Schneier on Security

Clive Robinson • October 24, 2020 6:13 AM

@ Wael, JonKnowsNothing, SpaceLifeForm, ALL,

Kind of annoying that you can’t expect the least amount of privacy. I bet you this text I’m typing is being teleported elsewhere, as I’m typing it or later on, in an “encapsulated, encrypted” package.

As I’ve mentioned before the “here and now” can be done with a simple diode detector[1].

It always puzzled me as to why back in 2015/16 when Ed snowden and Andrew “bunnie” huang demonstrated their “introspection engine” for the iPhone 6 they had soldered wires to the iPhone CCT board.

My viewpoint then and now is that crossing a border with a phone that can clearly be seen to be modified was not a good idea… Further sourcing a phone locally when across the border not only dropped you into the CarrierIQ “Pre-installed snoopware” issue, it also ment that getting the modifications done by a local technician would like as not get you reported or worse.

However Ed Snowden and Andrew “Bunnie” Huang did later published their reasoning[2] some of which I agree with some of which I know is not exactly correct[3] as others on this blog will know.

My problem this century has not been the “here and now” but “store and forward”… That is what are they hiding away with other traffic that they recorded and tucked away in memory somewhere in the phone.

Back a few years ago you could get “Wireless VoIP” phones that worked only over WiFi or cat3. This did alow you to hotspot and use a PC as a router with extras. But those appear to be a thing of the past. But desktop VoIP phones are fairly plentiful and making a secure router out of one of several single board computers(SBCs) is not that difficult, similar with just a mic and ear piece headset which are again plentiful. Making VoIP content secure is somewhat harder but can be done.

Sadly the days of the POTS phones and “patch boxes” is something that is sliding into the past except in the EmComm arena, where setting up a small PABX in a control center with dialout to a repeater or HF long haul link is sometimes needed.

Something I have been looking at for a customer in North Europe is using an SBC as a “secure voice modem” to use with HF transmitters down in the low HF / Upper MF bands where Near Vertical Incident Skywave (NVIS) provides approximately 250-600km covarage in very rough or hilly terrain where all other form of RF comms except sat phones is not going to work. The prototypes just using digital modes to carry data and digitized low bit rate audio worked fine. However as the customer wants “Privacy” as it’s for general purpose emergancy usage some level of secure voice and data is a requirment. In part this is to meet EU privacy legislation as GPS location data for rescue has to be included because although NVIS gives good coverage it’s quite difficult to Direction Find(DF) due to not having very much or any ground wave and the near verticle incidence making bearings very indistinct and variable. DFing only becomes possible when very close in often very much less than 25 wavelengths (7.5/FMhz = 7.5/5 ie less than 1.5kM at 5Mhz).

[1] Whilst a passive diode detector is a little deaf, you can “bias” a pair of diodes and have very good sensitivity. If you bias with a high frequency signal which is a good square wave you end up with what is in effect a “broad band bug hunter”. These days with a little more skill you can make an IQ receiver or down converter that will pull the entire “DC-2-Daylight” spectrum down into a modern very low cost SDR bandwidth and save it away such that you can later demodulate it and recover the transmitted data and convert it back to “network packets” to push into the more modern FOSS “wire-sharks”.

[2] https://www.tjoe.org/pub/direct-radio-introspection/release/2

[3] One of their rationals is farady cages are “unreliable” whilst true that is true for all mechanical devices when “used and abused by users”. They then go on to talk about making holes in a faraday shield to operate the camera etc. Well you don’t have to poke a hole through if the faraday cage is made of fine wire mesh. Because cameras do work through fine wire mesh quite well. Yes there is some attenuation of the required signal, and in some cases a small amount of refocusing but hiding cameras, microphones and ambient preasure/temp/mag-direction sensors behind mesh is a standard technique in the surveillance world and has been for decades. It’s also a standard technique where EMC issues are involved[4].

