My bad. Sorry. I even spotted it during submission but seem to have copied the wrong link over the one I got right. I guess it proves that I really am the RTFA-troll though. If the editors had read the article they would have noticed:-):-)
Facebook is making a phone because Facebook is a huge brand and people will buy it just because it has the Facebook logo on the case.
The thing about that is that mobile phones are incredibly difficult products. You can easily make a good in shop demo. The first few people may well buy the phone and try it. However, as Microsoft is finding out with Windows Phone, once the early adopters find they have a dud, no amount of marketing can fix that. Your phone is with you all the time; it represents you. If you pull out a Windows based mobile phone you look like a dork and people laugh at you behind your back. Bad mobile phones have a real potential to destroy great brands and have done so many times over; think of Ericsson, Benefon, Sendo, Siemens, Hewlett-Packard, etc. etc.Think about how Microsoft has fallen from about 38% smart phone market share to below 5% even with all their resources available. Think about how Nokia is being totally destroyed by their Windows Phone failures.
Facebook can make a success about this, but they will need many things:
at least one, preferably two of the tier one manufacturers; Samsung, HTC, Sony Ericsson or even Nokia*
a fully functional OS platform controlled by Facebook
a clear way to persuade the manufacturers that Facebook can't use that control against them
a complete mobile ecosystem
a way to differentiate strongly from Microsoft and Google
serious levels of developer involvement and open source efficiency
top levels of operator buy in
Microsoft is desperate enough that they might give Zuck a deal that looks almost good enough; certainly lots better than the deal Nokia seems to have got. However, I think Zuck already knows he's getting associated with being a loser and so the risk of such a deal would be far too great. In any case, Microsoft having brought Nokia down after the "Burning Platforms" memo; they will have great difficulty delivering even close to most of the points above and there's no real sign that they will ever get it together so there may be nothing that could ever fix their platform.
My feeling? This is possible, but you would have to do something like
Make an Android fork, but add in WebOS and/or Mer features to make it different
Move lots of new Android code under the GPLv3 or equivalent in order to stop Google from benefiting in turn
push lots of Facebook interfaces into the OS
Make a more iOS like walled garden app store than the Google one.
By going with Android binary compatibility Zuck would guarantee that he starts with the apps base he needs. By going with the GPLv3 he knows he will piss off Google who hates that license more than anything. By pissing off Google he will get allies and differentiation.
In the end, however, it's the operators who will decide. They know that there can be no more than three smartphone operating systems. They had hoped Microsoft would take over Blackberry's and Symbian's position as those two fail. With Microsoft's Skype strategy the operators became afraid that Microsoft will come for them. Now that MS is clearly going to fail in the market, they will be happy to look for a new alternative. A Facebook Android fork would look like a cheap way to get that.
* Motorola ruled out from potential partners since I doubt Google will play. Apple ruled out since I'm pretty sure they won't play. LG, NEC, ZTE etc. ruled out as just too small or too regional.
What a completely bizzare and off topic post. You presumably had a viewpoint (the Pirate Party is damaging) and your mind is able to twist the facts of any situation to support that even if it's almost completely unrelated. Let's see what you are missing because you did not or were not capable of RTFA.
You think the original guy is continuing his lawsuit. In fact he isn't.
You think that fair use will help this woman; in fact she's trying to sue someone else for fair use
You think the image in question was used by a non-profit. In fact Petapixel is decidedly for-profit.
If you really believed those things, go visit a psychiatrist who may be able to help you.
This whole situation shows exactly the benefit of the PirateParty's position. By having free speech, a total fool has put her foot in it; a photographer has been able to have his say and leave and a photo site has been able to step in and point out the truth.
This may be the chance; she seems crazy enough to actually lose. PetaPixel should report the perjury and we should all pile in with donations to support them. Getting a precedent set in this direction would really really help.
You have format shift. Buy a DVD and rip it. It's really easy. Yeah, the studios don't like it, but at least you're putting some money in the pockets of the people who are entertaining you.
