Most people here have been commenting with something like "Stop Using Windows", but I think this is the wrong message.
Considering the audience here on Slashdot, the true message to share and discuss is: "Stop Writing Software for Windows".
This is tree hugging. Impractical and in many cases suicidal.
What would be more effective is if everyone contributed some of their time to WINE or heck even ReactOS. With enough effort this would provide the world with a low impedance path away from Windows.
Granting themselves a backdoor by default whereby humans are able to selectively exfiltrate whatever data and configuration they please from your machines without your knowledge or approval.
Absolutely stunning criminal trespass. No secret my opinion of Microsoft has taken a nose dive as of late but this is insane.
However, while I have to admit that it is a pretty ballsy move to have your OS serve you ads, it's not like no one saw this one coming. I was wondering when I'd have Windows 10, "sponsored by Square Enix and Coca-Cola". It seems that it has now arrived. Welcome to the future.
Why is that? The instinctive (and therefore probably wrong) first thought that pops into my head is 'two displays, two GPUs, seems perfect.'
I'm no expert and there is certainly ongoing work to fix this. What engines are doing for VR is taking advantage of similarities in the scene to save redundant work when rendering for perspective of both cameras. What actually goes on does not so much resemble duplicating rendering job between GPUs. You could simplify and do that of course but the problem you are left with is that simply copying result across GPUs for display on the GPU VR headset is plugged into itself takes several ms you just don't have. To put it into perspective rendering 90fps is 1000/90 = 11ms/frame. Jitter and latency literally cause people to feel nauseous.
Have no doubt this is a temporary situation for SLI going forward but current gen hardware is probably SOL. Hardware was simply not designed for a "reality" in which latency matters to such a degree.
Back in the days of NT and 2000, Internet connections were still primarily dialup Google while around, wasn't a dependable source to get info.
Today it is far more convenient to get this info from the internet from multiple sources. So there isn't much of a market in all encompassing technical books.
Dejanews was a hell of a lot more useful than a modern day Google search of seas of blogs and web forums littered with ads and clickbait. Or try looking something up on answers Microsoft site. There is almost always someone from Microsoft offering an incoherent wrong answer with whole threads of complaints about the obvious. If not for stackexchanges and Wikipedia the Internet as judged by myself would be a total loss vs. late 90's.
Today even the flicking yellow pages are more useful than Google.
While I agree that that should be the answer, that *being* the answer, and a court *accepting* that answer and backing off the engineer in question, are two different things.
Where does this theory end? How is it falsified? Should everyone unplug from the Internet for fear that their computers might be hacked and used to facilitate organized crime and they might be blamed for it?
I have a hard time believing such a transparent and obvious stunt would have any effect other than royally pissing off the judge. Quitting after being asked is way too late and having them just asking someone else in the company or your replacement does not shield the company from anything. After they are sufficiently jerked around I wouldn't bet on escape.
NB: Ironically, the FBI is asking Apple to violate the DMCA by creating a circumvention device, in the same way Elcomsoft created a circumvention device. Nothing, in principle, prevents the DMCA provisions being applied to Apple by a federal prosecutor, or to a former employee by a federal procesutor, should they be involved, even if it's Apple's code. For example, if the author of
Lawyers deserve _some_ credit.
"This section does not prohibit any lawfully authorized investigative, protective, information security, or intelligence activity of an officer, agent, or employee of the United States, a State, or a political subdivision of a State, or a person acting pursuant to a contract with the United States, a State, or a political subdivision of a State. For purposes of this subsection, the term âoeinformation securityâ means activities carried out in order to identify and address the vulnerabilities of a government computer, computer system, or computer network."
See, if someone controls the network, they can also trivially do a man in the middle attack. Just like all the other crap.
It isn't trivial. To perform a successful MITM attack you would need to crack the chain of trust between the sites public key and root cert installed in the browser or invent a parallel chain linking back to a trusted root cert installed in the browser.
This requires obtaining the private key from CA, CA subordinate or bank server. Alternately you could compute a useful collision of signature algorithm and insert your own key into the trust chain as was done/w MD5 signatures using a playstation cluster many years ago.
None of the above is trivial or easy. It is very likely anyone with the capability (e.g. governments) would not elect to piss it away attempting to drain the average Joe's bank account. ROI would be quite negative in the extreme.
If you control the network and have the right stuff, there is nothing which is "safe". And HTTPS falls apart with a malicious actor in the middle who can control your connection and sit in the middle.
Sorry, dude. You're so wrong as to be dangerous. You should fix that.
Networks are not worth defending because their issues can so easily be sidestepped by deployment of end-to-end encryption. I believe various dogmas causing operators to waste money on network castle defenses is harmful. It takes resources away from defending the only thing that matters... systems.
Virtually all browsers contain root certificates which have been shown to be untrustworthy. It isn't really safe to trust SSL for your security anymore. You need a reliable Internet provider.
Yea, go find that reliable Internet provider that connects you to the same untrustworthy Internet.
And soon enough, not even a court order, but a rubber-stamping court like for other surveillance.
Once Apple has shown they can do it, they will be expected to do it. This is not even speculation - several police offices have straight out stated that that is what they will do if Apple loses.
I would assume this would be the case.
If Apple doesn't want to deal with helping unlocking devices for law enforcement maybe they should design them in a way which precludes Apple from possessing the capability to unlock them in the first place.
Yea it sucks people purchased something they thought was secure against this type of attack and it isn't... that sucks... This isn't however the governments fault it is Apples and Apples alone.
Q: "What did you do at your last job that makes you feel you are qualified to work on cryptographic systems?"
A: "Wrote cryptography hard enough to break that the FBI invoked the All Writs Act of 1789 to try and force my company to break it"
See this is where I fundamentally disagree. When I design a system the threat tree is NOT a secret and I possess no backdoors or specialized knowledge or ability to attack it beyond what is explicitly published.
Q: "Reason for leaving last job?" A: "They asked me to comply with the request, so I quit."
The correct answer should always be you are unable to comply with any request from any actor evil or noble... quitting out of principal means you have already failed.
The FBI then gets a sympathetic case and decides to go through the courts to force a company to build a product in order to "unlock" a phone. If the government succeeds in creating this precedent then what's to prevent them from forcing any company to "unlock" a phone; whether it's via building a new OS version or creating a method to "backdoor" the encryption?
What stops them is physical inability for the vendor to comply. In much the same way ISPs are not on the hook for encrypted traffic they don't have the keys for under CAELA. The "backdoor" already exists whether apple chooses to exploit it or not.
I don't see the equivalence or slippery slope between compelling a company to assist via court order where they are easily able to so and compelling a company to backdoor everyone's systems. The courts reach begins and ends with the case before them. Legally compelling vendors to create backdoors requires new legislative action (Qwest CEOs notwithstanding)... or of course various nuclear options involving government contracts and export classifications.
You mean, not everyone in the country understands the technical aspects of encryption, how that encryption is used, how backdoors cause exploits that are not limited to 'authorized' users, and how their right to privacy and security in their papers and effects are affected by those kinds of backdoors?
I get all that. What I don't understand is why any of it should apply in this case as the government is not asking publically for changes in anyone's devices. They are asking for help breaking an already BROKEN system incapable of standing on its own.
It would be one thing if FBI was asking for a backdoor to be installed on all iPhones or ask for vendor code signing keys, or weaken crypto or force Apple to break out an STM... I have yet to hear a coherent explanation of why what is being asked puts anyone at any more or less risk than anyone else. I hope I'm wrong and someone can explain it to me because I don't understand the technical merits of Apples argument.
Public explanation by Apple is the mere existence of a tool to tweak hard coded parameters puts everyone's system at risk. I fail to understand why that would be considering A. Any firmware image must pass signature validation and B. It can be accomplished by anyone who would take the time to modify object code embedded in existing software update packages (see A)
Currently all that makes sense to me are the political calculations. I would very much like to understand a technical argument that adds up for why I should change my mind.
I'm in Silicon Valley, and almost no one here thinkgs Apple should cave in. But then there are lots more engineers here who think about devices and security.
This is the part I don't understand.
Wouldn't we rather have devices that are actually secure instead of secure on the precondition Apple will not push out a firmware image that tweaks a few hard coded variables after the fact?
Certainly it must be feasible to create hardware based key stretching schemes which cannot be nerf'd by software changes in the field.
Rooting for Apple in this matter means less pressure for actual security deficiencies to get addressed.
In my view this really isn't about government efforts to nerf technology. It is much closer to media campaign to hide or mask security deficiencies in existing systems which fail on their own merit to stand up to scrutiny.
Granted that was when the phones were small suitcases or built into a car and cost a few dollars a minute to talk via satellite.
"They said that about x" is an example of an unfalsifiable statement. This occurs when no reasonable 'x' exists for which the underlying assertion can be evaluated as false. (e.g. x = "motorized abacus" or x = "dry icecream")
Unfalsifiable statements convey no useful information.
The only purpose of the checksum is to increment a universally ignored error counter so operators know to replace broken hardware.
TCP checksums are wholly insufficient to prevent corruption of TCP streams at anything resembling a useful rate. It went unnoticed for years because checksums are irrelevant.
Does this consortium plan to set standards for security?
Sure like they did for UPnP.
I'm not convinced that the biggest issue facing IoT is interoperability but rather the security (or lack of it) in many devices.
My guess the biggest issue facing IoT is lack of a compelling value proposition.
Telling even with over the top cheerleading of TFA "The Internet of Things (IoT) is definitely the next step toward technological advancement" they chose to mention an Internet connected fridge and "smart shoes".
Many of the ideas are very cool, but unless they're secured, IoT devices are backdoors into otherwise secure networks
That's a tall order given the business case for IoT in consumer space is exfiltration of private information, government sponsored snooping and ads.
I'm hoping that the result is an industry standard for IoT security.
The industry standard for IoT is the front page of the New York times.
While I think sentencing for hax0ring and in general has gotten way out of hand the DDOS attacks are just lame. They require no skill, have no class and closely resemble whiney little entitled bitches pouting.
If they had defaced the hospitals website with some class in response to an action of the hospital they believed to be unjust I would be far less critical.
FBI asking Apple to provide them with a signed OS image which allows unrestricted brute force guesses of the password/pin code on a single phone. This is very different from building a backdoor into encryption so that it can be reversed without knowing the password.
The reality of import is vast majority of users have device passwords unable to withstand brute force attack. You can label it as something unrelated yet real world practical implication is indistinguishable from a backdoor.
Apple could provide an alternative OS image that checks for part serial numbers on specific phones named in a warrant. FBI would not be able to install that image on another phone, as removing serial check would also invalidate the signature.
What Apple should do is comply and then immediately issue a recall to fix defects in security hardware so this cannot happen again.
I don't see why Apple and the government can't arrive at a mutually acceptable and proportional compromise.
Apple could install an image without wipe limit, run a brute force attack of device and restore original image so government would never be in possession of hack image.
Unless of course there is an ulterior motive like Lava bit fiasco where government forced production of encryption keys that compromised the whole system rather than allow vendor to implement per user data collection capability.
In any event I hope Apple and every other vendor advertising personal device encryption learns something from this experience. Personal device encryption must be able to stand alone on its own merits with no external dependencies or you will be harassed by the courts to provide assistance and nobody will trust the security of your systems.
Paradoxically I'm not so sure this particular lesson is one government prefer vendors or customers learn...
I hope the rest of us learn an important lesson about the age of government mass surveillance of its own people... The age of stingrays, collecting call records, cell site location data and Internet records en masse without a warrant. In an age where any tangible thing could mean private key of any US based CA or software vendor coupled with a gag order.. In an age where the Fourth Amendment is declared null and void (see third party doctrine) due simply to changes in technology.. The lesson is if you want privacy the only avenue to achieve it is via real E2E security without any middleman. The Clouds and googles and facebooks and Microsofts and Apples cannot be made secure no matter what vendors advertise or claim. Even if they actually gave a shit about you and your privacy they must still operate under current US legal regime.