[4] Due to outmoded security notions in the US and other places fine wire mesh suitable to make faraday shield cloth used to be very difficult to get hold of. It is more easily available these days, but I get the feeling some suppliers “phone bob” at a Government agency with your details. So whilst I don’t recommend you “weave your own” mesh, I have done it in the past using 40AWG (0.07874mm diameter) “fuse wire” and smaller diameters. You do however need to “chemically dull” it first to take the shine off. The UK based “Scientific Wire Co” used to be a good place to get other “RF wire” such as “silver plated”, but China tends to be the place for fast turn around of “wire cloth” and the like these days (and yes there are if you have the money faraday suits… Which did make me wonder if there was a market for tasser proof jackets and the like;)

Clive Robinson • October 24, 2020 3:55 PM

@ Anders,

Estonia is also jumping a train.

The thing about trains, is once they are moving they have little or no choice in where they end up.

We have known for as long as code books have existed that the privacy offered by codes and later ciphers depends on those we wish to know not geting their hands on the code books or cipha keys. Thus they were not left out of secure storage no matter how convenient it might be.

For some reason modern users believe for what ever reason that their smart devices give the privacy.

They do not, nore with the way they are currently being designed will they ever give privacy securely.

If users want privacy then they need to consider going back in time and keep their codes and ciphers away from prying eyes in strong safes and the like.

That is treat any “connected device” as having no ability to give privacy of any form what so ever. Thus layer privacy protecting layers on top by using suitably issolated ciphers and codes.

That is use an entirely seperate device that is issolated from the connected smart device to enter your private thoughts. Then transfer the ciphertext of those private thoughts to the connected smart device when the conditions are right and not before….

Clive Robinson • October 25, 2020 2:42 AM

@ name.withheld…, Wael,

As the Christian holiday of Christmas approaches, I thought…

Err bit of an assumption there.

Remember we still have “Halloween” and “fireworks night” to get through first. And the latter may not be an entirely British affair this year, with the potential for Fat Man and Little Boy to do their thing. Thus the X in Xmass might have real meaning…

But ask yourself this traditionally one turkey gets a reprieve to live another day, which one will it be this year. There might be a more appropriate carol with “ring out those hells tonight” starting the chorus. You can see the full words here,

https://www.mumsnet.com/Talk/Christmas/1925026-Whats-the-words-to-Little-Donkey

Speaking of which, a lady friend was somewhat shocked by Mum’s Net and Xmass carols and this page,

https://www.mumsnet.com/Talk/am_i_being_unreasonable/1633318-to-teach-my-kids-rude-lyrics-to-Christmas-carols-And-can-you-expand-my-repertoire

I suggest reading the link before clicking…

Clive Robinson • October 25, 2020 7:22 AM

@ SpaceLifeForm, Matrix,

Where Alice leads, I found,

“The fact that “Microsoft Foundation Class” might be expunged from the world, for some reason makes me feel somewhat “up beat” about the “SHTF””

Yup it’s a thought to saver…

Clive Robinson • October 25, 2020 8:32 AM

@ name.withheld,

Are you suggesting…

No think more events and what the Happrns in mainland Britain on “fireworks night”.

Whilst the 5th of November Act[1] has been repealed, it only took out the duller parts of the observance. Although the childrens custom of “Penny for the guy” is more or less gone, the night time still calls for much wood, effigies and gunpowder, and other powders most foul[2]. With organised displays offering baked potatoes sausage ina bun and other food stuffs involving fried onions and the like it is one of the few chances children get to see a real fire burning bright in the night without the trauma other fires bring. Then there are the firework displays… As it happens there are other festivals that celebrate the changing of the seasons and fireworks are part of those, and in certain parts of the country the celebrations go on for a week.

Sadly though there is an Americanisation happening with “All Hallows”, traditionaly in Britain seen as a marking of the change of the seasons now raucous with children seeking sugar highs and tooth rot, and adolescents throwing eggs.

However what will happen to both celebrations this year with COVID-19 restrictions I’m not sure…

[1] https://en.m.wikipedia.org/wiki/Observance_of_5th_November_Act_1605

[2] https://en.m.wikipedia.org/wiki/Fireworks_night

P.S. Just to remind people, this weekend was “put the clocks back” in some parts of the world so make the most of the extra hour whilst you can.

Clive Robinson • October 25, 2020 10:28 AM

@ Ismar, SpaceLifeForm, ALL,

I remember the, “Aurora Generator Test” well, it was a stupid but necessary thing to do.

An accident from about a decade or so earlier had shown what happens when an out of sync gen set gets dropped onto the grid, so the results of the test were known. The accident had happened due to a mechanical component breaking, and other damage followed as a result. Whilst the damage was repairable there was a considerable time of outage, so the message was clear last century.

You can by the way demonstrate this for yourself using car alternators driven by DC motors something I used to show engineering students, and it quite happily turned a six inch nail to molton dropplets in the process as the “safety fuse”, a lesson I suspect few forgot. It’s also the reason by the way that you should not connect wind generators together directly or to an AC power source (something some “off gridders” learn the hard way).

So yes it was stupid because the results were known well in advance, thus the experiment was little more than wanton vandalism.

But it realy realy was necessary as a wake up call. Because the “it’s got a computer so won’t do that” mentality that was crawling through the Idustrial Control System (ICS) industry as old hands who had used mechanical components and ladder logic, retired out and young bucks with over self confidence moved in…

Saddly if you read the Wikipedia page[1] you will see that many of the proposals still do not “grok the reality” of the problem and thus the US grid in particular is still very very susceptible to the problem as the required mitigations have not happened.

As an “incoming engineer” to ICS I was unusuall because I was certainly a “young buck” and I went in on the design side which was quite unusual at the time. But the demonstrations to trainee engineers I was involved with had been built by the old hands and they taught me much that has mostly been forgotton in modern text books and the like. Stuff that others realy need to learn and stop their “magic thinking”.

By the way it’s not just generator sets that have these narrow control band issues. When you have a failure in a gen set it’s the power supply that goes out, but people in their homes mainly don’t get hurt, just annoyed at unreliable service providers. But with gas pipelines the story is different, and they are even worse a lot worse. Because they have a narrow range of working preasures that if you get them wrong blow up or set on fire peoples homes as was discovered not so long ago in three US towns near Boston[2] and quite a few other places, and even billion dollar fines do not get these companies to do the maintenance work they should do as next quaters profit is still more important…

But it gets worse, look at what went wrong with Piper Alpha a production rig in the North Sea[3]. What went wrong can be easily be reproduced on other platforms today if you know what control circuits to fritz with.

One result of the Piper Alpha disaster was the 180 day Cullen enquiry, that highlighted ‘safety malaise by regulation’ as a major issue. In that, that which was regulated was done, that which was not, was not… Thus the enquiry recognised the important concept that,

“The primary responsibility for safety lies with those who create the risks and those who work with them. That is the legal and moral obligations for safety are the responsability of the management and operators of any operation or installation.”

I could go on but I think most people around here can work out that “computers are vulnerable” thus they have to be mitigated for safeties sake in ways not involving computers, and such systems have to be maintained properly for their quater to half century or more in service lifetimes…

[1] https://en.m.wikipedia.org/wiki/Aurora_Generator_Test

[2] https://www.wsj.com/articles/officials-probe-fires-explosions-that-damaged-dozens-of-homes-near-boston-1536933528

[3] https://www.thechemicalengineer.com/features/piper-alpha-the-disaster-in-detail/

Clive Robinson • October 25, 2020 7:57 PM

@ name.withheld…,

Are you talking about SYS V semaphores and shared memory interprocess communications?

