated equipment being able to recover overwritten data
No, it isn't. Reread the paper I referenced. The chance of recover exponentially decays which means the probability does quickly go to zero as the number of bits you want to recover increases.
>trusting an opaque blob of SSD firmware to overwrite all of the data for you.
No, you are trusting them to overwrite the encryption key and that the encryption being used is secure.
As does the chance of a random number generator accidentally recreating your secret.
And that's assuming, again, that technology doesn't improve.
> No, you are trusting them to overwrite the encryption key and that the encryption being used is secure.
1. That's hardly any more reassuring (though at least it does hopefully mitigate overwriting concerns, assuming that key can't be recovered and the encryption method is indeed more secure)
2. That doesn't explain why secure erase commands take so long relative to other ATA commands (anywhere from seconds to hours), or why that time scales with drive size.
I don't pretend to know how any of this stuff works, but I acknowledge it, respect it, and pay tribute when I can.
Because I am working on a Web product which aims to be compatible with every Web server and Web browser in every configuration, I went out of my way to visit historic places, such as the Netscape offices in Mountain View, and Urbana-Champaign campus where Mosaic was developed.
I sat and meditated on their history and the events which happened there. And I feel that my product better as a result.
If you've ever worked on a codebase with developers who are no longer around, you come to understand the data structures, algorithms and comments they leave behind give a sense of their personality. A 'ghost' if you will.
This work has informed quite a bit of art and literature ever since, from the manga/anime series Ghost in the Shell to a fair bit of William Gibson's work (see 'semiotic ghosts' of futures that might-have-been in The Gernsback Continuum).
As far as religious belief in modern civilization, Frank Herbert in Dune (Appendix II) describes what I imagine is the common modern view among the 'power elite':
The agnostic ruling class (including the Guild) for whom religion was a kind of puppet show to amuse the populace and keep it docile, and who believed essentially that all phenomena - even religious phenomena - could be reduced to mechanical explanations.
With respect to as belief, I think anyone who says 'I believe in <insert whatever here>' is actually expressing doubt in their own world view. I'm more impressed by the so-called religious fanatics who instead say, 'I know of <insert whatever here>'. Consider the person who hears the voice of 'invisble sky friends' in their heads and writes it down in an (eventually holy) text - who is to say with certainty whether that's the result of schizophrenia and auditory hallucinations, or an actual interdimensional communication from the architect of this virtual reality simulation we're all (okay, perhaps) living in?
As far as haunted old tech:
"We build our computers the way we build our cities - over time, without a plan, on top of ruins." - Ellen Ullman, Life in Code
> who is to say with certainty whether that's the result of schizophrenia and auditory hallucinations, or an actual interdimensional communication from the architect of this virtual reality simulation we're all (okay, perhaps) living in?
Yet those are probabilistic heuristics, not things which grant certitude.
(Also, Russell's Teapot is not at all a fair comparison. A vast, incomprehensible, inconceivably simple unitary consciousness as the fundamental substrate of reality is much closer to most religious conceptions of God than is a teapot in orbit.)
(...and, of course, a single entity which underlies reality is ultimately simple. Push it pantheist and you reduce the number of entities to one - no other worldview can reduce the number of entities further.)
> Also, Russell's Teapot is not at all a fair comparison. A vast, incomprehensible, inconceivably simple unitary consciousness as the fundamental substrate of reality is much closer to most religious conceptions of God than is a teapot in orbit
The corollary between the teapot and the idea of "god" is that both of them are extraordinary claims and therefore the burden of proof rests on the people trying to argue that they're true. That property remains holds for your first definition of god as well. That doesn't mean it _can't_ be true, but it does imply that it should be held to the same standard as any other unfalsifiable claim.
Of course, the converse is true as well, which I think is the point the article is trying to make; believing in ghosts or hauntings isn't any more incompatible with the worldview of the cold, rational technologist that the article describes than religion is. If believing in ghosts or hauntings makes someone happier, as long as they don't use it as a rationale to harm anyone else, all the more power to them!
