sigalrm’s Techdirt Profile

sigalrm

About sigalrm




sigalrm’s Comments comment rss

  • Apr 14th, 2016 @ 2:42pm

    Re: Re: Re:

    Do you want to end up on a watch list? Because googling the physics of nuclear technology will get you put onto a watch list.

  • Apr 14th, 2016 @ 2:40pm

    Re: Re:

    *knew

    boy it'd be nice if we could edit comments :)

  • Apr 14th, 2016 @ 2:38pm

    Re:

    "Somebody should explain to him that encryption is just mathematics and banning encryption is a little like legislating the value of pi. I believe Indiana has experience with this."

    At last. A Plausible explanation for Common Core Math. Who new the US Government was capable of a long game?

  • Apr 14th, 2016 @ 8:08am

    All it needs is a little logo

    Similar to the "TSA Approved" logo on luggage locks, we'll need a little "Burr/Feinstein Approved" logo to go on every device sold with this feature.

  • Mar 22nd, 2016 @ 1:26pm

    Lets look at the timelines...

    Last Friday, Salah Abdeslam, one of the suspects in the Paris attacks, was arrested in Brussels. He apparently stated, during questioning, that additional attacks were planned.

    Last night, additional attacks were carried out. In Brussels.

    They had a terrorist suspect- in-hand, being interrogated, and by several accounts cooperating with the authorities that had him in custody - and the attacks still caught authorities unaware.

    And the go-to evil technology is encryption?

  • Mar 18th, 2016 @ 8:53am

    Re:

    I wonder how many pages of 8.5x11 paper it would take to print the IOS source code in 6 point comic sans?

  • Mar 18th, 2016 @ 8:38am

    Re: Re: Re: Doesn't work out

    As for the caliber of engineer required, considering this isn't "write an OS" but rather "remove or disable a 10 counter" it's likely that the work could be done by a junior - or someone out of the country for that matter. It's not the highest of high end jobs."

    Urm, no.

    From the order:

    (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

    Arguably, (1) and (3) might be fairly simple, although given that I haven't seen the IOS source code, I can't say for certain.

    (2) on the other hand, seems fairly unlikely to be currently implemented - although it may be implemented in debug code that can be turned enabled elsewhere in the code.

    All of the above - regardless of how the requirements are implemented - would need to be validated and survive regression testing and quality control before the code could be loaded onto the phone.

  • Mar 18th, 2016 @ 8:15am

    Re: Doesn't work out

    "Essentially, if Apple's employees refuse to do the work, Apple would likely have to fire them with cause. End of benefits, end of vested shares, end of it all. It's unlikely that any engineers would take that risk (unless they got very, very bad legal advice)."

    Software engineers capable of doing this type of coding at Apple's scale are in high demand. In all likelihood, no engineer who quit Apple over this would be unemployed for longer than they chose to be.

    Similarly: Because of the caliber of software engineer required, it would quite likely be difficult to replace them on short notice.

  • Mar 16th, 2016 @ 1:05pm

    Re:

    In addition to marketing and generating public appeal, they also have the money to put up a meaningful fight.

  • Mar 11th, 2016 @ 10:58am

    Re:

    You're watching 3 (at minimum) distinct - but related - fights, and really, it's more akin to a chess match:

  • Court of public opinion - seems like apple may be winning here

  • Court of Law - Apple seems to have solid arguments, but the law is fungible. It'll be years before we know the outcome

  • Political fight on Capital Hill - the jury is still out on this. The public won't get a real sense of where this _really_ lies before November, at the earliest.


  • Each of these will turn, at least in part, on the others. For example, if the FBI wins the political fight and gets the legislation they want, the court battle will likely be moot. Whether or not they get that legislation is at least partially dependent on the results of the elections, etc.

    We've just seen the finish of the opening, and now we're seeing the beginning of the middle game.

  • Mar 10th, 2016 @ 12:22pm

    Re:

    Naw. Fox news would have to broadcast something truthful to provide meaningful support.

