hacking Intel ME

[William Edwards]

Every so often I post something here about Intel ME, SGX or AMD SEV etc. Almost all modern computers and phones have a whole security layer - in hardware and software - with complete reach above all hypervisors and kernels and everything else.

Here's an interesting talk coming up about their insecurity: https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668

If anyone attends, do report back? ;)

thx

[Rick C. Hodgin]

I've been monitoring this group for a few years. Every now and again
they publish something interesting on the subject of computer security:

http://opensecuritytraining.info
http://legbacore.com/Research.html
https://twitter.com/XenoKovah

They also have a YouTube channel with lots of classes on various
aspects of writing low-level computer software:

https://www.youtube.com/user/OpenSecurityTraining/playlists

Intro to Reverse Engineering:
https://www.youtube.com/watch?v=byK0tXH5axQ&list=PL416CEDF4A931DB0D

Reverse Engineering Malware:

https://www.youtube.com/watch?v=LC81gbmTsiE&list=PLUFkSN0XLZ-kwukmQOAgCZ08C5REoZElt

Intro to Exploits 1:
https://www.youtube.com/watch?v=dGyWvGmBYVw&list=PL96AB65DFCE02EE3E

Exploits 2 Windows:
https://www.youtube.com/watch?v=Tne7xRzxpsY&list=PL9F9E52502327B1CA

It's more interesting to watch their videos than to watch the latest
reality TV show.

Thank you,
Rick C. Hodgin

[Stefan Monnier]

> If anyone attends, do report back? ;)

^^
l
-- Stefan

[MitchAlsup]

On Thursday, September 21, 2017 at 1:35:31 AM UTC-5, William Edwards wrote:
> Every so often I post something here about Intel ME, SGX or AMD SEV etc. Almost all modern computers and phones have a whole security layer - in hardware and software - with complete reach above all hypervisors and kernels and everything else.

Nothing is that air-tight.

[Rick C. Hodgin]

The same was demonstrated to exist in cell phones long after it
was brought to light and denied.

I accused Intel of incorporating this very ability into their
vPro technology back in 2007. They had introduced out-of-band
communication that operates on their chipset, with their own
CPU. That all factors together to create the ability to
inject software remotely, run it on the system, and to do so
without the host OS or hypervisor layer knowing anything about
it.

When I posted that article I got a call from Intel the next
day. I kept trying to get the person I was speaking to to
acknowledge this ability exists, or at least could exist.
He kept refusing to answer my question and changing the
subject to describe other parts. Eventually he said he had
to go.

It would not surprise me to learn that every major CPU and
template chipset design that exists is wholly compromised,
and all for "lawful purposes" to the insiders, but with the
ability to completely compromise the device on-demand.

We've already seen that Amazon's Kindle has the ability to
remotely delete your books. They did this with the book
1984 of all books, due to a copyright claim by the owner.

-----
The only way we're going to have secure hardware and software
is if we create it ourselves, and govern every stage of its
creation and manufacturing.

That is what I'm proposing with this full hardware and software
stack:

https://groups.google.com/d/msg/comp.arch/F39_I0nipUg/4Th6IaCVAQAJ

We have the ability to do it right. I want us to step up and
do it right for God, and for our fellow man. The people on
this Earth deserve right and true things given to them, so they
can possess and occupy those things, including those thoughts,
ideas, and examples of how to be to/for their fellow man. It
all starts with Jesus Christ because of who He is and what He
does for us, but it also extends out to each of us using our
own special makeup, our own special attributes, abilities, skills,
talents, education, expertise, insight, etc. We are all a team
to work together, not combatants to stand opposed to one another
(at least that's the way it's supposed to be, and that is the way
I am proposing).

[Quadibloc]

It is true that Microsoft Windows is riddled with bugs. Operating systems don't
have to be that bad; there's even a microkernel from Australia that's
mathematically proven to be correct.

But while it is true that no operating system, and no hypervisor, is airtight...
in the specific case being discussed here, true security _is_ possible.

The Bell Telephone system had electronic switchboards that were designed to be
very secure and reliable. They did this as follows: the computer that routed
calls got all its program instructions from what it saw as a read-only memory.
It was core memory - but it could only be written to by a *different* computer
that was also connected to it.

Basically, if you have a computer where certain functions are locked off by
switches on the front panel - the computer can't be compromised to enable them
unless it grows arms. And you can still have a *second* computer that is allowed
to flip those switches - replacing them by relays won't make them insecure.

Of course, where the insecurity *is* likely to come in is because having a
separate hard disk, or separate USB ports, for the "second computer" that
controls the main computer is too inconvenient. At best, one could use
encryption to protect programs for the control computer - and this is what Intel
is doing.

An attacker, of course, could then somehow find out the encryption key - and
*then* a malicious program would benefit from the security by being totally out
of reach of any anti-virus program just running on the normal computer!

Yes, nothing is *perfect*, but this kind of thing is sufficiently different from
run-of-the-mill security measures that it does create a different situation,
both for good and for ill.

John Savard

[Ivan Godard]

All systems yield to pretty girls and buckets of money.

[Terje Mathisen]

> All systems yield to pretty girls and buckets of money.

When I was involved with the AES process, the final failure mode was
supposed to be "rubber hose cryptography". Unlike the usual cases where
it has been proven pretty conclusively that torture doesn't really work,
a crypto key that's retrieved this way can be trivially tested, right?

TrueCrypt had a very ingenious workaround for this problem in the form
of hidden containers stored in the unused space of a primary encrypted
disk: Since the hidden container used storage space from the opposite
direction it would work until too much data was stored in the primary
container, and you could still "reveal" the primary key under duress.

OTOH, any modern attacker would probably start by rooting your machine,
using ME or something similar, and then simply wait until you first used
the secondary/hidden container.

I.e. useful for a border passing but not for long term safety.

Terje

--
- <Terje.Mathisen at tmsw.no>
"almost all programming can be viewed as an exercise in caching"

[Mike Stump]

In article <981b5dee-bee3-4472...@googlegroups.com>,

My only thought:

A Strage Game.
The Only Winning Move Is
Not To Play.

:-)

[Rick C. Hodgin]

That's a good reference.

There is another option: to build it for ourselves. We can, as a team,
band together and create things for mankind that are not subject to the
closed nature of existing projects. We can open everything up, and make
products that serve people and their needs, rather than other things.

--
Thank you, | Indianapolis, Indiana | God is love -- 1 John 4:7-9
Rick C. Hodgin | http://www.libsf.org/ | http://tinyurl.com/yaogvqhj
-------------------------------------------------------------------------
Software: LSA/C, Debi, RDC, CAlive, ES/2, VJr, VFrP, Logician, C90/99
Hardware:
Aroxda Desktop CPU -- 40-bit multi-core 80386 with many extensions
Arxita Embedded CPU -- Low power, low pin count 80386 w/128 registers
Arlina Compute FPGA -- Scalable compute cores, large GPIO pin count

[Rick C. Hodgin]

On 9/27/2017 8:03 AM, Rick C. Hodgin wrote:
> On 9/26/2017 6:50 PM, Mike Stump wrote:

>> MitchAlsup  <Mitch...@aol.com> wrote:

>>> On 9/21/2017 1:35 AM, William Edwards wrote:
>>>> Almost all modern computers and phones have a whole security
>>>> layer - in hardware and software - with complete reach above all
>>>> hypervisors and kernels and everything else.
>>>
>>> Nothing is that air-tight.
>>
>> My only thought:
>>
>>    A Strage Game.
>>    The Only Winning Move Is
>>    Not To Play.
>
> That's a good reference.
>
> There is another option:  to build it for ourselves.  We can, as a team,
> band together and create things for mankind that are not subject to the
> closed nature of existing projects.  We can open everything up, and make
> products that serve people and their needs, rather than other things.

To be clear about this, the purpose is to make people owners, not
renters. The people are given those things we all need to be able
to use, along with everything necessary to examine the work, improve
upon it (if they possess the skills to do so), and take the source
idea or concept as a base, and then migrate it to another avenue of
use or thinking.

In all cases, we would create products that are entirely open to
scrutiny and examination by all, and we are willing to receive all
good input and advice on how to improve the technology we've created
using some new ideas that none of us had thought of before when they
come along.

-----
The ultimate goal is: mankind is given by God everything necessary
to move forward rightly, but in a diverse manner. Some knowledge and
expertise goes to this person, some to another, some to several, some
just to one person, etc. We will all look up to God and see how He,
not us, but how He has assembled this group of people together with
all of these diverse and necessary skills to create these products.

But we will consistently maintain the acknowledgement and realization
that none of these things are ours solely to possess and "own." We
were blessed to be the ones through whom the Lord allowed us to be a
part of this project, but the project is God's, and we will hold it
in that proper respect, and the project is to be moved by those other
men and women of God He sends to provide us with new insight.

Our entire thinking must evolve away from self-centeredness and our
focus on accumulation of things for ourselves based on our abilities,
and instead must look up to God and say, "God, how do you want me to
use my skills? How do you want me to impact this creation of man
you've placed me in?"

-----
Bottom line: We must recognize that we are God's, created by God
for a purpose, put here purposefully by God to do our part in His
bigger-than-any-of-us-plan, and to walk within that knowledge being
willing to be a cog in the machine, rather than the overseer of the
machine.

Machines need lots of cogs. And together, with all of us doing our
part, that machine will be amazing ... because it was designed and
put together by God, the Chief and Master Architect who works on
the scale of universes with many parts, down to molecules with many
parts, down to sub-atomic components with many fundamental laws.

It is an amazing miracle of love that God even cares for us when
we are so rebellious at heart. But, it reveals the character of
God that He is. And His voice in this world lives on in men and
women like me who are willing to be that cog, to live to our full
abilities for Him, being willing to be a part of the larger thing.

-----
I pray you will come to this acknowledgement of who you are, and
who you were created to be. You were put here to be a blessing
to other people, to help others using your skills, to be a part
of this bigger-than-you thing unto God.

Remember that as you're making choices.

[jacko]

Price does not include secondary laptop, or ip freeze on random website out traffic.