> The agnostic ruling class (including the Guild) for whom religion was a kind of puppet show to amuse the populace and keep it docile, and who believed essentially that all phenomena - even religious phenomena - could be reduced to mechanical explanations.
Sound a bit like Gibbon on Roman religion:
"The policy of the emperors and the senate, as far as it concerned religion, was happily seconded by the reflections of the enlightened, and by the habits of the superstitious, part of their subjects. The various modes of worship, which prevailed in the Roman world, were all considered by the people, as equally true; by the philosophers, as equally false; and by the magistrate, as equally useful. And thus toleration produced not only mutual indulgence, but even religious concord."
I have observed my hibernating linux desktop receiving and transmitting data through the onboard GbE interface to IPs that were owned by an ASN owned by an LLC with a registered address matching the WHOIS for the ASN - an address that didn't exist according to the postal service. Captured upstream with an OpenWRT router running a packet capture and that desktop as the only device downstream of that router.
Either ghosts or the PSP on my AMD processor chatting with spooks.
102 comments
[ 0.27 ms ] story [ 172 ms ] threadIf it happens enough to be annoying, consider setting the T-stat to NOT call for heat and then go moving wires around until you find the place that has the intermittent short.
https://youtu.be/-MM0Z_jCrGo
Confronting and undoing a casually overfit mental model is harder the more subtle and useful they are - but those are the bits that hide the great secrets of the universe!
Hum... That's really not overfitting. In fact, that's the opposite of it, an incomplete model.
Constantly tempting me, always whispering in my ear to want more, making me covet what others have.
For your own good.
Finally, she got tired of our fruitless technology-driven attempts to help her and strung a few cloves of garlic along the tops and sides of her cubicle. Her problems went away, immediately. My boss, the director of IT, and I looked at each other, shrugged, and called it good.
I was like wow you're an idiot who believes in bullshit which might actually kill someone, fuck you. Called in late to work, went to the store, bought limes, cut X's into each of them and DOUBLED THE LIMES she put in the corners of the house.
She left while paying rent for like two months and I had the best time of my life which occurred staying there after.
Now there's her problem. By doing that the spell changed from "kill ex-boyfriend" to "self eviction".
[0] No, of course garlic isn't an energy source. ...At least, not one that we (yet) know how to harness. ;-)
[0] https://encyclopedia.ushmm.org/content/en/article/roma-gypsi...
[1] https://en.wikipedia.org/wiki/History_of_the_Romani_people
But when you feed bad power into a computer, you get glitches, and quite often this 'haunted' equipment is just running in a bad way. For all we know this woman jiggled a wire and everything is fine.
I've been on the other side of this: IT head says we're gonna swap a server out. It has nothing to do with the workload I/we have today so we say sure. Problem is that it's in the same rack as something with a deadline, and jiggling the wires causes a network connection to go down. I've had this happen three times and we've swapped the cables in each case. Because jiggling an ethernet cable should never be sufficient stress to lose connection.
First time the manager threw the cable away on his own. Second one I had to make him give me the cable because 'it could still be good'. Third one started the same argument, then pulled out wire cutters, cut off the ends, handed them to me to shut me up. Bad equipment goes in the garbage, not into a drawer that means 'ticking time bombs'. Since the connectors are usually why a cable is 'bad', I was mollified.
the computer would shut down, reboot, and he would look at them and cheerfully and calmly say "All better now. You can go home."
I wouldn't - the majority believes in an invisible sky friend.
I heard the simulation has an issue with recursion, which is why my code has a lot of bugs; I implemented it right, but the simulation has bugs when simulating me running it.
Test failures that are flaky / sporadic often signal something you really need to look into - either you're not in control of your test's corner cases or your product's. Either way you can't ignore it.