You are supporting increasing crime in society by doing this. In other words; it's pretty obvious that people will copy the content. The content industry pushed for this to be illegal. Buying DVDs is pushing up crime by putting money into the pockets of companies which push for things normal people will do to be illegal.
If you want to give money to an artist; do one of the following:
give money to the next decent busker/street artist you see
send a cheque to a non RIAA / non MPAA artist
look up a random artist on Jamendo.com and give them a donation
There can be no moral justification for giving money to an MPAA or RIAA member when you can easily avoid it.
If that were strictly true then patents would be no use. Just move the screw connecting two parts by a tiny bit and you have a different implementation of the same idea. So then you have to come up with some clear definition of when two machines are the same as the one described even though, in some detail, they are different.
That's the point where your patent attorney steps in. He writes a patent which shows every nearby variation he can possibly think of and generalises the original design so that you can see all sorts of similar machines. Now your patent becomes "overly broad" but nobody can really define that properly. This is the reason why most calls for "patent reform" are fundamentally flawed. The system works pretty much as well as it can given the fact that people are involved.
The only solution is to clearly ban some types of patents and enforce licensing of others at reasonable costs.
remember that the Jackson ruling was overturned in appeal and the two sides settled out of court.
I'm going to call that statement "deeply and deliberately misleading" rather than a lie. You know fine that the findings of fact were confirmed on appeal. That means that the appeals judges agreed Microsoft did everything that Jackson said they did. The only thing overturned was the penalty. The out of court settlement avoided further proceedings at that stage.
And that's bullshit; as has been discussed on here a day or so ago. This is not an accidentally left debugging backdoor. There was a separate; openly disclosed (but proprietary and controlled) debugging system via the JTAG connections. That had one specific limitation; that you couldn't use it to read out a crypto key from the chip. There was a very carefully hidden way to break that security which the person who put it there would be pretty sure would not be discovered. They even went to the effort to protect it against differential power analysis, the strongest previously published attack on such circuits, something that would be completely pointless in a debugging circuit you planned to remove in the production system.
Please go back and read the original paper carefully. It even made it completely clear that the most likely source for the backdoor was the original design from the USA. The Register is just wrong here.
For something like a set top box, the manufacturer is fully justified in locking it so that customers cannot.....
How the hell have we got to this distopian nightmare. These are the people who bought something from you. They own the set top box. They are in the privacy of their own homes. What they do with their own stuff in their own homes is none of your bloody business and you are certainly not "fully justified" in setting up systems to interfere with it. People are fully justified in taking serious action against people who do that kind of stuff.
Heck, even an edict came down along the lines of "No GPLv3 software will be approved - don't even try".
That's great for me to hear. You don't sound like the kind of company that has much of value to contribute. We just got permission to contribute back code to the external GPLv3 project we use. This is going to be another story like 10 years ago. Back then lots of companies were banning GPL, or even all open source software. The ones that could use (for example Apple, Google, IBM and Facebook) it had an edge which was crucial in many of them pulling ahead.
If what you say is true, GPLv3 becomes the differentiator license; the one which lets go ahead companies like mine cooperate with other similar companies who provide real benefit, whilst keeping the code away from another group who become the losers.
You do understand that even private keys can require a passphrase don't you? Mere possession of someone's private key does not automatically get you in.
That would only be in very primitive systems unsuitable for this type of work. By the time you are talking about a voting system the private key should be stored in a hardware device and not even the owner of the key should have access to it. In systems where the private key is opened up with a passphrase, attacks would be trivial. My attacks were aimed at more advanced scenarios where you can't rely on direct key compromise and have to compromise the user interface which accesses the key. These types of systems would typically use combinations of codes and biometrics for key access.
Further, when the constituent logs in, and finds that his opinion has already been registered, its his clue that he has been compromised, and further, since its merely an expression of his opinion, he can change it.
I covered this when I said:
; you can check your vote and it can show you a different one.
In other words, when he logged in, it would show him the vote he thinks he's cast. Please note, though, that your security mechanism is actually making the vote buying attack much worse. Now the vote buyer can come back at any time and demand to see the constituent's vote; not just during the voting. Instead of having to visit every vote you buy, you just threaten to visit later and actually go to a small percentage of them. You can now buy hundreds of votes for the effort of visiting just a few voters.
You would want constituents to be able to change their opinion right up to the time the floor vote was to take place.
(Note: I'm totally glossing over the statement "Apparently most private computers are infected/compromised.", for which you haven't presented a shred of evidence. Microsoft stats indicate 4 PCs per 1,000 for Windows 7, less for 64bit. Simply having some bad actors in your cookies does not constitute a compromise that would allow grabbing ones private key and the password thereto.)
These are hard to come by numbers. Almost nobody wants to admit to being infected. Microsoft obviously has a horse in the race, so their opinion is worth even less than it usually is. Rate's given on the first places turning up in Google range from about 35% (Germany) through 58% (USA) up to 98% (Iran). See for example infosec island. Look around and most people claim approx 50%.
The state of public/private key technology today suggests to me that the system could be reasonably safe from each of the points you list, other than the purely social ones,
I think that's a totally wrong assumption. Before you can do public/private key crypto safely you have to have a secure computer. Apparently most private computers are infected/compromised. When your machine is compromised you can make one vote and it can change it to another; you can check your vote and it can show you a different one. If that's true, then the whole game is lost.
If we can go five years or so without a single effective new computer virus or trojan being discovered for common systems, then we can maybe start to talk. Until then, the risks are just too great.
There's the issue in a pinch, isn't it? Who vets it? Who makes it? Who determines the trustworthiness?
That's simple. Me. rtfa-troll for uber-dictator^W^Wguardian of the world. You've seen my Slashdot postings. You know you can trust me.
Seriously, though, you could do this provided that you had fully peer reviewed open designs; had greatly developed circuit reverse-engineering and analysis; had developed quite a few isolation techniques such as efficient Homomorphic encryption and have enough experience with them to truly understand their security. We probably also need to have provenly secure public key cryptography and shown that quantum attacks against it are impossible. We certainly need to have developed a level of civics education which means that the average voter fully understands economic models, the limitations inherent in them and how to work with uncertainty; statistics, large number mathematics and government budgets; social structures, human interactions and how to work with them; etc. etc. etc.
In other words, we are probably several lifetimes away from being able to do this even approaching safely.
There are other, much safer and better ways to introduce more direct democracy; for example the Swiss referendum system.
You'd have to set up the system so people can't vote multiple times.....
There are so many other possibilities.
people who aren't supposed to vote, manage to vote
people who are supposed to vote get stopped voting through tricks (like in Canada)
the right people vote, but a trojan changes their online vote to a different thing from the one they wanted
a computer manufacturer or OS vendor uses their control to modify votes, just like the trojan
a minority of people has time to vote, the rest of the people have to work to keep their families together
a "special" minority of people go round people's houses and make sure they vote the "right" way.
Election security is difficult and makes voting processes slow and difficult. This is why democracies moved from direct voting to "representative democracy" in the first place.
Computers just make it much easier to get a wrong system into place. They don't actually make it easier to make a good system. Maybe in the long long term, once everybody has access to a properly vetted secure device from a trustworthy manufacturer then we might be able to start thinking about online voting. Until we have that, such ideas are just asking for disaster.
Oh come on; when you kill my brother in a war, that's terrible. I'm losing. When I kill your brother in a war, that's great. I'm winning. You can hardly blame people for feeling that way since the alternative has often been invasion, defeat, torture and death. At that level almost everyone is a hypocrite.
Normally potential enemies trade on an extremely limited and careful basis. Any breach of trust is extremely carefully searched for and then publicised. For example, the French allowing Margaret Thatcher to disable Exocet missiles was a very big story.
