back to article 'Who knew in 1984 that Steve Jobs would be Big Brother?'

This was the week when Linus Torvalds, chief Penguin of LinuxLand, unleashed not one, but two mighty rants on the interwebs. First, Torvalds said he resented recent attacks on the integrity of the kernel's security. This is after a call was made for the use of Intel processor instruction RdRand for generating random numbers to …

COMMENTS

This topic is closed for new posts.
  1. Cliff

    Linux, and why I don't love it

    I get it, open source is a good thing, and the people who work on free, open source operating systems must be very clever. Being clever doesn't mandate being a total dick about things though. If the guy a the top is a total tool, people throughout the collective also behave like tools because it must be the 'right' thing. And this is why I don't embrace the open source community more fully.

    I know mentioning Linux without giving it a blowjob invokes the downvote army, whatever. Easier than open discussion.

    1. fandom

      Re: Linux, and why I don't love it

      So you criticize Linus for being a dick in a post in which you behave like a total dick.

      But it's ok, you don't write free software so you are entitled to do it.

    2. AceRimmer

      Re: Linux, and why I don't love it

      A reach around would probably suffice

    3. Jamie Jones Silver badge

      Re: Linux, and why I don't love it

      " If the guy a the top is a total tool, people throughout the collective also behave like tools because it must be the 'right' thing. And this is why I don't embrace the open source community more fully."

      You (like many others) have made that annoying assumption that open source == Linux

      Ther are plenty of opensource projects being run in different ways that have nothing to do with Linus, or indeed Linux.

  2. ecofeco Silver badge
    Paris Hilton

    Irony

    So thick it wobbles the mind.

    1. Famous ad for the first MacIntoshs - "Big Brother"

    2. Subsequent ads promote this independence and superior advanced technology

    3. People PAY to be spied on. - iPhone

    4. ITunes, iCloud - self explanatory

    Google "apple macintosh ad"

  3. SuccessCase

    The Free software foundation are talking without knowledge, the Fingerprint sensor may be network accessible or it may not be. Typically a secure subsystem like that will be designed to store the print data securely and locally. The question is, is there a path in terms of data bus layout or data-bus layout in combination with security chip design whereby the CPU can access the print. There are three distinct likely possibilities which match Phil Schiller's statement on the security (more unlikely ones but I won't touch on those)

    1. No, the security chip and firmware are entirely discrete and non upgradable and have a small amount of local storage with a simple CPU side interface which allows new "prints" to be taken and confirms or denies when a scan has passed.

    2. The security chip firmware can be upgraded such that a modification could direct the "print" data to the CPU. But the firmware will be protected by a locked bootloader and only those with the key can access it. The "print" data is not accessible by the CPU unless subverting firmware is installed.

    3. The data is accessible directly by the CPU, but isn't as a matter of policy.

    1. Is obviously the strongest but is bad if a weakness is later discovered and hackers with physical access to the phone can exploit it. My money is on 2. in which case if Apple state clearly and publicly the firmware is secured, then that is quite a big commitment to break and would destroy the brand if they made the claim now, after recent revelations but got caught out at a later date. Note however this doesn't entirely rule out the NSA being able to subvert individual phones on a case by case basis. If they had that capability or there is any weakness they have an exploit for in the secure bootloader, (or backdoor, which may even not be known to Apple - yes that's the weird subverted security world we now find ourselves in, 4 months ago such a consideration would not have been taken terribly seriously) they wouldn't want to be doing that on a mass basis (though not so sure about pre-Snowden NSA) or if they can legally force Apple's hand to target individual handsets with a firmware change that too remains a problem. 3. Clearly 3 Should raise the most alarm bells

    Unless we know which is the case it's premature to comment. Unfortunately Apple are taking the road if security by obscurity which, as a phrase, should be re-written as "security if you believe us, possibly."

    I think they should issue more details, with at the very least informing if the system is 1, 2 or 3 above.

    1. Katie Saucey

      "I think they should issue more details..."

      I agree, but this is Apple we're talking about. The few details that will never be released are the minutes of the marketing meeting concerning this new "feature", I'll just assume it went like this:

      exec_drone_1 : we need more innovation for our "new" product

      exec_drone_2 : How about biometrics? I like that word....

      exec_drone_1 : Hasn't been done before, and proved rather, uh, gimmicky?

      exec_drone_2 : Screw it, this on a mobile device!