Paradoxically I'm not so sure this particular lesson is one the government or industry prefers individuals and companies (especially foreign ones) learn. It sure as heck is a lesson I hope everyone learns.
After reading the following quotes I'm left scratching my head.
"Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software â" which does not exist today â" would have the potential to unlock any iPhone in someone's physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control."
Either Tim Cook and or the FBI is hopelessly confused or all this supposedly secure data on the iPhone is in fact protected by nothing more than hopes and dreams.
How is it possible to retroactively install an image that bypasses security and recovers data if said data is already encrypted with key of useful entropy? Something has to be structurally broken for such a scheme to succeed. Even if you rely on security chip to stretch a weak key known only to a rotting corpse if reasonable query limits are enforced by software rather than hardware offering key protection then what is the point?
At least the FBI seem to have successfully forced the issue of iPhone security being a sham otherwise building a custom image would be pointless... I assume the FBI has not even bothered to spend any resources on a side channel attack against secure enclave and instead have elected to spend their time and money on a "going dark" propaganda campaign.
Wouldn't be surprised if NSA already has one cooked up and they just don't want to waste capability on something with relatively little value.
If you seriously believe that charge carrier speed in the substrate is limiting factor in device speed there is not much I can do for you except recommend a book
No of course not, my remarks refer to gate delay. When working with 2-D elements capacitance is much lower.
Electron transit speed is not the limiting factor in device speed.
Electrons move thru gates faster when there is less capacitance and less heat from reduction of resistance.
Don't know who wrote the article but there is no way your Iphone is getting a 200 GHZ cpu from this.
Actual text from TFA:
"Transistors made with Tiwari's semiconducting material could lead to computers and smartphones that are more than 100 times faster than regular devices."
Article is silent on the idea of 200 GHZ processors. There are many ways to get to 100 times faster.
Slashdot Mirror
Most people here have been commenting with something like "Stop Using Windows", but I think this is the wrong message.
Considering the audience here on Slashdot, the true message to share and discuss is: "Stop Writing Software for Windows".
This is tree hugging. Impractical and in many cases suicidal.
What would be more effective is if everyone contributed some of their time to WINE or heck even ReactOS. With enough effort this would provide the world with a low impedance path away from Windows.
Granting themselves a backdoor by default whereby humans are able to selectively exfiltrate whatever data and configuration they please from your machines without your knowledge or approval.
Absolutely stunning criminal trespass. No secret my opinion of Microsoft has taken a nose dive as of late but this is insane.
However, while I have to admit that it is a pretty ballsy move to have your OS serve you ads, it's not like no one saw this one coming. I was wondering when I'd have Windows 10, "sponsored by Square Enix and Coca-Cola". It seems that it has now arrived. Welcome to the future.
The future without Windows.
Why is that? The instinctive (and therefore probably wrong) first thought that pops into my head is 'two displays, two GPUs, seems perfect.'
I'm no expert and there is certainly ongoing work to fix this. What engines are doing for VR is taking advantage of similarities in the scene to save redundant work when rendering for perspective of both cameras. What actually goes on does not so much resemble duplicating rendering job between GPUs. You could simplify and do that of course but the problem you are left with is that simply copying result across GPUs for display on the GPU VR headset is plugged into itself takes several ms you just don't have. To put it into perspective rendering 90fps is 1000/90 = 11ms/frame. Jitter and latency literally cause people to feel nauseous.
Have no doubt this is a temporary situation for SLI going forward but current gen hardware is probably SOL. Hardware was simply not designed for a "reality" in which latency matters to such a degree.
Back in the days of NT and 2000, Internet connections were still primarily dialup Google while around, wasn't a dependable source to get info.
Today it is far more convenient to get this info from the internet from multiple sources. So there isn't much of a market in all encompassing technical books.
Dejanews was a hell of a lot more useful than a modern day Google search of seas of blogs and web forums littered with ads and clickbait. Or try looking something up on answers Microsoft site. There is almost always someone from Microsoft offering an incoherent wrong answer with whole threads of complaints about the obvious. If not for stackexchanges and Wikipedia the Internet as judged by myself would be a total loss vs. late 90's.