The big news here is that the American rich, the "1%", have deliberately handed over their manufacturing to a country which has been their explicit enemy for years in order to defeat the power of US working people. Instead of putting them to death, the Americans continue to elect their placemen year after year. This is at the same time as American politicians continue, year after year to claim that China is their big enemy. If you want the real hypocrisy you may find some there. However, even here, I think you will find that one person claim's China is the enemy whilst another person says the US should trade with them. That's not hypocrisy just a difference of opinion.
If you had RTFA, you would have seen that this chip also has JTAG and that this backdoor precisely breaches the documented and promised limitations of JTAG against seeing embedded crypto keys.
Imagine you have a crypto device; you want users to be able to program in new keys and then send it out into the field which you do over the JTAG interface. You then don't want captured crypto devices to give away the keys. This device promises that it will do that for you. This backdoor breaks that promise.
More importantly, the back door was clearly designed to be very difficult to find. That's not standard for a debugging option
Ever do FPGA work? Not thinking so. Sadly I can verify that in the FPGA world everything is all ultra-closed. Patents? Competitive advantage? IP laws? Hide evidence of patent infringement?
No, but I'm not sure I see how what you describe is different from, for example, graphics cards?? Read the paper and you will see that this backdoor was found whilst looking at other "legitimate" hidden functionality. It's not just a matter of some undocumented functions.
It's hard to imagine Facebook wanting their own OS, when they could more easily follow the 'android with the manufacturer's crap UI customizations on top' route. (Or do the same with whatever they are calling the twitching corpse of Maemo these days)
It wouldn't be hard for them to do both. Have their own OS which is an Android customization. Google has a weak license on Android, which leaves them open for robbery. Facebook can either make private branch of Android, or, if they are really clever, they can make a copyleft branch which will make it impossible for Google to incorporate back Facebook improvements whilst Facebook can still take Google ones and benefit from community involvement.
This would leave Facebook in a good situation since they would have the strongest O/S and none of their major competitors would want to touch it. I often wonder why Nokia didn't go for this strategy; however I guess they always failed to understand open source and never opened up enough to benefit from it. Facebook has more experience in this area.
Apart from Ada Lovelace and Marie Curie, can anyone here name any important female figure in the history of technology?
Probably not. But that's because most of them are fucking ignorant of the history of AI, let how to attack from above in a Battle of Britain era fighter plane.
Hell, most of the people here have probably never fixed a computer bug. Hand in your nerd cards the ignorant lot of you.
From the article, the read-only registers may be configured to be written:
agreed 100%; as this bit of your quote says.
"At this point we went back to those JTAG registers which were non-updatable as well as FROW to check whether we could change their values. Once the backdoor feature was unlocked, many of these registers became volatile and the FROW was reprogrammable as a normal Flash memory.
However the following bit is saying that the data can also be read. That doesn't have to be. Write only registers are a standard hardware feature. It's also standard procedure that if you have write only registers which become readable when a debug configuration is entered, then you clear the contents before entering debugging mode. That isn't what happens however, as the second part of your quote clearly states
Actel has a strong claim that 'configuration files cannot be read back via JTAG or any other method' in the PA3 and in their other latest generation Flash FPGAs [18]. Hence, they claim, they are extremely secure because the readback access is not implemented. We discovered that in fact Actel did implement such an access, with a special key used for activation."
Whilst incompetence is very normal, this is an extremely high level of incompetence in an area which is explicitly listed for checking in all military security standards (see even ancient things like the Orange book). I would say that, combined with the fact that the paper claims that the feature was quite well protected it pretty much rules out an accidentally left over debugging feature. At best it's a debugging feature they knew they shouldn't be putting in but decided to do anyway for reasons of convenience. Almost certainly someone put it in especially in order to get one over some chip user(s) with very little expectation of it being found.
Given DARPA's interest, some time ago, in chip security it seems to me that they knew about this or similar backdoors and are either worried that they will be copied by competitors or that they are worried by the fact nobody has spotted any of them.
The page with a link to the final paper actually does mention China. However, it's an American design from a US company. I suspect we will find the backdoor was in the original plans. It will be interesting to see however.
