On Sat, Mar 05, 2016 at 03:23:18PM -0500, grarpamp wrote:
Bottom line: if FBI/DoJ can strongarm Apple into electronically signing malware, then we have entered into a truly new imperial era, where trillion-dollar companies can be rubber-hosed into misusing their private crypto keys.
No amount of technology, per se, can prevent this particular MITM attack. We're now going to have to have multiple keys from multiple "trusted" sources prior to accepting a firmware update. Forget visiting Switzerland or the Cayman Islands for access to $$$; you may now have to physically go there to get your iPhone securely updated.
See this is a problem. All this trust in single entities, singular and closed systems you keep needing to place. Why in the fuck do you keep doing this?
You compute hardware should be completely open. You compute software should be completely open. You should fuse your own keys into your own hardware for software builds you reproducibly build sign and install yourself from distributed opensource software.
Open designs, open fabs, open products, open source. You are NOT going to solve these problems without it.
And quit crying profit... the work of your plumber is all in the open and profitable.
Or quality... all quality is currently shit, but at least you stand a chance of seeing the flies on it if it's open.
The http://q3ube.be , https://puri.sm/ and http://efabless.com are open for business. If you happen to own a chain of gas stations you might decide an open hardware and multi-signature payment system that lets the customers authenticate the gas pump before payment might be a good long-term investment if you want to keep your customers. http://www.wthr.com/story/31039979/credit-card-skimmers-hit-again-in-central... Place your orders now, or learn how to eat the cost of systems re-compromised with legislative trojans and court-order malware. And if you want to make any money in this space, think like a plumber and get used to dealing with everyone else's shit. -- ---------------------------------------------------------------------------- Troy Benjegerdes 'da hozer' hozer@hozed.org 7 elements earth::water::air::fire::mind::spirit::soul grid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash