PropII come soon! You might be our hope for computing privacy.
Oldbitcollector (Jeff)
Posts: 8,091
I was waiting for Propeller 2 with the idea of it being part of a version 2.0 of the Pocket Computer Project.
With everything that is happening, it might become much more important than that. Much more important that creating powerful BASIC programs, listening to SID tunes, and emulating older systems.
Not sure this discussion is permitted here (might be considered political in nature), but I welcome a serious discussion here:
http://propellerpowered.com/forum/index.php?topic=504.0
Jeff
With everything that is happening, it might become much more important than that. Much more important that creating powerful BASIC programs, listening to SID tunes, and emulating older systems.
Not sure this discussion is permitted here (might be considered political in nature), but I welcome a serious discussion here:
http://propellerpowered.com/forum/index.php?topic=504.0
Jeff
Comments
Yes, it's an important topic to discuss. No, the Parallax forum is not the place for it, beyond a strictly technical discussion regarding encryption.
-Phil
I do agree that political debate is the last thing we want to get into on this forum. Along with debates about religion, or your favorite flavor of ice cream. The internet is full of such debates and ultimately the "my team is better than your team" shouting matches are non-productive and very boring.
Problem is encryption is a solution to political and or social issues and worse still it cannot possibly work.
Generally you are driven to want to encrypt stuff because you don't want others to read it. You want to keep secrets.
What's that about? That's about not trusting people or wanting to get around them or wanting to take advantage of them.
What is that if not a social or political issue. It's about people around you the society you live in.
You only encrypt stuff you want to hide it from your enemies and attackers,
It's politics.
Why can encryption not work not work?
Given that those watching you can see you sending messages to person P or group G they all ready know a lot about what you are up to.
Given that those watching you can demand the encryption keys under threat of serious punishment you are pretty much hosed.
In the extreme any use of encryption could be deemed highly suspicious and get you into a lot of trouble.
Ergo. We can say that technically encryption does not work. Without ever mentioning any particular shade of politics.
Just trying to demonstrate my point. How long would such an encrypted thread be allowed to continue?
For example, there might be some bits of a message to some unknown party encoded in the length of this post. Or in the way it is punctuated, Or in the particular words I have used or not used. Or in the time that it was posted at.
There must be a reason why some posters here have thousands of rambling posts on this forum you know;)
-Tor
Industrial espionage is in there under "enemies and attackers".
Enemies and attackers is not just that other country that want's go to war with your country. It's your government that might want to put in jail for whatever reason. That company that want's your secret formulas and designs or just customer list. And so on, could be anything.
To illustrate that point about encryption not working:
Imagine you are writing encrypted letters to your girl friend.
One day your wife finds one of these letters, she can see where it's going because the address is on the envelope. She can see there is something going on because the text is encrypted, why else would it be?
Do you think that encryption is going to help you?
And we may have to go there. Everything will have to become one huge Darknet. And we shouldn't need that, because it will then hide the real enemies (the original meaning of) too. Look at the European data storage directive.. they wish to completely block the channels for those they wish to catch, the network of certain extremely despicable criminals. And in the process completely removing their current ability of actually being able to catch them - when the criminals know with 100% certainty that everything they do is monitored they'll obviously going to start buying darknet software made by those currently providing special software for criminals. Except that now that all of us (as in companies as well as individuals) are being forced into a darknet they can just follow the stream. In short, authorities are shooting themselves in the foot. You can't catch salmon by blocking off the river so that salmon can't get into it from the sea.
-Tor
I agree.
Currently encrypting everything is not an option. How are your packets going to get through without an IP address in clear text?
I guess there are anonymizing networks that could get us there. "Tor" for example...oh, wait a minute...
-Tor
I think one meaningful thing that could be done, starting now, would be for everyone in the world who cares about privacy to start using encryption wherever possible, as a rule, even if it's not secure because of other spying that circumvents it. Those holes could be plugged later.
Right now, things are tipped quite in favor of our increasingly lawless governments. Their greatest weapon, though, is the apathy of the average person. They dumb us down, ply us with "benefits", and misdirect us so that we won't grasp problems like this:
Anyway, I'm quite sure my PC is compromised, along with everyone else's PC/phone/tablet/etc. I look forward to getting the Prop2 tools working on the Prop2, itself, so that, at least, my work efforts are made in peace - no herky-jerky behavior and continuous 'net activity.
-Phil
In the end, I suspect that the "solution" will not be a technological one, as that would only work if everyone involved agreed to follow the rules established by the technology. And, given the situation we are in, we know that's not going to happen.
Who on earth would then be eligible for a security clearance? Anyone? In the old days, they could only find out so much about you - maybe make you pee in a bottle, look up your old addresses, police record, grades and such, but now??? Nobody is eligible for anything. And those that are eligible.... what on earth would they look like?
Where did you get that "salted" from?
-Phil
Thousands? Rambling? Ahem. You mean you guys AREN'T talking to them?
@Chip: Self-hosting is a good idea for a lot of reasons. For those wanting a pure environment, consider this: http://crysp.uwaterloo.ca/courses/cs458/F08-lectures/local/www.acm.org/classics/sep95/ That may have been linked here before, but it's worth it again given this discussion.
New machines do not trust us now. Some vendors have left doors open and people can build a Linux and run it if they want to, or they can choose to trust a Linux. Notably, that door with new PC Secure Boot BIOS is closed hard on ARM. Intel machines are open for now, and the Open Source guys had to pay Microsoft to do it too. However, it is clear to me the closed, as in "let's treat 'em like we do cell phones" model of devices and applications model of computing will be the dominant one.
Looks like I need to fish out my Propeller Powered account. Haven't been there for a while. I'll pop in later today.
Hot damn. And that just demonstrates how naive or sloppy use of encryption can get you into trouble.