Read the actual paper which is linked. This does not just allow writing to the chip. The feature is also designed to allow reading data which the chip is explicitly supposed to keep that data secret. E.g. you put your encryption keys into the chip and count on it not letting them out again whilst it continues to encrypt data. This is in a high security chip specifically designed for crypto uses. Despite what others are suggesting, you do not leave a debugging feature in such a chip.
More importantly, the back door was clearly designed to be very difficult to find. That's not standard for a debugging option. Someone somewhere designed this specifically to work against people buying the chip.
Whichever of the companies is innocent needs to step up and say something to the effect of 'we would never do this to our customers'.
Slashdot Mirror
My bad. Sorry. I even spotted it during submission but seem to have copied the wrong link over the one I got right. I guess it proves that I really am the RTFA-troll though. If the editors had read the article they would have noticed :-) :-)
Facebook is making a phone because Facebook is a huge brand and people will buy it just because it has the Facebook logo on the case.
The thing about that is that mobile phones are incredibly difficult products. You can easily make a good in shop demo. The first few people may well buy the phone and try it. However, as Microsoft is finding out with Windows Phone, once the early adopters find they have a dud, no amount of marketing can fix that. Your phone is with you all the time; it represents you. If you pull out a Windows based mobile phone you look like a dork and people laugh at you behind your back. Bad mobile phones have a real potential to destroy great brands and have done so many times over; think of Ericsson, Benefon, Sendo, Siemens, Hewlett-Packard, etc. etc.Think about how Microsoft has fallen from about 38% smart phone market share to below 5% even with all their resources available. Think about how Nokia is being totally destroyed by their Windows Phone failures.
Facebook can make a success about this, but they will need many things:
Microsoft is desperate enough that they might give Zuck a deal that looks almost good enough; certainly lots better than the deal Nokia seems to have got. However, I think Zuck already knows he's getting associated with being a loser and so the risk of such a deal would be far too great. In any case, Microsoft having brought Nokia down after the "Burning Platforms" memo; they will have great difficulty delivering even close to most of the points above and there's no real sign that they will ever get it together so there may be nothing that could ever fix their platform.
My feeling? This is possible, but you would have to do something like
By going with Android binary compatibility Zuck would guarantee that he starts with the apps base he needs. By going with the GPLv3 he knows he will piss off Google who hates that license more than anything. By pissing off Google he will get allies and differentiation.
In the end, however, it's the operators who will decide. They know that there can be no more than three smartphone operating systems. They had hoped Microsoft would take over Blackberry's and Symbian's position as those two fail. With Microsoft's Skype strategy the operators became afraid that Microsoft will come for them. Now that MS is clearly going to fail in the market, they will be happy to look for a new alternative. A Facebook Android fork would look like a cheap way to get that.
* Motorola ruled out from potential partners since I doubt Google will play. Apple ruled out since I'm pretty sure they won't play. LG, NEC, ZTE etc. ruled out as just too small or too regional.
If you really believed those things, go visit a psychiatrist who may be able to help you.
This whole situation shows exactly the benefit of the PirateParty's position. By having free speech, a total fool has put her foot in it; a photographer has been able to have his say and leave and a photo site has been able to step in and point out the truth.
Above in the discussion it's claimed she is registered under her maiden name.
This may be the chance; she seems crazy enough to actually lose. PetaPixel should report the perjury and we should all pile in with donations to support them. Getting a precedent set in this direction would really really help.
You have format shift. Buy a DVD and rip it. It's really easy. Yeah, the studios don't like it, but at least you're putting some money in the pockets of the people who are entertaining you.
You are supporting increasing crime in society by doing this. In other words; it's pretty obvious that people will copy the content. The content industry pushed for this to be illegal. Buying DVDs is pushing up crime by putting money into the pockets of companies which push for things normal people will do to be illegal.
If you want to give money to an artist; do one of the following:
There can be no moral justification for giving money to an MPAA or RIAA member when you can easily avoid it.