Have a looksee at,

https://en.m.wikipedia.org/wiki/STREAMS

You will see it got into quote a few places including MS NT and Apple OS’s. The exception was Linux where it was considered “to slow” amongst other things (which was true).

The advantagr of STREAMS was that you could push several modules into a stream. So a compression/decompression module followed by an encrypt/decrypt module followed by a binary to mod64 coding module would give an application your choice of encryption quickly and fairly easily.

Clive Robinson • October 26, 2020 3:47 AM

@ SpaceLifeForm, ALL,

Since 98se, my conclusion was and remains: there is always a bugdoor.

As well as bugs… With bug / bugdoors a mental image of a PC and OS from this century would not be too disimilar to a termite infested wooden fence. Still looking good on the outside where the paint is holding it together, but riddled with more holes than a swiss cheese on the inside…

As people might have noticed in the past on this blog, @Nick_P and myself had similar oppinions about hardware being infested with bugs / bugdoors as well. We differed slightly on epochs, his was 2005 mine was 1995-2000 depending on motherboard type, not just the CPU level chip set.

My viewpoint also included I/O cards with ROM on as vectors, hence the wide time range. The reason was something I’d explained long before BadBIOS rose up to make people pull their heads out of the sand. It actually goes all the way back to the late 1970’s when Apple were designing the Apple ][…

The thing is when “Flash ROM” started appearing as a prefrence over EPROM or MaskROM it was definately “game over” for making assumptions on how trusted your systems were. Because you could run through all sorts of verification steps via secure hashes etc, but 10min’s after being connected to the Internet, one or more of those “bugs / bugdoors” would have new code loaded into a Flash ROM and you would be owned[1].

It’s why I talk about “mitigation” by the likes of “energy gaps” and the like and using microcontrolers to make mandated choke points to cross gaps.

Becsuse it does not matter how many bugs / bugdoors there are if they can not be seen from the outside or reach out to the outside.

It’s one of the big reasons the likes of Mi$o are gradually forcing you to “be connected” one way or another. Give it oh about another year or two, and consumer grade computers will either just not work unless connected or will stop working in a week or a month if they do not get connected. You will be told “It’s for your security” when in fact the exact opposit is the case, being connected is about the most insecure thing you can do[2] with modern PC’s and most consumer level OS’s[3].

[1] The thing people forget is that whilst a CPU with ROM can check the ROM and produce a checksum/hash, if the ROM is not realy immutable then the code in the ROM can be changed without having physical access. If the code is changed, the CPU will then report back to you, not the true value of the hash or checksum, but the value the new code tells it to report… Most people have no real way to tell the difference. It was something I thought long and hard about some years ago that gave rise to the “Castle-v-Prison” model and the use of a hardware hypervisor and code execution signature monitoring.

[2] As a friend in the US wryly remarked some years ago about connecting new laptops to the Intetnet to get the first update, “You’ld be safer striping butt naked and running around Times Sq flapping your arms and squawking like a chicken”. A sentiment I suspect others might nod in agreement with.

[3] Some FOSS OS’s can be connected directly but before you do so with a “PC” you realy have to “lock them down” rather more than just “Hardening”. Even then there will still be “bugs / bugdoors” in the hardware you will have to deal with like the various “managment engines” and flaky by design comms such as USB, WiFi, Bluetooth, Firewire, etc, etc. Which is why some people use older WiFi AP’s that they have reprogramed or some Single Board Controlers/Computers(SBC) often using ARM or other core CPUs in System on a Chip(SoC) devices.

Clive Robinson • October 26, 2020 5:20 AM

@ SpaceLifeForm, ALL,

Trivia Question: Do you know how many Time Zones there are?

Well… It depends on what you mean by a “Time Zone”…

The military for instance have 25 standard time zones with “Z / Zulu” being UTC0. The other 24 being hourly “local time” zones. The problem with this is not just summer/winter time different days to change over, some local time zones are not based on an hour offset from adjacent time zones or even UTC.

