Hi Sven,
> Am 18.04.2019 um 17:33 schrieb Sven Dyroff <s.dyr...@phytec.de>:
>
> Hello Nikolaus,
>
> > Well, this will give 99% of the time false positives, at least initially.
>
> yes, indeed! That is called apprentice's due. Or a German word translated in
> English: If you do planing, you'll produce shavings.
>
> > My key argument is that it may not be possible to learn by trial and error
> > how to distinguish
> > because the distinguishing information is missing...
>
> Here's a little difference between us both: I know exactly for what I'm
> searching for. But no more comment to this.
The question is if you are searching for the right thing. It may just be a
honey-pot for you and the really rogue things are hidden and undetectable...
It could use steganography.
This is why I still hold my claim that you can't detect all such activities and
not by simple means like the neo900 does.
IAW: if you have to cross a swamp don't try to dry it but use a boat or
helicopter.
> > To give a specific example: how can a current consumption detector or RF
> > activity measurement distinguish
> > between a cell handover which leaks 2-3 bytes private data from one without
> > sending that. IMHO, a good
> > detector should be able to report exactly that.
>
> In this case you need some completely different detectors, located
> additionally outside of the phone. But no more comment.
There is one more thing: communication does not end at the phone. It continues
through networks and to the remote end.
This is the area where you and your device(s) has no control over. This is why
end2end security is so important.
To some extent it ends in the trivial cognition that the only safe
communication is the one you are not doing :)
>
> > Therefore I believe (yes it is also a believe :-) more in encryption
> > technology than the extra hardware planned for the Neo900.
>
> This believe is not justified. We all know Moore’s law. As long as this is
> still valid, everything that will be encrypted today can be decrypted later.
Not necessarily. There are ideas around to solve this problem as well, e.g.
quantum-cryptography.
And: Moore's law is not a physical law. It will come to an end in not too far
future.
Some even say it already ended 10 years ago and nobody did notice:
https://spectrum.ieee.org/nanoclast/semiconductors/devices/what-globalfoundries-retreat-really-means
Yes, computing power world-wide raises and raises, even if chips don't shrink
as fast as the past 60 years.
So if something is encrypted by a key strength that needs 20% of the world-wide
computing power for 1 year,
you are almost safe :) Because only 5 encrypted files are decrypted per year...
>
>
> > On the other hand, what Outlook does the Linux kernel have?
>
> Regularly fixed release dates! Never underestimate this! I talked about
> synchronizing individual fun experiences.
Ok, we can do that for QtMoko2 as well - if there are enough new contributions.
Without such, we can only re-release the last release every week...
BR,
Nikolaus
_______________________________________________
Gta04-owner mailing list
Gta04-owner@goldelico.com
http://lists.goldelico.com/mailman/listinfo.cgi/gta04-owner