[Noob]

On a related topic:

Disabling Intel ME 11 via undocumented mode
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html

Sakaki's EFI Install Guide/Disabling the Intel Management Engine
https://wiki.gentoo.org/wiki/Sakaki's_EFI_Install_Guide/Disabling_the_Intel_Management_Engine

[Noob]

Another development:

http://www.tomshardware.com/news/google-removing-minix-management-engine-intel,35876.html

[William Edwards]

No one is going to be surprised that a security audit found massive holes in Intel ME:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

People may be disappointed that the security audit only happened because of the sudden attention it got. Why didn't Intel do the audit years ago?

And people may be disappointed that this is an internal audit, rather than open-sourcing it so that it can get public scrutiny - there's every chance there are more vulnerabilities that the internal audit missed.

And people may be cynical and imagine this update is at least paritially addressing and closing the "vulnerabilities" that Google and others have been using to disable or remove ME. Damned if you update and damned if you don't kinda thing?

[George Neuner]

Absolutely true.

I don't feel bad for Intel, but I do have some concerns about
unwarranted backlash against MINIX and Tanenbaum. From the reports
I've seen, it seems that the issues are with Intel's ME application(s)
and that no one [yet] has been able to point to the choice of
operating system as the cause of any of the security holes.

Even so, some of the authors are questioning why MINIX was chosen
instead of some expensive commercially licensed system. AFAICS, these
authors seem to know anthing about MINIX other than that, 30+ years
ago, version 1 was designed to be a teaching tool. I have seen no
discussion of the merits of MINIX 3 - the version used by Intel, which
was designed to be a robust embeddable system. Every story I have
seen has failed to distinguish between the operating system and the
applications.

It seems all too easy for less critical readers to come away with the
notion that the problem is MINIX itself rather than what was done
using it. [That could be the case, but as yet it is unproven.]

YMMV,
George

[Quadibloc]

On Monday, November 20, 2017 at 8:35:56 PM UTC-7, George Neuner wrote:

> It seems all too easy for less critical readers to come away with the
> notion that the problem is MINIX itself rather than what was done
> using it.

And since MINIX was never designed as an ultra-secure operating system for the
most security-critical applications, the problems could be "in" MINIX without
MINIX being "to blame", and _that's_ an even more subtle distinction.

That is, the problems could be due to a lack of security within MINIX itself,
rather than how it was grafted on to Intel chips, and yet still be in the
category of being due to MINIX being used for a purpose for which it was not
intended.

John Savard

[Melzzzzz]

Intel choose Minix, probably, because they think Minix is secure enough,
more secure then in house solution anyway.
>
> John Savard


--
press any key to continue or any other to quit...

[George Neuner]

On Mon, 20 Nov 2017 20:43:47 -0800 (PST), Quadibloc
<jsa...@ecn.ab.ca> wrote:

>On Monday, November 20, 2017 at 8:35:56 PM UTC-7, George Neuner wrote:
>
>> It seems all too easy for less critical readers to come away with the
>> notion that the problem is MINIX itself rather than what was done
>> using it.
>
>And since MINIX was never designed as an ultra-secure operating system for the
>most security-critical applications, the problems could be "in" MINIX without
>MINIX being "to blame", and _that's_ an even more subtle distinction.

Absolutely. MINIX 3 was not designed per se to be a high security
system. But it was designed to be a commercial quality, robust, high
availability system, suitable for embedded use.

[Implementation quality depending of course, that puts it a notch
above Linux in my book and several notches above Windows.]

My point was simply that there has, as yet, been no public disclosure
of the so-called security holes, yet the non-technical, non-specific
articles I have seen thus far are too easily interpreted as laying the
blame on Intel's use of MINIX.

If MINIX is to blame, then so be it. But it seems to me that, in the
absence of evidence, there is a decided prejudicial slant by the
computer press.

YMMV,
George

[Rick C. Hodgin]

On 11/20/2017 10:35 PM, George Neuner wrote:
> I don't feel bad for Intel, but I do have some concerns about
> unwarranted backlash against MINIX and Tanenbaum. From the reports
> I've seen, it seems that the issues are with Intel's ME application(s)
> and that no one [yet] has been able to point to the choice of
> operating system as the cause of any of the security holes.
>

> [snip]

>
> It seems all too easy for less critical readers to come away with the
> notion that the problem is MINIX itself rather than what was done
> using it. [That could be the case, but as yet it is unproven.]

I can't remember the man's name who contacted me from Intel after I
posted my Big Brother article on Intel's vPro (at that time 2007/8),
but he said he was in charge of the group responsible for developing
vPro.

I asked him explicitly if Intel would be willing to allow a neutral
third party audit of their vPro technology because I told him us not
knowing what's in there is what's scary about the technology. He, in
every way, danced around giving me an answer. There were long pauses
where I could tell he was trying to word his response in a way which
met Intel's internal goals, and tried to appease my hard questions.

I got the impression from the phone call (which, he called me, by the
way) that he was trying to assure me everything was okay, but would
not move in any direction toward proving it. I had to take his word
for it and that was that, which I was unprepared to do.

-----
Until the hardware is completely open, to where a person can download
the CPU design, run it through the software used to generate layout
and produce masks, and see for themselves with those published in some
open manufacturing way, which is what I intend to do with my Arxoda
CPU and all utilities related to manufacturing, people can never be
sure what's in there.

We need to control the process openly from design, to manufacturing
and packaging, and at all stages therein.

This is what I want to do with LibSF and the hardware division. I
want us to come together an take back this industry from money-seeking
individuals, and put it in the hands of those who want to do their
best work for God and for people, and to produce products which will
help us, not tie our hands, aren't doing secret backdoor things, but
are completely open tools that we can rely upon.

Our foundation for such an endeavor must be Jesus Christ because of
who He is. He will ensure that each of us does our best in the right
way because we are doing it for Him first, and people second, without
money concerns. By looking up to Him for guidance on how to proceed,
He will make things happen, give us grace, and allow us to move for-
ward with these efforts and achieve success. It just takes us working
as a team, with our hearts, minds, eyes, and hands, lifted up to God,
and then focused on doing work the right way here.

--
Rick C. Hodgin

[MitchAlsup]

On Tuesday, November 21, 2017 at 11:05:21 AM UTC-6, Rick C. Hodgin wrote:

> Our foundation for such an endeavor must be Jesus Christ because of
> who He is.

He is just a dead Jew on a stick.

[Rick C. Hodgin]

He was yes, but only for a time, and not anymore.

--
Rick C. Hodgin

[Terje Mathisen]

George Neuner wrote:
> My point was simply that there has, as yet, been no public disclosure
> of the so-called security holes, yet the non-technical, non-specific
> articles I have seen thus far are too easily interpreted as laying the
> blame on Intel's use of MINIX.
>
> If MINIX is to blame, then so be it. But it seems to me that, in the
> absence of evidence, there is a decided prejudicial slant by the
> computer press.

I agree.

I read through the entire list of bugs that had been found, to me they
all looked like typical application (mostly buffer overrun) errors.

This type of bug is much less likely in an OS simply because very few OS
designers are stupid enough to use blind strcpy() on user-supplied
parameters to API calls.

[George Neuner]

Let's try to keep it civil.

George

[George Neuner]

On Tue, 21 Nov 2017 12:05:17 -0500, "Rick C. Hodgin"
<rick.c...@gmail.com> wrote:

>Until the hardware is completely open, to where a person can download
>the CPU design, run it through the software used to generate layout
>and produce masks, and see for themselves with those published in some
>open manufacturing way, which is what I intend to do with my Arxoda
>CPU and all utilities related to manufacturing, people can never be
>sure what's in there.
>
>We need to control the process openly from design, to manufacturing
>and packaging, and at all stages therein.

How does that help? 99% of everyone in the world are not capable to
evaluate a design. Who cares if a published layout can be verified by
recreating it privately What's important is knowing what the
circuitry represents and whether that is something objectionable ...
or just buggy.

Open source is not any kind of panacea.

Yes, anyone can look at it ... but how many will? And of those, how
many understand it and are competent to fix it?

~95% of OSS projects have only a single contributor, and ~80% of
projects receive ZERO feedback from users. Many more people will use
something than ever will take the time to learn how it works. And
even fewer will be tempted to tinker with it if it's broken.

On occasion I've expressed my belief that the world would be a better
place if the majority of so-called "software developers" found another
occupation. But at least there are lots of people who do software ...
orders of magnitude more than do hardware.

George

[Anton Ertl]

George Neuner <gneu...@comcast.net> writes:
>Open source is not any kind of panacea.
>
>Yes, anyone can look at it ... but how many will? And of those, how
>many understand it and are competent to fix it?
>
>~95% of OSS projects have only a single contributor, and ~80% of
>projects receive ZERO feedback from users.

In what ways are these numbers relevant? In particular wrt. the
subject at hand? The Intel ME and its AMD equivalent are of interest
to so many people that there have been efforts to understand them not
because of their proprietary model, but despite it. If they were free
software, the same amount of effort could have gotten us much further.
Would people have decided not to expend the effort if the code was
free software? Very unlikely.

- anton
--
M. Anton Ertl Some things have to be seen to be believed
an...@mips.complang.tuwien.ac.at Most things have to be believed to be seen
http://www.complang.tuwien.ac.at/anton/home.html

[George Neuner]

Somewhat relevant: Linus went off on a Google security researcher.

https://www.csoonline.com/article/3237778/security/linus-torvalds-some-security-folks-cant-be-trusted-to-do-sane-things-some-are-morons.html


George

[Rick C. Hodgin]

On Wednesday, November 22, 2017 at 5:03:26 AM UTC-5, George Neuner wrote:
> On Tue, 21 Nov 2017 12:05:17 -0500, "Rick C. Hodgin"
> <rick.c...@gmail.com> wrote:
>
> >Until the hardware is completely open, to where a person can download
> >the CPU design, run it through the software used to generate layout
> >and produce masks, and see for themselves with those published in some
> >open manufacturing way, which is what I intend to do with my Arxoda
> >CPU and all utilities related to manufacturing, people can never be
> >sure what's in there.
> >
> >We need to control the process openly from design, to manufacturing
> >and packaging, and at all stages therein.
>
> How does that help? 99% of everyone in the world are not capable to
> evaluate a design. Who cares if a published layout can be verified by
> recreating it privately What's important is knowing what the
> circuitry represents and whether that is something objectionable ...
> or just buggy.
>
> Open source is not any kind of panacea.

[Quickly looks up the word panacea ... Ah!]