If you have the money you can buy a copy of a standard[1] used for expressing not just time but locality as part of the longitude expressed as an identifier or time based offset.

You will find that ISO8601 alows you to have time as fractional as you want it as seconds have a decimal point which is fine for measuring time periods and marking past and future times.

But the time zone add on is a four digit number, that expresses a negative or positive offset that coresponds to your longitudinal position. The first two digits are clock hours and the second two clock minutes, but there is no seconds which would be needed for acurate conversion to siderial time.

So under ISO8601 the answer to your question would be “There are 24 times 60 or 1440 time zones”.

But as I said that’s not sufficient. There are still places in the world with local ordanences that use Sideral time not UTC as the refrence and “local time” time zone. Unfortunatly the Sun moves around it’s centrum due to the movment of the planets etc and they influance each others orbits as well. Also the earths orbit is not quite circular either, so siderial time and UTC can differ by as much as 15minutes depending on the time of year etc. Which in theory means that some time zones are continuously changing and can therefore be considered to have any number of fixed time offset zones with respect to UTC as the resolution to which you measure time… Not infinate but certainly very large…

So whilst the question might be “trivial” the answer for some is most certainly not as “local time is relative” not just to position but relative velocity between points in space. The relativity difference actually causes problems on the earth’s surface with objects that are in fixed locations such as cell phone towers, so it’s all messy messy messy.

Oh one last thing, if you have to write your own “time routines” do yourself a favour make the begining of the year the first of March. That way the 400year cycle of the Gregorian Calander is much easier to work with as leap days if they happen are the last day of the year and follow a nice easy pattern.

A final thought, if as is appears to be increasingly likely we get off of the Earth in a meaningfull way we will have to come up with new time standards. Many will probably think that one that works within the Solar system should be enough… Sorry it won’t be, we already have man made objects moving out of the solar system as well as other objects moving in and out again thus we will need to know “local time” to galactic coordinates, velocity and direction. Which will mean some quite interesting equations based on the harmonics of the objects involved. As Noel Harris once sang,

Round like a circle in a spiral, like a wheel within a wheel.
Never ending or beginning on an ever spinning reel.
Like a snowball down a mountain, or a carnival balloon.
Like a carousel that’s turning running rings around the moon.
Like a clock whose hands are sweeping past the minutes of its face.
And the world is like an apple whirling silently in space.
Like the circles that you find in the windmills of your mind.

[1] As with other things “it can pay to shop around” as there are several identical or almost identical standards,

1, ISO8601 & ISO8601-2:2019
2, ANSI INCITS 30-1997 (R2008) 3, NIST FIPS PUB 4-2

More importantly they not only are used for time values but time zones and also for time durations. But importantly don’t work with sufficiently historic dates and times, for which there are an eye wateringly large number of exceptions and changes… They also do not handle “leap seconds” at all well at any time. Which is why it’s way better to stick with UTC/Z and add a time zone modifier if you are ever having to use “wall time” inside of a computer[2], in which case start by reading RFC 3339.

[2] But what ever you do, do not use any of the common standards if you intend your computer to travel or leave the earths surface… They are not designed to handle that. Even passenger aircraft suffer from general relativity issues depending in which direction they fly…

[3] You can get a quick overview of ISO 8601 from Markus Kuhn from a page he has at the UK Cambridge computer labs,

https://www.cl.cam.ac.uk/~mgk25/iso-time.html

But he does not go into Time Zones sufficiently well…

Clive Robinson • October 26, 2020 3:32 PM

@ ferritecore,

Surely you misspoke. Sidereal time would be most inconvenient

Yup, sideral time has a day difference per year than local solar[1] (so ~4mins less a day[2]).

Blaim it on a tired brain and trying to do four things at the same time.

