Anti Chinese

Subjects that don't have their own home
Neal
Shed dweller
Posts: 2108
Joined: Fri Aug 03, 2007 10:57 am
Location: From the land of the Bodgers

#16 Re: Anti Chinese

Post by Neal »

When I was gainfully employed the talk was moving away from the idea of 7nm and going 3D with 10nm and even 14nm as it was easier to do and cheaper....did something change?
Only the Sith deal in absolutes.
User avatar
shane
Social outcast
Posts: 3109
Joined: Sun Sep 16, 2007 12:09 pm
Location: Kept in a cool dry place.

#17 Re: Anti Chinese

Post by shane »

When I left Plessey in 2004, they were running .35um, and designing chips in .18 which were then sent to TSMC for fabrication. I find it hard to imagine how 7nm is possible when we were working with allowed tolerances of +/- 40nm!
User avatar
jack
Eternally single
Posts: 4438
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#18 Re: Anti Chinese

Post by jack »

Just seen that TSMC are sampling at 5nm
WIkipedia wrote: In December 2019, TSMC announced an average yield of ~80%, with a peak yield per wafer of >90% for their 5nm test chips with a die size of 17.92 mm2.
That equates to 173 MILLION TRANSISTORS PER MM^2 !!!!
Vivitur ingenio, caetera mortis erunt
User avatar
Nick
Site Admin
Posts: 13751
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#19 Re: Anti Chinese

Post by Nick »

Don't know Neal. TBH, I don't pay much attention now. May be my age, but I find it hard to get too excited by a lot of computer progress now. I got nagged into learning go as part of a Kubernetes thing and there are a couple of cool things but its mostly just gluing together third party libs of dubious (or unknown) quality. Can't help but feel a lot of IT is now a solution in search of a problem.

There are clearly still some clever people doing clever work, I was hearing (though only just about keeping up with the description) about some very clever combination of Comp Sci and Genetics to do stuff that the Biologists hadn't thought of as they were not used to thinking in terms of creating a data structure that made the solution simple and all the work went into creating the structure, which is very much the CS way of looking at problems (or at least it used to be I guess).

Anyway off topic.
Little known fact, coherent thought can destructively interfere with itself leaving no thought at all, that’s why I prefer incoherent thought.
User avatar
jack
Eternally single
Posts: 4438
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#20 Re: Anti Chinese

Post by jack »

Nick wrote: Thu Apr 23, 2020 2:49 pm Don't know Neal. TBH, I don't pay much attention now. May be my age, but I find it hard to get too excited by a lot of computer progress now. I got nagged into learning go as part of a Kubernetes thing and there are a couple of cool things but its mostly just gluing together third party libs of dubious (or unknown) quality. Can't help but feel a lot of IT is now a solution in search of a problem.

There are clearly still some clever people doing clever work, I was hearing (though only just about keeping up with the description) about some very clever combination of Comp Sci and Genetics to do stuff that the Biologists hadn't thought of as they were not used to thinking in terms of creating a data structure that made the solution simple and all the work went into creating the structure, which is very much the CS way of looking at problems (or at least it used to be I guess).

Anyway off topic.
Biomimicry - kind of the reverse of what you're talking about - it's using nature to solve other problems...

BTW. I'm using docker on Raspberry Pis to great effect - it's not that new, but actually really works and is very cool. Swarm, the part of docker that does clusters is also pretty neat. Kubernetes is not that necessary in a domestic setting !! 8)
Vivitur ingenio, caetera mortis erunt
User avatar
Nick
Site Admin
Posts: 13751
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#21 Re: Anti Chinese

Post by Nick »

Biomimicry - kind of the reverse of what you're talking about - it's using nature to solve other problems...
Yep, but I would question that definition, I would say its more a case of using solution learnt from observing natural processes rather than by using nature itself.

Given beer I would argue that Maths and so CS is as much a part of Nature as photosynthesis so its a null distinction.

And I agree Docker and its friends are cool and nice solutions. But I would also argue that the reason they are needed in the first place is partly due to the modern habbit of making code that has a page or more of dependencies all of which may be updated at unexpected times. Go seems to try and avoid that by creating static executables, but it still ends up with shared libs being brought in by third party libs.

