Heater
Posts: 13685
Joined: Tue Jul 17, 2012 3:02 pm

Re: NSA spying and Raspberry Pi

Mon Sep 09, 2013 8:20 am

markokrajnc,
In this case paper is better than SD card for storing sensitive data: it is harder to break into an appartement and find a peace of paper without leaving any traces, than to collect data from "NSA enhanced SD card"..
That's an interesting point re: traceability. Back in the day I have worked on military communication projects where security was tight.
Our team worked in an office with no windows. Obviously don't want people looking in.
The office had to be some number of meters inside the site perimeter so that computer emissions and sound could not be sniffed from outside.
We were not allowed to have phone lines or networking coming into the office.
Cameras were totally taboo (There were no mobile phones at the time)
There were three levels of security pass both old fashioned photo passes and electronic keys to get into that office.
The computers hard drives were removable. They had to be removed from the computers and locked in a safe n the office every night.

Whilst this level of security was intended to stop data leaking out half the point of it was that if anyone did manage to get in there and access those hard drives it would be very hard to do so with out leaving evidence that something had happened. Much better than being unknowingly compromised.

In the current computer world we often here of companies announcing that some data had been "stolen" and they are looking into it to see exactly what. Seems to me they only have some log trail in various log files with which to find out. There may well be a lot of data leaking out that they never notice.
Memory in C++ is a leaky abstraction .

dave j
Posts: 117
Joined: Mon Mar 05, 2012 2:19 pm

Re: NSA spying and Raspberry Pi

Mon Sep 09, 2013 9:44 am

markokrajnc wrote: In this case paper is better than SD card for storing sensitive data: it is harder to break into an appartement and find a peace of paper without leaving any traces, than to collect data from "NSA enhanced SD card"...

Paranoic or realistic? Decide for yourself... :D

:-)
Storing data on paper can have it's own problems.

markokrajnc
Posts: 11
Joined: Sun Sep 08, 2013 8:14 pm

Re: NSA spying and Raspberry Pi

Mon Sep 09, 2013 10:21 am

dave j wrote:Storing data on paper can have it's own problems.
I didn't mean using printers to print on paper... I meant using pencil to write on paper...

For example my To-Do list or my personal calendar by using Moleskine instead of Google Apps or Microsoft Outlook...

User avatar
meltwater
Posts: 1014
Joined: Tue Oct 18, 2011 11:38 am

Re: NSA spying and Raspberry Pi

Mon Sep 09, 2013 11:53 am

The other side of this coin is this...
Would you be worried if there were organisations which were using the internet to plan and carry out acts of terror and espionage, hiding behind encryption and privacy flags?
The scary thing is that this is the reality of it.

I want to keep everything of mine private and I don't want anyone snooping through it either. At the same time, the person standing next to me using his/her smart phone to co-ordinate an attack or something should be watched and monitored very closely... Do I deserve to have everything I do be examined because they can't identify who they should be watching?

Essentially we need an impossibly fast supercomputer to highlight every single threat and instantly disregard everything else, monitored by superhuman people with solid brass morals and eye on personal privacy, and security of data. Basically it can't be done and you end up with something which isn't quite any of those things, and something which is creepy creepy creepy...

You also have to wonder, if such a system was created (or the NSA attempt at it) how secure could that be, how useful would that mass of data be (now they have picked over it, decrypted it, catalogued it, stored it ready for a suitably motivated group to make use of). What is worse than having a backdoor on your information, is having a backdoor that anyone could use!

_________
In part I think the Raspberry Pi has a massive role to play here, in educating people not to accept things off the shelf, and to understand the workings behind things. There will always be hackers which look to take control, disrupt and profit from the integration of electronics and connected devices we have. Currently, security is often ignored by users (open-wifi for example), and quite often security is not implemented or tested correctly even on very vital systems (electric meters, automation systems, ip cameras).

As technology reaches further and further into every aspect of our lives, we need MANY MANY highly skilled, highly educated engineers and designers to be creating better security and better control. We also need solutions which allow people to use security effectively.
______________
http://www.themagpi.com/
A Magazine for Raspberry Pi Users
Read Online or Download for Free.