      ->files vague patent

      http://www.theregister.co.uk/2004/10/05/biometric_thinkpad_t42/

    2. Tom 38

      Apple have already said that the biometric sensor is connected to a separate chip with it's own storage, and all the OS can do is read validation results from the chip, and request that new identifiers are added to the on-die storage. Your fingerprint is never in any memory addressable by the main processor.

      1. Jediben

        Well they would say that, wouldn't they?

      2. SuccessCase

        "Apple have already said that the biometric sensor is connected to a separate chip with it's own storage, and all the OS can do is read validation results from the chip, and request that new identifiers are added to the on-die storage. Your fingerprint is never in any memory addressable by the main processor."

        That's very interesting, any chance of a source?

        I heard Phil Schiller say words to that effect, but I thought not quite that specific, though I didn't make a note at the time. So that being the case, if they have been that specific, they may be somewhere between 1 & 2. The key question is if the fingerprint subsystem can relay identifiers to the processor if there is a change of firmware. If yes, it's scenario 2. I've laid out above. If no, it's scenario 1 or a slight variation close too it.

        BTW, my assumption in what I have said is the fingerprint recognition processing doesn't involve the main processor, which would be the case if what you have outlined is accurate. Most commenters seem to be assuming it would and that this is one of the reasons they have gone 64bit. I assume it wouldn't because, having worked for security tech clients (I'm not an expert though I have to say) to keep it in the subsystem is a natural and standard design and exactly what I would expect the Authentec technology Apple purchased to bring to the mix. I carefully worded my remark above to avoid this potential difference because there are so many subtleties and possible combinations of solution, though it is an important one and if everything is security subsystem side it is possible the solution is a combination of 1 and 2 where only the fingerprint interpretation function is hard wired. Then the digital "print" can't be obtained, ever, without resorting to an electron microscope, though potentially device access could still be compromised (with a convoluted subversion of the system) if a firmware upgrade would allow that.

  4. Frederic Bloggs

    Linus really lost it? Really???

    A quick read of the thread will show that a) Linus was (for Linus) being *very* mild mannered and b) it was part of a serious discussion about the nature, consequences and frustrations of trying to cope with explosion of interfaces / features of ARM based systems. As someone that occasionally has to dabble in these areas I share his pain - but probably in more explicit terms.

    1. Jamie Jones Silver badge

      Re: Linus really lost it? Really???

      "It was part of a serious discussion about the nature, consequences and frustrations of trying to cope with explosion of interfaces / features of ARM based systems. "

      Ah yes, and of course, most such discussions involve wishes of death etc:

      and I hope that ARM SoC hardware designers all die in some incredibly painful accident.

      So if you see any, send them my love, and possibly puncture the brake-lines on their car and put a little surprise in their coffee, ok?

      Now, I'm not suggesting that he was being serious, but come on, how on earth can you try to justify that?

      "Fred", you forgot the pengiuin icon - your biased linux fanboism is showing in spades

  5. Rodrigo Rollan

    Iphone, shmIphone....has anyone thought of the children ?????

    I believe that the fingerprint reader concept is cool as a gimmick but ultimately it will go the way of the Dodo or at least be as used as it currently is for personal computers: something a minority uses. The idea of Spooks obtaining fingerprints from this reader I find it quite romantic, to say the least, given that obtaining fingerprints is really trivial.

    I am however, more concerned of the last part of this article: Natural selection being replaced by cultural selection. Has anyone recently checked the latest trends, fads, religions, etc ? the movie IDIOCRACY comes to mind.....

    1. Rukario

      Re: Iphone, shmIphone....has anyone thought of the children ?????

      I had to go out and get a copy of Idiocracy. Totally agree, though I doubt it'll take 500 years.

      Just one major omission... no obesicles in that giant Costco?

  6. DJO Silver badge

    Well that's secure then

    "Apple have already said that the biometric sensor is connected to a separate chip with it's own storage, and all the OS can do is read validation results from the chip, and request that new identifiers are added to the on-die storage. Your fingerprint is never in any memory addressable by the main processor."

    So all you need to do is put a validation signal to a couple of pins on this "special" chip to bypass the sensor completely, that'll cheer up the NSA people no end.

