2017 | Bach Seat

Tag Archive for 2017

RB | May 12, 2017

Comments Off

Whose Time Is It?

What time is it? If you looked at the lower right corner of your Windows PC screen, you know what time it is. That is good enough for most people, but followers of the Bach Seat want to know more. How does Microsoft know that time it is? Microsoft and everybody else uses Internet Engineering Task Force (IETF) RFC 7822 standard protocol called Network Time Protocol (NTP).

Network Time Protocol (NTP)

NTP is one of the oldest Internet protocols still in use. NTP was designed by UMich alum David Mills at the University of Delaware. NTP can maintain time to within tens of milliseconds over the public Internet, and better than one-millisecond accuracy on a LAN. Like many other things in the network world, NTP is set up as a hierarchy. At the top of the tree are “Atomic Clocks” (Stratum 0). Corporations, governments, and the military run atomic clocks.

Atomic clocks are high-precision timekeeping devices that use the element cesium, which has a frequency of 9,192,631,770 Hertz. That means it “oscillates” a little over nine billion times a second. Knowing the oscillation frequency and then measuring it in a device creates an incredibly accurate timekeeping mechanism. Atomic clocks generate a very accurate interrupt and timestamp on a connected Stratum 1 computer. Stratum 0 devices are also known as reference clocks. The other stratum levels are:

1 – These are computers attached to stratum 0 devices. Stratum 1 servers are also called “primary time-servers”.

2 – These are computers that synchronize over a network with stratum 1 servers. Stratum 2 computers may also peer with other stratum 2 computers to offer more stable and robust time for all devices in the peer group.

3 computers synchronize with stratum 2 servers. They use the same rules as stratum 2, and can themselves act as servers for stratum 4 computers, and so on.

Once synchronized, with a stratum 1, 2, or 3 server, the client updates the clock about once every 10 minutes, usually requiring only a single message exchange. The NTP process uses User Datagram Protocol port 123. The NTP timestamp message is 64-bits and consists of a 32-bit part for seconds and a 32-bit part for the fractional second. 64-bits gives NTP a time scale of 232 seconds (136 years) and a theoretical resolution of 232 seconds (233 picoseconds). NTP uses an epoch of January 1, 1900, so the first rollover will be on February 7, 2036.

Microsoft Windows Time Service

Microsoft (MSFT) has a mixed history of complying with NTP. All Microsoft Windows versions since Windows 2000 include the Windows Time service (“W32Time”) which was originally implemented to support the Kerberos version 5 authentication protocol. It required time to be within 5 minutes of the correct value to prevent replay attacks. The NTP version in Windows 2000 and XP violates several aspects of the NTP standard. Beginning with Windows Server 2003 and Vista, MSFT’s NTP was reliable to 2 seconds. Windows Server 2016 can now support 1ms time accuracy.

In 2014 a new NTP client, ntimed, was started. As of May 2017, no official release was done yet, but ntimed can synchronize clocks reliably under Debian and FreeBSD, but has not been ported to Windows or Apple (AAPL) macOS.

Accurate time across a network is important for many reasons; discrepancies of even fractions of a second can cause problems. For example:

Distributed procedures depend on coordinated times to make sure proper sequences are followed.
Authentication protocols and other security mechanisms depend on consistent timekeeping across the network.
File-system updates carried out by a number of computers depend on synchronized clock times.
Network acceleration and network management systems also rely on the accuracy of timestamps to measure performance and troubleshoot problems.
Each individual blockchain includes a timestamp representing the approximate time the block was created.

NTP vulnerabilities

NTP has known vulnerabilities. The protocol can be exploited and used in distributed denial of service (DDoS) attacks for two reasons: First, it will reply to a packet with a spoofed source IP address; second, at least one of its built-in commands will send a long reply to a short request.

More vulnerabilities were recently discovered in NTP. SearchSecurity.com reports that security researcher Magnus Stubman discovered the vulnerability and, instead of going public, took the mature route and privately informed the community of his findings. Mr. Stubman wrote that the vulnerability he discovered could allow unauthenticated users to crash NTPF with a single malformed UDP packet, which will cause a null point dereference. The article explains this means that an attacker could be able to craft a special UDP packet that targets NTP, resulting in an exception bypass that can crash the process. A patch to remediate specific vulnerability — named NTP 4.2.8p9 — was released by the Network Time Foundation Project.