Agreed. But it provides the base framework necessary to employ the
research, when desired, to arrive at the correct panacea [did I use
it correctly?]. :-)

> Yes, anyone can look at it ... but how many will? And of those, how
> many understand it and are competent to fix it?

Few. But for those who are able, they will be able to verify that the
CPU in their computer is the one that was created through the toolset.
The creation chain will be tagged to each CPU, allowing a physical,
hands-on examination of the source files (all digitally signed), and
physical masks, etc.

It would provide a way to investigate the matter if it was deemed
appropriate or necessary to do so. We do not have that ability today
short of something major like a court order, and even then it would
be a hard press to get true access.

> ~95% of OSS projects have only a single contributor, and ~80% of
> projects receive ZERO feedback from users. Many more people will use
> something than ever will take the time to learn how it works. And
> even fewer will be tempted to tinker with it if it's broken.

My goals with LibSF on our software and hardware are to have many many
people working on our products. Literal professionals in the field
stepping forward on a project they can let their true creativity and
full expertise fly unfettered by time constraints, or money constraints.
The goal with all of my products are to create the best tools we can,
and to give them to the people in their full, open form, source code,
compilers, translators, and all involved in taking the idea from our
human thought to tangible products.

> On occasion I've expressed my belief that the world would be a better
> place if the majority of so-called "software developers" found another
> occupation. But at least there are lots of people who do software ...
> orders of magnitude more than do hardware.

Is this a statement regarding something like flippancy on behalf of men
like myself who seek to do something like open up hardware? That we do
not have enough knowledge or experience to be able to know what's in-
volved, and are therefore trying to accomplish things that aren't easily
accomplished?

I recognize it will be difficult. I am prepared to put in the time.
And I am looking for others who are as well.

These are not idle tasks I'm in pursuit of. I want to change the world
and the way the world operates. I want us to look up to God and pull
out of that which He first gave us our absolute best and then present
it back unto Him, and unto all of those people He's placed us around.

We are here for a purpose, and my goal is to bring that purpose back
into our lives, and supplant the methods and ways of this world which
have usurped God's intentions for us, and to do so as part of a large
movement of men and women working together in this way.

As I have stated, only by having our foundation in Jesus Christ would
such an endeavor be able to succeed, and even then it will be a great
struggle because people do not often truly focus their lives upon God.
They perform part-time God-seeking, and do the rest of their lives to
their own tastes. This diminishes their walk and authority and power
under God as a servant in this world, and it opens up the door for
the enemy to enter in and wreak havoc.

Haven't you ever wondered why Jesus taught in the Great Commission that
we are to go forth and teach all nations to obey all things whatsoever
He has commanded? We are not under the Law of Moses, so why would we
have to obey those things for our salvation? We are under grace, and
it should not enter in.

It doesn't. Our salvation is not dependent upon us obeying all things
whatsoever He has commanded, but our effectiveness in our walk in this
world is.

Jesus gave us this guidance to guard us and protect us from the evils
of this world. He has us obeying Him because in so doing we are well
defended against our enemy, our adversary, who is literally Satan and
all his demon imps. They are at work in this world wreaking havoc on
all sides, leading men away from the things God would have them do,
and in so doing presenting us with this world we have today where people
are pinned down behind manmade legal barriers which prevent us from
achieving and doing and knowing and moving in our crafts. It was never
intended to be like that, and what Jesus restores in us is the ability
and authority to return to what He intended, to take back what has been
lost.

I come before men and women of this world asking for this endeavor to
take place. I have the drive and goals in areas of software and hard-
ware, to create a full hardware and software stack. I believe I am
able to do this by myself, but it will take a long time and I honestly
don't want to do it by myself. I want to be a part of a team so that
the products we produce are better than I'm able to create on my own.
I want our communal expertise to filter in so that we are all working
together, inspiring one another, building off of each other's knowledge
and experience, to create amazing products in all of our areas of
interest.

These are the goals. I will continue to press forward with them. They
are proper, and they are what this world needs. At some point someone
will see advantage in not doing it the way of the world, but in turning
back to Jesus and following after Him and His Father, being guided to
do for Him and not for worldly ways. Until then, I will survive the
attacks. There's a person right now masquerading as me, going to many
usenet groups and posting as though he were me. He is not me, but most
people don't take the time to investigate the matter and just conclude
by a summary glance that I am that individual posting those things,
many of which are obscene, profane, and truly hateful.

My goals are to give mankind something truly great. It is to be expected
that the enemy of this world will rise up to attack me through men and
women draped in sin, those who are willing to be hurtful, hateful, and
harmful, for no other reason than just because they are willing to be
filled with rage and hate and act on it. But even those people can be
saved, and my love for them remains despite their attacks.

It is the proper thing to open up our source code, and to make available
everything for receipt and inspection. A person can then be empowered
to take that base and expand upon it. We all do this with the things of
knowledge we receive. We learn things in school, from co-workers or some
source, and then we pull these things together and come up with some new
idea. I want that to be possible across the board with these hardware
and software goals. I want people to be able to make them better if they
are able. And I want to empower people to do this, rather than money-
seeking entities, because when your goals are money you do things you
wouldn't do if your goals were otherwise. And the same is true when your
goals are for the Lord, you do things you wouldn't do if your goals were
otherwise ... meaning you look deep within yourself and you do it right
because of who He is. It's the total opposite of a money-seeking goal.

--
Rick C. Hodgin

[Rick C. Hodgin]

On Wednesday, November 22, 2017 at 7:09:18 AM UTC-5, George Neuner wrote:
> Somewhat relevant: Linus went off on a Google security researcher.
>
> https://www.csoonline.com/article/3237778/security/linus-torvalds-some-security-folks-cant-be-trusted-to-do-sane-things-some-are-morons.html

This is why I'm creating my own operating system and not working on
the Linux kernel, or the GNU HURD kernel.

Linus goes off on people like this. Rather than making a plea for an
increase, helping them see where they may not be doing something the
right way today, and helping give them a path to move froward, he goes
to name calling and insults. He uses profanity in many cases, etc.

And with Richard Stallman and GNU, it is something similar.

We need to begin with a new foundation and build up. We cannot have
the existing corruption be part of our foundation. I have started by
going back to IBM PC DOS 7 and creating my own ES/1 kernel first, and
then creating my ES/2 kernel (an OS/2 clone), and will be working in
that direction in moving forward.

I know it's not a hardware thing, so I won't solicit help here. I
have been trying to solicit help elsewhere and the individual who
has taken to impersonating me online has sprung up.

It is a difficult walk to move forward with these goals. I am alone,
and facing the presence of attacks at every side. It is an unenviable
position. I would much rather work with a group of people so we could
all help one another out.

--
Rick C. Hodgin

[Stefan Monnier]

>> If MINIX is to blame, then so be it. But it seems to me that, in the
>> absence of evidence, there is a decided prejudicial slant by the
>> computer press.

Indeed it obscures the main problem, which is simply that it's code over
which we have no control and that we can't check. The issue is not just
security holes, but also purposefully coded behavior that the end-user
may not want.

So, which OS is used has really no importance whatsoever, the problem is
completely elsewhere.


Stefan

[Dombo]

Op 22-Nov-17 om 10:14 schreef George Neuner:

It's factual, assuming there was a historical figure named "Jesus
Christ" to begin with (of which to this date no evidence has been found
to support that assertion).

[Rick C. Hodgin]

There is secular evidence that Jesus existed:

https://groups.google.com/d/msg/comp.lang.c++/SCz4_FUMEms/kVv4QdwNCQAJ

It contains this sub-link:
https://answersingenesis.org/jesus-christ/incarnation/jesus-did-not-exist/

-----[ Begin ]-----
Josephus (AD 37–c.100, Jewish military leader and historian): Wrote about Jesus on two occasions. The authenticity of one occurrence, known as the Testimonium Flavianum, is hotly disputed, but his account of the execution of James is generally accepted, and he mentioned James, “the brother of Jesus who was called the Christ.”

Tacitus (AD 56–120, great Roman historian): Reported that after rumors spread about Nero burning Rome, Nero needed scapegoats for the crime and chose “Christians, [who were] hated for their abominable crimes. Their name comes from Christ, who, during the reign of Tiberius, had been executed by the procurator Pontius Pilate.”

Pliny the Younger (AD 61–c.112, Roman senator): Wrote to Emperor Trajan about his experience with Christians.
-----[ End ]-----

--
Rick C. Hodgin

[Alex]

I know it's perhaps a forlorn hope, but could the sane regulars here
stop discussing & replying to Hodgin's posts? Please?

If you want to see what one man and an inexhaustible supply of Jesus
orgasms can do, go look at alt.os.development. Killfiling him doesn't
help the rest of us when you keep responding.


--
Alex

[Dombo]

Op 21-Nov-17 om 4:35 schreef George Neuner:

> On Thu, 21 Sep 2017 08:45:50 -0700 (PDT), MitchAlsup
> <Mitch...@aol.com> wrote:
>
>> On Thursday, September 21, 2017 at 1:35:31 AM UTC-5, William Edwards wrote:
>>> Every so often I post something here about Intel ME, SGX or AMD SEV etc.
>>> Almost all modern computers and phones have a whole security layer - in
>>> hardware and software - with complete reach above all hypervisors and
>>> kernels and everything else.
>>
>> Nothing is that air-tight.
>
> Absolutely true.
>
> I don't feel bad for Intel, but I do have some concerns about
> unwarranted backlash against MINIX and Tanenbaum. From the reports
> I've seen, it seems that the issues are with Intel's ME application(s)
> and that no one [yet] has been able to point to the choice of
> operating system as the cause of any of the security holes.
>
> Even so, some of the authors are questioning why MINIX was chosen
> instead of some expensive commercially licensed system. AFAICS, these
> authors seem to know anthing about MINIX other than that, 30+ years
> ago, version 1 was designed to be a teaching tool. I have seen no
> discussion of the merits of MINIX 3 - the version used by Intel, which
> was designed to be a robust embeddable system. Every story I have
> seen has failed to distinguish between the operating system and the
> applications.

From security perspective OS is only a part of the equation because
even if the OS is perfectly secure the applications running on it may
still expose undesirable "features" to the outside world.

I think Intel could have done a lot worse than choosing MINIX. Even
though security may not have been on top of MINIX priority list, I'd
have more confidence in MINIX than for example Linux or pretty much any
other OS that grants drivers full access to the system.

