Shop OBEX P1 Docs P2 Docs Learn Events
PropII come soon! You might be our hope for computing privacy. — Parallax Forums

PropII come soon! You might be our hope for computing privacy.

Oldbitcollector (Jeff)Oldbitcollector (Jeff) Posts: 8,091
edited 2013-08-12 03:11 in Propeller 2
I was waiting for Propeller 2 with the idea of it being part of a version 2.0 of the Pocket Computer Project.

With everything that is happening, it might become much more important than that. Much more important that creating powerful BASIC programs, listening to SID tunes, and emulating older systems.

Not sure this discussion is permitted here (might be considered political in nature), but I welcome a serious discussion here:
http://propellerpowered.com/forum/index.php?topic=504.0

Jeff
«1

Comments

  • kwinnkwinn Posts: 8,697
    edited 2013-08-08 22:28
    IMHO Iwould say that you have a valid concern and a serious discussion would be a good idea even if it has to be on another forum.
  • Phil Pilgrim (PhiPi)Phil Pilgrim (PhiPi) Posts: 23,514
    edited 2013-08-08 23:07
    Not sure this discussion is permitted here (might be considered political in nature), ...
    Moderators are standing by ... :)

    Yes, it's an important topic to discuss. No, the Parallax forum is not the place for it, beyond a strictly technical discussion regarding encryption.

    -Phil
  • Heater.Heater. Posts: 21,230
    edited 2013-08-08 23:38
    Phil,

    I do agree that political debate is the last thing we want to get into on this forum. Along with debates about religion, or your favorite flavor of ice cream. The internet is full of such debates and ultimately the "my team is better than your team" shouting matches are non-productive and very boring.

    Problem is encryption is a solution to political and or social issues and worse still it cannot possibly work.

    Generally you are driven to want to encrypt stuff because you don't want others to read it. You want to keep secrets.
    What's that about? That's about not trusting people or wanting to get around them or wanting to take advantage of them.
    What is that if not a social or political issue. It's about people around you the society you live in.
    You only encrypt stuff you want to hide it from your enemies and attackers,
    It's politics.

    Why can encryption not work not work?

    Given that those watching you can see you sending messages to person P or group G they all ready know a lot about what you are up to.

    Given that those watching you can demand the encryption keys under threat of serious punishment you are pretty much hosed.

    In the extreme any use of encryption could be deemed highly suspicious and get you into a lot of trouble.