This is a Windows-only vulnerability at this time. The author urges anyone running the NTP daemon on a Windows system to patch it as soon as possible. This particular DoS attack against NTP could incapacitate a time-server and cause havoc in the network. The easiest fix is to apply the NTP patch the article states.

rb-
NTP is important to your network and patching and protecting it should be a priority. The threat to your environment is real. If NTP is not patched, an attacker could take advantage of the chaos created by this vulnerability to hide their tracks since timestamps on files and in logs won’t match.

Way back in the day, when I was a network administrator, I inherited a network where a directory services container was frozen. Seems that time had never been properly set up on the server holding the replica and as time passed, the server time drifted away from network time and at some point, we could not make changes or force a replica update. That meant a late-night call to professional services to kill the locked objects and then apply DSRepair –xkz (I think) and then re-install a R/O replica.

A ‘leap second’ will make 2016 a little longer (businessinsider.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2017, AAPL, Apple, Atomic Clock, Blockchain, DDOS, Debian, FreeBSD, GOOG, Google, Microsoft, MSFT, NTP, Security, UDP 123, Vulnerability

RB | May 5, 2017

Comments Off

Over Half the World Connected to the Internet

New statistics show that over half of the world’s population is now using the Internet. The 2017 Q2 Global Digital Snapshot Report on social media and digital trends released by Hootsuite, a social media management platform, and We Are Social, a social media agency, found that more than 3.8 billion people around the world now use the internet. This means that global internet penetration is 51%. The report’s author flips the number and points out that people who don’t use the Internet are now in the minority.

How are these people getting online? The report says that the total number of unique mobile users now stands at 4.96 billion. The use of a mobile phone is now ‘normal’ around the world. Almost 66% of the entire global population regularly uses a mobile phone. More and more of these users now own a smartphone too, and the latest data suggest that more than half of the world’s population now uses one of these powerful devices.

2017 Global Digital Snapshot Report by Hootsuite

The rapid spread of smartphones has led to significant growth in the number of mobile internet users. The number of people around the world accessing the internet via mobile reached almost 3.4 billion during early April 2017 according to the author.

Additionally, 93% of all internet users now go online via mobile devices (phones or tablets), and with the majority of new internet users now ‘phone first’, mobile’s share is likely to increase even more.

With all of this increased access, We are Social, writes that global social media users total to more than 2.9 billion users. This means that social media users are still increasing at a rate of more than 1 million per day – that’s 14 new users every second.

2017 Global Digital Snapshot Report by Hootsuite

The article observes that mobile social media continues to see the fastest growth across all our key data points. In the past 3 months, mobile social media users grew by more than 1.6 million new users every day. The total number of people around the world accessing social media via mobile devices now stands at just under 2.7 billion, representing global penetration of 36%.

Where do all of these mobile social media users go? Of course, they go to Facebook (FB). The research says that Facebook dominates the social media world. The latest data suggests that the world’s favorite social platform adds more than a million new users every day.

2017 Global Digital Snapshot Report by Hootsuite

Asia is the center of Facebook’s growth. Much of that growth came from India. With almost 250,000 new users in the country every day, the author speculates there’s a good chance that India will overtake the US to become Facebook’s most active market by July 2017. Bangkok is Facebook’s most active city, with roughly 30 million people in Thailand’s capital using the platform.

rb-

It should be obvious to any marketer that firms need to remake their customer engagement plans and implement real-time interaction with their customers. Simon Kemp, We Are Social said.

“Half of the world’s population is now online, which is a testament to the speed with which digital connectivity is helping to improve people’s lives … Given this latest data, it’s probably time for us to stop referring to social as new media, and integrate it more seamlessly into our day-to-day activities.”

I think Mr. Kemp is too optimistic when he says that “digital connectivity is helping to improve people’s lives.” Followers of the Bach Seat know that too much social media is bad for you.

