On one hand, Shamir is really good at math. But math has almost nothing to do with Constitutional law, which is what this is really about.
US Constitutional law, specifically. Shamir is an Israeli, so it's natural to expect that he's going to balance the rights of individual Americans versus the state a wee bit differently than those who have to live with the consequences.
It's also worth pointing out that there's a lot of devices which allow the bootloader to be unlocked, but then are no longer covered by the manufacturer's warranty. These should be avoided.
I think they're being disingenuous with that claim, unless they're counting the lawyer's time in that figure.
Hell, yes.
Here's the thing... the code changes are probably relatively easy... it's mostly deleting stuff. If they're careful, they're going to completely delete the entire subsystem that actually performs a factory reset, not just the triggers that lead to it. It's the only way to be sure.
The harder part is making sure the changes actually work.
The really hard part is documenting the shit out of the testing and validation process so that their collective asses are adequately covered if the FBI manages to fuck it up and wipe the phone during their hacking attempt (and they certainly have shown the ability to fuck things up). Lawyers would be involved in every step of that process.
However, both locking and unlocking the bootloader have the effect of a factory reset, so this won't allow you to get at the user's data.
It does when I do it, and I assume it does when you do.
I won't assume that there aren't others (the manufacturer or a telco, for example) who couldn't unlock an Android bootloader without wiping it, and recent history suggests that the only backbone a telco would show against a law enforcement request would be if their shirt slides up while they're bending over.
You suspect wrong. Play services can affect some things, but all of the device encryption stuff is at a much lower level.
If the phone is turned off, true. If the phone is on, locked, network aware, and the filesystem has been mounted (i.e. like 99.9% of Android phones in use at any time) then a Google services attack would be feasible; this is similar to the iCloud-based approach they could use on an iPhone is someone hadn't messed with the password.
If law enforcement's SOP with seized phones is "turn it off" rather than "put it on a charger and stick it in a faraday cage" then yeah, Android encryption isn't too bad.
I'd assume that for any random Android device it's possible for someone (oem, carrier, Google) to unlock the bootloader, allowing a custom recovery which can, basically, do what they've ordered Apple to allow with the iPhone. The majority of Android phones have some mechanism for bootloader unlocking allowing unsigned ROM installs, so this should be a fairly realistic threat...
Google's Nexus devices are secure and don't have the same firmware update flaw that iPhones do.
No. But I suspect Google could push a Google services update targeted at a specific phone, and those can do darn near anything. I don't believe Apple is quite as prolific about OTA updates to very powerful core services; unlike Google, they can bundle that stuff into the core O/S without being worried that it won't make it to end users.
On the other hand, the option is there to lock down an Android phone pretty solidly by unlocking it, installing a Google-free ROM, and then encrypting storage.
Benjamin Faes, managing director of media and platforms at Google, called Shine's technology a "blunt" solution that punishes users and good advertisers
If advertisers aren't going to police their own industry then, yeah, count on other people to create a blunt solution.
Google, in particular, is going to have a problem here because as a browser and O/S maker as well as an advertising, policing their own industry is going to be an anti-trust minefield for them.
Not that I have a whole lot of sympathy for the woes of a multi-national advertising conglomerate, but I can see how they'd be a bit frustrated about the solutions other people are coming up with.
This means that you would have to rewire your house to have Ethernet going to every single lightbulb, plus a giant 48-port switch somewhere connecting all these Ethernet lines to your router.
Well, you could embed powerline ethernet modules into the light bulbs themselves, and have a single connection between the mains and the router. However, performance isn't going to be all that great. Certainly not enough to make the technology worth the bother.
You're a bit out of line claiming the US has the worst justice system in the world.
Agreed. I'd buy "most hypocritical" or something else which translates into "doesn't walk the talk", but it's a long stretch to call it worse than justice systems which prosecute people for witchcraft.
None of them also make the OS, they're just the hardware guys.
Well, that and the majority of Apple's hardware competitors aren't US companies, and hence operate under somewhat different legal environments; in some cases, legal environments where resisting government law enforcement efforts is suicide.
Microsoft is one of the few US competitors equivalent to Apple, and everyone knows where they stand on the security and privacy of their users.
If this is acted on, if they are forced to do so, then is that next step (the law that you mention) actually a that distant a leap?
Distant? No. Big? Yes. It's going to come to a head fairly soon, and I haven't the foggiest idea how it'll end. If they wanted to force the game, Apple *could* concede, build a universal iPhone hacking tool, and then immediately and publicly send a copy to the FBI and CC the North Korean, Iranian, Saudi Arabian, Chinese and Russian governments.
If Apple develops an unlock tool for this specific case, what prevents it from being used for every legal case in the future?
Presumably Apple would get tired of that business and redesign their phones to block that entire class of backdoor attacks. No firmware updates on a locked phone. It might suck for those consumers who actually do forget their passcodes, but at least they'll have security. It wouldn't surprise me if the iPhone 7 team has recently seen some changes to the security specs...