    Ergo. We can say that technically encryption does not work. Without ever mentioning any particular shade of politics.
  • Heater.Heater. Posts: 21,230
    edited 2013-08-08 23:47
    In view of the fact that the man, sorry moderators are watching us the following post is encrypted:
    U2FsdGVkX18AA6ShBPxEfRGkBfVh7iE5epbg5F89nhUuy12zx6TDBunYwsRzhOON
    dYulNZictMizweA7r23Y3dJLcpilN00IU2MIOAUoCjr1nUoA3D//JmyADQKtxw0B
    /OHiSuVcAA+sYkHRJ2FGrvm3Obsek/BZ2AazMdZ0VHCZQ3T7vW+rEdyCsYYlXglR
    Y7qIIz5MIKHBrn7irxTx/xOa3J7rB1DxpWgIErLEo9KGhREkjUL/Nt1gDou8E1dC
    2xJ4Y9VrR154tS+4Yfq6WBBXjW1tmH8wSCbqx7ep12RPtGe8s+z4RGc2bZCbibTz
    +CDYiScVKSK+oRYE8Oop2bHPcc0nuNx4erqJgBlCjLplyhJX4I7yJRJFztT1jVw+
    TKirnTrpfldvFVDzvclB58okTlQq5RP3AxxCmY7BiZA7vpWSAIG/6uSdAuGULKMs
    k2G3gN4CHwak1LlmA/jNw5NP7BwC90B2aDiy0tMVvNAIp8NUAYk45KEez28/+38M
    jwklksSLsrGlFL+libZ2o7XltV8allq7v2F4q7qLHWrT95DuxZSMRNsSVO4bLs37
    p3KZ2WPd0BMQ8Q1dlodjWgrrhkvUKxC6HmX7SMET4X91OjY2wjZlH1sjhUWQMMIx
    lnlPpwyuuYpKTCeazWys1EpyLZUz/VX0DqXa6BV+BVr1c9aBKKSYBG28fumUZt62
    WjhYaLk/WMDEKa0UEvBJB/K+4UbtscpYDnBdR+3ZF43GozCXUZzdqB7q2lOBYK4K
    64xft8N8pqxQVFxukcynjdJXGduI2NXg/iHk0EM+c7a8/SHrRzgtOjO0wstp8CyC
    7clzkTS+OJsbIAJT+2gqhpCvf8juNt4m7tz6gcn+CxA+qJXIgJxWXfX3cVv8xq2u
    wRkfAwIEq7UtRMirLLrKl7uB5IIyyNYayzXoWllzeR/nVv0T9vI0pAYcSWOqfVbp
    Xvh/ePVpTz5fSwL8+ehiA+PD7OfQRGlcUZ6yCmNtbTvKI6rqZ/qXlx2ilNeZMCwy
    j1F0fu89b5wM+DugGrCu+Qp4JgnC2ubLClfJZB6jZPBo1VsaoSc6uTL7WtGf/JQA
    A7nZiIxef+3nVDrj99ObB/od96roi8wALRQ3DMAqB5/7IcBd5f9Ez/7dQ0i6UCt9
    KXr8IELVvXR9c+kMoiM9lc+M3YsMZ0YuHIKmpbO4JTuAEfEzndlVyLkUIt2t+uYC
    Mr//Oq7zCXulLcKGsAL00xEr0eyYu4EGrAehRlSVIHxnYyqaAb6mahLTaiERWimO
    vqVcO+Mx92Xm9J/zEe5Wmo0KDVgUATQ5iPLqm9HbKdYlRZJA+7Vso8vsqQwyFx5b
    rt3KIhv1vRfzYBwMDg4O+MB3lj4XNsdufcO2E2rBZLih0KO8uCC4Pe3eGP/GLu9N
    zZLj2QjgUYUGWbvp+yTeImlEZ87CPP+PCA/scU3iyqsFiRizVrYjlIPl7XSMK4sv
    BrD6QNeyKIg7DzYcFJJvhyE9LaMC+KcOocAFSEOroRPotaverIyUkrypRY8zoG2w
    ITqJfDxgfxzIp0UKDB/ep/qafZcJOc8ZRo52Xh8RHsS4Jr69J5oP1BMIGHjkvJKT
    j6qhHeZzYb1yNGirK7UzWw09YuXrSHkjWCoDxJubMpUwZt+Gl6dulNSH/MKRyzC4
    vHJGn7Sv2G+pKRSZj/V4g/TQbq27amgXGJrHIYBQJhTluFHazlHN5O9DaAv/0iOj
    hI4LkHsylhgXGdWO1jXAuHyBa/vWssyjSJnwQFNOMKuKJhBHxz1ZUaZrbMFdqJ2Z
    VlMMAbgZ3hT8uh9K+EQMwwhbAzPROLj1wJTBH+mFO6wc1sZ99/8h2scl2eogac6n
    JhSp/6ULM/NUG5IfwUA98g==
    
    :)

    Just trying to demonstrate my point. How long would such an encrypted thread be allowed to continue?
  • teganburnsteganburns Posts: 134
    edited 2013-08-09 00:29
    Haha ^^ you got me :P
  • Heater.Heater. Posts: 21,230
    edited 2013-08-09 01:54
    So what we actually need is "covert channels". That is to say a means of communicating in such a way that anyone watching does not even know there is any communication going on.

    For example, there might be some bits of a message to some unknown party encoded in the length of this post. Or in the way it is punctuated, Or in the particular words I have used or not used. Or in the time that it was posted at.

    There must be a reason why some posters here have thousands of rambling posts on this forum you know;)
  • TorTor Posts: 2,010
    edited 2013-08-09 01:57
    Heater. wrote: »
    You only encrypt stuff you want to hide it from your enemies and attackers, It's politics.
    We also encrypt business proprietary material - think industrial espionage. That's all totally compromised at this point.

