Raspberry brings out 5 dollar computer

Writing multithreaded apps in C++ isn't hard. I usually handle thread interactions manually, but there are widely-accepted standards such as MPI that make it pretty easy. The thing that gets tougher is debugging them.

IBM Visualage C++ 3.08 (circa 1998) had the most beautiful debugger I've ever seen. It made multithread debugging almost as easy as single-thread. Visual Studio is fairly far behind, and all the Linux ones I've used are primitive by comparison.

A guy called Cristian Vlasceanu wrote a very nice debugger called zerobugs, but it only ran on Ubuntu 11.x. :( It left the usual gdb+eyecandy offerings in the dust.

Cheers

Phil Hobbs

On a sunny day (Thu, 26 Nov 2015 17:05:45 -0800 (PST)) it happened snipped-for-privacy@yahoo.com wrote in :

Yes, there sure is a way to use multiple cores in Linux, or direct processes to specific cores, for example for steps in video processing But 6?

That Sony chip (Playstation 2?) that was manufactured by IBM in those days, was next to impossible to program.

So 2 cores, 4 cores, it depends on what you want to do. I have read Intel wants to up it now to I think 32 cores it was?

It is a bit like audio amps with 0.1 %, 0.001 %, and not to forget the high end with .0000001 % distortion.

Marketing.

If you are brute forcing keys, or doing fast simulations, a vector system with FPGA will beat it I think, or modern graphics card hardware. Maybe for those high definition games... But slimulations are taking way out of context these days, you can slimulate with defective equations all you want to whatever speed, and conclude what the universe looked like and what waves radiate from the planet but hey, artist impressions are simpler an Hollywood does a better job.

Famous last words. It's 2015, dude, and that approach won't cut it any more .

That's the attitude that has left most of the SCADA systems in the world so depressingly vulnerable. People have been shipping malware-infested securi ty cameras recently, for instance. Razzpies are easily common enough to att ract attention from baddies.

Sad but true.

Cheers

Phil Hobbs

You must be a Windows user.

Haven't seen much if any Linux vulnerabilities. The Windows stat sites would have you believing that it has a higher vulnerability count than Windows does. You must, however, use your noggin to see through the bullshit.

Are they Linux based computer platforms?

Malware? Sounds like a Windows thing.

They can try.

Have any citations for successfully penetrated user systems?

Servers get attacked but few get much more than a DOS slowdown.

Individual systems are as tight as it gets unless the idiot runs as root all the time. You know, like Windows does by default.

I think the new version (Rpi 2) may have the USB bugs fixed, have you tried it? Dunno about this Rpi zero but perhaps they have learnt from their mistakes!

(I should know better than to engage in a security related discussion, especially well after midnight).

The problem is not in the hardware or Linux OS. In this case, it was shipping the cameras with an old imbedded Linux with open SSH and Telnet ports with a root/admin login and a common default password. What are these cameras doing connected directly to the internet instead of going through a router/firewall? Probably because IPv6 makes it easy to expose such devices directly to the internet (because IPv6 does not allow NAT).

In my never humble opinion, all such devices should be shipped with the security nailed down tight. I made a half hearted effort at convincing a few wireless router manufacturers and ranting in a wireless newsgroup, that open ports, default passwords, and disabled wi-fi encryption were bad ideas. Extra credit to manufacturers that ship their managed devices with SNMP enabled and setup with the usual default community names: I failed. Most chose convenience over security. Of course, that didn't stop them from advertising their products as some manner of "security device".

Anyway, don't assume that having a network port on the board will let the world in. Like a common house door, leaving the key hanging on the doorknob, or simply not locking the door are the real problems.

Yep. Nobody does backups until after they've lost data in a crash or accident. Nobody cares about security until after they've been hacked or hijacked.

Happy Day of the Turkeys.

On a sunny day (Fri, 27 Nov 2015 09:31:26 +0000) it happened John Devereux wrote in :

Nope, I needed some more raspis for a project, and becasue of the new header decided to order some old B versions, to save time.

Do not assume... And how about the MPEG2 decoding key? I now have 2 keys for 2 raspis. It was an other few dollars for each.

Tell that to the Iranians. ;)

The lock-and-key thing is a false analogy. Everyone knows that locks can be picked, most quite easily. They're there to make thieves go find an easier target. If we were invaded by trillions of lock-picking ants from outer sp ace, we'd be sorry we had relied on that.