But, sometimes, with the whole "running hundreds of thousands of tests of complex, interacting software on cloud infrastructure that has virtualisation, custom kernels, whatever ..." the answer is just "woooooo spooky". When it comes to customer boxes, it's even weirder ;-)
=== When PTRACE_SINGLESTEP got haunted ===
A few years ago, we saw a particular issue in which the PTRACE_SINGLESTEP operation (which should, you know, step by a single instruction!) would sometimes step two instructions - but it basically only happened in testing.
Eventually we figured out that:
* For a particular older enterprise distro on x86.
* If you tried to single-step a thread in one process.
* And a thread in another process hit a watchpoint at the same time.
* Then your thread would step by two instructions.
Spooky action at a distance. This might also have required you to be running on a virtualized system - it didn't matter to us at that point, since clearly we need to work around issues people may see on cloud infrastructure.
Of course, unless you tested debugger workloads extensively you'd probably never have two processes under debug simultaneously in order to notice this.
=== When transparent hugepages got haunted ===
When RHEL backported support for the Linux kernel's THP optimisation, quite a few years ago, to one of their enterprise kernels a bug also got backported that I'd call "extremely haunted".
THP worked fine, maps would automatically get huge pages where appropriate and would get split up again if necessary.
EXCEPT ... if a THP-ed memory location was:
* Write-protected because of COW memory sharing (e.g. after fork)
* And the page was split by a write
* And that write had come from a PTRACE_POKE operation, not an in-process write.
Then something crazy would go wrong in the system. That process, IIRC, would hang and become unkillable.
Some sort of goblin got into the memory management subsystem at that point and there was no getting it out again - gradually the whole system would start to lock up until it became unusable - eventually requiring the box to be reset. This happened even from an unprivileged process.
Again, this is something most workloads wouldn't see but - once we'd understood the underlying issue - we had to find ways to prevent it happening. You just can't trigger a kernel bug like that, even if you know it's not your fault. If you're always there when it happens, nobody is sympathetic to you!
EDIT: Not sure why I forgot to link this, out of one of my all-time favorite presentations. I give you: The Mechanical Transmogrification of Diodes into Capacitors!
https://c3.ndc.nasa.gov/dashlink/static/media/other/Observed...
https://www.ibiblio.org/harris/500milemail.html
> A novice was trying to fix a broken Lisp machine by turning the power off and on.
> Knight, seeing what the student was doing, spoke sternly: “You cannot fix a machine by just power-cycling it with no understanding of what is going wrong.”
> Knight turned the machine off and on.
> The machine worked.
Even the simplest things are a fiction. Or maybe I should say especially the simplest things are a fiction.
Well, the argument was bad though: whether hard drives are analog is orthogonal to why "secure disk erase tools are so complex and slow".
I see what you meant ("if they were digital you could just tell them to flip to zero and that would be easy and fast").
Sure, but there are many other reasons why secure disk erase tools could be complex and slow even in an imagined all-digital disk (and of course the imaginary digital substrate operations could just be a slow tech, the way RAM is slower than Lx caches, etc.). And while for delete you just need to change some directory entries to mark as none, for "secure erase" you'd also want to "reset" every bit, so at least similar time to the work you do when you write a file of same size.
It's security theater. All you have to do is write 0s to the entire HDD.
No, this is not possible neither in theory nor in practice.
>by taking out the platters and very carefully poring over the ever-so-slight analog-induced discrepancies in what "0" and "1" look like
Even doing this is not enough to recover the data. What 0 and 1 look like isn't even constant. There is variability in what the current value is set to and their is variability in what the previous value was set to. There is too much randomness to recover the original data.
>which largely renders disk erasure a moot point
Disk erasure in this case can still be useful. In this case you only have to overwrite the master key.
The idea that overwritten data can be recovered is an urban legend that is not based off reality, and simply wastes people's time and contributes to ewaste from people destroying harddrives.
For just wiping data overwriting it with anything is fine. If you plan on using the disk for FDE you should overwrite the drive with random bytes so that you don't leak the size of the used disk space.
