Hacking a Linux PC at a Close Distance without Being Connected to a Network

The attack allows the attacker to execute arbitrary code on another PC running Linux. The exploit is possible due to an extremely serious vulnerability in Bluetooth stack inside Linux. The attacker literally can run an application of his choice on the other PC. The exploit was found by Andy Nguyen, a security researcher at Google. More info here.

The attacker can execute anything he wants on a second PC running Linux. It is a zero-click exploit: the victim does not need to do anything in particular, the PC just needs to be on.

What do We Learn From This

I have never EVER in the last 20 years believed that Linux could possibly ever be a secure trusted OS. The ecosystem is basically flawed.

First, it is clear that no security engineer have ever been involved in the design and maintenance of Linux, or it was already too late… Linux lacks any sort of defense in depth, and too many privileges are aggregated in too few places. This is a fatal mix from which it will maybe never recover.

Secondly, it is built around dangerous subversive ideology. It is based on the idea of free voluntary labor, which is in fact entirely illegal in many countries, e.g. in France, but is in fact tolerated (and frequently even promoted). Moreover the developers themselves sometimes behave like total losers. Some developers commit suicide on day one, through terms of various so called free software licenses they accept and promote. Then, all these super naive shame workers are ever asking for, is to be popular and famous, and for their names to be mentioned, which acknowledgment they don’t even get typically, work is just reused and authors are not always cited.

At the same time other people make a lot of money by reusing their work, to build and run powerful computer systems which are at the center of our economy, and which are huge profit makers.

It is NOT true that if I shared knowledge or some code with you I do not lost anything. There is an opportunity cost, human life is valuable, expertise is valuable. Almost every advanced business/tech activity is like this nowadays: it creates intangible goods which COULD be shared for free, or they COULD can benefit from sort of protection against theft and abuse.

In Linux we have an organised theft of intellectual property and it is a conspiracy against the same coders which are making Linux. Developers are tricked into working for some shrewd manipulators without being paid.

Is Open Source Secure?

In fact, possibly the contrary can be claimed. Open source means that malicious code can be injected by anyone. The long history of Linux shows that preventive security engineering failed at all times, and nobody noticed for 10 years or so. See for example here.

The supply chain infiltration is an interesting attack against Linux, against which it is, by design and by ideology, not defended (or not well). We should not and cannot trust open source developers. If they are not paid “officially”, why do they work so hard? One answer is of course, passion and hidden subsidies. But then another answer is that they are VERY likely to be recipients of some dark money from criminal or rogue state sources. Even when they are paid by Google out of altruism, this never was altruism. This was manipulation and exploitation worse than child labour, because in fact this is slave labor in disguise. There is a huge imbalance of power and information and profits made by Google from the tech developed and funded by others are here to prove, that the whole Linux community have probably been abused and infiltrated by influencer developers: Google will contribute a bit but of course they benefit a lot more. Profits or rather social and technical benefits from Linux development are basically privatized, and important work is supported by a larger unpaid community.

Facebook, is a business which is quite recent. It started making money only since around 2005, and not long ago, nobody was quite sure how it is possible that Facebook will ever be profitable. They have succeeded because they have literally hacked our society for their benefit: humans are hackable. They also have hacked our political system (by lobbying politicians behind the scenes) and our legal system (the whole planet was tricked into accepting the T&C based in California or similar). People were tricked to abandon their sovereignty and massively relinquished to be protected by their own governments laws and regulators. Facebook and similar Internet giant corporations have in particular hacked our social instincts and enrolled billions of naive individuals into a powerful money making machine.

In this process they were of course inspired by and imitated Linux! They have simply extended this perverse and subversive model, to a larger ecosystem of voluntary submission, digital censorship, manipulation and enslavement, for the sake of Facebook making a lot of money. Almost every aspect of our life is now prostituted for some Internet data hungry business to prosper at our expense. Transparency, or rather a one way transparency of the underdog population, implies that security such as strong cryptography is problematic, as it could potentially threaten the transparency which is an immense money maker.