  • Mar 10th, 2016 @ 12:21pm

    Re:

    I bet they use cash, too.

  • Mar 9th, 2016 @ 6:52pm

    Maybe part of the problem here...

    is that people don't understand what a secret key looks like.

    This is a 2048 bit RSA key I just generated:


    -----BEGIN RSA PRIVATE KEY-----
    MIIEpAIBAAKCAQEAzSOE0cwXfpZdYP9NI1j7kqNth/oLho2k5gnlXMMrq6m1Ba/s
    HbvcPwU7tdovxUYg9+LVsN2YB/js i4jJG/njvO9O330IvQ8fKvbxezgvWdOGI+sP
    fm22WTZqRTdQ6NfUjL8DlJWsJZxihXhNP9SHLsQ4aa9j4iTRzYl+H6oa0msr4sfs
    hoHuOQpkszDGy0vJ2Gxr/N0VnxGrmsaVmgDuj514pNVgWr24L+SbhZb3fUfRztAP
    ky+q5N1AtE/INUAdPuEz+oO/OBymLOW6LKB7 RbOljWJzNev5RtfxiWdwiDfH2SH0
    TsslEQDk6/Ea1Ckz5EvH6pi93+su6zc8vbmAgQIDAQABAoIBACvMvqow4n9TyaJR
    QH4gnK5l mJhk6hsTmTbIvCE/Rs7DUHRjaI28s7z8+A/PA04iuB1VYH0AA1sIajEs
    xovjoh2QFw4e20PKu8PnsA24JFwQjt6SbN94u2t289/N fMgKdUaL7k7GWlg5eMu4
    sP3E+gwhN05RdYkuhWFWTwihwFJWz8ygoJHfvxxRMstD20uAntNMI7gmWAV1seDB
    BGnmzdhk1Ge9qVHv kjxbQYDlhjKCpWJQNM9ivPjNb57/2KYiHOmh0RyKS7QIQYtl
    3TppOoUwOrg9Ld55xkubRAuj13oHIXJewcT8DxOHjJp4zkNMqwbc pMRApQRhxk3l
    x9MLvKUCgYEA6D7XaNfMTKoihk2yHYR9MMyazGJ49gAdSB3VdeT2qXJqJfBN7FkS
    X7kkFhAreW/QI7zSfo88i2eJ Y/hKF38ok50BB7mVQR5hcIvhpYPa7O6F4C2WJOkv
    GhOIMTrlpX+jo68VThEhhH3TlIICa0ou3Ga/8UiHhV2NyjDK1vf+8i8CgYEA 4h7o
    5m3P1GFT3Hw93m9U6aejBrB4yyg55yXg6VrJnt1y5sFMNpkZDoRyJhEEZi1bujNU
    y0rCUvYfACnkgoRjoAenqiuvD1GyLfhB tGL8m0RzDikwk/kQSEd2UrjgGdmkKKyG
    TsJzKY5aoMhhmb90fZbDOUfnFS5uip90izmifE8CgYEAllQe8MFGf5Vc9ZwTH+Ij
    etPl m0heTbWzPnv5MO+87d+eb+JFPihFqWpYvmNHELrcelV91uf2Y7HoD6qmouDv
    LeVhxlNNFjKJFeWlcJKRwe1/AKXhWxEJKRLdhChA f8jH7mqlGrwh+vXLX4Rr9nC1
    NnrX4WF2P1BYODkvAsjR4IcCgYEAvV8xojn5Ql64gwEyN2V58a1JZULKByqLQ8B/
    Wi+Eh53iqsrb 7yXMzFGz35mE26XFGm3+57qWgDBLyjFLhNsnLFD85BFtrSC4XrN5
    I397GvX6fbOVUXfXYREoUSMv27ZgOwgx+yfylqz3zYvD4aVs A/oNSZ2kNCMMxN/C
    FQ+RuxUCgYA6yDOODkNRoYGsKrEcV3rtwk+tT1Avt+M9KiDpI9PAlnrna9DUoJ1W
    cHmHpyeGAiVk7vBtwgPy pi4jEjtksXKvJZ07P9qgAlNbnbjaI2Ubdi56GnuJskEg
    bLVa9iFrZvyKhsGCPmsxMnxFLs58HwLveuxjICQ0pqGPC72byUZHiA==
    -----END RSA PRIVATE KEY-----