My new book: goo.gl/dmVtsc

Meltwater's Pi Hardware - pihardware.com

Like the MagPi? @TheMagP1 @TheMagPiTeam

User avatar
duberry
Posts: 379
Joined: Mon Jan 28, 2013 10:44 pm
Location: standing on a planet that's evolving. And revolving at nine hundred miles an hour

Re: NSA spying and Raspberry Pi

Mon Sep 09, 2013 1:39 pm

meltwater wrote:The other side of this coin is this...
Would you be worried if there were organisations which were using the internet to plan and carry out acts of terror and espionage, hiding behind encryption and privacy flags?
The scary thing is that this is the reality of it
i dont know :?:
how you choose to define terror (past present or future ) :|
http://imgur.com/r/POLITIC/vTUK6q8 #justsaying

or if you care for the works/words of Chomsky ( apparently he has not so much mainstream favour )
Obama, first of all, is running the biggest terrorist operation that exists, maybe in history. — Noam Chomsky

:oops:

if your not in the set of digital cowboy's(or girl's ! hay its 2013)
your a digital native
not so distant history of native's may provide some incite in to the bright future ahead
--------
-- Despair Squid --

User avatar
ddxfish
Posts: 75
Joined: Wed Aug 07, 2013 5:17 pm
Location: Florida
Contact: Website AOL

Re: NSA spying and Raspberry Pi

Mon Sep 09, 2013 2:15 pm

This is a good thread, I read all posts just cuz it is fascinating to listen to advanced paranoia running the tech world (it runs mine too).

Ways to detect this?
*If you want to really check whats up, find a network traffic analyzer and watch where your packets are going. This would not show u what you need if they are relayed through a company like Mozilla or raspbian repositories, as they would just show up as that.
*A tiny speaker, powered, but no signal mounted on your pi will usually "soundify" radio signals around it (including most RFID passive tags)
*oscilloscope - connected to test points MAY show a different signal when hidden transmitter turned on. Easiest to notice when Pi is doing nothing (like with no memory card).

Ways to workaround or minimize this?
*Truecrypt (or similar encryption, never tried on the pi) your data and leave it unmounted unless you need it (proper passwords with keyfiles are unbreakable without millions $$ budget, 20 char password, keyfile) but this only protects u when its unmounted.
*Aluminum foil? Im only half joking here but with a suspect cell phone, wrapping aluminum foil around it can block RF transmissions. Aluminum foil blocks beta and gamma radiation. IF there was a hidden RF transmitter on the pi, this would stop it if thick enough.
*SSL and TLS - easy to break with even a single server. Dont rely on either of these as secure because as he said above, the SSL certificate authorities are all compromised by govt and prob by hackers. Its been done before. Even can fake the private keys the guy was talking about above.

Why this is not the case though
*money
*Pi is a terrible device to "tap" as it is so low power (easy to notice power changes directed to any transmitter), cant compute much illegal (you wont be cracking RSA keys with it), and is mostly open source (makes hidden code harder to hide when surrounded by open source), and most important- the Pi is used as an educational device mostly, never handling sensitive data in its usual day
*There are better ways to "tap" into the American public (or whatever country). Cracking SSL/TLS connections to catch you doing your nefarious deeds is much easier and requires no pre-setup like a hidden transmitter.
*Confiscating your Pi (and its routing records, ARP cache, etc) gives them anything they need anyway.

My Conclusion (opinion)
The Pi is not pre-tapped for monitoring by the govt of any country. Tapping is done remotely. It would be 100x easier to target the Pi you want to hack into, corrupt its ARP cache to think the repos are real when in fact they are NSA, and have it send them everything they want with the Pi unmodified. They have the computing power to break most codes, so they would just do it that way. Plus, can you imagine the scandal if they HAD tapped the pi with a transmitter? That would suck.
My Pi Guides: http://www.etcwiki.org/wiki/Category:Raspberry_Pi
My AIM screen name: ddxfish
Always happy to chat about the Pi!

User avatar
xranby
Posts: 539
Joined: Sat Mar 03, 2012 10:02 pm
Contact: Website

Re: NSA spying and Raspberry Pi

Mon Sep 09, 2013 2:24 pm

Software with cryptographic functionality are flawed in NSA favour.

For example if you get Java from Oracle to run on the Pi or build OpenJDK also from Oracle directly you will get a Java version with reduced cryptographic strengths. If you instead get IcedTea from the Linux distributions then you are better off, the IcedTea developers have made sure you can run higher strength crypto ciphers since 5 years back by removing the found limitation code, but these patches have been rejected for inclusion into OpenJDK and Oracle's JDK version.
http://labb.zafena.se/openjdk/log/OpenJDK-20130906.log

The patch in question, to enable unlimited crypto, that never got accepted in Oracle's OpenJDK and JDK is found here: http://markmail.org/message/bg75wuy7bb7q4nk5 - mail thread
http://mail.openjdk.java.net/pipermail/ ... 00329.html
Xerxes Rånby @xranby I once had two, then I gave one away. Now both are in use every day!
twitter.com/xranby

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23932
Joined: Sat Jul 30, 2011 7:41 pm

Re: NSA spying and Raspberry Pi

Mon Sep 09, 2013 3:06 pm

I don't normally get involved with this sort of thread, but hey ho!