[1] For people who have never thought about it you need two coins of the same size that are milled and the milling can act like gear teeth. If you mark both coins with a spot of ink on the edge and start of with them both alined then looking down you rotate both of them once you get the spots back together. However try holding on coin fixed and rotate the other coin around whilst that spot is fixed in your view, the other spot goes around twice (try it if you can not see it in your eye) If you now ues a smaller coin with half the curcufrance you will see things are still off by one… That is there are two different points of view for a rotation period. So in the northern hemisohere the first is where the sun crosses the due south point (solar day) and the second when a star crosses the due south point (siderial day).

[2] As a first approximation the diference in minutes is

A day is 24 x 60 = 1440mins.

The difference is,

1440x(1-(364/365)) ~= 3.945min/day

However the Earth rotation is such that the average number of days in a solar year is ~365.25 hence we have a leap year every four years (only it’s not quite hence the year divisable by a hundred rule to remove a leap year). This makes the math easier to do if you do it in an angular measure such as radians or degrees. You can see that being not just calculated but demonstrated with diagrams at,

http://www.celestialnorth.org/FAQtoids/dazed_about_days_(solar_and_sidereal).htm

Oh and the Earth is slowing down so the days are also getting fractionally longer, not that an unaided human can tell.

Clive Robinson • October 29, 2020 4:33 AM

@ Duodecimal,

Why does @Bruce use Windows, is there a concern of security or something..

@ Bruce Schneier has been asked that question on this blog before and the answers fall into the “or something” catagory.

Put simply it kind of boils down to “for business compatability” reasons.

People have to remember that nearly all businesses think “short term” not “long term” in their day to day running. So at one level you want to hire “trained staff” that can be productive from the get go and effectively hit the ground running. This means the business is in effect tied to what ever the “industry norm is” irrespective of if it’s the “lowest common denominator”, “least secure” and often “the least stable” solution out there. Which also means you have to take different steps to mitigate at a different level. So you hire network and System Admins that can build a combination of a sturdy fence and safety net around and under the other staff.

It realy does not matter which way you argue it, that pragmatic way of doing things is least costly for a business most of the time.

What will change it, is when the Internet ceases to be a “target rich environment” for attackers, thus the probability of being attacked goes up significantly. That is when the frequency of being attacked and the costs involved rises above the “current pragmatic way”.

Till then the likes of Mi$o and other low cost crapola that is more fat than lean meat “will be king”.

Clive Robinson • October 29, 2020 4:40 AM

@ name.withheld…,

Coincidentally, have either of you given any thought to an apprenticeship or guild like program?

The answer is yes, and I was working towards such a scheme with a life long friend who wanted to give back via his business.

Sadly however earlier this year he died in an unfortunate accident, and the person who has current control of the business appears intent on destroying it.

For legal reasons I can not say more than this at this time.

Clive Robinson • October 29, 2020 6:25 AM

@ ,

I thought that some encryption algorithm issues existed..

Whilst encryption “algorithms” can have problems, with competitions most get weeded out fairly quickly.

Where the real crypto issues are is not in the “algoritms” but the things that turn them into usable systems.

So usually a crypto algorithm is not used in “Electronic Code Book”(ECB) mode, because this is in effect a giant substitution cipher as those before and after images of “Tux” the Linux Penguin show. It is used in some other “mode” that is either “feedforward” or “feedback” in effect you XOR either the plaintext or the ciphertext in a way that “chains” individual encryptions together such that simple substitution nolonger happens.

The point is that not all “modes” work equally well with all base crypto algorithms. So if you use the wrong mode then you introduce weaknesses.