    That's it. This is a textual representation of a 2048 bit RSA key. generate a CSR and a public key, and you can plug it into any Apache web server. Or use it to sign email. Or sign applications. And those signatures will be valid on any system with the public key installed as a certificate authority.

    If you were to see Apple's private key exported like this one is, it would look very similar, although (hopefully) 4096 bits instead of 2048 (twice as long). And it might be DSA, instead of RSA. I'm certain it's stored in a _very_ tightly controlled environment.

    This key fits trivially into a paste buffer. So would Apple's. You could print it and type it in by hand if you were so inclined. Or take a picture and OCR it. And if that happens - just once - it potentially puts the security of every Apple device on the planet at risk.

    Now, this is a simplistic example. I'm sure Apple's implementation utilizes a hierarchy of similar keys, with limited uses, etc, all signed by a single, master key which is stored in tamper-proof hardware, requires multiple people to get to it, etc. But that master key only has to get exported once to the wrong individual to compromise the entire system.

  • Mar 9th, 2016 @ 6:22pm

    Re: Re: Dangerous Territory

    Legally speaking, yes, probably.

    But if that individual is associated with, say, education or works with kids in any way, an accusation/investigation is often sufficient to destroy the individual's career, family life, etc.

  • Mar 9th, 2016 @ 3:10pm

    Re:

    Don't hold back...tell us how you really feel...

    It'll be interesting to read the cease & desist/take down demand when it (inevitably) gets sent to Techdirt and is subsequently posted.

  • Mar 9th, 2016 @ 2:09pm

    Re: Re: clarification

    everyone's obsessed with the fact that the computer in question is a phone.

    It's a computer, with an OS/Firmware.

    Functionality aside, It's fundamentally no different than any other Internet of Things device.

    "Dear Amazon: We think Individual X may be up to something illegal. Please provide a custom firmware for their Alexa...."

    "Dear Samsung: We think Individual X may be up to something illegal. Please provide a customer firmware for their smart TV..."

  • Mar 9th, 2016 @ 2:06pm

    Re: clarification

    Let me fix this for you:

    Only Apple is known to have the key(s) necessary to sign such code.

  • Mar 4th, 2016 @ 12:59pm

    Re:

    If passed, it would be exceedingly easy to intercept, record, and subsequently expose their never-ending corruption.


    Actually, if you start from the premise that it's already exceedingly easy for TLA's to intercept, record, and subsequently expose the never-ending corruption of our elected political heroes, it explains a great many things.

  • Mar 4th, 2016 @ 12:55pm

    Re:

    Firmware is Firmware. If Apple is forced to do this, iPhones will be the least of the issue.

    Substitute "iPhone" with "Device with updatable firmware". the same precedent will work. The specific details wont matter.

    "Under the All-writs act, Amazon has been compelled to provide a custom operating system for their Alexa devices"

    "Under the All-writs act, Ford has been compelled to provide a custom operating system for their in-vehicle entertainment systems"

    "Under the All-writs act, Samsung has been compelled to provide a custom operating system for their smart TV's"

    Nothing that's upgradable will be trustable.

  • Mar 4th, 2016 @ 12:23pm

    Re:

    Actually, I wonder what percentage of Apple's sales are to the US Government? Would Apple actually notice if this were to go into effect?

    Conversely, it would be interesting to watch the reaction if Apple were to suddenly start refusing to sell to the US Government. "We reserve the right to refuse service to anyone...." and all that.

More comments from sigalrm >>