[Rick C. Hodgin]

Alex, I am not the one posting the many posts in alt.os.development
these days. That has been Peter Cheung, who has taken to impersonating
me online. He has posted there, in comp.lang.c, comp.lang.c++, and in
comp.lang.asm.x86.

I have posted about Jesus Christ from time to time during my time here
over the past several years, but my posts are typically spread out,
more like church services or messages that come up through something
I encounter which is inspiring and I want to pass along.

What Peter's been doing is trying to harm the message by flooding the
channels, and then using insulting responses to people with my name
attached to them so people will be repulsed and then turn away from
the message by the person conveying it, rather than giving the message
an actual chance.

You miss a lot by killfiling people. You've missed the entire thread
showing Peter's impersonation of me up until a few days ago. I stopped
recording records online as I was pursuing legal avenues and didn't
want to continue to give him a cause to be instigated.

In any event, I don't know if you'll read this or not. If you do, know
that my goals are to teach people about Jesus Christ, not flood them.
I roll my messages out slowly over time, and they are purposeful, each
completely hand-crafted, written by me, by hand, except where otherwise
noted such as if I quote a reference source, but even then I assemble
the content into the posted message.

--
Rick C. Hodgin

[George Neuner]

On Wed, 22 Nov 2017 10:34:54 GMT, an...@mips.complang.tuwien.ac.at
(Anton Ertl) wrote:

>George Neuner <gneu...@comcast.net> writes:
>>Open source is not any kind of panacea.
>>
>>Yes, anyone can look at it ... but how many will? And of those, how
>>many understand it and are competent to fix it?
>>
>>~95% of OSS projects have only a single contributor, and ~80% of
>>projects receive ZERO feedback from users.
>
>In what ways are these numbers relevant? In particular wrt. the
>subject at hand?

Sorry. The subject of my post was Rick's open source processor.

>The Intel ME and its AMD equivalent are of interest
>to so many people that there have been efforts to understand them not
>because of their proprietary model, but despite it. If they were free
>software, the same amount of effort could have gotten us much further.
>Would people have decided not to expend the effort if the code was
>free software? Very unlikely.

That's true, but the point stands that thevast majority of open source
software goes unreviewed, and that fact is in contradiction to the
most powerful [and most commonly made] argument for open source.

I'm not in any way opposed to open source. I'm just saying that - as
things stand - it isn't necessarily any better than closed source.

George

[Stefan Monnier]

> That's true, but the point stands that thevast majority of open source
> software goes unreviewed, and that fact is in contradiction to the
> most powerful [and most commonly made] argument for open source.

0% of proprietary software gets independent review, simply because it
can't be done.

The percentage of review a Free Software project gets depends a lot on
its popularity and domain of application, so yes it's also 0% for
projects that noone cares about but that's not really relevant.

Sensitive and popular projects, such as Linux, do get a lot of review.

> I'm not in any way opposed to open source. I'm just saying that - as
> things stand - it isn't necessarily any better than closed source.

[ Don't know or care about Open Source, but as for Free Software: ]
It doesn't provide reviews, but it makes them possible.
So it's an indispensable first step.


Stefan

[Alex]

On 23-Nov-17 15:22, Stefan Monnier wrote:
>> That's true, but the point stands that thevast majority of open source
>> software goes unreviewed, and that fact is in contradiction to the
>> most powerful [and most commonly made] argument for open source.
>
> 0% of proprietary software gets independent review, simply because it
> can't be done.

It's 100%, unless it isn't ever executed. OK, it's not an eyeball
review, but (debatably better) execution & outcomes review, every time
it runs.

--
Alex

[George Neuner]

On Wed, 22 Nov 2017 05:56:56 -0800 (PST), "Rick C. Hodgin"
<rick.c...@gmail.com> wrote:

>On Wednesday, November 22, 2017 at 5:03:26 AM UTC-5, George Neuner wrote:
>
>> On occasion I've expressed my belief that the world would be a better
>> place if the majority of so-called "software developers" found another
>> occupation. But at least there are lots of people who do software ...
>> orders of magnitude more than do hardware.
>
>Is this a statement regarding something like flippancy on behalf of men
>like myself who seek to do something like open up hardware?

No. It's a statement about the fact the average skill level of
today's software "developer" is just a little bit above novice. There
are too many people writing software who IMO have no business doing
so. Witness the parades of patches, bugs and security holes.

YMMV,
George

[MitchAlsup]

On Thursday, November 23, 2017 at 9:20:32 AM UTC-6, Stefan Monnier wrote:
> > That's true, but the point stands that thevast majority of open source
> > software goes unreviewed, and that fact is in contradiction to the
> > most powerful [and most commonly made] argument for open source.
>
> 0% of proprietary software gets independent review, simply because it
> can't be done.

A very long time ago, I worked for a company as a programmer. This
particular company actually had code reviews where 10-odd coders would
review one module make structural suggestions, logged by a scribe, and
at the time the module was declared to be done, the scribe would go
around and ask each of the original reviewers for their sign off of
their particular suggestion. No module was allowed to be complete until
all suggestions were signed off.

The code in particular was for cash registers, and needed to be "audit
worthy" at all points in time after release; it was also written in
8085 assembly language.

It can be done. Companies don't do it because they think they cannot afford
to do it when in reality, they cannot afford not to.

[Stefan Monnier]

>> > That's true, but the point stands that thevast majority of open source
>> > software goes unreviewed, and that fact is in contradiction to the
>> > most powerful [and most commonly made] argument for open source.
>> 0% of proprietary software gets independent review, simply because it
>> can't be done.
> A very long time ago, I worked for a company as a programmer. This
> particular company actually had code reviews where 10-odd coders would

I very much expect such reviews, but they don't count as *independent*
in my book.


Stefan

[Niklas Holsti]

On 17-11-23 17:22 , Stefan Monnier wrote:
>> That's true, but the point stands that thevast majority of open source
>> software goes unreviewed, and that fact is in contradiction to the
>> most powerful [and most commonly made] argument for open source.
>
> 0% of proprietary software gets independent review, simply because it
> can't be done.

Not true. Many development standards for high-criticality SW require
Independent SW Verification and Validation (ISVV) steps. For example,
the ECCS standard for SW developed for the European Space Agency
requires ISVV for SW that is of Category A (life-critical) or B
(mission-critical). This is usually proprietary SW.

In terms of Customer/Supplier relationships, the ISVV contractor usually
works on the same level as the SW contractor, that is, under the same
Customer, but independently of the SW contractor. If necessary, the ISVV
contractor works under a Non-Disclosure or Confidentiality Agreement.

There are some companies that focus on doing ISVV for SW developed by
other companies, and develop no SW of their own.

--
Niklas Holsti
Tidorum Ltd
niklas holsti tidorum fi
. @ .

[Stefan Monnier]

>> 0% of proprietary software gets independent review, simply because it
>> can't be done.
> Not true. Many development standards for high-criticality SW require
> Independent SW Verification and Validation (ISVV) steps.

Right. But to get that, you need to have a lot of money/leverage.
For that reason, it doesn't really help me.

E.g. even if the ESA manages to get some ISVV to review the code of
Intel's ME, that will at best be applicable to the hardware the ESA
uses, but that doesn't help me figure out what the ME in my hardware can
do (e.g. if it has flaws, accidental or not).


Stefan

[Quadibloc]

This scenario suggests an amusing possibility. Let us imagine the NSA
were to review Intel's Management Engine and suggest changes so that American business would not be left vulnerable to hackers.

Would there not be doubters who would suspect the changes were in order to
make it easier for the NSA to hack everyone?

[Niklas Holsti]

On 17-11-23 22:51 , Stefan Monnier wrote:
>>> 0% of proprietary software gets independent review, simply because it
>>> can't be done.
>> Not true. Many development standards for high-criticality SW require
>> Independent SW Verification and Validation (ISVV) steps.
>
> Right. But to get that, you need to have a lot of money/leverage.
> For that reason, it doesn't really help me.

I think it is time to consider core PC SW/HW such as the IME to be
safety critical. There are strict electrical-safety standards for
consumer appliances, but today it seems that a consumer is more likely
to be harmed by faulty or insecure PC SW than by electrical shocks --
even if the harm is not physical, but is "only" loss of money, data, or
esteem.

If Intel were to be required to perform ISVV of the IME SW before
selling it to consumers, I'm sure they could find the money for it.

[Stefan Monnier]

> I think it is time to consider core PC SW/HW such as the IME to be safety
> critical. There are strict electrical-safety standards for consumer
> appliances, but today it seems that a consumer is more likely to be harmed
> by faulty or insecure PC SW than by electrical shocks --
> even if the harm is not physical, but is "only" loss of money, data,
> or esteem.

Sadly such "safety critical" rules typically end up making things worse,
by making it illegal to make the code Free Software (because the idiots
who write those rules claim that being able to modify this code is
a security risk).


Stefan

[Niklas Holsti]

Can you give some real examples where this has occurred?

There's a difference between making the code open-source or free, on the
one hand, and allowing modifications to in-use systems without new
validation, on the other.

Analogously, the electrical wiring diagram of a house is usually no
secret, but in many countries it is illegal for the wiring to be
modified by resident amateurs -- a professionally licensed electrician
is required.

[Rick C. Hodgin]

It's true in many cases. There are some people who should never
approach a text editor with the intent of writing source code. They
just don't "get it," and them writing code is not as it should be.
However, there is another group that operates that way on purpose,
and they do know what they're doing.

There's a movie available which describes the purpose of this approach
in many of those latter instances. It's from 2001 called "Revolution
OS" and it's about Linux:

https://www.youtube.com/watch?v=jw8K460vx1c

In it there's a brief mention by a concept written by Eric Raymond
entitled The Cathedral and the Bazaar:

http://www.unterstein.net/su/docs/CathBaz.pdf

In summary, he describes the formal method of writing software where
everything is well-tested before being released, and another newer
method is which write code, test somewhat, and release, knowing that
your users will test it for you, report bugs, and you can then just
fix what comes back.

As other posters indicate, depending on your target, depending on
your audience, depending on the nature of your product, there are
definite advantages to the disparate models.