In my opinion, (which is always right, because this is the internet), I am now more afraid (terrrorised) of overzealous airport security, police exceeding their powers, or government curtailing my freedom, than I have ever been of a terrorist attack. In my book, this means the original terrorists have already won, and the terrorists are now the aforementioned agencies.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
“I think it’s wrong that only one company makes the game Monopoly.” – Steven Wright

User avatar
MrBunsy
Posts: 185
Joined: Mon Feb 20, 2012 1:48 pm
Location: Southampton, UK
Contact: Website

Re: NSA spying and Raspberry Pi

Mon Sep 09, 2013 5:23 pm

Glad I'm not the only one that feels that way! Personally (and I suspect for a large chunk of the population) there's far, far more risk of me killed or maimed from being run over than blown up. I'd rather have personal freedom, freedom to protest, freedom to not be spied upon, and risk the odd bomb here and there. Britain's weathered two world wars and the IRA, I'm sure we can cope.
ddxfish wrote: Ways to workaround or minimize this?
*Truecrypt (or similar encryption, never tried on the pi) your data and leave it unmounted unless you need it (proper passwords with keyfiles are unbreakable without millions $$ budget, 20 char password, keyfile) but this only protects u when its unmounted.
*Aluminum foil? Im only half joking here but with a suspect cell phone, wrapping aluminum foil around it can block RF transmissions. Aluminum foil blocks beta and gamma radiation. IF there was a hidden RF transmitter on the pi, this would stop it if thick enough.
*SSL and TLS - easy to break with even a single server. Dont rely on either of these as secure because as he said above, the SSL certificate authorities are all compromised by govt and prob by hackers. Its been done before. Even can fake the private keys the guy was talking about above.
If the NSA has had to get into the certificate authorities to defeat TLS, that is good news in a way: it means RSA hasn't been broken. So, from my point of view I can still use internet banking securely, and remotely log into my server securely. It brings about a whole load of different problems, but we still ahve working encryption!

Heater
Posts: 13685
Joined: Tue Jul 17, 2012 3:02 pm

Re: NSA spying and Raspberry Pi

Mon Sep 09, 2013 7:54 pm

@jamesh,
...I am now more afraid (terrrorised) of overzealous airport security, police exceeding their powers, or government curtailing my freedom, than I have ever been of a terrorist attack. In my book, this means the original terrorists have already won, and the terrorists are now the aforementioned agencies.
You are not alone. From listening to the internet here and there I get the feeling there are millions who feel the same. Our "protectors" now terrorize us. We live in fear. Those original terrorists achieved their goal. How stupid is that?

@MrBunsy
I can still use internet banking securely,
I don't get the logic here. Internet banking relies on verifying that you are actually talking to your bank when you log in. Not some rogue counterfeit. That depends on certificates issued by trusted third parties. The certificate authorities. If the CA's are compromised this all breaks down. The encryption is good, the chain of trust this relies on is not.
Memory in C++ is a leaky abstraction .

User avatar
meltwater
Posts: 1014
Joined: Tue Oct 18, 2011 11:38 am

Re: NSA spying and Raspberry Pi

Tue Sep 10, 2013 9:15 am

It is really hard to say what is acceptable, personally to me it seems over the top to be scanned / virtually stripped at the airport before I board a flight. If you've ever seen the images they get (and remove the negative filter - it is frightening how long it took before people noticed that the images were processed as negatives to make them less shocking) can't say I like the idea much (I'm not that fussed except it seems massively excessive - so you want me to stand naked in front of you so I can go on a plane?!?).

How likely is a threat, what is acceptable risk verses infringement of personal privacy? No doubt my balance is way off from what someone who deals with it everyday views it to be.

Unfortunately (or perhaps fortunately) most of us have no idea what kind of terror threats there are and how often they are stopped, but I do find it scary they have to resort to such measures in order to stop them (or attempt to stop them) (if that is the case). In that sense the terrorists have won, since everyone is forced to give up our freedom and privacy in order to protect against them. Just have to wonder though, how much is anti-terror propaganda and how much is genuine ability to monitor these things (I can imagine in the sea of information they must be able to collect, it is still a case of getting lucky). Can't recall where I heard it, but the quote I recall is "they only have to get lucky once, we have to get lucky every time".

Back to on topic though: I totally agree the Raspberry Pi itself is unlikely to have anything specifically put inside it for the purposes of spying, although as mentioned before there are so many links in the chain once data leaves the RPi that you'd be a fool to imagine that none of it could be observed. How likely specific parts of the ARM core or LAN chip has NSA inspired elements (purely since that is inherent in the components used, built unknowingly into the design, to meet the requirements of the protocols etc), that is probably unknown although unlikely it would take a vast amount of work to confirm it fully (and even then you probably couldn't be sure).