    -Tor
  • Heater.Heater. Posts: 21,230
    edited 2013-08-09 02:50
    Tor,

    Industrial espionage is in there under "enemies and attackers".

    Enemies and attackers is not just that other country that want's go to war with your country. It's your government that might want to put in jail for whatever reason. That company that want's your secret formulas and designs or just customer list. And so on, could be anything.

    To illustrate that point about encryption not working:

    Imagine you are writing encrypted letters to your girl friend.
    One day your wife finds one of these letters, she can see where it's going because the address is on the envelope. She can see there is something going on because the text is encrypted, why else would it be?
    Do you think that encryption is going to help you?
  • TorTor Posts: 2,010
    edited 2013-08-09 03:39
    Heater. wrote: »
    Do you think that encryption is going to help you?
    Only if everything is encrypted all the time.
    And we may have to go there. Everything will have to become one huge Darknet. And we shouldn't need that, because it will then hide the real enemies (the original meaning of) too. Look at the European data storage directive.. they wish to completely block the channels for those they wish to catch, the network of certain extremely despicable criminals. And in the process completely removing their current ability of actually being able to catch them - when the criminals know with 100% certainty that everything they do is monitored they'll obviously going to start buying darknet software made by those currently providing special software for criminals. Except that now that all of us (as in companies as well as individuals) are being forced into a darknet they can just follow the stream. In short, authorities are shooting themselves in the foot. You can't catch salmon by blocking off the river so that salmon can't get into it from the sea.

    -Tor
  • Heater.Heater. Posts: 21,230
    edited 2013-08-09 03:54
    Tor,

    I agree.

    Currently encrypting everything is not an option. How are your packets going to get through without an IP address in clear text?

    I guess there are anonymizing networks that could get us there. "Tor" for example...oh, wait a minute...
  • TorTor Posts: 2,010
    edited 2013-08-09 04:42
    Heater. wrote: »
    Currently encrypting everything is not an option. How are your packets going to get through without an IP address in clear text?
    Darknet style. There's always traffic to a huge number of places, but it's mostly just empty no-content/random data.. when there's actual data it looks the same. Standard darknet practice. So instead of having X bits/s max speed you're limited to a much lower speed (due to the constant traffic), but the data gets through. Some corporate VPNs work kind of that way already - there's always a background of traffic but it may not be actual data.
    I guess there are anonymizing networks that could get us there. "Tor" for example...oh, wait a minute...
    I really wish they had invented another name! :)

    -Tor
  • cgraceycgracey Posts: 14,206
    edited 2013-08-09 14:14
    This is a really important topic. As OBC noted on the propellerpowered forum, it's an elephant in the room.

    I think one meaningful thing that could be done, starting now, would be for everyone in the world who cares about privacy to start using encryption wherever possible, as a rule, even if it's not secure because of other spying that circumvents it. Those holes could be plugged later.

    Right now, things are tipped quite in favor of our increasingly lawless governments. Their greatest weapon, though, is the apathy of the average person. They dumb us down, ply us with "benefits", and misdirect us so that we won't grasp problems like this:

    politics.png


    Anyway, I'm quite sure my PC is compromised, along with everyone else's PC/phone/tablet/etc. I look forward to getting the Prop2 tools working on the Prop2, itself, so that, at least, my work efforts are made in peace - no herky-jerky behavior and continuous 'net activity.
    460 x 436 - 66K
  • Phil Pilgrim (PhiPi)Phil Pilgrim (PhiPi) Posts: 23,514
    edited 2013-08-09 14:37
    cgracey wrote:
    I think one meaningful thing that could be done, starting now, would be for everyone in the world who cares about privacy to start using encryption wherever possible, as a rule, even if it's not secure because of other spying that circumvents it. Those holes could be plugged later.
    Those holes can be plugged now if one uses end-to-end encryption (E2EE), such as GPG, rather than relying upon third-party security providers (e.g. SSL). But E2EE is even harder to implement, since it requires individual, private effort at both ends of the communication. And any infrastructure that purports to support E2EE can be compromised.