The next and perhaps biggest problem is the “bang for the buck” issue. Put simply people want to get the maximum number of bytes encrypted per clock cycle. That is they want “high efficiency” but in crypto that beings a whole raft of issues. It’s why I talk to people about “Security-v-Efficiency” as a general rule of thumb they trade off against each other. That is as you increase Efficiency you generally open “side channels” that leak information about either the plaintext, the keytext or both. AES is a notable very poor performer in this regard, and it’s become fairly clear that the NSA quite deliberately “fritzed the AES competition” such that the most likely outcome was software implementations that would be riddled through with side channels. Which is what happened and even now there are highly insecure implementations of AES code still in use…

But other surrounding protocols and standards can also cause problems. The use of the Dual EC-PRBG algorithm being a case in point. It’s output could if you knew the right information be easily predicted thus the random numbers that go into being the seeds for Digital Certificate Primes or keys etc used by crypto algorithms would be entirely predictable or easily searched for.

But the one most are unaware of that realy muck things up is “fallback attacks”. Put simply if two seperate systems try to talk to each other they have to negotiate a protocol they have in common. Thus a “man in the middle attacker” can reduce the communications security by forcing both ends to “fall back” to the lowest common denominator that could be “no crypto”. The problem is that the software generaly fails to tell the user what algorithm and mode is in use, let alone warn the user it is weak…

I could go on but I think that should give you enough of an idea.

Clive Robinson • October 29, 2020 2:48 PM

@ SpaceLifeForm, Wael,

so my guess is that someone is researching the problems.

Yes, that would appear to be likely… We are after all “a tough audience” 😉

Clive Robinson • October 29, 2020 5:04 PM

@ vas pup,

I’m not holding the UK up to be a shining beacon[1] but we do have some legislation along the lines you are talking about.

The most important thing though would be to stop money entering the process.

Put simply the US can not be a democracy when to throw your hat in the ring as a candidate requires hundreds of millions if not billions of USD to get parity with those getting unaccountable money from who knows where.

Which is the second problem with the unaccountable money, who knows what strings it comes with, but I see it as being “bought legislation” which basically means the money the ordinary everyday citizens pay into the Government is effectively not being used for “society” but to give those who in no way deserve it unfair advantages, which means a percentage ends up also feathering the politicians nests.

Full transparancy and clear accountability is a necessity along with independent over sight with very sharp teeth.

[1] Whilst we have the legislation it has to be used and when it is used the banning of people needs to be effective. It’s very clear that the current PM and his “brain” should have been prevented from having anything to do with politics… But there they are running the show as opposed to sweeping streets or other work that would be a benifit to society, not the detriment they currently are. Hence the requirment for independent oversight with very sharp teeth.

Clive Robinson • October 30, 2020 8:06 AM

@ Cassandra,

Unfortunately UTC tries to be both.

And in my experience fails at both, hence my comment about having both a continuous system time and a UTC0 time on a system.

The problem then falls on programmers to deal with leap seconds not just the positive ones we have had so far but for the negative ones we know could happen which is why the standard alows for them….

The good thing about UTC0 is thst although it alows for fractional seconds leap seconds are always whole seconds and only happen occasionaly (currently only about once every six months though their frequency will increase).

This alows for a small table of sub epochs which are leap seconds. Thus everything can be in continuous system time that then gets translated to UTC0 then to “Local”, “solar”, “siderial”, or other time system of your prefrence.

Which just leave the less than minor problem of “relativity” because time does not move at the same rate across even the earth, or even at the top or bottom of a building… Then throw in other relative velocity effects such as Doppler and you can see why things get messy messy messy with communications amongst other things, especially when time and distance are important (think GPS).

Clive Robinson • October 31, 2020 1:41 AM

@ SpaceLifeForm,

More on TrickBot.

From having a trawl around I get the feeling that this Linux version of TrickBot has been “ready to go – full beta” for some time.

Makes you wonder if they have other OS’s “ready to go”.

Such behaviour suggests a proffessional development backend at the very least. Which generally would indicate a “level III” attacker, which are usually cyber-espionage opperations, thus a little rare for just a cyber-criminals operation.

Makes you wonder if those involved are in a “partnership” or just “payed employee”, and if the latter who the employer is.