Then go tell that to Peter Gutmann: https://www.usenix.org/legacy/publications/library/proceedin...
The saving grace here is that newer drives are a lot denser than the ones in common use back then, so data recovery in this fashion is prohibitively expensive for anything manufactured in the last decade or so. You basically need to be more precise in your reads than hard drives themselves - and that's a pretty tall order.
Still, technology does march on; there remains a risk that recovery techniques could catch up, and there are indeed folks who need absolute guarantees of erasure - and there ain't much more absolute than physical destruction.
> What 0 and 1 look like isn't even constant. There is variability in what the current value is set to and their is variability in what the previous value was set to.
It's exactly that variability that makes data recovery possible.
> simply wastes people's time and contributes to ewaste from people destroying harddrives.
It doesn't really do either. Again: this is really only relevant if you're being targeted by the sorts of nation-state-level intelligence agencies that have the time, resources, and expertise for this sort of thing - and when you're such a target, guaranteed data destruction matters a lot more than the amount of e-waste you generate.
> If you plan on using the disk for FDE you should overwrite the drive with random bytes so that you don't leak the size of the used disk space.
This doesn't always work - for example, if you want to use TRIM on SSDs, since unused blocks are zero'd out instead of left as-is. The usual recommendation there for maximum security is "just don't use TRIM", with the SSD performance and longevity implications that entails.
Which is what the authors of "Overwriting Hard Drive Data: The Great Wiping Controversy" did. The highlight of their response is that for the recovery method described in Gutmann's paper to be accurate it requires a copy of the original data. When the authors tested a drive that existed at the time Gutmann wrote that paper in optimal conditions there was only a 92% chance of recovering a bit correctly. The chance to successfully recover exponentially decays with the number of bits you want to recover.
>if you want to use TRIM on SSDs
We were talking about HDDs. SSDs are out of scope.
That's still a non-zero probability. For folks whose tolerance for data exfiltration is "zero", anything non-zero, no matter how infinitesimally small, is non-acceptable - hence: physical destruction rather than relying on overwriting.
Thankfully, as mentioned previously, said folks are a pretty tiny minority of the total hard drive market, and are typically the folks encrypting everything at rest anyway. A random pass or two over encrypted data is more than enough to ensure that even if an attacker is able to accurately recover old bits, there's no telling whether or not those old bits are actually data.
> We were talking about HDDs. SSDs are out of scope.
If we're going to adjust our expectations for "overwriting is sufficient for data destruction" based on changes in technology, then SSDs are absolutely in scope - and indeed have their own set of implications when it comes to data retention after overwrite (like TRIM, as mentioned before, or the general case of two writes to the "same" block not necessarily being written to the exact same set of cells).
Just as there is a nonzero chance of someone recovering your data by reading /dev/urandom. Technically your data could be outputed but the person reading /dev/urandom would not be able to tell if it was just random data or if it was what was wiped.
Even if your tolerance for data exfiltration is 0 you can be okay with a non 0 chance for someone to randomly generate the data.
>If we're going to adjust our expectations for "overwriting is sufficient for data destruction" based on changes in technology, then SSDs are absolutely in scope
The process of wiping SSDs is different because you don't do it by overwriting all of the data, but instead by initiating a secure erase.
That variety of non-zero is much closer to zero than the risk of increasingly-sophisticated equipment being able to recover overwritten data - and unlike the non-zero risk of such an "infinite typewriters" sort of attack, mitigating the non-zero risk of recovering overwritten information from media is straightforward: destroy the media.
> The process of wiping SSDs is different because you don't do it by overwriting all of the data, but instead by initiating a secure erase.
In other words: trusting an opaque blob of SSD firmware to overwrite all of the data for you.
No, it isn't. Reread the paper I referenced. The chance of recover exponentially decays which means the probability does quickly go to zero as the number of bits you want to recover increases.