Strong cryptography needs to be canalized for the benefit of the rich and powerful, but a larger population should rather be building and running systems which are somewhat rigged. Many open source projects have been built with powerful influencer participation which have worked hard in order to deceive a larger group of contributors and developers about who and how needs these systems and particular features, and who will profit from exploiting them, which is mainly large corporations. Being naive candid and generous contributors, and proud to be so, is at the very center of all this world of community developer tech. The situation is similar with how the press have evolved in the last 20 years. Nearly 100% of the press worldwide is in the pockets of corporate sponsors and journalists have very little freedom. The same applies to the so called benevolent computer tech. We are deceived about what we do, have hidden sponsor participants with deep pockets, and yet we somewhat naively believe that this tech is going to be neutral (and not malicious).

An interesting question is what is the impact of all this on information security. Maybe open source is secure because bugs are likely to be discovered? In fact opening your source code is sometimes just a placebo remedy in the area security. Security bugs are subtle type, and they are fundamentally extremely hard to find, and the amount of code to inspect and its complexity grows every day. We live in the world where a lot is hidden in plain sight and we are given a fake sense of security.

The problem of supply chain infiltration is particularly acute in bitcoin, when we do not even know who the developers are, you go there at your own risks and perils, and no one is blamed when something bad happens. Even though the mysterious Satoshi wrote just 2% of bitcoin code, all major and critical security decisions were made by this anonymous entity.

In reality , open source (e.g IBM PC, DES cryptography, SHA-256 etc) is almost never here for security reasons. It is rather a business decision, which is about managing the supply chain precisely. Open source allows businesses and governments to collaborate. However not all businesses and not all governments are equal, some benefit from this process, other are forced into submission and lose money. The winner takes it all again and again.

More critical discussion of open source, see slides 32-41 here. Open source is THE FAKE security mantra, and the real security principle is open design, [Saltzer and Schroeder 1975] and the two are NOT at all the same, see slide 51 here.

In 2005 Ross Anderson already claimed that open source and closed source are equivalent, see slide 57 here. Today and learning a bit more from history, and all the elaborate security deceptions we have known, and this dumb propaganda saying that Linux was very secure etc, for which have fallen so easily for decades, we should probably be a bit wiser.

Open source software can be truly dangerous, cf. slide 38 here. It makes it very easy to modify the software, which works both ways. It lowers entry barriers for improvement, but also for malicious versions to be produced (for example there have been many malicious versions of TrueCrypt). We help simultaneously those who want to improve security (yet poorly funded) and those who want to degrade it (typically more motivated and better funded). Given the imbalance in funding and motivation, and also because hacking is more fun than just building things, quite possibly, this is a working hypothesis, those who want to degrade the security of various systems will always prevail.

ADDED in May 2021: Researchers at University of Minnesota study how to insert malicious patches to Linux Kernel.

Crypto Mining At Nasdaq

Two stocks related to crypto mining exploded on Nasdaq in the recent days. RIOT is worth 5x the price of March and has doubled since July 2020, and MARA had quadrupled since July 2020 (which was followed by a correction).

At the same time there are countless indicators which indicate that we are in an exceptional moment in crypto currency history:

  • We are in the middle of big wave of appreciation of crypto assets, which has a lot to do with mining reward halving of May 2020. Since May 2020 the hash rate has remained flat and has always remained below the levels of May 2020. However if we predict that the bitcoin price will eventually soar, then a lot more bitcoin miners could be made, and put in active service, which was NOT happening so far.
  • In March, falling bitcoin price halved the daily combined income of miners. Then it recovered and it halved again simply on the day of halving. It is has not recovered yet because the price of bitcoin needs to double for it to recover. As a result many miners do not sell their bitcoins hoping for higher prices tomorrow. This is demonstrated here and here. However, it is easy to manipulate such figures but moving bitcoins to temporary accounts belonging to the same person. Overall it seems that 2 millions of bitcoins are put aside waiting for higher prices to come.
  • Volumes of Bitcoins held on exchanges are the lowest since June 2019. This means that prices are likely to be sensitive to the demand and sometimes will go up due to the shortage of bitcoins (locked at other places).
  • The Fed balance sheet has stopped expanding since approx. May 20 and remains stable, see here. For now we have K-shaped rally with a bifurcation. The bifurcation is that some stocks go north, other stay moderate. The US tech stocks are now bigger than the entire stock market in EU+UK+Switzerland.
  • Moreover it gets even more crazy. As bets against the US stock market are at the lowest level since 2004, markets are able to continue crazy bull run with very high valuations. Many fear that the stock market will collapse.
  • Interestingly that the percentage of amateur traders and investors in the stock market has more than doubled since 2019. The Buffet indicator of stock market cap divided by GDP has reached a higher level than before the collapse of the dotcom bubble in 2000.
  • Gold price passed 2000$, and bitcoin claims to compete with gold and has some correlation to Gold as refuge for investors who cannot find anything interesting to buy.
  • Warren Buffet has surprised the planet: apparently he still holds more than 100 G$ in cash as of May 2020 and still today. He did not buy shares in March 2020 like most people did! It is seems like the biggest mistake he ever made (unless the future events prove him right and precisely shares collapse to yet lower levels than in March 2020).

