By this logic, even your computer has multiple operating systems. The chipset on your motherboard is not pure hardware - there are small cores in there running embedded software that you never see.
But unlike a cell phone, not every embedded processor is directly connected to a public network.
There talking about a situation where the attack vector is over-the-air, not via the secondary processor (the correct name for the thing that runs games instead of a radio). I don't know whether this is realistic, but it is what's being discussed.
Who is answering their phone when it is in a box outside the lab?
1. Someone who has stepped outside for a moment. 2. Someone who hears the phone while they're inside the labs and is expecting an important call. You can step outside. 3. Someone who has been asked to answer Bob's phone if it rings, because he's expecting an important call.
Ringtones.
Is it the practice in your organization to ensure that all ring tones are unique and that assignment is coordinated? Ring tones work for a small number of people who are carrying their phones.
I know you can buy modules like that for embedded designs. I don't know where a hobbyist can get something with a power supply and an RS-232 port, but I find it hard to believe that nobody makes it. As long as all the wireless protocol stuff is in the module, it should be possible to get a cert.
Put it in an office, and leave the antenna behind the curtains. Base stations aren't that big or power hungry these days. I'm not saying this is likely, but it is possible.
You're talking about mighty slow processors, even by embedded standards (where you don't have $50 and 10W to run the GUI for some stupid game). Flash access is slow. I know execution direct from Flash access is used for same basic 8-bit, and maybe low-end 16-bit parts, but I can't remember the last time I used something that didn't start by copying the Flash code to RAM. In fact, serial Flash is quite common for storing code.
Assuming the embedded developers are skilled and can craft excellent low level software in ASM and C then very little.
Hell of an assumption, and yes, I've written low-level embedded code for stuff like this. I don't know how realistic this attack vector is (I worked on MAC/Phy stuff, and don't know the security arrangements of the higher layers), but it's incorrect to assume that otherwise good quality code is secure. Even top-notch coders make mistakes in things that are designed to be highly secure (e.g. SSH), and the sort of stuff being discussed is often designed with little thought to security. Whether it's realistically necessary to change that, I don't know. People here have advocated network security for CAN busses. Yeah, right guys, an ABS system has time to authenticate before deciding to stop your car. The problem is that non-embedded people think every 2-bit embedded processor should have software and security like a web server. Sometimes things like physical security are what you need.
Of course the other option is that it's all VHDL / Verilog in which case I trust it almost completely because anyone skilled enough to do hardware design in VHDL / Verilog is going to be pretty hardcore.
Doing that sort of logic design well requires skill, but don't be overly impressed by it. I've done lots of VHDL design and my wife tells myself Im nots no genyus.
Some government agencies and some corporations have probably installed jammers or shielding around certain meeting rooms in order to keep top meetings secure.
In labs where classified government work is done (not necessarily very high level classification either) you're often required to put your cell in a box or something outside the lab before you enter. You don't have to turn it off, which makes it fun to figure out whose cell is ringing when you have a whole basket of them.
I don't think they're talking about security from the government, because you're right. They can get into the base stations because the carriers are in bed with them. Private efforts might be another story. It does seem like a roundabout and unlikely vector to get to anything useful though, like the data on your cell phone. Possible (though not necessarily likely) reasons for private parties to monitor some of your over-the-air stuff? Put a spoof base station near Wall Street and listen in. That info would be worth a fortune. Even the possibility of doing that though depends heavily on the security of the over-the-air protocols, which I'm not familiar with at any layer above the MAC and Phy.
It's not a separate operating system.... It is not part of the main ARM processor
"It is not part of the main ARM processor" means it's a separate processor, which is correct, and it does run a separate OS (RTOS really).
It is the definitions for the SDR ASIC in the phone.
If it's SDR, then it must be running on a processor. In practice, it's a mix of hardware and software implementation. For example, despreading CDMA signals is easy to do in hardware, and a complete waste of a processor's power in software. There are probably also one or more DSP's buried in there somewhere. Despite some extensions for light-duty stuff, ARM is not a good choice for DSP.
It doesn't matter if the RTOS and other firmware are secure if you don't have good security in the over-the-air protocols. That's the vector that would be used to get to this, assuming you have decent security on the host processor (or whatever you want to call the thing that runs stupid games). Some time ago I worked on 3G and LTE phy layer stuff, but don't recollect much about the higher layer protocols. Anyone know what sort of security they have?