--
Rick C. Hodgin

[Terje Mathisen]

Rather the opposite: Would there be _anyone_ not suspecting (assuming?)
the NSA of dirty tricks?

Terje

--
- <Terje.Mathisen at tmsw.no>
"almost all programming can be viewed as an exercise in caching"

[Rob Warnock]

Niklas Holsti <niklas...@tidorum.invalid> wrote:

> Stefan Monnier wrote:
>> Sadly such "safety critical" rules typically end up making things worse,
>> by making it illegal to make the code Free Software (because the idiots
>> who write those rules claim that being able to modify this code is
>> a security risk).
>
>Can you give some real examples where this has occurred?

It has certainly occurred -- at least in the U.S. dur the the FCC --
with the firmware that drives the radios of cellphones and even WiFi
interfaces, which is why we have "binary blobs" in otherwise open
source systems.

>There's a difference between making the code open-source or free, on the
>one hand, and allowing modifications to in-use systems without new
>validation, on the other.

True, but the U.S. FCC doesn't [currently] trust the public to
"know" without "modifying".


-Rob

-----
Rob Warnock <rp...@rpw3.org>
627 26th Avenue <http://rpw3.org/>
San Mateo, CA 94403

[Melzzzzz]

Those bugs and security wholes are not done by novices ;p
It is common miscompsention that bugs are novice only. Humans make
errors, so old dogs are also error prone..
>
> YMMV,
> George


--
press any key to continue or any other to quit...

[George Neuner]

On Sat, 25 Nov 2017 00:34:11 +0000 (UTC), Melzzzzz
<Melz...@zzzzz.com> wrote:

>On 2017-11-23, George Neuner <gneu...@comcast.net> wrote:

>> ... the average skill level of

>> today's software "developer" is just a little bit above novice. There
>> are too many people writing software who IMO have no business doing
>> so. Witness the parades of patches, bugs and security holes.
>
>Those bugs and security wholes are not done by novices ;p
>It is common miscompsention that bugs are novice only. Humans make
>errors, so old dogs are also error prone..

Wrong. It is a misconception that novices are not trusted with
mission critical code. The truth is that a LOT of mission critical
code is written by people who are underqualified.

George

[George Neuner]

On Fri, 24 Nov 2017 07:47:48 +0100, Terje Mathisen
<terje.m...@tmsw.no> wrote:

>Quadibloc wrote:
>> This scenario suggests an amusing possibility. Let us imagine the NSA
>> were to review Intel's Management Engine and suggest changes so that
>> American business would not be left vulnerable to hackers.
>>
>> Would there not be doubters who would suspect the changes were in
>> order to make it easier for the NSA to hack everyone?
>>
>Rather the opposite: Would there be _anyone_ not suspecting (assuming?)
>the NSA of dirty tricks?
>
>Terje

Why is it that the US government routinely is singled out in these
discussions? I do not believe any government anywhere is particularly
trustworthy.

George
---
Why should I trade one tyrant 3000 miles away for 3000 tyrants one
mile away? An elected legislature can trample a man's rights as
easily as king can.
-- Benjamin Martin
The Patriot
http://www.imdb.com/title/tt0187393/?ref_=ttqt_qt_tt

[Terje Mathisen]

George Neuner wrote:
> On Fri, 24 Nov 2017 07:47:48 +0100, Terje Mathisen
> <terje.m...@tmsw.no> wrote:
>
>> Quadibloc wrote:
>>> This scenario suggests an amusing possibility. Let us imagine the NSA
>>> were to review Intel's Management Engine and suggest changes so that
>>> American business would not be left vulnerable to hackers.
>>>
>>> Would there not be doubters who would suspect the changes were in
>>> order to make it easier for the NSA to hack everyone?
>>>
>> Rather the opposite: Would there be _anyone_ not suspecting (assuming?)
>> the NSA of dirty tricks?
>>
>> Terje
>
> Why is it that the US government routinely is singled out in these
> discussions? I do not believe any government anywhere is particularly
> trustworthy.

I didn't say that, did I?

If you want to replace NSA with GHCQ, Mossad/whatever, you'd get exactly
the same level of trust.

[MitchAlsup]

On Saturday, November 25, 2017 at 6:51:52 PM UTC-6, Terje Mathisen wrote:

> If you want to replace NSA with GHCQ,

I would be happy if they replaced NSA with a hole in the ground.

[Quadibloc]

On Saturday, November 25, 2017 at 6:22:13 PM UTC-7, MitchAlsup wrote:

> I would be happy if they replaced NSA with a hole in the ground.

I would not. I would prefer the Technical Department and FAPSI to be each
replaced by a hole in the ground.

John Savard

[George Neuner]

On Sun, 26 Nov 2017 01:51:49 +0100, Terje Mathisen

<terje.m...@tmsw.no> wrote:

>George Neuner wrote:
>> On Fri, 24 Nov 2017 07:47:48 +0100, Terje Mathisen
>> <terje.m...@tmsw.no> wrote:
>>
>>> Quadibloc wrote:
>>>> This scenario suggests an amusing possibility. Let us imagine the NSA
>>>> were to review Intel's Management Engine and suggest changes so that
>>>> American business would not be left vulnerable to hackers.
>>>>
>>>> Would there not be doubters who would suspect the changes were in
>>>> order to make it easier for the NSA to hack everyone?
>>>>
>>> Rather the opposite: Would there be _anyone_ not suspecting (assuming?)
>>> the NSA of dirty tricks?
>>>
>>> Terje
>>
>> Why is it that the US government routinely is singled out in these
>> discussions? I do not believe any government anywhere is particularly
>> trustworthy.
>
>I didn't say that, did I?

No you didn't ... and I apologize if I made it seem that way.

Nonetheless, it seems that whenever online discussions turn to
mistrust of government, it is US agencies - NSA, CIA, FBI, etc. - that
are mentioned far more often than their counterparts in other
countries.

For my part, I just don't see where the US agencies rate such special
mention. They don't seem worse in any real sense than any of the
others. Maybe owing to the American press, their (mis)deeds get
publicized more? Maybe people (foolishly) expect more from the US?

YMMV,
George

[Anton Ertl]

George Neuner <gneu...@comcast.net> writes:
>Nonetheless, it seems that whenever online discussions turn to
>mistrust of government, it is US agencies - NSA, CIA, FBI, etc. - that
>are mentioned far more often than their counterparts in other
>countries.
>
>For my part, I just don't see where the US agencies rate such special
>mention.

In connection with the Intel ME, one might suspect that the US
agencies have better ways of convincing Intel to provide backdoors for
them.

>They don't seem worse in any real sense than any of the
>others. Maybe owing to the American press, their (mis)deeds get
>publicized more?

Not just the US press. Edward Snowden revealed things about the NSA
and GSHQ to the world (not just the USA) that many would have
considered paranoid delusions before his revelations. It may be that
other agencies and agencies of other states do the same things, but
it's no surprise that one thinks first of the NSA (not CIA or FBI)
when the topic is using our own technology for spying on us.

- anton
--
M. Anton Ertl Some things have to be seen to be believed
an...@mips.complang.tuwien.ac.at Most things have to be believed to be seen
http://www.complang.tuwien.ac.at/anton/home.html

[Nick Maclaren]

In article <rlul1d5gtf873u43j...@4ax.com>,

And perhaps it is just because they are massively the best funded,
and hence most powerful and widely active?

I agree that there is no great moral distinction, but there is a
distinction of scale. Inter alia, when the USA says 'frog', the UK
government jumps to attention. And, no, their misdeeds do NOT get
publicised more - the current one to demonise is Russian, despite a
paucity of evidence.


Regards,
Nick Maclaren.

[Mike]

"Anton Ertl" <an...@mips.complang.tuwien.ac.at> wrote in message
news:2017Nov2...@mips.complang.tuwien.ac.at...

The predecessor agencies of the NSA and GCHQ were extremely important
to Allied victory in WWII. They probably shortened the war by at
least a year and thus saved several millions of lives. Unfortunately,
the never ending threat of terrorist attack has expanded their
portfolio to include internal communications and "persons of
interest" who are citizens of the USA and UK. This has created a
terrible new threat of government reasources used to collect
information for blackmail and partisan advantage.

We need the NSA and GCHQ but they must be placed under strict controls
so that their internal "take" can only be used for counter terror and
counter espionage.

Mike

[MitchAlsup]

On Sunday, November 26, 2017 at 2:38:58 PM UTC-6, Nick Maclaren wrote:
> And, no, their misdeeds do NOT get
> publicised more - the current one to demonise is Russian, despite a
> paucity of evidence.

A Paucity of evidence that is allowed to be made public does not necessarily
mean that there is an actual paucity of evidence.

[Terje Mathisen]

Mike wrote:
> The predecessor agencies of the NSA and GCHQ were extremely important
> to Allied victory in WWII. They probably shortened the war by at
> least a year and thus saved several millions of lives. Unfortunately,
> the never ending threat of terrorist attack has expanded their
> portfolio to include internal communications and "persons of
> interest" who are citizens of the USA and UK. This has created a
> terrible new threat of government reasources used to collect
> information for blackmail and partisan advantage.
>
> We need the NSA and GCHQ but they must be placed under strict controls
> so that their internal "take" can only be used for counter terror and
> counter espionage.

Here's a real/moral question:

Why is it OK for NSA and similar agencies to spy on their allies but not
their own citizens?

If it is a question of "us vs them", it seems to me that all of NATO
should be included on the good side, even if that would pretty obviously
miss a lot of potetial evidence.

Alternatively, since the US is losing more people to mass shootings than
terror (or war?), and have done so every single year, at least since
Vietnam afaik, why don't Congress authorize the NSA to use all of its
resources for domestic spying in order to stop this?

[Rick C. Hodgin]

On Monday, November 27, 2017 at 1:46:33 AM UTC-5, Terje Mathisen wrote:
> Alternatively, since the US is losing more people to mass shootings than
> terror (or war?), and have done so every single year, at least since
> Vietnam afaik, why don't Congress authorize the NSA to use all of its
> resources for domestic spying in order to stop this?

There seems to be a very focused and concerted effort to destroy
America from within. It has been proceeding since the time of JFK's
assassination. Have you ever heard this speech he gave?