But then again, I take pleasure from reverse engineering Oracle JDBC drivers to reimplement its authentication in C just with help from OpenSSL. And I feel a bit guilty saying I used OpenSSL :-). Guess I will always be a hacker at heart (The original definition of the word).
Little known fact, coherent thought can destructively interfere with itself leaving no thought at all, that’s why I prefer incoherent thought.
User avatar
jack
Eternally single
Posts: 4438
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#22 Re: Anti Chinese

Post by jack »

OpenSSL - the CS version of The Curates Egg...

Used it tonnes over the years, and that's the problem... It's old and it's grown and grown and had too much backwards compatibility retained. It's a maintenance nightmare and some of the worst security horror stories of recent years can be laid firmly at its door...

OTOH, it's dead convenient, it's open source and the shockers, when they appear, are generally fixed quickly...

If you'd like some alternative for the the crypto and authentication side of things, have you ever used Wei Dai's Crypto++? I love it, and Wei is a genuine, highly respected, cryptographer and coder. Crypto++ is something of a standard in the banking and other industries...
Vivitur ingenio, caetera mortis erunt
User avatar
Nick
Site Admin
Posts: 13751
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#23 Re: Anti Chinese

Post by Nick »

Will take a look at that.
some of the worst security horror stories of recent years can be laid firmly at its door
That is partly because just about everything uses it.

Its also had a lot of eye's on it which is never a bad thing.
Little known fact, coherent thought can destructively interfere with itself leaving no thought at all, that’s why I prefer incoherent thought.
User avatar
jack
Eternally single
Posts: 4438
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#24 Re: Anti Chinese

Post by jack »

Nick wrote: Thu Apr 23, 2020 4:39 pm Will take a look at that.
some of the worst security horror stories of recent years can be laid firmly at its door
That is partly because just about everything uses it.

Its also had a lot of eye's on it which is never a bad thing.
I did say that stuff gets fixed quickly...

...but some of the major issues were there from pretty much day 1, so lots of eyes simply missed that for many years in the fog & complexity of the code...

It's also quite possible that the issues were long known about in some quarters and saved as a useful zero-day and also questions the efficacy of the test suite and release process...
Vivitur ingenio, caetera mortis erunt
User avatar
Nick
Site Admin
Posts: 13751
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#25 Re: Anti Chinese

Post by Nick »

All true, but since Heartbleed there has been some properly financed peer reviews of the code (which of course you know).
Little known fact, coherent thought can destructively interfere with itself leaving no thought at all, that’s why I prefer incoherent thought.
User avatar
jack
Eternally single
Posts: 4438
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#26 Re: Anti Chinese

Post by jack »

Nick wrote: Thu Apr 23, 2020 9:00 pm All true, but since Heartbleed there has been some properly financed peer reviews of the code (which of course you know).
It's a bit like having the water tested in a well.

You know on the day the test was done, the water was fine. The following day, unknown and unseen, a sheep falls in...

Basically, OpenSSL is too complex. It's fabulously useful for so many things, particularly with certificates, but it does too much and with great functionality comes great complexity, and with complexity comes risk.

You can't audit every release, and you can't guarantee that a given audit will find every issue - there may be no issues that match the audit criteria at the time, but then a new attack surface emerges and of course, by definition, none of the historical audits can reveal a zero day.

If you want to do TLS, have a product that just does TLS. Nothing else. Nada. Not even TLS 1.0 and 1.1, just 1.2 & 1.3. And definitely none of those crappy compromised cipher suites.

Yes, I know the arguments about legacy support. Sod them. Get an upgrade. WhatsApp and others have the right idea: use a decent client or you can't use the service.
Vivitur ingenio, caetera mortis erunt
User avatar
Nick
Site Admin
Posts: 13751
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#27 Re: Anti Chinese

Post by Nick »

Been thinking about this, I think you are misrepresenting for the average reader the nature of the problems in openssl. They were not simple coding errors which may be the impression from your posts, they were found to be open to complex cryptographic attack which is a entirely different bag of worms.

