Date: Wed, 05 Nov 2003 11:11:39 -0500
Subject: [s-t] needle in haystack digest #3
Re: privacy and caution digest #2
from "Bryan O'Sullivan" <[EMAIL PROTECTED]>
and David M Chess <[EMAIL PROTECTED]>
and Steve Lamont <[EMAIL PROTECTED]>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Subject: Re: [s-t] privacy and caution digest #2
From: "Bryan O'Sullivan" <[EMAIL PROTECTED]>
Date: Mon, 27 Oct 2003 22:49:19 -0800
On Mon, 2003-10-27 at 14:49, Nick B wrote:
> Nobody, but nobody, builds _anything_ electronic from the ground up.
> Not me, not you, not Apple, not Microsoft, not Sony, not Intel, not
> the NSA. [Apple,] Sony, Intel and the NSA get closer by fabbing their
> own silicon.
No Such Agency doesn't fab much of anything; they can't afford to. They
and their ilk are far more interested in things like FPGAs and adapting
numerical algorithms to COTS SIMD hardware, such as graphics processors
(a la http://www.gpgpu.org/).
> Who knows
> what sort of spyware those tools are adding?
Don't be silly. The amount of computation you need to do to get a
circuit of any useful complexity to do something predictable is
enormous. You can't stuff a thousand CPUs and 200 engineers into an
Applied Materials mask etch machine, so that they can rig a WiFi card
and antenna onto your PS2's vector chip without Sony finding out. Even
if you could, how would they talk to the evil animalcules inside the
Novellus metal deposition machine in the facility next door, so the
right traces get metallised?
Never even mind that automatically figuring out what a bunch of geometry
in a set of masks represents is vastly harder than reverse compilation
for software.
> It is actually quite hard. And if anybody
> ever does implement it really well, they can win, in principle even
> against projects like Plan 9
No they can't. Identifying something as "a compiler" and instrumenting
the right code is impossible for automated systems.
<b
-----------------------------------------------------------
Subject: Re: [s-t] privacy and caution digest #2
From: David M Chess <[EMAIL PROTECTED]>
Date: Tue, 28 Oct 2003 11:31:19 -0500
Michael Turyn:
"whatever we do which might displease the government or a real or fictive
person with power is almost certainly being done at the same time by a lot
of other people."
That's only a statistical comfort, of course. But then most comfort
probably is. (Who designed this place, anyway?)
Andrew A. Gill:
>> if anyone knows of a good combined worldview that
>> satisfies both, I'd love to hear about it.
> s/hear about it/torture you until you let me patent it/
Never! I patent things only in self-defense. *8) I'd prefer you shouted
it from the rooftops, so no one could patent it...
Andy Latto:
"Instead, your HTML repair and rendering engine should be on top, and the
security layer should be underneath. When the rendering engine determines
that the HTML, as repaired, instructs it to delete a file, it calls
delete-a-file-if-security-permits, and *then* the security layer gets
involved, deciding whether that particular file system operation (or
network operation, or whatever) should be permitted at that time."
That would be ideal. Unfortunately on many boxes it's not practical to
slip the security layer in under the rendering layer, because the
rendering layer is in the operating system (and the security layer is
either above that for practical reasons, or in a separate box entirely).
But when you can do it, it's great. How many operating systems (not
counting the JVM as an operating system) have access controls based on the
network address / email address / PGP credentials of the (effective)
originator of the request?
There are a few places where security models do allow for that. The JVM
is one (to an extent). The Execution Control Lists in Lotus Notes are
another (you can tell Notes who you trust to execute what classes of
function, and then email from untrusted people that contains scripts to
format your hard disk won't work), and I think the signed macros in recent
(after I stopped paying close attention) versions of Microsoft Office are
another. Things like ZoneAlarm and Norton Whatever do a sideways version
of this, by granting network access using the identity of the program
that's asking as the effective 'identity' (this has some interesting
properties).
It'd be cool (if maybe expensive performance-wise?) if some widespread OS
had a sufficiently rich notion of requestor identity (beyond "people with
accounts on this box") to do it down at the filesystem / memory-access /
etc level. Some Linux version? (All Unix machines everywhere, using a
facility that I am temporarily ignorant of? BeOS?)
DC
-----------------------------------------------------------
Date: Tue, 28 Oct 2003 20:57:56 -0800 (PST)
From: Steve Lamont <[EMAIL PROTECTED]>
Subject: Re: [s-t] privacy and caution digest #2
> My only contribution is the mantra: "Take comfort in your own
> unimportance." That is to say, paranoia has more than a smidgen of
> self-aggrandisement to it, and though everyday worrying is not
> paranoia, it's important to remember the allure inherent in thinking
> yourself a certain target. Most of us, perhaps all of us on this
> list, aren't worth it; whatever we do which might displease the
> government or a real or fictive person with power is almost certainly
> being done at the same time by a lot of other people.
>
> Fear of being watched is part of the plan of anyone maliciously watching.
Except, of course, that while you as an individual may be unimportant,
information about you is. Your email address is important to
spammers, who seem to go to extraordinary lengths to get it and to
break through any barriers you might attempt to erect to prevent them
from filling your email file[*] with crap. Mass marketers want your
physical mail address, to which they direct entire old growth forests
worth of paper to entice you to refinance, change your phone carrier,
or reshingle your house, usually with some deceptive come-on to dupe
the slow-witted. Telemarketers. . . well, you get the idea.
In the future, your shopping cart will spy on you as you cruise the
aisles of your local megamart, phoning home whenever you slow down in
front of the Oreos display, buy cheese, or condoms.
Your TiVo already reports what programs you record, what commercials
you skip and which ones you rewind and watch again. Your CD or MP3
player will probably be soon uploading your music preferences back to
the RIAA.
And if you wish to live anything resembling a comfortable life, you
will have no option but to submit.
Your every move will be watched, not just by TIA and the CIA but
Nielson, Safeway, Wal*Mart, Fox, and Nike.
The government only cares about your politics. The real Big Brother
cares about your wallet and is thus much, much, more motivated.
spl
--
[*] I hate the "mail box" metaphor. It's not a box. It's a file. Or
a directory. Whatever it is, it ain't a box. But that's another rant
for another day.
-----------------------------------------------------------
----- End forwarded message -----
-- Eugen* Leitl <a href="http://leitl.org";>leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 0.97c removed an attachment of type application/pgp-signature]