LinkedIn hits 500 million users as it remains the quiet giant of social media (mashable.com)

Category: Uncategorized | Tags: 2017, Asia, Bangkok, Facebook, FB, Hootsuite, India, Internet, Mobile device, Networking, Smartphone, Social media

RB | April 30, 2017

Comments Off

A Lifetime on Social Media

From the scary stats department – In 2015, time spent on mobile apps exceeded time spent watching TV for U.S. consumers according to TechCrunch. And now influencer marketing agency MediaKix has calculated more scary social media statistics. Social media users will now spend years online during their lifetime.

Growth on many of the top social media platforms continues to rise as each network rolls out new features and functionalities to better compete for users’ daily time. It must be working, not only is the number of people using social media increasing, and the time people are spending each day on social media is increasing. MediaKix says that just Facebook (FB) users are spending an average of 50 minutes each day on the site.

Time on popular social media platforms

In order to see how much the average person will spend on social media throughout their life, MediaKix calculated the time spent across today’s most popular social media platforms. Across today’s most popular social media platforms, people are spending the following daily averages:

YouTube: 40 minutes
Facebook: 35 minutes
Snapchat: 25 minutes
Instagram: 15 minutes
Twitter (TWTR): 1 minute

The advertising firm says these social media consumption rates, across a lifetime will total up to:

YouTube: 1 year, 10 months
Facebook: 1 year, 7 months
Snapchat: 1 year, 2 months
Instagram: 8 months
Twitter: 18 days

5 years 4 months on social media

Cumulatively, this adds up for a total of 5 years and 4 months spent on social media across a lifetime. Compare the time spent on social media against more mundane life activities.

Social Media: 5 years, 4 months
Eating & Drinking: 3 years, 5 months
Grooming: 1 year, 10 months
Socializing: 1 year, 3 months
Laundry: 6 months

The Santa Monica, CA firm projected the social media figures across an entire lifetime and put the numbers into the infographic below.

rb-

I have argued for a while that the social media fake news issue is a result of the American educational system. They are obsessed with teaching the common core. They don’t teach any analytical skills. Schools need to reinstate current events and media literacy classes.

Quartz cited a survey that found that teens prefer Facebook as a news source (41%). Tweens break between YouTube (41%) and Facebook (37%). By huge margins, girls prefer Facebook for news, and boys, YouTube.

The converging trends of more time spent online, preferring social media as a news source and no education is putting democracy at risk.

I’m removing Facebook, Twitter, and Instagram from my mobile. Will you join me? (junloayza.com)

Search Engine Journal offers some good suggestions on how to evaluate if a story is real or fake.

What is the Site? most major recognized sources for news journalism are not going to be producing clickbait fake news. Most of the fake news sites go for “shock” value and produce fake stories that are not as recognized. Look into the source itself and see whether it is a website that can be trusted.

Check the Domain – Many fake news stories use similar URLs and domain names to mimic reputable news sources, but rather than using a .com they use .com.co endings

What are the Authors’ Sources? – Good news stories contain links to other reputable reporting by respected organizations. Be wary of sources that cannot substantiate their claims.

Fact Check! – When in doubt, fact-check the information that you read! You can start with a simple search to look into the keywords or the event that is being reported on. You can also use sites like PolitiFact, FactCheck, and Snopes.

Examine the Website Closely – Look at the full spectrum of details on the site. Is there other fake-looking or shocking headlines? What does the overall website look like? How is the user experience? Sometimes doing just a little further digging will make it clear if a news story is fake.

Act! – Once you identify if a story is real or fake, you can make a big difference. Do not share stories on social media that are fake and make them more visible. If you notice a friend or family member share a fake story on a social media outlet, do them a favor and comment or message them showing how you found out it was fake so they don’t repeat the same mistake.

If you come across a fake news article, comment on it stating how you arrived at the conclusion it was fake. If everyone does their part to distinguish fake news stories and make them known, then they won’t be shared as easily.

