Meltdown and Spectre - a Global Hypocrisy
Today I needed to tweet the above. Somebody finally needs to call the things with their real name.
And the real name is?
If you are chip manufacturer, there is a set of rules you need to follow in order to be able to distribute your product. Among these rules, there is something we use to read in media as Meltdown or Spectre flaw, you name it.
The reason of these intentional backdoors is to provide authorities to access any digital device in a matter of seconds no matter how encrypted, and protected you are
If you working as low-level hardware engineer, chances are you already know for years what I am talking about.
Suddenly out with 20 years public secret just like that?
Not exactly. The problem is, we are getting close to a point where you are unable to hide anything. This is especially case in cryptography.
Without getting too deep into a subject, a "double pendulum" project (more here: http://web.mit.edu/jorloff/www/chaosTalk/double-pendulum/double-pendulum-en.html) is probably the most important discovery since the theory of relativity. First time ever, an algorithm was able to conclude the Gravitation constant without any prior knowledge, by itself, only by analyzing the parameters of interconnected pendulums movement.
It took us thousands of years to discover gravitational constant, while software did it in a matter of seconds.
That means, we are getting close to a point, where we can analyze any series of given inputs and outputs, and conclude the exact operations and rules performed that lead into known results. In other words, we don't need to know how it's done, just what's the input and what's the output.
With such development of AI and deep learning it's getting almost impossible to hide things under the carpet. Whatever you do, it's going to be found.
The hypocrisy part?
This is the Secure USB SmartCard Key
This is a closer look on parameters notice the FIPS (Federal Information Processing Standard). More here: https://en.wikipedia.org/wiki/FIPS_140-2
In the specific case, the manufacturer was also a kind enough implement FIPS (so they could sell in US market) but also allows you to disable FIPS. If FIPS is what it stands for - a set of standards to protect data, what exactly means to disable? :)
The bottom line
- There is no software update that will protect you from mentioned vulnerabilities.
- Every single device that has a micro-chip is vulnerable.
- This is well known fact to hardware engineers for 20 years.
- The most obvious threats to privacy are always hidden by being so obvious so you can tell "No Way".
- Add some more bombastic titles, and frequent patches to the receipt, and it works.
Indicative exercise:
- a) Check how many people are going to tell this is crazy in comments, or
- b) Checkout how there would be no comments at all, which would mean that information overflow around the internet is so strong, that even worst privacy fanatics are starting not to care :)
I feel i did my "civil responsibility" with this post :)
P.S.
Adding option C) Many people realize this which comes as a pleasant surprise, and it's cool!
I agree, the true "dark ages" end is nigh.
Truth will be the new gold in this digital information world. To some it's sad news and to others its old news but if you look at the bright side, I feel like a lot of energy in every category such as money, data, oil, etc was being "wasted" or experimented on and it comes to a point where we then get cheated in those categories because someone KNOWS something and doesn't want to share it.
Take for instance on how most paper is being wasted everyday. If you calculated the use and quantity over time and the amount of destruction, production and mobilization costs, do you think deep learning programs that can bring about innate knowledge from scratch, would eventually pick up on the task of making paper efficient and useful?
We need to take responsiblity and apply this math and tech in our daily lives. The truth is we don't! And that's why governments prefers information on nonsense and illegal purchases or whatever these chips contain that is so important.
Great post! I hope there was a choice c) Some do care and make it a habit to shine good info with a mirror ;)
It's already bright enough to read a response such as this one. I totally agree with all the aspects being said.
As for the deep learning, I think it will be able to help a lot, both from the point of sharing but also from the point of efficiency. I shared the "double pendulum" project on purpose. It took us thousands of years to discover gravitational constant, while software did it in a matter of seconds. Deep learning is very promising technology.
As for the knowledge sharing, could not agree more. Everything is well hidden for the purpose of profit, and that needs to stop.
From the philosophy point of view, after Dark Ages, it needs to come another Renaissance. And it's about time.
The current tactic of "hiding" knowledge looks something like this :) Not very stable ground on long term.
By the way, adding option C. Yeah!
Artificial Intelligence and Machine learning is one of the revolutionizing technologies that have sprung up so far. The knowledge of the vulnerabilities of devices is threatening. This makes consumers shy away from these devices!
agree with you @ced000 I expect many things to come out in 2018. And hopefully, no more backdoors and lies. The only way to move humanity forward is through knowledge sharing. Hopefully exposing the old dirty secrets is not going to create new ones.
Hehehe
Hopefully they don't create