But to put it in perspective, the mobile phone you use, the wifi network you have at home, the computer you are using are far more likely to be spreading a lot more personal information about you than the RPi ever could. It does concern me that people get wound up about the NSA spying (which don't get me wrong here, is entirely right to be up in arms about) but forget about the vast amount of data which they personally make public all the time. Also I imagine many would still do things like connecting to a public wifi, not use passwords on USB drives, reuse passwords, use cloud services, print to networked printers and all manor of potentially unsecure things (I know I have done at times...just because I am lazy too). There is a lot of low hanging fruit before you even get into the encryption/security side of things.

How much of the true security protocols have been cracked (and how long have they been cracked for) is probably a large percentage, and if you wanted to put your paranoia hat on, how often is it used to control economical and political events? Most of us won't be able to do anything about it though, unless we happen to be involved with such things as Engineers (or future Engineers) and even then it could be your job to ensure they can be cracked....by the "right" people.

There is a really easy way though to make your Raspberry Pi (or any device) secure...do not power it up...ever. Then you can start worrying about the devices which are all around you...good luck!
______________
http://www.themagpi.com/
A Magazine for Raspberry Pi Users
Read Online or Download for Free.

My new book: goo.gl/dmVtsc

Meltwater's Pi Hardware - pihardware.com

Like the MagPi? @TheMagP1 @TheMagPiTeam

User avatar
MrBunsy
Posts: 185
Joined: Mon Feb 20, 2012 1:48 pm
Location: Southampton, UK
Contact: Website

Re: NSA spying and Raspberry Pi

Tue Sep 10, 2013 8:52 pm

Heater wrote: @MrBunsy
I can still use internet banking securely,
I don't get the logic here. Internet banking relies on verifying that you are actually talking to your bank when you log in. Not some rogue counterfeit. That depends on certificates issued by trusted third parties. The certificate authorities. If the CA's are compromised this all breaks down. The encryption is good, the chain of trust this relies on is not.
But it was broken by the US government - not (depending on your point of view) criminals. You can be relatively certain you're talking to your bank or the NSA. If it's the NSA, there's all sorts of privacy implications, but they're not going to run off with your money.

User avatar
MattHawkinsUK
Posts: 538
Joined: Tue Jan 10, 2012 8:48 pm
Location: UK
Contact: Website

Re: NSA spying and Raspberry Pi

Tue Sep 10, 2013 9:49 pm

Personally I'm not bothered if they're checking people emails if they have nothing to hide then they have nothing to fear
Fine unless you are a victim of a miscarriage of justice.

Or someone you communicate with gets into trouble. Then your data is up for grabs. There are countless examples of people in the UK getting screwed (and imprisoned) by the system because the system added 2 to 2 and got 5.

You also have to assume the police and security services are 100% honest and are corruption free. They aren't. Not unusual for police officers to get caught abusing the police national computer for personal use.

If you give the system massive wide ranging powers they will get abused. That is guaranteed.

The question isn't what I've got to hide but what the government has got to hide. Why are they so secretive if they aren't up to no good?

Web censorship is next using the Trojan horse of "porn". Once the system is in place the bounds will be increased to block news sites they consider "extreme". Welcome to North Korea!
My Raspberry Pi blog and home of the BerryClip Add-on board : http://www.raspberrypi-spy.co.uk/
Follow me on Google+, Facebook, Pinterest and Twitter (@RPiSpy)

User avatar
cyrano
Posts: 714
Joined: Wed Dec 05, 2012 11:48 pm
Location: Belgium

Re: NSA spying and Raspberry Pi

Tue Sep 10, 2013 10:05 pm

An anonymous questionnaire with the Dutch police force showed that 85% of police personnel used police databases for activities that weren't allowed.

Meanwhile:
http://www.theguardian.com/commentisfre ... ns-hopkins

User avatar
meltwater
Posts: 1014
Joined: Tue Oct 18, 2011 11:38 am

Re: NSA spying and Raspberry Pi

Wed Sep 11, 2013 8:38 am

cyrano wrote:An anonymous questionnaire with the Dutch police force showed that 85% of police personnel used police databases for activities that weren't allowed.

Meanwhile:
http://www.theguardian.com/commentisfre ... ns-hopkins
And I wouldn't be surprised if the other 15% just didn't believe it was anonymous.
______________
http://www.themagpi.com/
A Magazine for Raspberry Pi Users
Read Online or Download for Free.

