Back to Top

Tuesday, September 26, 2006

Hack the Gibson - for Episode #50

Read the reason for these posts.

The issue of different ports: as you can read on Wikipedia, there are three categories of ports:

  • Common ports: from 0 to 1023 (not 1024, but the first 1024! - we computer guys are sometimes a little weird with our numbers) - these are special in the sense for example on Linux you must have root privileges to use them (some old programs used this as a primitive method for authentication saying that this packet comes from computer X who I trust and it has a source port below 1024, so the user who's sending it must be root on that computer, so I can trust it - until everybody discovered IP spoofing)
  • Registered ports: from 1024 to 49151 (why 49151? I don't know, but it looks nicer in hex: BFFF). These are listed by IANA (Internet Assigned Numbers Authority). You can find the listing here: http://www.iana.org/assignments/port-numbers. The list is only a recommendation and nobody will / wants to enforce it. It should be respected if you want to address a large public (so that they know on which port to connect for a given service), but on privately used networks you might want to choose different ports to avoid automatic exploitation tools.
  • Dynamic and/or Private Ports: from 49152 to 65535.

A little correction for the typist: it's DESQView not DeskView.

In the podcast there is a big confusion between different types of virtual machines, and I can't blame them since there are many different things on the market called virtual machines. My personal recommandation would be to anyone who feels confused by the podcast to go read the Wikipedia article on Virtual Machines which does a very good job on clarifying the issues.

STEVE: ... There’s literally a bitmap that represents the I/O addresses so that individual I/O addresses can be protected and others can be deprotected. - as far as I know on the x86 architecture every I/O operation (there are two instructions in and out) is a privileged operation (that means that code running in ring 3 can't execute it and it will always create an exception - which the supervisor code in ring 0 can handle) and there is no such bitmap.

virtually zero overhead - luckily he said virtually, because even if it's in hardware, there is an overhead. The modern processors don't execute an instructions every clock cycle, but every instruction takes a number of clock cycles. If you listen to the interview with the researches who develop Singularity (a research OS) over at the Channel9 site they say turning on paging and memory protection can reduce the performance of the computer by something like 10% (I'm not sure what the exact number was). It's a penalty that must be accepted for current OSs but for example in their OS they can avoid turning it on, because of the checks they make on the programs during compile time.

LEO: She’s got the Red Pill, I think, is a solution to the Blue Pill. STEVE: Exactly. LEO: As I remember. Pluses for Leo for saying the magic words As I remember but a big minus for Steve for saying Exactly on a half true statement. And again, attribution: the researcher is Joanna Rutkowska and her site is invisiblethings.org. Now to clarify: the Red Pill is a technology for detecting virtual machines which rely on the x86 hardware to offer a faster virtualization. The Blue Pill is a mini virtual machine (a hypervisor to use the correct technical term) which runs on the new chips launched by AMD and Intel with the virtualization support, and no, it can't be detected by the Red Pill, because the Red Pill wasn't designed for detecting it! In fact there is a debate going on about whether such a program (a hypervisor) is detectable from inside the computer if it's running on these new processors.

due to insecurities that exist in the way our current operating systems have been implemented - the Blue Pill has nothing to do with the way OSs are implemented. It simply uses a new set of hardware instructions implemented in a new generation of processors. The only "insecurity" would be the fact that most users run with administrative or near administrative privileges which makes it possible for any program to enter in kernel mode from where it can use these advanced instructions. But this isn't an implementation insecurity but a configuration problem.

STEVE: ...I’ve ended up developing up some very cool technology to allow zero scripting, pure CSS, beautiful hierarchical menus. - as I've said earlier, attribution. Go to any decent web developer and tell him that you developed a pure CSS menuing system and he'll tell you: yeah, that's old news. In fact do a google search on pure CSS menus to see how many people have already described this technique and how old it is.

Well, and most menus are generally JavaScript. They will still function maybe in a crippled fashion, but you need to turn scripting on in order to get a next-level dropdown to work. - two words: Progressive enhancement. It seems that Steve is only now discovering the new techniques that have been floating around for 5+ years. This is not an inherently bad thing but please, don't play the wise old guru who just developed a new technique, and give credits to the people who deserved it. Nobody can know everything in the computer industry, and it's ok, because we see farther by being on the shoulders of giants. I've heard somewhere (and sorry for not knowing the exact source, but hey at least I don't say that this is my idea - I think it was one of Cory Doctorow's speeches) that e-mail is the way it is because it was created by researches / scientist. That's why the original text appears when you hit reply and you can insert your comments in between. Please Mr. Gibson, try to use more science and less marketing.

1 comment:

  1. Privileged is one of the best series on television..I always relish while watching every episode and tis one was truly admirable..everything is so captivating..appreciable characters and acting skills makes it superb..

    ReplyDelete