Does your brain hurt when you try to formulate a sentence to justify garbage like that?
A strong, almost violent, reaction to questioning what they've said is an unfortunate trait of religious fanatics. As a defense mechanism, they attempt insults or ridicule, rather than engage in reasonable debate.
READ MY LIPS.
George Bush, Sr. posts on Slashdot? Cool. What were you saying about new taxes, Mr. President?
Being skeptical of weird stuff is not a "belief system"
Do you not believe in it, or are you, as you stated, just skeptical? That would make you an agnostic. It's true that agnostics don't have a belief system, as by definition they don't know what to believe. Atheists are another matter.
Not falling for supernatural scams is not a "lack of faith"
Take it up with the GP, he's the one who chose the phrase "lack of faith". Does this disagreement between you and him arise from a schism in atheism?
it's not a lack of anything
Perhaps a refresher would help. "Lack" as a noun is defined as "the state of being without". If you do not have a belief in something, then you lack that belief. Similarly, I do not have a third arm, hence I lack a third arm. Or am I being culturally insensitive, and the use of the word "lack" signifies a transgression or taboo amongst atheists?
The very fact is that the nature of the religions embodies their own evilness. Religions are all based on dogmas and by definitions dogmas are inalterable, non debatable. Religions were, until proven to the contrary, created by humans and humans are fallible. Consequently, mistakes and errors in religion are there to stay.
It's possible that because he has so much more cash to throw at problems than everyone else, he could even be doing harm by overwhelming other possible solutions.
What philanthropist, charitable organization or aid/relief agency isn't that true of?
Slashdot Mirror
Where did I say anything about offline?
Also, I presume there's a code cache? That could make direct Flash access tolerable.
That's breakfast.
I'm surprised - what clock speed? How many cycles for Flash access?
By this logic, even your computer has multiple operating systems. The chipset on your motherboard is not pure hardware - there are small cores in there running embedded software that you never see.
But unlike a cell phone, not every embedded processor is directly connected to a public network.
There talking about a situation where the attack vector is over-the-air, not via the secondary processor (the correct name for the thing that runs games instead of a radio). I don't know whether this is realistic, but it is what's being discussed.
Who is answering their phone when it is in a box outside the lab?
1. Someone who has stepped outside for a moment.
2. Someone who hears the phone while they're inside the labs and is expecting an important call. You can step outside.
3. Someone who has been asked to answer Bob's phone if it rings, because he's expecting an important call.
Ringtones.
Is it the practice in your organization to ensure that all ring tones are unique and that assignment is coordinated? Ring tones work for a small number of people who are carrying their phones.
I know you can buy modules like that for embedded designs. I don't know where a hobbyist can get something with a power supply and an RS-232 port, but I find it hard to believe that nobody makes it. As long as all the wireless protocol stuff is in the module, it should be possible to get a cert.
Considering the way the law is interpreted these days, honest is the far more important criterion.
Good point. Some lithium battery chemistry's seem to eliminate the need for separate explosives.
Put it in an office, and leave the antenna behind the curtains. Base stations aren't that big or power hungry these days. I'm not saying this is likely, but it is possible.
You're talking about mighty slow processors, even by embedded standards (where you don't have $50 and 10W to run the GUI for some stupid game). Flash access is slow. I know execution direct from Flash access is used for same basic 8-bit, and maybe low-end 16-bit parts, but I can't remember the last time I used something that didn't start by copying the Flash code to RAM. In fact, serial Flash is quite common for storing code.
Assuming the embedded developers are skilled and can craft excellent low level software in ASM and C then very little.
Hell of an assumption, and yes, I've written low-level embedded code for stuff like this. I don't know how realistic this attack vector is (I worked on MAC/Phy stuff, and don't know the security arrangements of the higher layers), but it's incorrect to assume that otherwise good quality code is secure. Even top-notch coders make mistakes in things that are designed to be highly secure (e.g. SSH), and the sort of stuff being discussed is often designed with little thought to security. Whether it's realistically necessary to change that, I don't know. People here have advocated network security for CAN busses. Yeah, right guys, an ABS system has time to authenticate before deciding to stop your car. The problem is that non-embedded people think every 2-bit embedded processor should have software and security like a web server. Sometimes things like physical security are what you need.