My new book: goo.gl/dmVtsc

Meltwater's Pi Hardware - pihardware.com

Like the MagPi? @TheMagP1 @TheMagPiTeam

User avatar
cyrano
Posts: 714
Joined: Wed Dec 05, 2012 11:48 pm
Location: Belgium

Re: NSA spying and Raspberry Pi

Wed Sep 11, 2013 11:17 am

What surprised me was that 85% was honest enough to admit it. Probably they considered their use of the data as "not criminal"...

User avatar
rurwin
Forum Moderator
Forum Moderator
Posts: 4258
Joined: Mon Jan 09, 2012 3:16 pm
Contact: Website

Re: NSA spying and Raspberry Pi

Wed Sep 11, 2013 12:11 pm

I always assume that everything I put on the 'net is public. If I decide to trust a company with data, I assume that multiple companies and any governments will have access to it. It may therefore become public, but I can play off the likelihood of that against the pain that would be caused. Even if I send an email to a friend, I assume that their employer, their ISP and any governments will be able to read it, and friendship sometimes doesn't last for ever, but mail boxes have long memories.

If what I have to say would get me into trouble, I don't say it.

It is possible to be entirely innocent, speak only the truth and still get into trouble, but this is a dangerous world in which mistakes, accidents and disasters happen every day. Sometimes they happen to innocent people.

User avatar
sav25
Posts: 364
Joined: Thu Aug 30, 2012 7:18 pm
Location: Southend-on-Sea, Essex, UK
Contact: Website Twitter

Re: NSA spying and Raspberry Pi

Wed Sep 11, 2013 1:33 pm

I'm also on the "what do you have to hide?" side.

Firstly, why would someone care about my insignificant average Joe life?

Secondly, in terms of fraud etc, cards/banks cover you for it anyway so limited damage there (especially with my measly bank balance)


Third - I LIKE the fact that they can do this. It makes the world a safer place...until the bad guys get the same tech...then maybe not!

Enjoy technology and gadgets, and worry about it when/if it happens, or live a life of paranoia and suspicion.
Averagemaker.com

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23932
Joined: Sat Jul 30, 2011 7:41 pm

Re: NSA spying and Raspberry Pi

Wed Sep 11, 2013 1:45 pm

sav25 wrote:I'm also on the "what do you have to hide?" side.

Firstly, why would someone care about my insignificant average Joe life?

Secondly, in terms of fraud etc, cards/banks cover you for it anyway so limited damage there (especially with my measly bank balance)


Third - I LIKE the fact that they can do this. It makes the world a safer place...until the bad guys get the same tech...then maybe not!

Enjoy technology and gadgets, and worry about it when/if it happens, or live a life of paranoia and suspicion.
Bad guys already have access to encryption that the NSA would not be able to crack. I'm not worried about that, I'm more paranoid about the governments themselves and their attitude that they need to spy on everyone.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
“I think it’s wrong that only one company makes the game Monopoly.” – Steven Wright

rpifreeze
Posts: 76
Joined: Tue Jul 24, 2012 10:03 pm

Re: NSA spying and Raspberry Pi

Sun Sep 15, 2013 6:18 pm

@jamesh, unless some agencies forces to use weaker algs or we use some NSA/NIST recommended algorithms/hashes....
http://arstechnica.com/security/2013/09 ... -standard/
...and more recent ones on arstechnica
https://www.schneier.com/blog/archives/ ... _brea.html
usb and broadcom issues will never be solved...Too much time passed, too much to be done...

User avatar
cyrano
Posts: 714
Joined: Wed Dec 05, 2012 11:48 pm
Location: Belgium

Re: NSA spying and Raspberry Pi

Sun Sep 15, 2013 6:25 pm

@RPiFreeze: I understood your account was abandoned?

Not to depress everyone, but a discussion about NSA counter measures is utterly useless when it comes to the Pi.

Please read this:

http://people.umass.edu/gbecker/BeckerChes13.pdf

Any hardware could be corrupted. It is very hard to detect. Could be in any chipset, not limited to computers. Even a router, a network card (we've seen several examples of trojans in network cards) or your phone could be trojaned.

So, please, stop the whining and get to work. How do we get out of this mess?

User avatar
Speedwell68
Posts: 178
Joined: Sun May 12, 2013 5:21 am
Location: Cornwall, UK

Re: NSA spying and Raspberry Pi

Sun Sep 15, 2013 8:14 pm

jamesh wrote:I don't normally get involved with this sort of thread, but hey ho!

In my opinion, (which is always right, because this is the internet), I am now more afraid (terrrorised) of overzealous airport security, police exceeding their powers, or government curtailing my freedom, than I have ever been of a terrorist attack. In my book, this means the original terrorists have already won, and the terrorists are now the aforementioned agencies.
Bingo. In the world since 9/11 we have become a lot less free than before it. This is where the world has gone wrong. This is how the terrorists wanted the world to react. We have lost a hell of a lot of freedoms and the world is not safer because of it, not even a little bit.

User avatar
Jim Manley
Posts: 1600
Joined: Thu Feb 23, 2012 8:41 pm
Location: SillyCon Valley, California, and Powell, Wyoming, USA, plus The Universe
Contact: Website

Re: NSA spying and Raspberry Pi

Sun Sep 15, 2013 8:54 pm

Speedwell68 wrote:
jamesh wrote:I don't normally get involved with this sort of thread, but hey ho!

In my opinion, (which is always right, because this is the internet), I am now more afraid (terrrorised) of overzealous airport security, police exceeding their powers, or government curtailing my freedom, than I have ever been of a terrorist attack. In my book, this means the original terrorists have already won, and the terrorists are now the aforementioned agencies.
Bingo. In the world since 9/11 we have become a lot less free than before it. This is where the world has gone wrong. This is how the terrorists wanted the world to react. We have lost a hell of a lot of freedoms and the world is not safer because of it, not even a little bit.
The terrorists are "winning"? Really? Even Charlie Sheen has modulated his definition of that term. You're less free - how? This is such complete BS that I won't even deign to respond to it with one of my long, point-by-point refutations that you all know I'm more than capable of delivering. Suffice it to say that none of the girls and women in your lives are covered head-to-toe with cloth, denied the opportunity for an education, and you're not reduced to scratching out an existence (note I did not say "a living") from the dirt in some god-forsaken, forgotten corner of the planet. No religious zealots control what you can do, say, look at, listen to, pursue for work, what you want to believe spiritually, or where you can travel. Your ability to kvetch endlessly here on this forum is more than enough evidence of the freedoms you enjoy courtesy of people who have risked, and in some cases lost their lives, whom you have never bothered to seek out and acknowledge, let alone personally thank publicly.

Remember that it's not just us that get to see what's leaked. Do you really think the world is safer now that the likes of Putin, the Chinese Communist Party, Kim Jong Un, Bashar al-Assad, and every other thug that benefits much more than we do when dirty underwear goes up the flagpole? Every coin has two sides, and one of them is usually much more corroded than the other. While you're kibitzing about how many devils will fit on the head of a pin, actual people are dying at the hands of mass murderers who live for these kinds of betrayals. Stuff that in the foofy, over-caffeinated beverage you just complained about on which the barista misspelled your name, while you cursed an inconveniently-dropped cell phone call.

Get real, go live somewhere suffering real oppression, and get a life before you even think of posting any more tripe like this. You're really embarrassing yourselves, and this isn't just my opinion.
The best things in life aren't things ... but, a Pi comes pretty darned close! :D
"Education is not the filling of a pail, but the lighting of a fire." -- W.B. Yeats
In theory, theory & practice are the same - in practice, they aren't!!!

Heater
Posts: 13685
Joined: Tue Jul 17, 2012 3:02 pm

Re: NSA spying and Raspberry Pi

Sun Sep 15, 2013 9:08 pm

Jim,
...and this isn't just my opinion.
However it is just an opinion.

There have been some leaks of info indicating illegal doings by a government. We should be glad there are people brave enough to put their lives on the line to uncover such shenanigans.

When we have people hiding out on sofas in embassies and such places around the world for fear of extradition to the USA to face an almost certainly unpleasant future, then yes our freedoms have been eroded.
Memory in C++ is a leaky abstraction .

User avatar
Jim Manley
Posts: 1600
Joined: Thu Feb 23, 2012 8:41 pm
Location: SillyCon Valley, California, and Powell, Wyoming, USA, plus The Universe
Contact: Website

Re: NSA spying and Raspberry Pi

Sun Sep 15, 2013 9:41 pm

I wrote the below long before I submitted my previous post, but it was trapped on a device in a wonky state that I was finally able to squirt onto the forum, so there is a bit of overlap that I apologize for not going in and editing out, but it's already enough of a mess.

There's a huge difference between something like the Manhattan project and the conspiracy theories that abound. There were all sorts of mistakes made in operational security in programs like the Manhattan Project, both positive and negative that, in sum, canceled out. Families in the secret sites weren't supposed to ever communicate with relatives elsewhere, yet Dr. John Von Neumann and his wife exchanged hundreds of letters postmarked in New Mexico and Princeton which still survive. Plus, there was complete understanding of what the stakes were in things like the Manhattan Project.