If that were strictly true then patents would be no use. Just move the screw connecting two parts by a tiny bit and you have a different implementation of the same idea. So then you have to come up with some clear definition of when two machines are the same as the one described even though, in some detail, they are different.
That's the point where your patent attorney steps in. He writes a patent which shows every nearby variation he can possibly think of and generalises the original design so that you can see all sorts of similar machines. Now your patent becomes "overly broad" but nobody can really define that properly. This is the reason why most calls for "patent reform" are fundamentally flawed. The system works pretty much as well as it can given the fact that people are involved.
The only solution is to clearly ban some types of patents and enforce licensing of others at reasonable costs.
remember that the Jackson ruling was overturned in appeal and the two sides settled out of court.
I'm going to call that statement "deeply and deliberately misleading" rather than a lie. You know fine that the findings of fact were confirmed on appeal. That means that the appeals judges agreed Microsoft did everything that Jackson said they did. The only thing overturned was the penalty. The out of court settlement avoided further proceedings at that stage.
And that's bullshit; as has been discussed on here a day or so ago. This is not an accidentally left debugging backdoor. There was a separate; openly disclosed (but proprietary and controlled) debugging system via the JTAG connections. That had one specific limitation; that you couldn't use it to read out a crypto key from the chip. There was a very carefully hidden way to break that security which the person who put it there would be pretty sure would not be discovered. They even went to the effort to protect it against differential power analysis, the strongest previously published attack on such circuits, something that would be completely pointless in a debugging circuit you planned to remove in the production system.
Please go back and read the original paper carefully. It even made it completely clear that the most likely source for the backdoor was the original design from the USA. The Register is just wrong here.
For something like a set top box, the manufacturer is fully justified in locking it so that customers cannot .....
How the hell have we got to this distopian nightmare. These are the people who bought something from you. They own the set top box. They are in the privacy of their own homes. What they do with their own stuff in their own homes is none of your bloody business and you are certainly not "fully justified" in setting up systems to interfere with it. People are fully justified in taking serious action against people who do that kind of stuff.
Heck, even an edict came down along the lines of "No GPLv3 software will be approved - don't even try".
That's great for me to hear. You don't sound like the kind of company that has much of value to contribute. We just got permission to contribute back code to the external GPLv3 project we use. This is going to be another story like 10 years ago. Back then lots of companies were banning GPL, or even all open source software. The ones that could use (for example Apple, Google, IBM and Facebook) it had an edge which was crucial in many of them pulling ahead.
If what you say is true, GPLv3 becomes the differentiator license; the one which lets go ahead companies like mine cooperate with other similar companies who provide real benefit, whilst keeping the code away from another group who become the losers.
You do understand that even private keys can require a passphrase don't you? Mere possession of someone's private key does not automatically get you in.
That would only be in very primitive systems unsuitable for this type of work. By the time you are talking about a voting system the private key should be stored in a hardware device and not even the owner of the key should have access to it. In systems where the private key is opened up with a passphrase, attacks would be trivial. My attacks were aimed at more advanced scenarios where you can't rely on direct key compromise and have to compromise the user interface which accesses the key. These types of systems would typically use combinations of codes and biometrics for key access.
Further, when the constituent logs in, and finds that his opinion has already been registered, its his clue that he has been compromised, and further, since its merely an expression of his opinion, he can change it.
I covered this when I said:
In other words, when he logged in, it would show him the vote he thinks he's cast. Please note, though, that your security mechanism is actually making the vote buying attack much worse. Now the vote buyer can come back at any time and demand to see the constituent's vote; not just during the voting. Instead of having to visit every vote you buy, you just threaten to visit later and actually go to a small percentage of them. You can now buy hundreds of votes for the effort of visiting just a few voters.
You would want constituents to be able to change their opinion right up to the time the floor vote was to take place.