Of course the other option is that it's all VHDL / Verilog in which case I trust it almost completely because anyone skilled enough to do hardware design in VHDL / Verilog is going to be pretty hardcore.
Doing that sort of logic design well requires skill, but don't be overly impressed by it. I've done lots of VHDL design and my wife tells myself Im nots no genyus.
Some government agencies and some corporations have probably installed jammers or shielding around certain meeting rooms in order to keep top meetings secure.
In labs where classified government work is done (not necessarily very high level classification either) you're often required to put your cell in a box or something outside the lab before you enter. You don't have to turn it off, which makes it fun to figure out whose cell is ringing when you have a whole basket of them.
Shake it to wake it!
It would be especially interesting with women who keep their cell in their bras (a not uncommon practice).
Physical security of your cell is important too, lest the Mossad put a bomb in it.
I don't think they're talking about security from the government, because you're right. They can get into the base stations because the carriers are in bed with them. Private efforts might be another story. It does seem like a roundabout and unlikely vector to get to anything useful though, like the data on your cell phone. Possible (though not necessarily likely) reasons for private parties to monitor some of your over-the-air stuff? Put a spoof base station near Wall Street and listen in. That info would be worth a fortune. Even the possibility of doing that though depends heavily on the security of the over-the-air protocols, which I'm not familiar with at any layer above the MAC and Phy.
It's not a separate operating system. ... It is not part of the main ARM processor
"It is not part of the main ARM processor" means it's a separate processor, which is correct, and it does run a separate OS (RTOS really).
It is the definitions for the SDR ASIC in the phone.
If it's SDR, then it must be running on a processor. In practice, it's a mix of hardware and software implementation. For example, despreading CDMA signals is easy to do in hardware, and a complete waste of a processor's power in software. There are probably also one or more DSP's buried in there somewhere. Despite some extensions for light-duty stuff, ARM is not a good choice for DSP.
It doesn't matter if the RTOS and other firmware are secure if you don't have good security in the over-the-air protocols. That's the vector that would be used to get to this, assuming you have decent security on the host processor (or whatever you want to call the thing that runs stupid games). Some time ago I worked on 3G and LTE phy layer stuff, but don't recollect much about the higher layer protocols. Anyone know what sort of security they have?
Does your brain hurt when you try to formulate a sentence to justify garbage like that?
A strong, almost violent, reaction to questioning what they've said is an unfortunate trait of religious fanatics. As a defense mechanism, they attempt insults or ridicule, rather than engage in reasonable debate.
READ MY LIPS.
George Bush, Sr. posts on Slashdot? Cool. What were you saying about new taxes, Mr. President?
Being skeptical of weird stuff is not a "belief system"
Do you not believe in it, or are you, as you stated, just skeptical? That would make you an agnostic. It's true that agnostics don't have a belief system, as by definition they don't know what to believe. Atheists are another matter.
Not falling for supernatural scams is not a "lack of faith"
Take it up with the GP, he's the one who chose the phrase "lack of faith". Does this disagreement between you and him arise from a schism in atheism?
it's not a lack of anything
Perhaps a refresher would help. "Lack" as a noun is defined as "the state of being without". If you do not have a belief in something, then you lack that belief. Similarly, I do not have a third arm, hence I lack a third arm. Or am I being culturally insensitive, and the use of the word "lack" signifies a transgression or taboo amongst atheists?
The very fact is that the nature of the religions embodies their own evilness. Religions are all based on dogmas and by definitions dogmas are inalterable, non debatable. Religions were, until proven to the contrary, created by humans and humans are fallible. Consequently, mistakes and errors in religion are there to stay.
Those statements are pretty dogmatic.
Modded down again. Clearly I have blasphemed against the God of the Free Market.
It's possible that because he has so much more cash to throw at problems than everyone else, he could even be doing harm by overwhelming other possible solutions.
What philanthropist, charitable organization or aid/relief agency isn't that true of?
because microsoft is complicit in helping the feds set up monitoring
Along with a bunch of companies that geeks lionize.
If Bill Gates wants to end capitalism
Hell of a hypothetical there - he specifically said he didn't.
People don't seem to ever want to accept an answer that makes them uncomfortable
True. For some people a belief that there is no God is uncomfortable, and for others a belief that there is a God is uncomfortable.