    1. SuccessCase

      Re: Well that's secure then

      And how do you do that when a) the signal will be digital with a secure handshake where the input has to have the same timing as the bus your tapping into , b) any sensitive parts will likely be sealed solid in a hard resin (internal buses, processor etc) just so that attempts to gain access will likely destroy said equipment? Security firms such as Authentec, who Apple purchased, do know a little bit about creating secure systems you know. Of course if you have enough money and resources there is a way around such measures. However it might take a couple of goes, or access to an Electron Microscope (in which case you need a lot if time - Chinese hackers trying to gain access to pay-tv conditional access cards have reportedly resorted to such). Unfortunately if you don't have an electron microscope, if you need a second go it will be because you've damaged the handset belonging to your target, in which case you've failed.

  7. Cliff

    What the scanner does do well

    With just a pass code lock, you can identify that an authorised phone user made a call. With this you can demonstrate exactly who it was. Loss of any semi-plausible deniability.

    1. J 3
      Gimp

      Re: What the scanner does do well

      ...and when someone easily copies one's fingerprints, hilarity ensues.

      1. J 3

        Re: What the scanner does do well

        And it didn't take long, apparently:

        http://www.theregister.co.uk/2013/09/22/iphone_5_touchid_broken_by_chaos_computer_club/

    2. Trainee grumpy old ****

      Re: What the scanner does do well

      >> With just a pass code lock, you can identify that an authorised phone user made a call. With this you can demonstrate exactly who it was. Loss of any semi-plausible deniability.

      Never used an i-anything, but does that mean you don't have an "Emergency call" option? i.e. the ability to manually enter a number and make a call without unlocking the phone and accessing the contact list

      1. SYNTAX__ERROR

        Re: "Emergency call"

        I think there are relevant regulations in various jurisdictions that mandate it be possible to make an emergency call.

        However it is just that, only the local emergency number can be called.

  8. MacGyver

    Moore's Law has been dead for years.

    What was the fastest CPU available in 2006, IIRC it was around 3.3 ghz, now what is the top speed of a 2013 CPU, I've seen an article or two about 4ghz ones, and granted the "cores" are doubling every now and again, but that isn't doubling the "speed" now is it?

    If Moore's Law was really still in effect, we would all have 50ghz CPUs today, instead we have roughly the same speed as 2006, just with 8 cores.

    1. fireman sam

      Re: Moore's Law has been dead for years.

      I think you should read up on the actual definition of Moore's Law.

      1. MacGyver

        Re: Moore's Law has been dead for years.

        I will agree that the definition is for number of transistors on a chip, but adding cores is not what common people associate with Moore's Law, we think of the %40 clock rate increase that comes with the increase in transistors per die. If they are not going to get any faster, then who cares if they are doubling the number of transistors on a chip? If I wanted a dual chip system in 2006 I could always just buy a Xeon, just like if I want a 16 core system, I could find someone that is building a 16 chip system, or I could create a Beowolf cluster.

        I want speed.

    2. Justin Stringfellow
      Facepalm

      Re: Moore's Law has been dead for years.

      > If Moore's Law was really still in effect, we would all have 50ghz CPUs today, instead we have roughly the same speed as 2006, just with 8 cores.

      FAIL.

      Moore's law predicts a doubling of transistors on a chip. Nothing to do with clock speed.

      http://lmgtfy.com/?q=moore%27s+law

  9. Ace Rimmer

    Fingerprint scanner

    I don't know a lot about how the thing is wired up, but rather than all the various and highly technical ways discussed above, wouldn't it be easier to compromise the system with a bit of relatively benign malware that merely pretended to lock the phone, so you scan your print in to unlock it but instead the malware copies the fingerprint?

    I genuinely don't know if that's possible, I don't know if the phone has access to the actual scanner or if the whole thing really is a discrete system so the rest of the system can't see the scanner part, I'm sure others will tell me :)

  10. Ben Liddicott

    There are many forms of natural selection

    One of the most active in evolution is the question of "who to mate with". We haven't put an end to that one. The girls still decide who gets their end away... as it should be of course. Clever chaps find out what the ladies like and provide it, amplifying cleverness - of various kinds - in the gene pool over the generations.

    But unfortunately the ability to make beautiful programmes about charismatic mammals is not at all the same thing as actually understanding that evolution thingy.

This topic is closed for new posts.

Other stories you might like