Category: Social Networking | Tags: 2017, Common Core, Facebook, FB, GOOG, Google, Infographic, Instagram, LinkedIn, Mobile app, Pinterest, Snapchat, Social media, Twitter, TWTR, YouTube

RB | April 20, 2017

Comments Off

Can Toshiba Stay in Business?

Updated 01/31/2024 – On 12/20/2023 Toshiba ends its 74-year history as a listed company. Toshiba’s new owner TBJH Inc., delisted the scandal ridden firm as part of the acquisition agreement (PDF). The deal structure is quite complex and involves a web of subsidiaries. Here’s an explanation from Bing:

TBJH Inc. is an indirect subsidiary of Japan Industrial Partners Inc. (JIP).
TBJH will be acquired by another JIP subsidiary, an investment fund called TB Investment Limited Partnership (TBLPS), through Brick Lane Partners.
TBJH Inc. acquired all of Toshiba Corporation’s shares listed on the Tokyo and Nagoya Stock Exchanges.
The shares of Toshiba Corporation were delisted on Dec. 20, 20232.
The same amount of money as tender offer price $15 Billion (4,620 JPY per share) is scheduled to be delivered in April.

This structure allowed TBJH to acquire the complete shareholding of Toshiba Corporation and take Toshiba private.

TBLPS is made up of four JIP funds, 17 Japanese businesses, and six Japanese financial institutions. The Related Fund is made up of JIP overseas cooperative funds and overseas funds including those from Japanese institutional investors.

—

Updated 06/22/2017 – As predicted below, the NYT reports that the Japanese government formed a coalition including the U.S. venture capital firm Bain Capital to buy Toshiba’s microchip division. Estimates are the Toshiba deal is worth approx. $20 Billion.

—

Toshiba is being driven to sell off its crown jewel, its microchip business, to stabilize the international giant. The New York Times reports that the stalwart of Japan’s postwar rise as a global industrial giant warned that it has doubts over whether it could stay in business. In a filing in Japan, Toshiba said it wrote off more than $6 billion connected to Westinghouse Electric’s troubled nuclear reactor projects in the United States, which had created “substantial uncertainty” over its ability to continue as a going concern.

The Toshiba microchip division is the number two global provider of NAND flash memory. NAND flash memory is a type of non-volatile storage technology that does not need power to keep data. Flash memory is electronic (solid-state) non-volatile computer storage medium that can be electrically erased and reprogrammed.

Toshiba originally invented flash memory in the early 1980s from EEPROM (electrically erasable programmable read-only memory). They introduced it to the market in 1984. Called flash memory, after the flash on a camera, the chips have become an essential building block of the modern electronics industry.

The two main types of flash memory are named after the NAND and NOR logic gates. The individual flash memory cells have internal characteristics similar to those of the corresponding gates.

Where EPROMs had to be completely erased before being rewritten, NAND-type flash memory may be written and read in blocks (or pages) that are generally smaller than the entire device. NOR-type flash allows a single machine word (byte) to be written—an erased location—read independently.

The NAND type operates primarily in memory cards, USB flash drives, some solid-state drives, and similar products for general storage and transfer of data. NAND or NOR flash memory is also often used to store configuration data in many digital products, a task previously made possible by EEPROM or battery-powered static RAM. One key disadvantage of flash memory is that it can only endure a relatively small number of write cycles in a specific block.

Makers of flash memory chips

Samsung Electronics Co. (005930) is the biggest maker of flash memory chips, followed by Toshiba, SK Hynix, and U.S.-based Micron Technology (MU). Toshiba manufactures its NAND Flash Memories at its Yokkaichi Operations to maintain quality.

A sale of Toshiba’s chip business, while offering the business a lifeline, would take away its most successful business — and, more broadly, would represent a shift of a major technology away from Japan, depending on the buyer. The Toshiba sale is still in its early stages, and the NYT says as many as 12 companies have approached Toshiba with proposals. Reports are that Toshiba is asking bidders to value its operations at about $17.6 billion (2 trillion yen), and make at least a 50 percent investment.