The only way for the FBI to win this in the long run is my making it illegal to manufacture "unhackable" devices.
The Paris attacks also wouldn't have happened with access to military grade firearms and explosives. Those are already quite restricted in most sane countries and it didn't seem to prevent anything.
So stop telling people you want to crack down on encryption to defeat the terrorists. We both know that's bullshit and wouldn't work even if you could manage it.
They're underpaying their workers worldwide to burn money in China?
It's also possible they're overcharging customers worldwide or short changing shareholders. Someone's paying, though; that $1 billion isn't being shat out by unicorns.
But the FBI apparently knows they can and wants them to do it.
... and the FBI has provided proof of this to the court? I'm fairly certain that if the FBI had proven that Apple actually had a known backdoor the news spin would be very, very different.
I think Apple *could* crack one of their own devices given enough time and motivation. No system is 100% secure. Apple has all the design details and source code, plenty of examples to test against, and the people or means to hire the people who could come up with a crack. But I suspect they don't already have suck a backdoor outside of developer devices and I'd be surprised if they can legally be compelled to produce one. It'll have to go to the Supreme Court for that verdict, though.
Is it contempt of court to refuse to try and do something that one already knows they cannot possibly do?
IANAL, but the law generally frowns on requiring that someone prove a negative. That is, it's the job of the prosecution to prove that Apple can do this, not for Apple to prove that they can't.
2) The FAQ states that if you don't have a printer, there are many places that will print parts for you. I assume this means that the output format *isn't* proprietary, possibly a bog-standard stl file that you can have printed anywhere.
Apparently the software is just a branded Autodesk Tinkerplay. Surprisingly enough, Autodesk seems to be serious about consumer-level 3D printing and they seem to get that proprietary is pretty much a non-starter at the moment.
Arduino shields would be closer to the idea, but they don't connect with magnets and I'd assume the Microsoft approach is more like a bus with some auto-discovery than a collection of GPIO pins. So, not prior art.
But to join in through the same route as everyone else to earn his rep by participating, not by owning a low UID*? I respect that.
Oh, don't get my wrong, I respect it too. It's a bit of a running joke, now, I think. That being said, it'd sure cut down on the "who the hell is this dope and why should we listen to him" comments.
They give you a Ferrari each year on your anniversary.
What?!? I only get a Jaguar. Except 2008, when for some reason they handed out a Subaru.
Even when that 7-digit user is the new *OWNER* of/. ???
You gotta admit, buying slashdot and settling for a 7-digit uid doesn't make him seem like the brightest guy/gal. It's a bit like leading a military coup of some third world country and then keeping the rank of "sergeant"...
Now and for decades to come, North Korea would be very unlikely to use an ICBM/IRBM to launch a nuclear bomb.
North Korea has demonstrated that it can launch garbage into orbit. If it used that capability strategically it could make a real mess of things up there.
Even selling to manufacturers wouldn't be easy. There's always going to be that concern about whether or not Intel is "all in" with the product roadmap or whether they're just biding time until they can drop the product for a more internally palatable x86 (or Atom, or whatever they'd brand it) version.
Slashdot Mirror
US Constitutional law, specifically. Shamir is an Israeli, so it's natural to expect that he's going to balance the rights of individual Americans versus the state a wee bit differently than those who have to live with the consequences.
It's also worth pointing out that there's a lot of devices which allow the bootloader to be unlocked, but then are no longer covered by the manufacturer's warranty. These should be avoided.
The ESP-01 board does. It's mostly intended as a wireless extension board for devices which talk serial protocols so GPIO's aren't really a big deal.
The ESP-12, on the other hand, has a whole lot more. I think the ESP-201 has a few extras.
Hell, yes.
Here's the thing... the code changes are probably relatively easy... it's mostly deleting stuff. If they're careful, they're going to completely delete the entire subsystem that actually performs a factory reset, not just the triggers that lead to it. It's the only way to be sure.
The harder part is making sure the changes actually work.
The really hard part is documenting the shit out of the testing and validation process so that their collective asses are adequately covered if the FBI manages to fuck it up and wipe the phone during their hacking attempt (and they certainly have shown the ability to fuck things up). Lawyers would be involved in every step of that process.
Maybe he's right; the Earth doesn't exist and reality is just a simulation.
It does when I do it, and I assume it does when you do.
I won't assume that there aren't others (the manufacturer or a telco, for example) who couldn't unlock an Android bootloader without wiping it, and recent history suggests that the only backbone a telco would show against a law enforcement request would be if their shirt slides up while they're bending over.
If the phone is turned off, true. If the phone is on, locked, network aware, and the filesystem has been mounted (i.e. like 99.9% of Android phones in use at any time) then a Google services attack would be feasible; this is similar to the iCloud-based approach they could use on an iPhone is someone hadn't messed with the password.