    -Phil
  • CircuitsoftCircuitsoft Posts: 1,166
    edited 2013-08-09 15:27
    Heater. wrote: »
    U2FsdGVkX18AA6ShBPxEfRGkBfVh7iE5epbg5F89nhUuy12zx6TDBunYwsRzhOON
    ...
    
    I don't suppose you'd care to elucidate on your password or key? I assume by the "Salted__" at the top that it's some form of aes, maybe aes-128-cbc?
  • SeairthSeairth Posts: 2,474
    edited 2013-08-09 20:10
    I fail to see how the P2 would solve this issue (or even mitigate it). Yes, I realize that the odds of having your system compromised is very low when you build all of it by hand. However, that strength is also a weakness (or, putting it another way, it's a trade-off). In order to build a general computing device that approaches the level of usefulness that would replace the current systems, you need a great deal of involvement of a large number of people. At which point, you may be as "at risk" as all of those systems you're intending to replace. And suppose that you really do manage to design a new general-purpose computing platform that is as "secure". Unless the *only* way you are going to interact with it is a keyboard and mouse (in a windowless room), every peripheral connection becomes an additional vector for compromise. And it doesn't even mean that some external entity is taking control of your system; they could much more easily monitor the I/O (e.g. the network your system is connected to). Which is basically the situation we are in now.

    In the end, I suspect that the "solution" will not be a technological one, as that would only work if everyone involved agreed to follow the rules established by the technology. And, given the situation we are in, we know that's not going to happen.
  • ElectricAyeElectricAye Posts: 4,561
    edited 2013-08-09 20:45
    It makes me wonder what it will be like for young people in the future who might apply to some place like the NSA or CIA, etc. The governments (and probably a lot of corporations, too) will have access to practically everything those kids did online or with their cell phone, every thing they ever posted, every email or tweet, info on every dirty picture they looked at, who their friends were, what books they read, what movies they hated, etc. etc.

    Who on earth would then be eligible for a security clearance? Anyone? In the old days, they could only find out so much about you - maybe make you pee in a bottle, look up your old addresses, police record, grades and such, but now??? Nobody is eligible for anything. And those that are eligible.... what on earth would they look like?

    6869697_7a8673c213_m.jpg
  • Heater.Heater. Posts: 21,230
    edited 2013-08-10 01:05
    ElecticEye
    Who on earth would then be eligible for a security clearance? Anyone?
    Apparently no one anymore: http://www.reuters.com/article/2013/08/09/us-usa-security-nsa-leaks-idUSBRE97801020130809
  • Heater.Heater. Posts: 21,230
    edited 2013-08-10 01:10
    Circuitsoft

    Where did you get that "salted" from?
  • Phil Pilgrim (PhiPi)Phil Pilgrim (PhiPi) Posts: 23,514
    edited 2013-08-10 08:03
    If you decode the base64, the word "salted" appears in the header.

    -Phil
  • potatoheadpotatohead Posts: 10,261
    edited 2013-08-10 08:30
    @Heater, I'm late to the party, but that would have been my post. Well played and spot on too.

    Thousands? Rambling? Ahem. You mean you guys AREN'T talking to them? :)

    @Chip: Self-hosting is a good idea for a lot of reasons. For those wanting a pure environment, consider this: http://crysp.uwaterloo.ca/courses/cs458/F08-lectures/local/www.acm.org/classics/sep95/ That may have been linked here before, but it's worth it again given this discussion.

    New machines do not trust us now. Some vendors have left doors open and people can build a Linux and run it if they want to, or they can choose to trust a Linux. Notably, that door with new PC Secure Boot BIOS is closed hard on ARM. Intel machines are open for now, and the Open Source guys had to pay Microsoft to do it too. However, it is clear to me the closed, as in "let's treat 'em like we do cell phones" model of devices and applications model of computing will be the dominant one.

    Looks like I need to fish out my Propeller Powered account. Haven't been there for a while. I'll pop in later today.
  • Heater.Heater. Posts: 21,230
    edited 2013-08-10 12:56
    @Phil,
    If you decode the base64, the word "salted" appears in the header.
    Hot damn. And that just demonstrates how naive or sloppy use of encryption can get you into trouble.