China is Banning TCP/IP

Arguably an open free and neutral Internet network has never existed and it was all a cynical game of telcos, pretending to obey a bunch of public standards and apply international treaties, in order to expand their monopolistic empires abroad and steal business from other telcos. This world of deception, which also has enabled intelligence gathering at an immense scale, is likely to disappear now.

It is harder to imagine but seems inevitable that everything that we know about industry networking and security standards will become obsolete.

China plans to completely stop using TCP/IP, and replace it by a set of Chinese protocols. These protocols are more centralized and somewhat authoritarian, and are also claimed to more secure (which is very easy). More details here.

We should expect that that tomorrow there will be maybe UK/US networking, and European networking and Russian networking etc. The world is likely to split into loosely connected pieces. This is of course good news for network tech specialists and cryptographers.

Tomorrow there will be more national proprietary cryptography, which researchers will take immense pleasure at studying and breaking. There will be more high profile jobs for crypto engineers, where there will be doing more things which surprisingly, will be actually used to protect real-life communications. However this is bad news for the world, and it seems that globalization of technology standards has come to an end and is going into the reverse. We hear about technology bifurcation etc, end of open standards etc.

An Important Event in UK Crypto Policy

No UK is not going to be a puppet of China or Russia. Instead, a deal is being negotiated with Japan. It was already agreed that

  1. The two governments would not force their companies to hand over encryption keys which are used to protect proprietary corporate technology and information.
  2. It was also agreed that data can flow freely between the two countries and that businesses not be required to host data on servers within one country.

Huge Win for Europeans, Americans and Human Rights at Large – Against Facebook and other Data Hungry Internet Giants

Max Schrems, an Austrian lawyer and privacy rights advocate, has been fighting in courts since 2011 against Facebook and other abusive corporations whose business model is stealing our data and our lives and our businesses, against our will and against our interests, and to transform us into slaves and puppets, in a mass-surveillance based stalker economy.

In contrast , and in theory, every citizen in the EU has a right to have their data processed fairly, with their consent, and for well defined legitimate purposes.

In 2018 Financial Times wrote: Max Schrems: the man who took on Facebook – and won! However in 2019, Schrems lost. Then eventually in 2020 Schrems won again against Facebook at the European Court of Justice. This ruling is huge, all companies worldwide will now have to adapt to European Laws and regulations, and it is final and can no longer be overthrown. A big setback for Facebook and other similar companies. Champagne for everybody!

This is not all. Facebook is also in trouble in the US. One thing is that the congress of course made it very clear that this company is a villain, as it did already before in 2018. The problem is that Congress does not do lot about these things and has a narrow focus on competition. Another and better part of it are the lawsuits. Many people hate lawyers but they can hurt Facebook. Facebook is now prosecuted in the US state of Illinois for illegally collecting biometric data of people. In July 2020 now Facebook has made a new offer to voluntarily pay 650 M$ to settle. This admission of guilt seems a lot, however the latest reported annual income of Facebook was 18.6 G$, as of July 2020, with increased profits compared to last year by some 11%. So we are still simply losing the battle against Facebook becoming stronger and more powerful every day. A little bit like cancer a virus taking over the human body aiming at infecting everything and growing out proportion: the Internet Giants now account for more than 20% of the whole of the stock market.