If law enforcement's SOP with seized phones is "turn it off" rather than "put it on a charger and stick it in a faraday cage" then yeah, Android encryption isn't too bad.
I'd assume that for any random Android device it's possible for someone (oem, carrier, Google) to unlock the bootloader, allowing a custom recovery which can, basically, do what they've ordered Apple to allow with the iPhone. The majority of Android phones have some mechanism for bootloader unlocking allowing unsigned ROM installs, so this should be a fairly realistic threat...
No. But I suspect Google could push a Google services update targeted at a specific phone, and those can do darn near anything. I don't believe Apple is quite as prolific about OTA updates to very powerful core services; unlike Google, they can bundle that stuff into the core O/S without being worried that it won't make it to end users.
On the other hand, the option is there to lock down an Android phone pretty solidly by unlocking it, installing a Google-free ROM, and then encrypting storage.
Google, in particular, is going to have a problem here because as a browser and O/S maker as well as an advertising, policing their own industry is going to be an anti-trust minefield for them.
Not that I have a whole lot of sympathy for the woes of a multi-national advertising conglomerate, but I can see how they'd be a bit frustrated about the solutions other people are coming up with.
Well, you could embed powerline ethernet modules into the light bulbs themselves, and have a single connection between the mains and the router. However, performance isn't going to be all that great. Certainly not enough to make the technology worth the bother.
Sure. What would you use between the lamp and the rest of the world? Power-line ethernet?
Agreed. I'd buy "most hypocritical" or something else which translates into "doesn't walk the talk", but it's a long stretch to call it worse than justice systems which prosecute people for witchcraft.
Well, that and the majority of Apple's hardware competitors aren't US companies, and hence operate under somewhat different legal environments; in some cases, legal environments where resisting government law enforcement efforts is suicide.
Microsoft is one of the few US competitors equivalent to Apple, and everyone knows where they stand on the security and privacy of their users.
Distant? No. Big? Yes. It's going to come to a head fairly soon, and I haven't the foggiest idea how it'll end. If they wanted to force the game, Apple *could* concede, build a universal iPhone hacking tool, and then immediately and publicly send a copy to the FBI and CC the North Korean, Iranian, Saudi Arabian, Chinese and Russian governments.
Presumably Apple would get tired of that business and redesign their phones to block that entire class of backdoor attacks. No firmware updates on a locked phone. It might suck for those consumers who actually do forget their passcodes, but at least they'll have security. It wouldn't surprise me if the iPhone 7 team has recently seen some changes to the security specs...
The only way for the FBI to win this in the long run is my making it illegal to manufacture "unhackable" devices.
The Paris attacks also wouldn't have happened with access to military grade firearms and explosives. Those are already quite restricted in most sane countries and it didn't seem to prevent anything.
So stop telling people you want to crack down on encryption to defeat the terrorists. We both know that's bullshit and wouldn't work even if you could manage it.
It's also possible they're overcharging customers worldwide or short changing shareholders. Someone's paying, though; that $1 billion isn't being shat out by unicorns.
I think Apple *could* crack one of their own devices given enough time and motivation. No system is 100% secure. Apple has all the design details and source code, plenty of examples to test against, and the people or means to hire the people who could come up with a crack. But I suspect they don't already have suck a backdoor outside of developer devices and I'd be surprised if they can legally be compelled to produce one. It'll have to go to the Supreme Court for that verdict, though.
IANAL, but the law generally frowns on requiring that someone prove a negative. That is, it's the job of the prosecution to prove that Apple can do this, not for Apple to prove that they can't.
Apparently the software is just a branded Autodesk Tinkerplay. Surprisingly enough, Autodesk seems to be serious about consumer-level 3D printing and they seem to get that proprietary is pretty much a non-starter at the moment.
None of those are stackable.
Arduino shields would be closer to the idea, but they don't connect with magnets and I'd assume the Microsoft approach is more like a bus with some auto-discovery than a collection of GPIO pins. So, not prior art.
Oh, don't get my wrong, I respect it too. It's a bit of a running joke, now, I think. That being said, it'd sure cut down on the "who the hell is this dope and why should we listen to him" comments.
What?!? I only get a Jaguar. Except 2008, when for some reason they handed out a Subaru.
You gotta admit, buying slashdot and settling for a 7-digit uid doesn't make him seem like the brightest guy/gal. It's a bit like leading a military coup of some third world country and then keeping the rank of "sergeant"...
North Korea has demonstrated that it can launch garbage into orbit. If it used that capability strategically it could make a real mess of things up there.
Even selling to manufacturers wouldn't be easy. There's always going to be that concern about whether or not Intel is "all in" with the product roadmap or whether they're just biding time until they can drop the product for a more internally palatable x86 (or Atom, or whatever they'd brand it) version.