One of the better-known suitors is Hon Hai Precision Industry, also known as Foxconn. Foxconn is the assembler of Apple (AAPL) iPhones and is the world’s largest contract electronics maker. Foxconn is based in Taiwan but performs most of its manufacturing in mainland China. According to the article, Foxconn could pay billions to buy the business.

Sources told Japanese public broadcaster NHK the first round of the Toshiba auction drew 10 offers. Toshiba has narrowed the field of bidders for its chip unit to four: U.S. chipmaker Broadcom (AVGO), a private equity firm Silver Lake Partners which reportedly offered $18 billion; SK Hynix; Western Digital (WDC); and Foxconn (2354), reports say Foxconn offered $27 billion.

Apple is considering teaming up with its supplier Foxconn to bid for the Toshiba semiconductor business, Japan’s NHK reported. Apple is considering investing at least several billion dollars to take a stake of more than 20 percent as part of a plan that would have Toshiba keep a partial holding so the business remains under U.S. and Japanese control, NHK reported.

Japanese government may save Toshiba

The authors point out Toshiba’s situation is a remarkable turnabout for Japan, a country that once controlled the majority of microchip markets. In the past Japanese companies have banded together to rescue flailing domestic rivals and not let them fold or be acquired by foreigners.

The article speculates that the Japanese government may cobble together a “team Japan” offer, but the response from potential participants — who would have to explain the spending to shareholders — has been tepid. “It is fundamentally unthinkable that the Industry Ministry would intervene and take some kind of action,” Hiroshige Seko, the industry minister, said at a news conference, further dampening expectations.

Mark Newman, an analyst at Sanford C. Bernstein, argued in a report that Toshiba’s memory business remained valuable enough that selling it amounted to “selling the crown jewels to pay next month’s rent.”

Japanese politicians and industry leaders have voiced concerns over Chinese investors’ buying advanced chip production technology; semiconductors and memory are a major priority of China’s industrial policy. That could hinder any deal with Foxconn, said Mr. Newman, of Sanford C. Bernstein.

The worry is that Foxconn “would build huge fabs in China,” Mr. Bernstein said, referring to semiconductor fabrication plants. “The jobs would move to China from Japan, and furthermore China would go after market share at the expense of crushing industry economics, so the U.S., Taiwan, Korea, Japan all get hurt substantially by this arrangement.” Foxconn has been successful in attracting subsidies from the Chinese government to build large-scale production facilities in China.

The article speculates that Foxconn could take the Toshiba technology and manufacture it more cheaply in China. Such a move could drive down pricing for memory, a boon for Apple and low-cost Chinese smartphone makers. But it would also propel China forward in its long push to become internationally competitive in semiconductors. Mr. Newman has warned that competition in NAND chips could heat up next year, creating the possibility of oversupply and putting more pressure on Toshiba’s ability to put in effect next-generation technologies.

Forming Japanese consortium for Toshiba chip unit seen as difficult task (japantimes.co.jp)

Category: Uncategorized | Tags: 2017, AAPL, Apple, BRCM, Broadcom, Business, China, DRAM, Dynamic random-access memory, Flash memory, Foxconn, Hard disk drive, iPhone, NAND, SK Hynix, Toshiba, WDC, Western Digital

RB | April 15, 2017

Comments Off

Open a New Galaxy Crack with a Pix

Followers of the Bach Seat know biometrics have a limited value in replacing passwords. Despite the technical flaws another round of biometric hype is running across the intertubes. The latest round of biometric hype is coming from Samsung (005930). In the hope to revive their brand, they are on the verge of releasing the Galaxy S8. The Samsung Galaxy S8 includes the ability to use facial recognition software to unlock your brand new phone. CNet says that this idea “sounds awesome.”

However, this awesome will lower the bar for your security. CNet reports that the video blogger MarcianoTech demonstrated a pre-release version of the Galaxy S8 is seen being unlocked using just a photo (at the 1:09 mark). To their credit Samsung has acknowledged that the Face Unlock feature is more for convenience than for security, and it cannot be used for mobile payments. Weak facial recognition software is a convenience for the user, it could also be very convenient for others, too.