However, a lone wolf positing themselves as the Savior of Mankind while bragging that they could listen in on the President's phone calls (I want to hear the recordings as proof) is just another posturing butthead who couldn't be bothered to actually prove his mettle by getting a real education (sorry, but I'm just not impressed with him being just a sysadmin who knows how to operate a thumb drive). Snowden's complete and evident lack of even a Plan A is evidence of how unsophisticated he really is. I hope he gets to learn about what happened to the NSA mathematicians at the hands of the Soviets after they realized what fools they really were once they were in Moscow. You can glitz up an iceberg all you want, but it's still an iceberg with no means of escape - checkmate.

As for the 85% claim about the Dutch police, first of all, do you have a link? No reasonable search terms come back with results. Second, even if true, they're Dutch (sorry, Gert, but as he knows, so are some of my ancestors ;) ) and there are lots of things that are legal there that wouldn't pass muster in countries with populations not so insane as to live below the low tide level, much less the high tide level :shock: Third, if this was a real poll, it was probably worded to elicit the desired response and was both misrepresented and misreported. Finally, we'll probably find out that, like 97% of statistics, they're made up (yes, you may start your recursion counters now :lol: ).

There are not countless examples of people getting screwed by the system due to it adding 2 + 2 and getting 5. The examples can be counted, and not on very many hands. Does the system very rarely come up with 5? Yes, I've had it happen to me, but I'm not hiding anything (talk about the Understatement of the Year) and I have a very thick Good Guy Who Wears A White Hat record of accomplishments of, for, and by The People. For a really good laugh, if anyone has access to the Department of Homeland Security or Secret Service records for late August of 2006 or 2007, do a search on terms like helicopter, missile, Hubert Humphrey Federal Building, Minneapolis-St. Paul International Airport, and my name. All I can say is never, ever make the mistake of parking your large vehicle trailer containing your helicopter (with or without "missiles" that are in what is actually the rotor blade crate) with the back ramp door open facing a Federal Building that contains offices of minor agencies with TLAs (Three Letter Acronyms) such as FBI, DHS, etc.

As for the terrorists "winning" because we're defending ourselves pretty well (and going overboard in some respects), all I have to say is ask Charlie Sheen about "winning", because even he has modulated his definition substantially over time. When the girls and women in your lives are covered head-to-toe in fabric and denied an education, you're left scratching out an existence from the dirt in some arid hellhole in Lower Slobovia, your local thug-appointed religious zealot (I reject thugs from all denominations) is deciding what's best for you, your family, your friends, and everyone else, and you're otherwise just an even smaller cog in an even bigger wheel than you're in now, then the terrorists will be winning. Frankly, they'd just as soon see you dead, so if they're "winning" that much, perhaps it's time to just get your affairs in order. I mean, really? They're winning? Go ahead, eat your humble Pi, we'll wait, after all, it's good for you! :roll:

Regarding the NSA and/or GCHQ inserting transmitters in SD cards, etc., we can't even get 1.8 volt ultra-high-speed access and those guys are putting transmitters in them? Well, let's just hack the little buggers to our own ends because if Snowden can do what he did, their security obviously sucks donkey kong.

I can tell you from experience that government, and especially military, projects tend to be built first to do sexy things like accelerate straight up, vacuum up all the data possible, and read what brand of undies tens of thousands of strangers passing through a screening area are wearing, and _maybe_ later someone will ask what's supposed to be done with it all, much less when budgets get tight. I helped institute such questions in the project planning process in the Navy (Information Management - InfoMat), but it was extremely difficult to explain why it was so important to admirals and generals who used to play with a stick between their legs, hide with pride, and go cruisin' for a bruisin'.

People keep talking about The Government as if it's some alien race totally detached from Homo Sapiens (well, now that you mention it ... ) and I'm not really sure what the heck our friends who speak and write English funny got for a government by keeping a monarchy around (I must admit it does make for better TV than our version made up of "reality stars" and other "celebrities" of the week). Ours is of, by, and for The People, and I've done more than my part to make it as best as I can, given the general apathy and lack of participation by 99.99% of the population that just has limited brainwidth, apparently. If you don't like the way it works and elections aren't satisfactory, then go to work inside and change it - it's pretty clear that not much in the way of great intellect is needed these days, and now that the private sector playing field has been reset economically, government pay isn't looking like such a bad deal, although the retirement system isn't what it used to be now that it's defined-contribution instead of defined-benefit here.
ShiftPlusOne wrote:Hey Jim, I am going to play devil's advocate a bit, but these are thoughts that cross my mind when I hear sentiment similar to what you express. Just wondering what your take is in response.