    I mean, the fact that one can find "Salted" in there already gives your snopper the idea that you are encrypting something and perhaps says something about the tool you did it with.

    My idea of encrypted is that the output is indistinguishable from random noise. That was the requirement on some military communicatiosn systems I have worked on.

    In my post it does not matter as I announced that it was encrypted to make a point.

    I'm glad it is salted, I'd hate for the same plain text to result in the same cipher text every time.

    @CircuitSoft,
    I don't suppose you'd care to elucidate on your password or key?
    No, the key was just some random keystrokes I typed in and did not bother to remeber it. Take it as a challenge to get the message out:)

    That demonstrates another way encryption could destroy your life. If my governemnt took it into their heads that I was some kind of terrorist subversive then they might demand the key to that message. I can't give it to them. I end up in a lot of strife perhaps sitting in jail for a long time.

    @Tor,
    How is this forum supposed to work if everything is encrypted all the time?

    Here we are discussing how to build Quad Copters and such and we have no way to protect ourselves from those lunatics in power who might come to think that such things are
    obviously weapons of terror.
  • Heater.Heater. Posts: 21,230
    edited 2013-08-10 14:43
    I'm not sure I get the premise that a self hosting Propeller system or any other system that is not connected to anything solves the privacy and surveillance issues. How?

    @Potatohead,
    That paper on trusting trust is one of my favorites.

    But consider this:

    1) My PC connects to the net via network hardware that probably has a processor in it. I have no idea what code runs in there. Clearly it is in a position to compromise any data flowing in and out of my machine.

    2) My hard disk can have processors, some modern ones have three ARM chips. Recently a guy even managed to get his hard drive to boot linux on one of its ARM controller chips.

    3) My graphics comes to me via another hardware containing processors and often running code from a closed source binary blob. It has access to my computers memory.

    4) Even my friken CPU can have upgradable microcode about which I know nothing. CPU's are big enough now a days you could get a lot of dangerous code in there.

    These subsystems and others are all capable of snooping on on modifying my data. An ethernet system has the chance to contact anyone it likes over the net. That hard drive could modify code on my disk so as to compromise my OS and do whatever it likes.

    We cannot trust any of this.
  • potatoheadpotatohead Posts: 10,261
    edited 2013-08-10 16:56
    Yes. Entirely true.

    And that goes back to a basic truth: There is no absolute security, with the implication there is no absolute trust either, in a practical sense.

    A self-hosting system really doesn't get us anywhere in the macro scheme of things related to surveilance. One thing it does do is allow one to establish an environment to solve problems that can remain consistent. With the networks and the increasingly fluid releasing of software on all levels comes a reduced ability to know what something actually will do, or what has changed when it does not do what it used to do. My old XP hobby development computer has been in a time freeze for some time now. The Mac I'm authoring this on is about the same way, kind of frozen at a given state so that I know what it will do and so that I may optimize my time on things I want to do rather than sorting out the implications of what others have done.

    Slowly, it needs to change. Increasing numbers of executable won't run on XP anymore due to basic changes in the build chain we see with Windows 8. That's fine. XP is old, and I can deal with that. But I might not want to, or maybe can't afford to. The Mac is also going to need to change, and that will invalidate Prop GCC for older releases the moment I do it, but then again an expensive application needs to see an updated OS. So now I dual boot, deal with it, hack on Prop GCC to add the arguments needed to keep an older build going, compartmentalize it in a virtual machine?

    The answer is "yes" to any of those, but the idea of having a Prop that can build stuff for Props that really only needs a terminal does package that up very nicely. I then use any "display" and 'input" device I want to, including my old Apple ][, and carry on with few worries. And that to me is the attraction. It's not a universal thing, and it sure won't replace more complicated means and methods either. So that problem can be nicely packaged up, leaving just the products to deal with. Data in, out, etc... Those move easily within whatever system we've got handy.
  • DL7PNPDL7PNP Posts: 18
    edited 2013-08-11 17:06
    @Heater: maybe there is a hidden NSA logic in the propeller? :innocent::tongue:
  • Phil Pilgrim (PhiPi)Phil Pilgrim (PhiPi) Posts: 23,514
    edited 2013-08-11 17:23
    DL7PNP wrote:
    ... maybe there is a hidden NSA logic in the propeller? ...
    Apparently not. I tried the nsa (no shift arithmetic) operator in PASM and got an error message. So you have to specify sar dst,src nr instead. (Or maybe that's what you meant by "hidden.")