How does it compare to Europe, where France have just voted to tax the Internet Giants at 3%? Nothing is perfect, French taxation is done in a problematic permissive way, effectively closing the eyes on what they do. Taxation is however the best way in my opinion and a huge step, in the fight against monumental tax evasion which companies such as Facebook are champions of. In comparison, one might think that effectively in the US, the company is taxed in some way, through these lawsuits. In fact it is not. Not like a company which engages in illegal activities, and which primarily business model, or what it is really about, well basically enslaving the human kind completely in terms what they should think , what they buy, whom they love or with whom they are friends, or for whom they vote. All the things which are essentially completely illegal in most jurisdictions, but might be legal if you do it under false pretexts. Against big data artificial intelligence and greed and legal organized crime which large companies do, because they have good lawyers and do it well, we simply actually lack sufficient legal protections. One lawyer such as Schrems fighting for rights of billions of people in just one jurisdiction is not enough. The problem in the US is that there is no taxation here. The money in Illinois will not go to the state or the government or not even to charity, but rather in cash paid to Facebook account holders in Illinois (150$-300$ per person compensation is expected). Account holders yes, and I would not call them customers, as they do not pay, they rather have been tricked to click on some boxes which are claimed to make them agree to play by the Facebook subversive set of rules. So it is a little bit like paying for breaking the law. What is good however is that it is a punishment, and sums at stake are large, so Facebook does not get to do what they want.

Overall this Illinois ruling is also a great victory, because there are another 3 Billion people in the world who thought that Facebook was their friend or a useful free service, but it never was. In fact it never was free, and never meant to be friendly. This company is stealing data of millions of people, in order to use them against them, and sell it to others. Effectively the business model is prostitution of lives, selling our lives for profit. There is no consent: the consent is bogus or forced. The terms of the contract are fraudulent by all standards: both human and legal. I think that Facebook should be denied ANY rights to our data, and should be legally compelled to erase 100% of data they have. Even if you go to a notary and agree under oath that you want Facebook to hold all your data and use it for what they wish to do, it will still be clearly ILLEGAL for them to do so in both the EU and the US jurisdictions. In Europe, it is a more a human and customer legal rights question: businesses should only use our data for a limited set of legit purposes. In the US it is more an anti-trust question: other companies would like to collect and own your data, say about the car you want to buy, or about your habits and desires, and Facebook should be denied the right to be effectively also a car dealer, or say a healthcare provider, in addition to 10,000 business activities they also want to run. It is simply a question of tremendous concentration of power in one place hurting the economy at large.

Why it will be hurting the economy? The hidden trade-offs: between businesses which do not even compete against each other or bump against each other, normally. Making sure your bike is of bad quality though hidden sponsorship deals and you need a car to go to work. Of that you are sick and obese to sell you expensive drugs. Or selling all of us junk food, yes to everybody, because this is exactly what maximizes the profits of the food industry worldwide, and denying us the right to eat quality food, and actually even making sure that such food will not even be manufactured and sold anymore. The big moral hazards like life insurers making sure that some people get killed and some live longer, in a variety of indirect but perfectly operationally effective ways of killing people, directly or statistically, for example by hacking self-driving cars, or by corrupting scientists who study serious health hazards.

This is not capitalism, where businesses thrive through specialization and expertise, and are efficient and fit for purpose. This is Soviet style communism or mafia economy, where businesses are strangled and can barely survive, and profits concentrate at few places such as investment banks and Facebook, which do not do anything or not much, or nothing which is not essentially harmful to the human society and the economy, and which are able to control everything, through their monopolistic position, with some censorship and dirty tricks such as businesses losing 10% of their income for strange technical reasons.

A free economy does not need a totalitarian centralized system of gate keepers such as Facebook. We do not want big fat cats playing an active role at the commanding heights of the economy. Humans and their needs, not greedy profit-seeking algorithms should be at the very center of the economical activity. We want real journalism and real medias, not medias what are entirely owned by advertisers. Advertising is of course useful in order for innovations and new technology to be adopted, but otherwise it is harmful and represents just a part of our economy, the part which is frequently about making the human animal do tricks for the big business not the other way round. We do not want corrupted professional abusers dictating billions of people what to think and what to do. I think Facebook should be denied a legal right to be what they want to be. We need a decentralized economy, dominated by specialist businesses which care about what they do, and which in fact do have conflicting ideas, interests and agenda. We need to deny Facebook the center stage, deny them the right to monopolize every area of live. The economy cannot be just based on push strategies with advertising and marketing. We need an economy based on human needs and aspirations, with pull, not only based on push strategies. We need more incentives for businesses to be honest and do their job, and also to be able top profit from what they do. A big problem is the Internet gate keepers tend to siphon all the profits from the economy, enslaving and impoverishing both buyers and the sellers.