Short version:
https://www.youtube.com/watch?v=QeYgLLahHv8

Full version:
https://www.youtube.com/watch?v=zdMbmdFOvTs

He talks about a shadow government conscripting vast human resources
for alternate purposes than their elected or corporate offices would
indicate, as by job description or function. We see the fruit of
these efforts as America is being systematically dismantled from
within. Recently, our legitimate history was attacked as they used
the negative aspects of slavery to remove things related to our Civil
War. The Civil War wasn't about slavery, but was about state's rights
vrs. the federal government's rights. Slavery just happened to be
the key out-front issue.

America is being groomed for failure. It will happen economically,
and it will be devastating. People will welcome the new, non-U.S. Constitution
government that will be offered because our citizens will be hurting
so much.

--
Rick C. Hodgin

[Bruce Hoult]

On Monday, November 27, 2017 at 9:46:33 AM UTC+3, Terje Mathisen wrote:
> Alternatively, since the US is losing more people to mass shootings than
> terror (or war?), and have done so every single year, at least since
> Vietnam afaik, why don't Congress authorize the NSA to use all of its
> resources for domestic spying in order to stop this?

While these mass shootings are awful things, and it would be great if they could be reduced without turning every country into a total surveillance police state (which your proposal would do), the USA is a big country and it's not as bad a problem as you might think.

Don't forget a total of over 2.5 million people die a year in the USA.

CNN managed to find a total of 516 people killed in mass shootings in the 68 years since 1949. About 8 a year on average, though growing recently (as is the population).

That's less than a week of car accidents at the current rate, maybe three days at the peak. You are something like 3500 times more likely to die in a car crash than in a mass shooting.

You're more likely to get hit by lightning than to die in a mass shooting.

In fact in the USA about 500 people get hit by lightning EVERY YEAR. On average 51 of them die (90% live). You are six times more likely to DIE from a lightning strike than in a mass shooting.

[Alex]

On 27-Nov-17 09:07, Rick C. Hodgin wrote:
> Recently, our legitimate history was attacked as they used
> the negative aspects of slavery to remove things related to our Civil
> War.

There are positive aspects of slavery?

--
Alex

[Anton Ertl]

MitchAlsup <Mitch...@aol.com> writes:
>A Paucity of evidence that is allowed to be made public does not necessarily
>mean that there is an actual paucity of evidence.

15 years ago that argument was made about the evidence about weapons
of mass destruction in Iraq. It failed to convince me. In hindsight,
my mistrust was justified.

[Anton Ertl]

Bruce Hoult <bruce...@gmail.com> writes:
>You are something like 3500 times more likely to die in a =

>car crash than in a mass shooting.

You are also much more likely to die in a car crash that is not
classified as terrorist attack than in something that is then
classified terrorist attack (e.g., 9/11 was about a month's worth of
traffic deaths in the USA), and the death toll from the environmental
effects of cars is supposedly even higher. Interestingly, our
societies are very reluctant when it comes to restricting cars in any
way, and punishing drivers who have endangered or killed other people,
yet are quite eager to give up privacy and lots of other freedoms and
to invest huge amounts in measures that supposedly protect against
terrorist attacks.

[Rick C. Hodgin]

No. It should read:

They used the negative aspects of slavery to remove the positive
things associated with our Civil War, in that even though the war
resulted in terrible casualties and a scar and ongoing pain, its
existence and operation is part of our history. We must remember
that history or else we are doomed to repeat it.

They have taken down monuments to the Civil War. The forces at work
are attempting to undermine our nation's leaders, discrediting even
the works of our "founding fathers," citing those things they did at
that time, which would not be accepted today, but were part of the
norms of society at that time, as heinous and unreasonable, and there-
fore are to be shunned. And whereas many of those things they did at
that time, such as own slaves, is reprehensible, the negative aspects
of those things are being used to remove the positive aspects they
gave us, which is the U.S. Constitution, our Bill of Rights, those
things which have been revered and copied for so long by other nation
states.

It's like when they want to introduce new security measures to monitor
Internet traffic. They don't say they are doing it to keep a record
of regular people's activities. They say they're doing it to prevent
child pornography from proliferating.

They use the most negative and vile aspects of something to achieve
their true goal, because who could argue FOR child pornography? And
in this case of removing the symbolism we have from the Civil War,
the reminder of what it meant, what it cost us, etc., they are using
the negative aspects of slavery to accomplish their goals, when it is
far more important that we remember what the war was really about, and
that there was a real reason it was fought, and it wasn't just over
slavery, but over state's rights.

Have you heard of this campaign:

https://www.conventionofstates.com

It is an attempt to restore state's rights even in the 2010s.

--
Rick C. Hodgin

[Bruce Hoult]

On Monday, November 27, 2017 at 4:26:32 PM UTC+3, Anton Ertl wrote:
> Bruce Hoult <bruce...@gmail.com> writes:
> >You are something like 3500 times more likely to die in a =
> >car crash than in a mass shooting.
>
> You are also much more likely to die in a car crash that is not
> classified as terrorist attack than in something that is then
> classified terrorist attack (e.g., 9/11 was about a month's worth of
> traffic deaths in the USA), and the death toll from the environmental
> effects of cars is supposedly even higher. Interestingly, our
> societies are very reluctant when it comes to restricting cars in any
> way, and punishing drivers who have endangered or killed other people,

I think on the whole we've got it approximately right with cars. The speed limits are too low in many places, the training too lax, and crashes should definitely be regarded more as avoidable and someone's fault not as some kind of Act of God.

I can't think of anyone I've personally known who was killed in a car crash.

Motorcycles yes, bicycles yes, small aircraft yes, even airliners yes (though on a charter sightseeing flight to Antarctica, not a regularly scheduled flight).

But not car. Rates are under 1 in 10000 per year in civilized countries, and much less than that among people who are educated, sensible, have vehicles in good repair, and don't drive drunk.

> yet are quite eager to give up privacy and lots of other freedoms and
> to invest huge amounts in measures that supposedly protect against
> terrorist attacks.

And we are absolutely getting this very wrong, vastly overreacting compared to the actual danger.

[Quadibloc]

On Sunday, November 26, 2017 at 11:46:33 PM UTC-7, Terje Mathisen wrote:

> Here's a real/moral question:

> Why is it OK for NSA and similar agencies to spy on their allies but not
> their own citizens?

It's OK for the NSA to spy on _enemy_ countries.

However, there is no easy way to keep track of which countries are
currently enemies.

Thus, the question isn't a moral one, but a legal one: it's not
practical to make a law prohibiting the NSA from spying on U.S. allies
and their citizens... but there _is_ a law on the books prohibiting
the NSA from spying on Americans.

Thus, one tries to solve the easy problems first.

John Savard

[Quadibloc]

On Monday, November 27, 2017 at 2:07:52 AM UTC-7, Rick C. Hodgin wrote:
> Recently, our legitimate history was attacked as they used
> the negative aspects of slavery to remove things related to our Civil
> War. The Civil War wasn't about slavery, but was about state's rights
> vrs. the federal government's rights. Slavery just happened to be
> the key out-front issue.

Slavery was evil, in the same way that the Holocaust was evil.

It constituted a failure on the part of Lincoln and previous U.S. Presidents
that they did not do everything physically within their power to rescue the
slaves regardless of what the U. S. Constitution may have said - because the
laws of man can't make right wrong or wrong right.

Yes, the rationale for the Civil War on the part of the Union was to keep the
U.S. united and strong. Secessionism in the South was because it was made
nervous by the rest of the country awakening to the evil of slavery.

But this should not be used to confuse people about the only moral issue.
Slavery was an absolute wrong and evil, and continued legal discrimination
against black people in the South - which was tolerated because Reconstruction
was terminated before the evil of hatred was firmly stamped out and black people
there had total and absolute equality firmly established - was also an absolute
wrong and evil.

John Savard

[MitchAlsup]

On Monday, November 27, 2017 at 7:28:55 AM UTC-6, Rick C. Hodgin wrote:
> On Monday, November 27, 2017 at 8:04:56 AM UTC-5, Alex wrote:
> > On 27-Nov-17 09:07, Rick C. Hodgin wrote:
> > > Recently, our legitimate history was attacked as they used
> > > the negative aspects of slavery to remove things related to our Civil
> > > War.
> >
> > There are positive aspects of slavery?
>
> No. It should read:
>
> They used the negative aspects of slavery to remove the positive
> things associated with our Civil War, in that even though the war
> resulted in terrible casualties and a scar and ongoing pain, its
> existence and operation is part of our history. We must remember
> that history or else we are doomed to repeat it.
>
> They have taken down monuments to the Civil War. The forces at work
> are attempting to undermine our nation's leaders, discrediting even
> the works of our "founding fathers," citing those things they did at
> that time, which would not be accepted today, but were part of the
> norms of society at that time, as heinous and unreasonable, and there-
> fore are to be shunned.

Why are we supposed to have monuments to Traitors, and losers?
Unless you can come up with an argument that the confederates were not
traitors to the USA, and that they did not LOSE the war, the statues
are honoring treason, and failure.

I bet if you tour Germany, you won't find statues of Hitler, Goering, and
the rest of the Nazis.

[Rick C. Hodgin]

On Monday, November 27, 2017 at 10:24:19 AM UTC-5, Quadibloc wrote:
> It constituted a failure on the part of Lincoln and previous U.S. Presidents
> that they did not do everything physically within their power to rescue the
> slaves regardless of what the U. S. Constitution may have said - because the
> laws of man can't make right wrong or wrong right.

It was the overt cowardice of John Adams which brought slavery forth
in the U.S. The issue was already resolved by the committee created to
pursue the possibility of creating a U.S. Declaration of Independence
that slavery would be abolished, and for the reasons you state. But
big and powerful business interests were at work at that time, and the
whole idea of what became America would've ended right then and there
by a decision from North Carolina to vote against the declaration's
passage.

John Adams and others should've stood their ground and insisted that
the clause to abolish slavery be kept at that time. It would've re-
sulted in a war, and the geography of North America might look very
different today.

Big business is the cause of all issues which go against God. It is
written in scripture:

For the love of money is the root of all evil, which while some
coveted after, they have erred from the faith, and pierced
themselves through with many sorrows.

It is the same "covet means" that JFK talks about in his secret
societies speech cited above.

It's why we can't have a foundation on anything built atop business.
We must have it only built atop Jesus Christ, because Jesus has at His
whole heart's interests us. Mankind. He has us collectively, and also
individually in His consideration.