On a more prosaic level, though, the whole security-by-correctness project is doomed for systems with attack surfaces as large as those of a modern OS . Look at the recent rash of horrible bugs in SSL, and the probable crackin g of widely-used forms of 1024-bit Diffie-Hellman by the NSA.

And that's for systems that get patched regularly. SCADA and a lot of other infrastructure generally don't.

Cheers

Phil Hobbs

On Fri, 27 Nov 2015 02:29:24 -0800 (PST), Phil Hobbs Gave us:

Now you are being presumptuous.

Linux and the Unix it was based on have been the most secure OSes since personal computing entered the game. All Windows machines are vulnerable, and they always have been.

The paradigm followed by Linux is as secure as it gets, and if the lock and key thing is a bad or false analogy due to doors being easily pickable, then the reason Linux machines do not fit it are because they are NOT pickable.

Oh and there are door locks which are quite unpickable and a locksmith would tell the person that as soon as he arrived to find that model being incorporated. And there are magnetic key locks which are also nearly unpickable. The video game industry used them and the machines stopped being picked and crowbars were needed. The other type is the round vending machine type. They too are very difficult to get by.

Remember time is a factor and your remarks did not include the term "eventually", and that is important as they picker would be caught trying.

Just as with cyber hack attempts. Discovery comes long before success, and therefore success never happens.

On Fri, 27 Nov 2015 02:29:24 -0800 (PST), Phil Hobbs Gave us:

The SSL thing was ONE bug.

probable cracking? cite. And they use RSA anyway.

On Fri, 27 Nov 2015 02:29:24 -0800 (PST), Phil Hobbs Gave us:

The SSL thing was fixed with ONE new release. Unlike as with Windows, it was not a patch. The SSL engine is a stand alone component so patching is the wrong term. All systems with the old one had to be UPDATED to excise the old one and incorporate the new one.

Google "Heartbleed".

Cheers

Phil Hobbs

On Fri, 27 Nov 2015 10:54:24 -0500, Phil Hobbs Gave us:

Yes, Hobbs. It was ONE BUG by the author. It got re-written.

Old one OUT, new one IN. NOT "patched".

"Patches" is what bugfixes are called, after the classical *nix utilities 'diff' and 'patch'.

I know you're fond of Linux, as am I. but the days are long gone when it was safe to ignore Linux vulnerabilities. Even back then, what made the difference was partly more clueful users and slightly better out-of-the-box security settings, but mostly just small market share.

At the moment, IIUC the main threat vectors directed at users are browser exploits and social engineering (e.g. spear phishing and poor or reused passwords). Keeping everything patched and not being an idiot are pretty effective against those.

However, many of the highest value targets now run on Linux hosts, e.g. cloud VMs on top of Xen or VMware hypervisors, so Linux long ago started to get a lot of the wrong sort of attention. The exploit toolkits only get stronger, not weaker, so desktop Linux is no longer immune.

I'm working at migrating my laptops to Linux Mint with VirtualBox VMs for Win7 and XP (for the family) and Qubes 3.0 (for me). Apart from BIOS and AMT vulnerabilities, Qubes looks like a pretty bullet-resistant solution that preserves usability. Cordially recommended if you have at least 8 GB on your box.

Cheers

Phil Hobbs

That's called an 'example'. You were claiming Linux was invulnerable, so all I need is one counterexample.

Common knowledge. From the first page of Google search results for "cracking 1024-bit diffie-hellmann":

Then there was the SHA1 problem. There are probably millions of long-lived devices out there still using SHA1 if they have any crypto at all (which very many don't).

It stinks, but that's where we are.

Cheers

Phil Hobbs

Not to mention MD5, which used to be really common.

Cheers

Phil Hobbs

On Fri, 27 Nov 2015 11:50:48 -0500, Phil Hobbs Gave us:

Except that is NOT what happened here. There was no diff file. It was a complete, full replacement.

On Fri, 27 Nov 2015 11:50:48 -0500, Phil Hobbs Gave us:

Horseshit. If it was being hacked it would be big news.

The truth is that they are TRYING to hack servers. Not user workstations.

And they are failing at both. That is why all of the breaches you hear about in the news are Windows and Windows Server based set-ups.

On Fri, 27 Nov 2015 12:01:07 -0500, Phil Hobbs Gave us:

You said "SSL bugs", as in plural. I think you even said "numerous". This is like a Donald Trump sidestep attempt. It fails.