I don't think the issue is with those the honest law-abiding employees, but with the bad bananas. Lawyers looking for illegal activities? That's a start, but it seems like lawyers are to advice what is legal and what isn't rather than track down illegal activity. I would hope that it would be impossible to arbitrarily access people's information without some sort of warrant. Why is the system such that employees can monitor their exes in the first place? How is Snowden a bad banana? Isn't it your duty to speak up if you're being asked to do something you think is not morally justified.
The first duty of someone who holds clearances of any level, especially intelligence clearances because of the sensitivities involved, is to fulfill the obligation they swore to uphold for life. I have no sympathy for people who think they're so superior intellectually but find that they have to take shortcuts to accomplish their selfish, short-sighted agenda. Snowden didn't even spend a nanosecond thinking about doing things the right way. He thought he was too smart for college, too smart for healthy relationships, too smart for the CIA, and too smart for Booz-Allen-Hamilton, the contractor he worked for at the NSA and he very specifically targeted that BAH job and not as an employee for the NSA because he knew he would never stand up to scrutiny.

I'm very familiar with BAH as some of their employees worked for me, and I was not impressed in the least. They tend to hire retiring admirals and generals as partners who have lots of kids they want to send to the best colleges/universities and can't afford that, so they're mined for their contacts and try to recruit more junior military people retiring/getting out who have needed skills. When I left the Navy, I was approached, but I was not at all interested because I was on my way to Silicon Valley and BAH was only willing to hire me to work in the DC area and pay me exactly what I was already making in the military.
ShiftPlusOne wrote:There are lots of government operations that were kept secret. The Manhattan project being one example. Then there are all the ones if found out about way after it was no longer important, like MK-UTLRA. It seems naive not to assume that there are operations going on right now that most people would find abhorrent. But yes, these things to leak, you only have to look as far as Snowden, Manning and Vanunu to see that (and how these people are treated afterwards).
I find it abhorrent that these clowns took it upon themselves to decide what's right and put the rest of us at serious risk because they didn't bother to limit the exposure they made to specifically and only that information needed to demonstrate what they were alleging. Instead, they simply splattered everything they could get their hands on without thinking about what the total picture is. I want someone here to tell me explicitly that they really think that it's more important to reveal all of this information to the likes of Vladimir Putin, Kim Jong Un, the Chinese Communist Party, the religious zealots running Iran, Assad in Syria, and every other dictator, murderer, torturer, etc. While proponents are cheering about how wonderful these revelations are in terms of how many devils will fit on the head of a pin, they're not thinking through what's going on around the rest of the chess board. If you really think Vladimir Putin is interested in a level playing field where life is all rosy and smells of unicorn farts, you'd better think a lot harder.
ShiftPlusOne wrote:I don't think that's what wikileaks was supposed to reveal, but gunning down journalists and children from apache helicopters is not an example of people doing their jobs properly.
Do you really think that nothing happened internally when this was seen by the military hierarchy? Wrong.
ShiftPlusOne wrote:The issue is that we're spying on our allies (who are in turn spying on us) and our citizens, not that we're spying on regimes that are a potential threat.
No, this is not what is happening. You're over-generalizing from a very small number of bad-news incidents. You do not live in a police state. If you think you do, I will provide you a list of dozens of actual police states, you can go visit them and voice these kinds of complaints there, and we won't be surprised at all to never hear from you again. I mean no disrespect as you have been blessed to live a decent life, but you are clueless in this regard, and I can say this from experience, having been in some of those police states.
ShiftPlusOne wrote:Because there are other issues that affect the world, does not mean that these are any less important.
This is also completely incorrect and incredibly naive. There is a hierarchy of human needs (go read Maslow's writings on this - it's required for military leaders). Likewise, there is a hierarchy of crimes and misdemeanors (they are not the same). That's why there are differing levels of bail, fines, sentences, incarceration facilities, etc. I am in no way condoning the illegal actions of a minuscule fraction of otherwise law-abiding government workers, and believe the convicted should be hammered at least as hard as other criminals committing offenses at the same level. Judges usually sentence law enforcement officers to the harshest punishments allowed precisely because they are in trusted positions of authority and swore an oath to uphold the law. The same goes for abusers of national security powers.

So, the Moral of the Story is that (1) yes, they really are out to get you, (b) they're really too incompetent to do so and as a result generally go for the low-hanging fruit, (gamma) collecting anything and everything isn't the same thing, by a long shot, as processing, analyzing, reporting, disseminating, and retasking collection to refine the data to what's really associated with threats, and (!) I'm running out of identifiers for Morals of the Story.
The best things in life aren't things ... but, a Pi comes pretty darned close! :D
"Education is not the filling of a pail, but the lighting of a fire." -- W.B. Yeats
In theory, theory & practice are the same - in practice, they aren't!!!

Return to “General discussion”