Men and women need to step forward and stand up for Jesus in this world
to lead the way unto righteousness. And other men and women need to
step forward as guards and ensure that those who step forward are doing
so rightly, because in this sinful world, with a spiritual enemy able
to influence us invisibly where we're weakest, and with us (born again
Christians) still being here tied to these sinful bodies, it is very
easy to draw us away from the truth, to trick us, and fool us into sin.

It requires a real, concerted, conscious effort to maintain focus. It
requires being willing to lose all, to go it alone, to stand up and be
literally the ONLY voice standing up for that which is of Christ. And
there are very few people willing to do that.

-----
The only way things will be done rightly in this world is when men and
women turn to Jesus Christ and say with conviction and passion, "Lord,
lead me to help lead all of your people."

Each of us has a role to play. Each of us has our part in the body of
Christ here on this Earth. But those who are asleep today, who are not
yet believers, they must wake up and come to believe and engage actively
their faith. They can't be idle talkers, but they must be conscientious
doers, and rightly focused, rightly grounded, rightly moving.

And with the enemy at work in literally everyone who is not born again,
and even through the sinful draws and pulls of many who are born again,
it is a very very difficult battle, and one I face daily even in my own
walk. I saw a post on Twitter recently that said (paraphrased): "Our
greatest battles for the Lord are in our own obedience to His will."

Jesus leads us rightly. We must encourage one another to follow Him
rightly, to be willing to take less for ourselves so that others have
more, to use the skills we have not for worldly gain, but for the far
greater reward of knowing we made someone's life better, and even many
people's lives better.

Ours is a walk of conviction, purpose, and a full pursuit of truth
applied to our lives, and to our communities, our nation, and all of
mankind.

It can only be that way. And it will only be that way for eternity.
It's just here in this sinful world where things are able to be differ-
ent, but even then it's only for a time.

--
Rick C. Hodgin

[Rick C. Hodgin]

On Monday, November 27, 2017 at 11:26:28 AM UTC-5, MitchAlsup wrote:
> Why are we supposed to have monuments to Traitors, and losers?

They were men of conviction. The happened to be on the losing side,
and for all who supported the issue of slavery, they were on the wrong
side, but the issue of State's rights versus Federal government's rights
is an issue that dates back to the late 1700s. It was hotly debated in
the Federalist Papers and Anti-Federalist Papers, available for reading
today.

The view of state's rights has been lost over time, and since the
creation of the Federal Reserve Bank through the Glass Owen Act of
1913, passed right before Christmas when all "respectable" Congressmen
had already gone home to be with their families over the holiday.

https://www.youtube.com/watch?v=Dl5dkOruB9U

The purpose of monuments to past wars is to remind us of what happened,
to engage our minds and research the issues at stake. Not everyone in
the south wanted slavery, and not everyone in the north wanted it
abolished. It was a hotly divided topic as well, and was the single
driving force which took us to war, but the baser more fundamental
issue was whether or not a state had the right to choose for itself
whether they could make their own laws, of if a single, central, unified
government would dictate for all.

The Confederate States of America was called a "confederate" for that
purpose. They wanted stronger states rights. They wanted to band to-
gether for their mutual protection and economic growth, but to also
remain isolated and free to make their own laws subject to their own
people.

The United States of America looks to have a single central government
controlling all of the states. Even the original intent of the framers
of our Constitution were undone when Senators were no longer appointed
by the states, but were moved to popular election by the 17th Amendment.

There has been a massive move to move us away from a Republic and make
us more of a Democracy. In a Republic we have rights, and states have
rights, and the way our government was setup is upheld. In a Democracy
it's like mob rule, where those who make the most noise choose how
things go.

I'll never forget the scenario about the lone citizen who, with the
rule of law on his side, could defeat an entire nation's attempt to
deprive him of his property. That's a republic, and that's a system
of government that looks out for the rights of the individual. That
is what our U.S. Constitution was supposed to be, that the sole pur-
pose of government was to secure men's rights (issues of slavery aside
for the moment).

What we have today is a strong central government usurping and replacing
our rights with look-alike privileges so we don't see things eroding
away, but they are being taken away little by little because of our
complacency. "The cost of freedom is eternal vigilance." But we have
not been vigilant, and we have not been willing to lose all, so we are
now at the brink of all of us losing all by our collective complacency.

> Unless you can come up with an argument that the confederates were not
> traitors to the USA, and that they did not LOSE the war, the statues
> are honoring treason, and failure.

They did lose. We see the effect of that loss today. We see a strong
government dictating atop states, and therefore atop citizens, what they
can and cannot do on most matters, with very few still left up to the
states individually.

I believe in state's rights. I believe that each state should decide
for themselves on most matters. But I do not believe in unethical
things. People often use things like legalized prostitution, or legal-
ized gambling as being the side-effect of a state choosing for itself
what laws should exist. And whereas that's a real and distinct possi-
bility, it's not what I support, and it's the reason why I say we have
to have our foundation not upon money interests, but upon Jesus Christ.

Only then are we moving as men as we should, because our interests are
on the One whose interests are on us rightly, properly, in wholesome
goodness, with everything He gifts us with going out to all as He first
intended, etc.

> I bet if you tour Germany, you won't find statues of Hitler, Goering, and
> the rest of the Nazis.

I don't know. I've never been there.

--
Rick C. Hodgin

[MitchAlsup]

On Monday, November 27, 2017 at 10:46:15 AM UTC-6, Rick C. Hodgin wrote:
> On Monday, November 27, 2017 at 11:26:28 AM UTC-5, MitchAlsup wrote:
> > Why are we supposed to have monuments to Traitors, and losers?
>
> They were men of conviction. The happened to be on the losing side,
> and for all who supported the issue of slavery, they were on the wrong
> side, but the issue of State's rights versus Federal government's rights
> is an issue that dates back to the late 1700s. It was hotly debated in
> the Federalist Papers and Anti-Federalist Papers, available for reading
> today.

It is ALSO settled law. The Federal government has the right to prevent
states from leaving the union. Those who try are Traitors.

Now, the reason they wanted to leave the union is that they wanted to
continue holding slaves. You yourself admit that holding slaves is wrong,
so here, the government has the right to prevent harm to helpless slaves.

Nor does being brave and honorable take away from being a traitors.
Nor does it change the history that they lost.

I am all for peoples getting more freedoms and governments preventing other
peoples from trying to prevent peoples from obtaining freedoms. Such as the
freedom, for gays, lesbians, and other humans for form lifelong bonds
under the simple and easy statutes we call marriage. Such as the right
of a gay, lesbian, queer to order a cake baked for their "big day" and
a bakery that is open to the peoples does not have the right to say no.

Just like a coffee shop in Mobile should not have the right to avoid
serving colored peoples. This too, is settled law.

Yet, these are the exact things that people advocating states rights
want--want to actively and indiscriminately harm peoples whom they
have never met and whom have never done them any harm.

If Jesus was a baker, I'm sure Jesus would bake that cake, and serve
that coffee.

It constantly amazes me that a religion founded on the basic premise of
forgiveness is unwilling to forgive nor treat all others with dignity and
respect.

[Rick C. Hodgin]

On Monday, November 27, 2017 at 7:28:50 PM UTC-5, MitchAlsup wrote:
> On Monday, November 27, 2017 at 10:46:15 AM UTC-6, Rick C. Hodgin wrote:
> > On Monday, November 27, 2017 at 11:26:28 AM UTC-5, MitchAlsup wrote:
> > > Why are we supposed to have monuments to Traitors, and losers?
> >
> > They were men of conviction. The happened to be on the losing side,
> > and for all who supported the issue of slavery, they were on the wrong
> > side, but the issue of State's rights versus Federal government's rights
> > is an issue that dates back to the late 1700s. It was hotly debated in
> > the Federalist Papers and Anti-Federalist Papers, available for reading
> > today.
>
> It is ALSO settled law. The Federal government has the right to prevent
> states from leaving the union. Those who try are Traitors.

What about us, Mitch? We were a British colony. In declaring our own
Independence from England we were Traitors. England came and fought
two wars against us to try and reclaim us. It was only the ocean that
kept us safe. The Confederate States of America didn't have that
luxury, so history is written by the victors.

> Now, the reason they wanted to leave the union is that they wanted to
> continue holding slaves. You yourself admit that holding slaves is wrong,
> so here, the government has the right to prevent harm to helpless slaves.

It wasn't just slavery. People who write such things have never read
or studied the root issues. Slavery was the business interest that
drove people to secede, but the issue of state's rights had been there
since the creation of our nation.

The southern states wanted to leave the union because they wanted to
choose for themselves the rule of law in their territories. Slavery
happened to be the big money force at work, but the war was not just
about slavery. Many in the south didn't even believe in slavery, nor
own slaves, but those who stood to lose financially were securing their
interests ... just as today.

> Nor does being brave and honorable take away from being a traitors.
> Nor does it change the history that they lost.

You have a very narrow vision of things, Mitch. There's more depth
and nuance to reality than summary assessments provide.

The Civil War was wrong. People should've come together and reasoned
their arguments and concluded an agreement together, but that's not
how sin operates in this world. Spiritual rulers of wickedness in
high places seek their opportunistic power plays. They work through
the sinful men and women of this world, seeking out those who have a
high degree of influence or power or prestigue. As a result, sinful
men become unwitting pawns in those efforts, often times not even
being aware of what they're doing when they act, as there are spirits
acting through them augmenting their own thinking, their own reasoning,
their own feelings, and this inevitably results in wars, deaths,
bombings, hatred, and so on, in political circles.

The singer Beyonce, by the way, speaks about Sasha Fierce, an alter-
ego who shows up when she performs. She describes being able to feel
the physical descent of this spirit being, which then makes her able
to go out and perform far more impressive shows than she says she can
do on her own:

At 2:15:
https://www.youtube.com/watch?v=BtTlFW9_sTI&t=2m15s

"And I remember right before I performed I raised my hands up and
it was kind of the first time I felt something else come in to
me, and I knew that was going to be my coming out night for the
BET awards."

Other singers talk about the same thing. They're in the limelight,
they're center stage... those same evil spirits seeking to operate
in men and women all over this world seek out those in high positions
or in positions of visibility. They are rebelling against God, and
want to be the center of attention, so they show up where they can
have eyes on them.