Today even the flicking yellow pages are more useful than Google.
This is awesome news. A bigger ocean means more room for fish and assorted sea creatures.
You'll be better off with 2X Crossfire/SLI from the current generation than a single next-gen card.
SLI is currently a no go for VR.
While I agree that that should be the answer, that *being* the answer, and a court *accepting* that answer and backing off the engineer in question, are two different things.
Where does this theory end? How is it falsified? Should everyone unplug from the Internet for fear that their computers might be hacked and used to facilitate organized crime and they might be blamed for it?
I have a hard time believing such a transparent and obvious stunt would have any effect other than royally pissing off the judge. Quitting after being asked is way too late and having them just asking someone else in the company or your replacement does not shield the company from anything. After they are sufficiently jerked around I wouldn't bet on escape.
NB: Ironically, the FBI is asking Apple to violate the DMCA by creating a circumvention device, in the same way Elcomsoft created a circumvention device. Nothing, in principle, prevents the DMCA provisions being applied to
Apple by a federal prosecutor, or to a former employee by a federal procesutor, should they be involved, even if it's Apple's code. For example, if the author of
Lawyers deserve _some_ credit.
"This section does not prohibit any lawfully authorized investigative, protective, information security, or intelligence activity of an officer, agent, or employee of the United States, a State, or a political subdivision of a State, or a person acting pursuant to a contract with the United States, a State, or a political subdivision of a State. For purposes of this subsection, the term âoeinformation securityâ means activities carried out in order to identify and address the vulnerabilities of a government computer, computer system, or computer network."
BULLSHIT!
See, if someone controls the network, they can also trivially do a man in the middle attack. Just like all the other crap.
It isn't trivial. To perform a successful MITM attack you would need to crack the chain of trust between the sites public key and root cert installed in the browser or invent a parallel chain linking back to a trusted root cert installed in the browser.
This requires obtaining the private key from CA, CA subordinate or bank server. Alternately you could compute a useful collision of signature algorithm and insert your own key into the trust chain as was done /w MD5 signatures using a playstation cluster many years ago.
None of the above is trivial or easy. It is very likely anyone with the capability (e.g. governments) would not elect to piss it away attempting to drain the average Joe's bank account. ROI would be quite negative in the extreme.
If you control the network and have the right stuff, there is nothing which is "safe". And HTTPS falls apart with a malicious actor in the middle who can control your connection and sit in the middle.
Sorry, dude. You're so wrong as to be dangerous. You should fix that.
Networks are not worth defending because their issues can so easily be sidestepped by deployment of end-to-end encryption. I believe various dogmas causing operators to waste money on network castle defenses is harmful. It takes resources away from defending the only thing that matters... systems.
Virtually all browsers contain root certificates which have been shown to be untrustworthy. It isn't really safe to trust SSL for your security anymore. You need a reliable Internet provider.
Yea, go find that reliable Internet provider that connects you to the same untrustworthy Internet.
And soon enough, not even a court order, but a rubber-stamping court like for other surveillance.
Once Apple has shown they can do it, they will be expected to do it. This is not even speculation - several police offices have straight out stated that that is what they will do if Apple loses.
I would assume this would be the case.
If Apple doesn't want to deal with helping unlocking devices for law enforcement maybe they should design them in a way which precludes Apple from possessing the capability to unlock them in the first place.
Yea it sucks people purchased something they thought was secure against this type of attack and it isn't... that sucks... This isn't however the governments fault it is Apples and Apples alone.
Q: "What did you do at your last job that makes you feel you are qualified to work on cryptographic systems?"
A: "Wrote cryptography hard enough to break that the FBI invoked the All Writs Act of 1789 to try and force my company to break it"
See this is where I fundamentally disagree. When I design a system the threat tree is NOT a secret and I possess no backdoors or specialized knowledge or ability to attack it beyond what is explicitly published.
Q: "Reason for leaving last job?"
A: "They asked me to comply with the request, so I quit."
The correct answer should always be you are unable to comply with any request from any actor evil or noble ... quitting out of principal means you have already failed.