The troubles with Face Unlock date back to 2011 when SlashGear reported that Google admitted the security system can be fooled by a picture of you and not the real thing. CNet reports that a Carnegie Mellon University spin-off in Pittsburgh, PittPatt, developed that Face Unlock which was later acquired by Google (GOOG).

Just to make Face Unlock and similar facial recognition systems more dangerous, the Guardian reports during recent testimony before congress the FBI admitted that they store about half of all adult Americans’ photographs in a facial recognition databases that can be accessed by the FBI. About 80% of photos in the FBI’s network are non-criminal entries, including driver’s licenses pictures from 18 states including Michigan (pdf) and passports.

The FBI first launched its advanced biometric database, Next Generation Identification, in 2010, augmenting the old fingerprint database with further capabilities including facial recognition. The bureau did not tell the public about its newfound capabilities nor did it publish a privacy impact assessment, required by law, for five years.

Unlike with the collection of fingerprints and DNA, which is done following an arrest, photos of innocent civilians are being collected proactively. The FBI made arrangements with 18 different states to gain access to their databases of driver’s license photos.

“I’m frankly appalled,” said Paul Mitchell, a congressman for Michigan. “I wasn’t informed when my driver’s license was renewed my photograph was going to be in a repository that could be searched by law enforcement across the country.” So anyone with a photo of you, or maybe even just access to your Facebook photos, could potentially access your phone.

rb-

There are two important reasons why biometrics don’t work, and why the old-fashioned password is still a better option: a person’s biometrics can’t be kept secret and they can’t be revoked.

People expose their biometrics everywhere – they leave fingerprints behind at bars and restaurants, their faces and eyes are captured in photos and film, etc. There’s no real way to conceal your eyes, face, or fingerprints from the world. As far back as 2002, research led by Japanese cryptographer Tsutomu Matsumoto. Matsumoto and his team used clear gelatin to make artificial fingers that they then used to fool fingerprint scanners. The gelatin-based finger was successful in fooling all 11 devices tested. I wrote about spoofing fingerprints in 2016.

However, it’s the second problem with biometrics that is the really big one: once a person’s biometrics have been compromised, they will always be compromised. Since a person can’t change their fingerprint or whatever biometric is being relied upon, it’s ‘once owned, forever owned.’ That is biometrics’ major failing and the one that will be hardest to overcome.

Part of the reason is that it’s silly to only have 10 possible passwords your whole life (20, if you count toes) but unlike a password, once a biometric is compromised, it is permanent. Today, if your Twitter account gets hacked, you just change the password – but if you are using a biometric, you will be stuck with that hacked password for the rest of your life.

With the release of Windows 10, Microsoft (MSFT) stepped up their biometrics game. CNet reports that with the recent improvements in Windows 10 biometric security includes facial recognition software. Besides facial recognition, Windows Hello also supports fingerprint and iris recognition to secure your PC. For facial recognition though, Microsoft has partnered with chipmaker Intel (INTC) for its RealSense 3D camera tech to get the job done. RealSense uses depth-sensing infrared cameras to track the location and positions of objects, which Microsoft then uses to scan a person’s face or iris before unlocking the device in question.

To further push the biometrics agenda, more than 200 companies including Microsoft, Lenovo, Alibaba, and MasterCard have already come together to form a partnership known as the FIDO (Fast Identity Online) Alliance. Founded in 2013, FIDO was set up to address issues such as a worldwide adoption of standards for authentication processes over the Web to help reduce reliance on passwords.

Category: Uncategorized | Tags: 10, 2017, Biometrics, Facial recognition, FBI, FIDO, Galaxy, GOOG, Google, INTC, Intel, Microsoft, MSFT, Passwords, RealSense, S8, Samsung, Security, Windows

« Older Entries Recent Entries »

Bach Seat

Tag Archive for 2017

Whose Time Is It?

Network Time Protocol (NTP)

Microsoft Windows Time Service

NTP vulnerabilities

Related articles

Can Toshiba Stay in Business?

Makers of flash memory chips

Japanese government may save Toshiba

Related articles

Open a New Galaxy Crack with a Pix

Meta