(Note: I'm totally glossing over the statement "Apparently most private computers are infected/compromised.", for which you haven't presented a shred of evidence. Microsoft stats indicate 4 PCs per 1,000 for Windows 7, less for 64bit. Simply having some bad actors in your cookies does not constitute a compromise that would allow grabbing ones private key and the password thereto.)
These are hard to come by numbers. Almost nobody wants to admit to being infected. Microsoft obviously has a horse in the race, so their opinion is worth even less than it usually is. Rate's given on the first places turning up in Google range from about 35% (Germany) through 58% (USA) up to 98% (Iran). See for example infosec island. Look around and most people claim approx 50%.
The state of public/private key technology today suggests to me that the system could be reasonably safe from each of the points you list, other than the purely social ones,
I think that's a totally wrong assumption. Before you can do public/private key crypto safely you have to have a secure computer. Apparently most private computers are infected/compromised. When your machine is compromised you can make one vote and it can change it to another; you can check your vote and it can show you a different one. If that's true, then the whole game is lost.
If we can go five years or so without a single effective new computer virus or trojan being discovered for common systems, then we can maybe start to talk. Until then, the risks are just too great.
There's the issue in a pinch, isn't it? Who vets it? Who makes it? Who determines the trustworthiness?
That's simple. Me. rtfa-troll for uber-dictator^W^Wguardian of the world. You've seen my Slashdot postings. You know you can trust me.
Seriously, though, you could do this provided that you had fully peer reviewed open designs; had greatly developed circuit reverse-engineering and analysis; had developed quite a few isolation techniques such as efficient Homomorphic encryption and have enough experience with them to truly understand their security. We probably also need to have provenly secure public key cryptography and shown that quantum attacks against it are impossible. We certainly need to have developed a level of civics education which means that the average voter fully understands economic models, the limitations inherent in them and how to work with uncertainty; statistics, large number mathematics and government budgets; social structures, human interactions and how to work with them; etc. etc. etc.
In other words, we are probably several lifetimes away from being able to do this even approaching safely.
There are other, much safer and better ways to introduce more direct democracy; for example the Swiss referendum system.
You'd have to set up the system so people can't vote multiple times.....
There are so many other possibilities.
Election security is difficult and makes voting processes slow and difficult. This is why democracies moved from direct voting to "representative democracy" in the first place.
Computers just make it much easier to get a wrong system into place. They don't actually make it easier to make a good system. Maybe in the long long term, once everybody has access to a properly vetted secure device from a trustworthy manufacturer then we might be able to start thinking about online voting. Until we have that, such ideas are just asking for disaster.
Oh come on; when you kill my brother in a war, that's terrible. I'm losing. When I kill your brother in a war, that's great. I'm winning. You can hardly blame people for feeling that way since the alternative has often been invasion, defeat, torture and death. At that level almost everyone is a hypocrite.
Normally potential enemies trade on an extremely limited and careful basis. Any breach of trust is extremely carefully searched for and then publicised. For example, the French allowing Margaret Thatcher to disable Exocet missiles was a very big story.
The big news here is that the American rich, the "1%", have deliberately handed over their manufacturing to a country which has been their explicit enemy for years in order to defeat the power of US working people. Instead of putting them to death, the Americans continue to elect their placemen year after year. This is at the same time as American politicians continue, year after year to claim that China is their big enemy. If you want the real hypocrisy you may find some there. However, even here, I think you will find that one person claim's China is the enemy whilst another person says the US should trade with them. That's not hypocrisy just a difference of opinion.
If you had RTFA, you would have seen that this chip also has JTAG and that this backdoor precisely breaches the documented and promised limitations of JTAG against seeing embedded crypto keys.
Imagine you have a crypto device; you want users to be able to program in new keys and then send it out into the field which you do over the JTAG interface. You then don't want captured crypto devices to give away the keys. This device promises that it will do that for you. This backdoor breaks that promise.
More importantly, the back door was clearly designed to be very difficult to find. That's not standard for a debugging option
Ever do FPGA work? Not thinking so. Sadly I can verify that in the FPGA world everything is all ultra-closed. Patents? Competitive advantage? IP laws? Hide evidence of patent infringement?