The FBI then gets a sympathetic case and decides to go through the courts to force a company to build a product in order to "unlock" a phone. If the government succeeds in creating this precedent then what's to prevent them from forcing any company to "unlock" a phone; whether it's via building a new OS version or creating a method to "backdoor" the encryption?
What stops them is physical inability for the vendor to comply. In much the same way ISPs are not on the hook for encrypted traffic they don't have the keys for under CAELA. The "backdoor" already exists whether apple chooses to exploit it or not.
I don't see the equivalence or slippery slope between compelling a company to assist via court order where they are easily able to so and compelling a company to backdoor everyone's systems. The courts reach begins and ends with the case before them. Legally compelling vendors to create backdoors requires new legislative action (Qwest CEOs notwithstanding) ... or of course various nuclear options involving government contracts and export classifications.
You mean, not everyone in the country understands the technical aspects of encryption, how that encryption is used, how backdoors cause exploits that are not limited to 'authorized' users, and how their right to privacy and security in their papers and effects are affected by those kinds of backdoors?
I get all that. What I don't understand is why any of it should apply in this case as the government is not asking publically for changes in anyone's devices. They are asking for help breaking an already BROKEN system incapable of standing on its own.
It would be one thing if FBI was asking for a backdoor to be installed on all iPhones or ask for vendor code signing keys, or weaken crypto or force Apple to break out an STM... I have yet to hear a coherent explanation of why what is being asked puts anyone at any more or less risk than anyone else. I hope I'm wrong and someone can explain it to me because I don't understand the technical merits of Apples argument.
Public explanation by Apple is the mere existence of a tool to tweak hard coded parameters puts everyone's system at risk. I fail to understand why that would be considering A. Any firmware image must pass signature validation and B. It can be accomplished by anyone who would take the time to modify object code embedded in existing software update packages (see A)
Currently all that makes sense to me are the political calculations. I would very much like to understand a technical argument that adds up for why I should change my mind.
I'm in Silicon Valley, and almost no one here thinkgs Apple should cave in. But then there are lots more engineers here who think about devices and security.
This is the part I don't understand.
Wouldn't we rather have devices that are actually secure instead of secure on the precondition Apple will not push out a firmware image that tweaks a few hard coded variables after the fact?
Certainly it must be feasible to create hardware based key stretching schemes which cannot be nerf'd by software changes in the field.
Rooting for Apple in this matter means less pressure for actual security deficiencies to get addressed.
In my view this really isn't about government efforts to nerf technology. It is much closer to media campaign to hide or mask security deficiencies in existing systems which fail on their own merit to stand up to scrutiny.
They said that about mobile phones.
And personal computers.
Granted that was when the phones were small suitcases or built into a car and cost a few dollars a minute to talk via satellite.
"They said that about x" is an example of an unfalsifiable statement. This occurs when no reasonable 'x' exists for which the underlying assertion can be evaluated as false. (e.g. x = "motorized abacus" or x = "dry icecream")
Unfalsifiable statements convey no useful information.
The only purpose of the checksum is to increment a universally ignored error counter so operators know to replace broken hardware.
TCP checksums are wholly insufficient to prevent corruption of TCP streams at anything resembling a useful rate. It went unnoticed for years because checksums are irrelevant.
Does this consortium plan to set standards for security?
Sure like they did for UPnP.
I'm not convinced that the biggest issue facing IoT is interoperability but rather the security (or lack of it) in many devices.
My guess the biggest issue facing IoT is lack of a compelling value proposition.
Telling even with over the top cheerleading of TFA "The Internet of Things (IoT) is definitely the next step toward technological advancement" they chose to mention an Internet connected fridge and "smart shoes".
Many of the ideas are very cool, but unless they're secured, IoT devices are backdoors into otherwise secure networks
That's a tall order given the business case for IoT in consumer space is exfiltration of private information, government sponsored snooping and ads.
I'm hoping that the result is an industry standard for IoT security.
The industry standard for IoT is the front page of the New York times.
While I think sentencing for hax0ring and in general has gotten way out of hand the DDOS attacks are just lame. They require no skill, have no class and closely resemble whiney little entitled bitches pouting.