You can of course (as its open source), pull out the parts you want and only build them into your library, so to a large extent the argument that its too complex is solvable and the lib can be built statically so a private and cut down build for a particular purpose.
Yes, I know the arguments about legacy support. Sod them. Get an upgrade.
I wasn't making that argument and I wouldn't. Much of the legacy issue is solved now as the user is free to select what cyphers they use, and in the case of client server what the server will accept. So I feel your argument collapses to one of too much choice.
You can't audit every release
Np, but you can audit the changes, same as any software. You seem to be arguing that its not perfect so is not usable, we have known for many decades that software has bugs, but you seem to be suggesting that it would be possible to create a replacement that would in some way both not have the problems of the original and at the same time not introduce its own new problems.
Crypto++ is something of a standard in the banking and other industries
That of course is simply an appeal to authority.

Generally the work I do has no need of absolute secrecy, just operation with existing system so for that OpenSSL works just fine. Also, I am a C programmer not C++ (by choice), and building Crypto++ would be problematic on some of the legacy systems I have to support. I might make the argument that C++ is possibly a poor choice for known and secure code development, but I will save that one for another day.
Little known fact, coherent thought can destructively interfere with itself leaving no thought at all, that’s why I prefer incoherent thought.
User avatar
jack
Eternally single
Posts: 4438
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#28 Re: Anti Chinese

Post by jack »

We'll just have to agree to differ on a whole bunch of points.

Just for starters:
Nick wrote: They were not simple coding errors which may be the impression from your posts, they were found to be open to complex cryptographic attack which is a entirely different bag of worms.
Not so. Heartbleed was a simple coding error - a missing bounds check resulting in a buffer overflow. 101/basic/beginners coding error.
Poodle was based on a man-in-the-middle exploit. Not a "complex cryptographic attack" - rather a pretty standard cryptographic attack vector, but with a nasty outcome.

FWIW, Crypto++ is used in the financial sector (where security is a key concern) because it is highly modular and is easily auditable. This is not "an appeal to authority", it's a statement of fact. OpenSSL is used, but not generally for sensitive environments.

OpenSSL is widely used elsewhere largely because "it's there" - it's free and it's bundled. There are few alternatives - again, that's not a criticism, it's a statement of fact - it's free and in every Linux/Apache/whatever environment. So it gets used. A lot. All the more reason for a more auditable codebase.

I could go on, but it is what it is.
Vivitur ingenio, caetera mortis erunt
User avatar
Nick
Site Admin
Posts: 13751
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#29 Re: Anti Chinese

Post by Nick »

jack wrote: Thu Apr 23, 2020 2:45 pm Just seen that TSMC are sampling at 5nm
WIkipedia wrote: In December 2019, TSMC announced an average yield of ~80%, with a peak yield per wafer of >90% for their 5nm test chips with a die size of 17.92 mm2.
That equates to 173 MILLION TRANSISTORS PER MM^2 !!!!
https://www.bbc.co.uk/news/technology-54510363

Not sure how (though they clearly can) the USA can stop a Dutch company selling to the Chinese.
Little known fact, coherent thought can destructively interfere with itself leaving no thought at all, that’s why I prefer incoherent thought.
User avatar
Ray P
Thermionic Monk Status
Posts: 5070
Joined: Thu Nov 22, 2007 5:18 pm
Location: Somerset

#30 Re: Anti Chinese

Post by Ray P »

Nick wrote: Tue Oct 13, 2020 2:18 pm https://www.bbc.co.uk/news/technology-54510363

Not sure how (though they clearly can) the USA can stop a Dutch company selling to the Chinese.
Probably via the Intel stake in AMSL but I imagine TSMC (Taiwan) and Samsung (S Korea) aren't going to be in favour of sharing the technology either...
Only two chip manufacturers have put this to commercial use so far :

Taiwan Semiconductor Manufacturing Company (TSMC) - sole supplier of the A14 to Apple for its latest iPhones, iPads and Mac computers
Samsung - which is making a new Qualcomm processor for Android phones, set to be formally unveiled in December

The two firms each own a stake in ASML alongside Intel
Post Reply