    -Phil
  • Oldbitcollector (Jeff)Oldbitcollector (Jeff) Posts: 8,091
    edited 2013-08-11 19:47
    potatohead wrote: »
    The answer is "yes" to any of those, but the idea of having a Prop that can build stuff for Props that really only needs a terminal does package that up very nicely. I then use any "display" and 'input" device I want to, including my old Apple ][, and carry on with few worries. And that to me is the attraction. It's not a universal thing, and it sure won't replace more complicated means and methods either. So that problem can be nicely packaged up, leaving just the products to deal with. Data in, out, etc... Those move easily within whatever system we've got handy.

    This was my original thinking from the first message.. The truth of the matter is that I really don't have a great deal of data that I'm concerned with security. Most of the files which I consider private would very easily fit on a flash drive or even an SD card. Part of my personal betrayal has been the use of cloud based services to store customer data from my day job, (and of course communication). I would love to extract that data and place it into a Propeller based system. It's certainly on my todo list as soon as the Prop2 is released.

    Jeff
  • Heater.Heater. Posts: 21,230
    edited 2013-08-11 23:27
    @Potatohead,
    The Mac is also going to need to change, and that will invalidate Prop GCC for older releases...
    Well so what? Propgcc is an open source project. For some changes in your OS it will only need to be recompiled. That should take you ten minutes or so. If the Mac OS changes enough to break the standards that propgcc is written against then likely someone out there will fix it up. Of course if the Mac were to become unable to run programs written against the standard C libraries and/or Unix API's it's time to abandon the Mac for something better.

    Windows will keep morphing and breaking things as it always done on it's road to oblivion.

    @NL7PNP,
    maybe there is a hidden NSA logic in the propeller?

    Nooo...don't tell me they got to Chip as well. I was wondering why there are more transistors in a PropII I/O pin circuit than the old Z80 processors. And wasn't the recent shuttle run failure just the man holding things up when they asked for the backdoor to be added? And why has Chip been adding crypto features to the Prop II. Makes you think doesn't it?:)
  • potatoheadpotatohead Posts: 10,261
    edited 2013-08-12 02:18
    Actually, we discussed this and some work is required to modify the build process to incorporate the data needed to compile for older OS releases. I know I can just build it again, and have no trouble doing that.

    Doing that work to get it released for others on older operating systems is the issue. Not that I cannot do that. I can. I just don't want to right at this time.

    When it comes to time and return on that time, these things can get expensive in terms of time. Developing for props on props can be a useful option, and by no means the only one, or even a preferred one. That depends on the user and what their goals and value judgements are.
  • Heater.Heater. Posts: 21,230
    edited 2013-08-12 02:34
    I'm not suggesting that a self hosting dev environment on the Prop is not a worthy goal.
    The Forth guys have been doing that for a while I believe and perhaps it can be done in some BASIC system, I have never looked into that. It's all good.

    One day we will achieve the impossible and get Linux running on the Prop, after all we now have propgcc and 32MB RAM to play with. You can boot Linux on an emulator written in JavaScript and running in your browser so I don't discount the idea of it running on the PII.

    I was merely pointing out that with open source tools the chances of your tool being available across whatever new OS versions come in the future, or even completely new operating systems and architectures, are greatly increased. As compared to the good old days of closed source tools that tend to die with the OS they were built for. See how many people are desperately hanging on to XP because their apps or devices do not work on later Windows versions.

    That's all good to.
  • Clock LoopClock Loop Posts: 2,069
    edited 2013-08-12 03:11
    The problem that arises is no corporation (govt) has the ability to stop data theft.

    Now if massive databases exist collating realtime, that system is ONLINE.

    Now I ask you, how much do you trust the bugs, in both the hardware and software of those same systems?


    Don't collect to begin with is the answer.

    My personal, professional, and private opinion of these people that violate liberty... can be summed up in one video.
Sign In or Register to comment.