On Tiny Size of Prediction Markets

It may seem that small size of current prediction markets makes them prone to manipulation and it is easy to dismiss what these incredible tools indicate.

For example the market seems to indicate that Trump will lose his election.

However think twice. They are still likely to be right. It is not because prediction markets are likely to be manipulated for profit each time stakes are high, that they don’t work. You can argue that these markets have already all possible manipulations priced in.

For example currently one bet on a prediction market “indicates” that bitcoin will hit 50,000 $ before 2021 with a confortable majority.

Well this is actually quite likely. The trick is that it is sufficient for bitcoin to hit 50,000 $ for a very short time, a short time period such that most holders of bitcoin will not be fast enough to sell. Except those who have programmed this to happen automatically, however such sellers, even though sometimes making profit, are exposed to manipulation and will sell at 10,000$. Other smarter market players do not disclose their intentions and produce superior returns and also will own a majority of bitcoins at a moment when it will go up, after most other investors sold their stakes.

The real reason why all possible manipulations are NOT YET priced in inside these prediction games is that they are tiny compared to the total volume of ill intentioned market influencer activity which is a lot larger.

The tiny size of these markets is a reflection of our society and economy where most people consider that there is no hope whatsoever that tools might exist which link our today’s expectations to future outcomes. Our societies are stuck in a bad habit of being cheated and lied to at every step. Being disappointed and resigned is the norm. Prediction markets could change this and this is why they are a highly disruptive invention. They are also potentially dangerous.

ADDED in September 2020: Specialized decentralized prediction markets are bracing for the election. The same type of betting is also now implemented in Bitcoin.

Has Amazon Started Censoring Books?

Amazon is one of the strongest monopolies that have ever existed in the history of capitalism. Now it becomes clear that they are censoring books and suppressing the free speech. This is not an innocent isolated event, as Amazon is about to introduce new health insurance services and of course their intention is to censor selected publications related to health in the future. Will Amazon work for some criminal corporate pharma interests, or will they remain fairly neutral? In fact, there is some hope: Amazon is not currently censoring book by Zieba, a Polish natural therapies activist while the freedom of the press in Poland and many other countries is declining. So I would expect Amazon to change their mind on this one.

Brace Yourself: Bitcoin Is Likely to Go to the Moon Now

All the conditions are reunited for bitcoin price now to explode to new highs levels of say 27,000$. This is my personal prediction at this moment.

Main reasons for being bullish now MORE THAN EVER are:

  1. Global financial crisis: while it is quite difficult to buy and store gold, it is easier to buy and to store bitcoin. Moreover, trading bitcoin with crazy volatility is great fun [do not bet all your retirement money on it].
  2. Block reward halving in May 2020. Nothing happens overnight but a lot happens in the next few months.
  3. New hugely disruptive Taproot programmable money and privacy features
  4. At last, Schnorr signatures upgrade.
    • So Long time overdue, should be there since Satoshi himself. It is a living proof that Satoshi was NOT an ethical academic cryptographer, but his primary pedigree was rather the dark side of the force.  12 years after the Schnorr patent has expired. An absolute shame goes to crypto developers such as Nakamoto, Maxwell, Vuille, Garzik, Buterin, Matonis, Andresen, Wright, to have actively promoted super dodgy ECDSA cryptography for so long, which has never ever been a decent  choice though it always was a defendable one (nobody would get fired for buying into it). Somewhere a mild accident and a monumental scientific crime, opinions vary, of lack of due care, and failure to promote best practice, in a regulated financial system, and still a ticking bomb, where billions of dollars will be lost tomorrow.
  5. Lighting network which however is not devoid of problems.
  6. Maybe more decentralization with Stratum 2, who knows. An illusory complication, and bitcoin is not going to suddenly become more decentralized or more democratic, this is just not happening. The DNA of bitcoin will remain being a game for the super rich.

P.S. I really believe this bold claim, this is why I have bet some bitcoins on it. And people have bet a lot of money against me. It is a real shocker, because opinions vary a lot and the bet has a attracted huge traction.

Updated 1 May 2020: The bet over and closed now. Sorry you missed it.