No, but I'm not sure I see how what you describe is different from, for example, graphics cards?? Read the paper and you will see that this backdoor was found whilst looking at other "legitimate" hidden functionality. It's not just a matter of some undocumented functions.
It's hard to imagine Facebook wanting their own OS, when they could more easily follow the 'android with the manufacturer's crap UI customizations on top' route. (Or do the same with whatever they are calling the twitching corpse of Maemo these days)
It wouldn't be hard for them to do both. Have their own OS which is an Android customization. Google has a weak license on Android, which leaves them open for robbery. Facebook can either make private branch of Android, or, if they are really clever, they can make a copyleft branch which will make it impossible for Google to incorporate back Facebook improvements whilst Facebook can still take Google ones and benefit from community involvement.
This would leave Facebook in a good situation since they would have the strongest O/S and none of their major competitors would want to touch it. I often wonder why Nokia didn't go for this strategy; however I guess they always failed to understand open source and never opened up enough to benefit from it. Facebook has more experience in this area.
Apart from Ada Lovelace and Marie Curie, can anyone here name any important female figure in the history of technology?
Probably not. But that's because most of them are fucking ignorant of the history of AI, let how to attack from above in a Battle of Britain era fighter plane.
Hell, most of the people here have probably never fixed a computer bug. Hand in your nerd cards the ignorant lot of you.
From the article, the read-only registers may be configured to be written:
agreed 100%; as this bit of your quote says.
"At this point we went back to those JTAG registers which were non-updatable as well as FROW to check whether we could change their values. Once the backdoor feature was unlocked, many of these registers became volatile and the FROW was reprogrammable as a normal Flash memory.
However the following bit is saying that the data can also be read. That doesn't have to be. Write only registers are a standard hardware feature. It's also standard procedure that if you have write only registers which become readable when a debug configuration is entered, then you clear the contents before entering debugging mode. That isn't what happens however, as the second part of your quote clearly states
Actel has a strong claim that 'configuration files cannot be read back via JTAG or any other method' in the PA3 and in their other latest generation Flash FPGAs [18]. Hence, they claim, they are extremely secure because the readback access is not implemented. We discovered that in fact Actel did implement such an access, with a special key used for activation."
Whilst incompetence is very normal, this is an extremely high level of incompetence in an area which is explicitly listed for checking in all military security standards (see even ancient things like the Orange book). I would say that, combined with the fact that the paper claims that the feature was quite well protected it pretty much rules out an accidentally left over debugging feature. At best it's a debugging feature they knew they shouldn't be putting in but decided to do anyway for reasons of convenience. Almost certainly someone put it in especially in order to get one over some chip user(s) with very little expectation of it being found.
Given DARPA's interest, some time ago, in chip security it seems to me that they knew about this or similar backdoors and are either worried that they will be copied by competitors or that they are worried by the fact nobody has spotted any of them.
"That strange yellow ball in the sky".
Don't worry; it's just an advert for the Olympic flame. It will certainly go away before the games start.
There is no China link to the backdoor yet.
The page with a link to the final paper actually does mention China. However, it's an American design from a US company. I suspect we will find the backdoor was in the original plans. It will be interesting to see however.
Looks like my railing against the inherent weaknesses in FPGAs....
Do you have a link for that?
Read the actual paper which is linked. This does not just allow writing to the chip. The feature is also designed to allow reading data which the chip is explicitly supposed to keep that data secret. E.g. you put your encryption keys into the chip and count on it not letting them out again whilst it continues to encrypt data. This is in a high security chip specifically designed for crypto uses. Despite what others are suggesting, you do not leave a debugging feature in such a chip.
More importantly, the back door was clearly designed to be very difficult to find. That's not standard for a debugging option. Someone somewhere designed this specifically to work against people buying the chip.
Whichever of the companies is innocent needs to step up and say something to the effect of 'we would never do this to our customers'.