It's why popular singers start wearing outfits like this:

http://4.bp.blogspot.com/-R2W_O8MZjSw/VfFg1xMtznI/AAAAAAAByMw/T9Gt4cLXDxc/s1600/1971.%2BWhite%2BPinwheel.jpg

We read in scripture what Lucifer looked like, and you correlate that
angels had beautiful bodies, and it's no wonder why they try to re-
claim some of that "glory" of their angelic bodies, which they can no
longer move around in because of their being kicked out of Heaven and
reserved in chains until the day of judgment, but they can only come
out into this world spiritually:

https://www.biblegateway.com/passage/?search=Ezekiel+28%3A13-19&version=KJV

13 Thou hast been in Eden the garden of God; every precious stone
was thy covering, the sardius, topaz, and the diamond, the beryl,
the onyx, and the jasper, the sapphire, the emerald, and the
carbuncle, and gold: the workmanship of thy tabrets and of thy
pipes was prepared in thee in the day that thou wast created.

In Heaven, precious stones are different than they are here. They're
like something flexible and beautiful, not hard and merely shiny. But
even so, those evil spirits seek to restore some of their appearance
when they are on stage, hence the sequins and glitter, reflective of
the bodies they lost when they rebelled.

Michael Jackson even had one glove, symbolizing the duality at work:
the man, and the spirit:

http://cdn-img.instyle.com/sites/default/files/styles/684xflex/public/images/2010/wrn/062810-MJ-glove-300.jpg?itok=p0k75Qqd

> I am all for peoples getting more freedoms and governments preventing other
> peoples from trying to prevent peoples from obtaining freedoms. Such as the
> freedom, for gays, lesbians, and other humans for form lifelong bonds
> under the simple and easy statutes we call marriage. Such as the right
> of a gay, lesbian, queer to order a cake baked for their "big day" and
> a bakery that is open to the peoples does not have the right to say no.

It is a violation of God's law. In pursuing your personal beliefs
about what is right or wrong you rise up against God and declare that
He is wrong in His declarations. You set yourself up an enemy of God,
Mitch.

> Just like a coffee shop in Mobile should not have the right to avoid
> serving colored peoples. This too, is settled law.

There are spiritual battles at work, Mitch. I pray someday you can
see that it's not just men working, but it is spiritual forces at
work through sinful men.

> Yet, these are the exact things that people advocating states rights
> want--want to actively and indiscriminately harm peoples whom they
> have never met and whom have never done them any harm.
>
> If Jesus was a baker, I'm sure Jesus would bake that cake, and serve
> that coffee.

I doubt he would bake a cake to partake in a gay wedding, but he would
serve everyone personally, one-on-one, as an offering of His own love
and giving. But He would not partake in sin.

And I can guarantee you that those who were around Jesus could feel the
presence of His Holy Spirit, and were moved to the point of their best
behavior automatically, even if their best behavior might be less than
someone else's.

> It constantly amazes me that a religion founded on the basic premise of
> forgiveness is unwilling to forgive nor treat all others with dignity and
> respect.

We look to God first. He has judged homosexuality. He has judged sin.
He has told us what will keep a person out of Heaven, and what will
send them to Hell.

We teach the things He taught.

When you have a problem with these teachings, Mitch, it goes back to
your root and fundamental issue with God, and not with those who are
conveying His guidance accurately.

-----
You think only in man's terms, Mitch, which is why you find fault with
God. God is spirit, and it requires spiritual discernment to be able
to understanding rightly the things of God. In our corrupt flesh, we
are so tainted by sin we cannot know the truth, but are continually
deceived by those evil spirits into lie after lie after lie such that
we only do evil continually from childhood.

--
Rick C. Hodgin

[Joe Pfeiffer]

MitchAlsup <Mitch...@aol.com> writes:

> On Monday, November 27, 2017 at 10:46:15 AM UTC-6, Rick C. Hodgin wrote:
>> On Monday, November 27, 2017 at 11:26:28 AM UTC-5, MitchAlsup wrote:
>> > Why are we supposed to have monuments to Traitors, and losers?
>>
>> They were men of conviction. The happened to be on the losing side,
>> and for all who supported the issue of slavery, they were on the wrong
>> side, but the issue of State's rights versus Federal government's rights
>> is an issue that dates back to the late 1700s. It was hotly debated in
>> the Federalist Papers and Anti-Federalist Papers, available for reading
>> today.
>
> It is ALSO settled law. The Federal government has the right to prevent
> states from leaving the union. Those who try are Traitors.

Those who try now are traitors (calexit supporters take note). It was
most assuredly *not* settled law before the Federal government fought a
war that settled it.

[MitchAlsup]

On Monday, November 27, 2017 at 7:30:30 PM UTC-6, Rick C. Hodgin wrote:

>
> We look to God first. He has judged homosexuality.

What Jesus said about homosexuality: " ". That is nothing.

I don't care what god has said about homosexuality, nor do I care about
what a set of people said about it 4,000-2,000 years ago. We live in a
modern era where peoples are allowed to follow lifestyles of their choice.

[Stefan Monnier]

> There's a difference between making the code open-source or free, on the one
> hand, and allowing modifications to in-use systems without new validation,
> on the other.

If I can't replace the software in the machine I'm using, than *its*
version is not Free Software AFAIC, even if the manufacturer distributes
some Free Software version of the code on some web-site somewhere.


Stefan

[Stefan Monnier]

> Would there not be doubters who would suspect the changes were in order to
> make it easier for the NSA to hack everyone?

I clearly don't trust the NSA in such matter, but if they publically
disclose the patch they suggest, then we could review it and assess its
value independently from its origin.


Stefan

[Stefan Monnier]

>> Recently, our legitimate history was attacked as they used the
>> negative aspects of slavery to remove things related to our
>> Civil War.
> There are positive aspects of slavery?

Apparently there were sufficient positive aspects to slavery to motivate
the american colony to fight a war of independence so it could continue
practicing it ;-)


Stefan

[Quadibloc]

On Monday, November 27, 2017 at 8:42:02 PM UTC-7, Joe Pfeiffer wrote:

> Those who try now are traitors (calexit supporters take note). It was
> most assuredly *not* settled law before the Federal government fought a
> war that settled it.

Court cases make settled law, not wars.

Essentially, laws aren't determined by the competency of the
local constabulary to enforce them. Otherwise, the laws
relating to drug abuse wouldn't be "settled".

John Savard

[Niklas Holsti]

Sure, you should be able to replace the SW in the machine, and even use
the modified machine, as long as you only risk your own life.

But the replaced SW should be validated pretty well before you are
allowed to use the machine in such a way that a bug in the replaced SW
could kill other people.

There are any number of well-established parallels, for example
self-built experimental aircraft: you can build one any way you like,
but it has to be inspected and approved before you can legally fly it.

--
Niklas Holsti
Tidorum Ltd
niklas holsti tidorum fi
. @ .

[Anders....@kapsi.spam.stop.fi.invalid]

Quadibloc <jsa...@ecn.ab.ca> wrote:
> This scenario suggests an amusing possibility. Let us imagine the NSA
> were to review Intel's Management Engine and suggest changes so that American business would not be left vulnerable to hackers.

>
> Would there not be doubters who would suspect the changes were in order to
> make it easier for the NSA to hack everyone?

See <https://en.wikipedia.org/wiki/Data_Encryption_Standard#NSA's_involvement_in_the_design>

-a

[George Neuner]

Yeah. The problem is the NSA is a schizophrenic organization ...
there is a public "white-hat" division devoted to creating safer
computing and telecommunications. It wrestles with the "black-hat"
division devoted to breaking into and spying on computing and
telecommunications.

I have heard that there is a proverbial "chinese wall" between the two
divisions. The white-hats design some new system or protocol they
think is safe(r), and give it to the black-hats to try to break. If
the black-hats succeed, they don't reveal how they broke it - they
just send the white-hats back to the drawing board. And round and
round it goes.

It's the white-hat division that participates in the standards.
However, whatever the white-hats know, the black-hats know also.


Also remember that the only truly unbreakable encryption is the
"one-time pad" where key and plaintext are of equal length and keys
are never reused. The logistics of key distribution prevent easy use.
https://en.wikipedia.org/wiki/One-time_pad

Any other method can be broken given enough time and compute power.
The objective of most encryption schemes isn't to be unbreakable, but
rather just to make breaking it costly enough that most people can't
afford to do it.

Any government, major corporation, or big hacker botnet has got the
resources to (eventually) break almost any encryption scheme without
it having to be weakened in any way.

I don't worry about the NSA reading my data because the NSA isn't
likely to sell my information or bombard me with advertising. I worry
about Google reading my data because it most assuredly will do both.

YMMV,
George

[Quadibloc]

On Saturday, December 9, 2017 at 1:16:03 PM UTC-7, George Neuner wrote:

> Also remember that the only truly unbreakable encryption is the
> "one-time pad" where key and plaintext are of equal length and keys
> are never reused. The logistics of key distribution prevent easy use.

This is true enough. But it also depends on your threat model.

Look up "bit-flipping attack".

John Savard

[Robert Wessel]

I don't think that's a fair characterization. The selection criteria
of modern ciphers is such that it should be impractical to crack by
anyone, and for the foreseeable future. For example, there is no hint
that AES can be cracked by anyone. Certainly any non-OTP cipher can
theoretically be cracked given enough computing resources, but for
something like AES-128 that will require more resources than are ever
likely to be available to anyone*. With the possible exception of
quantum systems, which might reduce the complexity of AES-128 to a
much more plausible ~2**64. And, of course, baring some breakthrough
in the cryptanalysis of AES.

Now if we're talking about entire cryptosystems, those are usually
where the major weaknesses are.


*The Landauer limit implies that even *counting* through the 2**128
keys (much less actually attempting to test them) would take some
10**18 Joules (about three days of the world's entire energy output,
or about the output of a 200 megaton nuclear device**). And that's
the theoretical limit - real hardware operates ~100 million times less
efficiently.

If that's not enough, just counting to 2**256 requires the equivalent
of the conversion of a couple billion times the mass of the sun to
energy. Call it roughly a third of the mass of the Small Magellanic
Cloud***.

**IOW, even if someone did this, it *would* be noticed, and everyone
would change to longer keys before you could make much use of that.

***ibid(!)