If they had defaced the hospitals website with some class in response to an action of the hospital they believed to be unjust I would be far less critical.
You're assuming Apple isn't working with them, this is all smoke and mirrors with Cook tryign to sound like he cares.
You got me... I'm trying to assume that for some reason.
Have to admit with "That's not what I've heard. Let me leave it at that" stuck in a replay loop in my head I'm going to need another blue pill soon.
FBI asking Apple to provide them with a signed OS image which allows unrestricted brute force guesses of the password/pin code on a single phone. This is very different from building a backdoor into encryption so that it can be reversed without knowing the password.
The reality of import is vast majority of users have device passwords unable to withstand brute force attack. You can label it as something unrelated yet real world practical implication is indistinguishable from a backdoor.
Apple could provide an alternative OS image that checks for part serial numbers on specific phones named in a warrant. FBI would not be able to install that image on another phone, as removing serial check would also invalidate the signature.
What Apple should do is comply and then immediately issue a recall to fix defects in security hardware so this cannot happen again.
I don't see why Apple and the government can't arrive at a mutually acceptable and proportional compromise.
Apple could install an image without wipe limit, run a brute force attack of device and restore original image so government would never be in possession of hack image.
Unless of course there is an ulterior motive like Lava bit fiasco where government forced production of encryption keys that compromised the whole system rather than allow vendor to implement per user data collection capability.
In any event I hope Apple and every other vendor advertising personal device encryption learns something from this experience. Personal device encryption must be able to stand alone on its own merits with no external dependencies or you will be harassed by the courts to provide assistance and nobody will trust the security of your systems.
Paradoxically I'm not so sure this particular lesson is one government prefer vendors or customers learn...
I hope the rest of us learn an important lesson about the age of government mass surveillance of its own people... The age of stingrays, collecting call records, cell site location data and Internet records en masse without a warrant. In an age where any tangible thing could mean private key of any US based CA or software vendor coupled with a gag order.. In an age where the Fourth Amendment is declared null and void (see third party doctrine) due simply to changes in technology.. The lesson is if you want privacy the only avenue to achieve it is via real E2E security without any middleman. The Clouds and googles and facebooks and Microsofts and Apples cannot be made secure no matter what vendors advertise or claim. Even if they actually gave a shit about you and your privacy they must still operate under current US legal regime.
Paradoxically I'm not so sure this particular lesson is one the government or industry prefers individuals and companies (especially foreign ones) learn. It sure as heck is a lesson I hope everyone learns.
After reading the following quotes I'm left scratching my head.
"Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software â" which does not exist today â" would have the potential to unlock any iPhone in someone's physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control."
Either Tim Cook and or the FBI is hopelessly confused or all this supposedly secure data on the iPhone is in fact protected by nothing more than hopes and dreams.
How is it possible to retroactively install an image that bypasses security and recovers data if said data is already encrypted with key of useful entropy? Something has to be structurally broken for such a scheme to succeed. Even if you rely on security chip to stretch a weak key known only to a rotting corpse if reasonable query limits are enforced by software rather than hardware offering key protection then what is the point?
At least the FBI seem to have successfully forced the issue of iPhone security being a sham otherwise building a custom image would be pointless... I assume the FBI has not even bothered to spend any resources on a side channel attack against secure enclave and instead have elected to spend their time and money on a "going dark" propaganda campaign.
Wouldn't be surprised if NSA already has one cooked up and they just don't want to waste capability on something with relatively little value.
If you seriously believe that charge carrier speed in the substrate is limiting factor in device speed there is not much I can do for you except recommend a book
No of course not, my remarks refer to gate delay. When working with 2-D elements capacitance is much lower.
Electron transit speed is not the limiting factor in device speed.
Electrons move thru gates faster when there is less capacitance and less heat from reduction of resistance.
Don't know who wrote the article but there is no way your Iphone is getting a 200 GHZ cpu from this.
Actual text from TFA:
"Transistors made with Tiwari's semiconducting material could lead to computers and smartphones that are more than 100 times faster than regular devices."
Article is silent on the idea of 200 GHZ processors. There are many ways to get to 100 times faster.