>trusting an opaque blob of SSD firmware to overwrite all of the data for you.
No, you are trusting them to overwrite the encryption key and that the encryption being used is secure.
I did.
> The chance of recover exponentially decays
As does the chance of a random number generator accidentally recreating your secret.
And that's assuming, again, that technology doesn't improve.
> No, you are trusting them to overwrite the encryption key and that the encryption being used is secure.
1. That's hardly any more reassuring (though at least it does hopefully mitigate overwriting concerns, assuming that key can't be recovered and the encryption method is indeed more secure)
2. That doesn't explain why secure erase commands take so long relative to other ATA commands (anywhere from seconds to hours), or why that time scales with drive size.
Because I am working on a Web product which aims to be compatible with every Web server and Web browser in every configuration, I went out of my way to visit historic places, such as the Netscape offices in Mountain View, and Urbana-Champaign campus where Mosaic was developed.
I sat and meditated on their history and the events which happened there. And I feel that my product better as a result.
Ghosts in the machine, spirit in the system, hear the whispers, screams are distant.
https://en.wikipedia.org/wiki/The_Ghost_in_the_Machine
This work has informed quite a bit of art and literature ever since, from the manga/anime series Ghost in the Shell to a fair bit of William Gibson's work (see 'semiotic ghosts' of futures that might-have-been in The Gernsback Continuum).
As far as religious belief in modern civilization, Frank Herbert in Dune (Appendix II) describes what I imagine is the common modern view among the 'power elite':
The agnostic ruling class (including the Guild) for whom religion was a kind of puppet show to amuse the populace and keep it docile, and who believed essentially that all phenomena - even religious phenomena - could be reduced to mechanical explanations.
With respect to as belief, I think anyone who says 'I believe in <insert whatever here>' is actually expressing doubt in their own world view. I'm more impressed by the so-called religious fanatics who instead say, 'I know of <insert whatever here>'. Consider the person who hears the voice of 'invisble sky friends' in their heads and writes it down in an (eventually holy) text - who is to say with certainty whether that's the result of schizophrenia and auditory hallucinations, or an actual interdimensional communication from the architect of this virtual reality simulation we're all (okay, perhaps) living in?
As far as haunted old tech:
"We build our computers the way we build our cities - over time, without a plan, on top of ruins." - Ellen Ullman, Life in Code
Russel's Teapot. Also, Occam's Razor.
(Also, Russell's Teapot is not at all a fair comparison. A vast, incomprehensible, inconceivably simple unitary consciousness as the fundamental substrate of reality is much closer to most religious conceptions of God than is a teapot in orbit.)
(...and, of course, a single entity which underlies reality is ultimately simple. Push it pantheist and you reduce the number of entities to one - no other worldview can reduce the number of entities further.)
The corollary between the teapot and the idea of "god" is that both of them are extraordinary claims and therefore the burden of proof rests on the people trying to argue that they're true. That property remains holds for your first definition of god as well. That doesn't mean it _can't_ be true, but it does imply that it should be held to the same standard as any other unfalsifiable claim.
Of course, the converse is true as well, which I think is the point the article is trying to make; believing in ghosts or hauntings isn't any more incompatible with the worldview of the cold, rational technologist that the article describes than religion is. If believing in ghosts or hauntings makes someone happier, as long as they don't use it as a rationale to harm anyone else, all the more power to them!
Sound a bit like Gibbon on Roman religion:
"The policy of the emperors and the senate, as far as it concerned religion, was happily seconded by the reflections of the enlightened, and by the habits of the superstitious, part of their subjects. The various modes of worship, which prevailed in the Roman world, were all considered by the people, as equally true; by the philosophers, as equally false; and by the magistrate, as equally useful. And thus toleration produced not only mutual indulgence, but even religious concord."
This made me throw up in my mouth and my eyes hurt from all the eye rolls
Either ghosts or the PSP on my AMD processor chatting with spooks.