I mean, the fact that one can find "Salted" in there already gives your snopper the idea that you are encrypting something and perhaps says something about the tool you did it with.
My idea of encrypted is that the output is indistinguishable from random noise. That was the requirement on some military communicatiosn systems I have worked on.
In my post it does not matter as I announced that it was encrypted to make a point.
I'm glad it is salted, I'd hate for the same plain text to result in the same cipher text every time.
@CircuitSoft, No, the key was just some random keystrokes I typed in and did not bother to remeber it. Take it as a challenge to get the message out:)
That demonstrates another way encryption could destroy your life. If my governemnt took it into their heads that I was some kind of terrorist subversive then they might demand the key to that message. I can't give it to them. I end up in a lot of strife perhaps sitting in jail for a long time.
@Tor,
How is this forum supposed to work if everything is encrypted all the time?
Here we are discussing how to build Quad Copters and such and we have no way to protect ourselves from those lunatics in power who might come to think that such things are
obviously weapons of terror.
@Potatohead,
That paper on trusting trust is one of my favorites.
But consider this:
1) My PC connects to the net via network hardware that probably has a processor in it. I have no idea what code runs in there. Clearly it is in a position to compromise any data flowing in and out of my machine.
2) My hard disk can have processors, some modern ones have three ARM chips. Recently a guy even managed to get his hard drive to boot linux on one of its ARM controller chips.
3) My graphics comes to me via another hardware containing processors and often running code from a closed source binary blob. It has access to my computers memory.
4) Even my friken CPU can have upgradable microcode about which I know nothing. CPU's are big enough now a days you could get a lot of dangerous code in there.
These subsystems and others are all capable of snooping on on modifying my data. An ethernet system has the chance to contact anyone it likes over the net. That hard drive could modify code on my disk so as to compromise my OS and do whatever it likes.
We cannot trust any of this.
And that goes back to a basic truth: There is no absolute security, with the implication there is no absolute trust either, in a practical sense.
A self-hosting system really doesn't get us anywhere in the macro scheme of things related to surveilance. One thing it does do is allow one to establish an environment to solve problems that can remain consistent. With the networks and the increasingly fluid releasing of software on all levels comes a reduced ability to know what something actually will do, or what has changed when it does not do what it used to do. My old XP hobby development computer has been in a time freeze for some time now. The Mac I'm authoring this on is about the same way, kind of frozen at a given state so that I know what it will do and so that I may optimize my time on things I want to do rather than sorting out the implications of what others have done.
Slowly, it needs to change. Increasing numbers of executable won't run on XP anymore due to basic changes in the build chain we see with Windows 8. That's fine. XP is old, and I can deal with that. But I might not want to, or maybe can't afford to. The Mac is also going to need to change, and that will invalidate Prop GCC for older releases the moment I do it, but then again an expensive application needs to see an updated OS. So now I dual boot, deal with it, hack on Prop GCC to add the arguments needed to keep an older build going, compartmentalize it in a virtual machine?
The answer is "yes" to any of those, but the idea of having a Prop that can build stuff for Props that really only needs a terminal does package that up very nicely. I then use any "display" and 'input" device I want to, including my old Apple ][, and carry on with few worries. And that to me is the attraction. It's not a universal thing, and it sure won't replace more complicated means and methods either. So that problem can be nicely packaged up, leaving just the products to deal with. Data in, out, etc... Those move easily within whatever system we've got handy.
-Phil
This was my original thinking from the first message.. The truth of the matter is that I really don't have a great deal of data that I'm concerned with security. Most of the files which I consider private would very easily fit on a flash drive or even an SD card. Part of my personal betrayal has been the use of cloud based services to store customer data from my day job, (and of course communication). I would love to extract that data and place it into a Propeller based system. It's certainly on my todo list as soon as the Prop2 is released.
Jeff
Well so what? Propgcc is an open source project. For some changes in your OS it will only need to be recompiled. That should take you ten minutes or so. If the Mac OS changes enough to break the standards that propgcc is written against then likely someone out there will fix it up. Of course if the Mac were to become unable to run programs written against the standard C libraries and/or Unix API's it's time to abandon the Mac for something better.
Windows will keep morphing and breaking things as it always done on it's road to oblivion.
@NL7PNP,
Nooo...don't tell me they got to Chip as well. I was wondering why there are more transistors in a PropII I/O pin circuit than the old Z80 processors. And wasn't the recent shuttle run failure just the man holding things up when they asked for the backdoor to be added? And why has Chip been adding crypto features to the Prop II. Makes you think doesn't it?:)
Doing that work to get it released for others on older operating systems is the issue. Not that I cannot do that. I can. I just don't want to right at this time.
When it comes to time and return on that time, these things can get expensive in terms of time. Developing for props on props can be a useful option, and by no means the only one, or even a preferred one. That depends on the user and what their goals and value judgements are.
The Forth guys have been doing that for a while I believe and perhaps it can be done in some BASIC system, I have never looked into that. It's all good.
One day we will achieve the impossible and get Linux running on the Prop, after all we now have propgcc and 32MB RAM to play with. You can boot Linux on an emulator written in JavaScript and running in your browser so I don't discount the idea of it running on the PII.
I was merely pointing out that with open source tools the chances of your tool being available across whatever new OS versions come in the future, or even completely new operating systems and architectures, are greatly increased. As compared to the good old days of closed source tools that tend to die with the OS they were built for. See how many people are desperately hanging on to XP because their apps or devices do not work on later Windows versions.
That's all good to.
Now if massive databases exist collating realtime, that system is ONLINE.
Now I ask you, how much do you trust the bugs, in both the hardware and software of those same systems?
Don't collect to begin with is the answer.
My personal, professional, and private opinion of these people that violate liberty... can be summed up in one video.