Re: [Gta04-owner] QtMoko2
Hello Nikolaus, > The question is if you are searching for the right thing. I already found it. More than 12 years ago by accident in the Nokia 6233. Then it turned out that some phones from Sony were also affected, but not such severe. For this reason I know which detectors are needed to find it. It's nothing that a healthy reasonable person ever would expect, especially not in a phone. > It may just be a honey-pot for you I wouldn't call this involuntarily horror trip a honey-pot. > and the really rogue things are hidden and undetectable... Indeed it was just by accident that I stumbled over it. > This is why I still hold my claim that you can't detect all such activities and not by simple means like the neo900 does. I'm talking about exactly ONE of such activities. No clue how much more shit had been stuffed inside it. But it would contradict all experiences that if there's one, that there will not be more. > IAW: if you have to cross a swamp don't try to dry it but use a boat or helicopter. You joker! What do you think why I bought a GTA04A4 from you and are now asking for a Neo900 ??? Best regards Sven ___ Gta04-owner mailing list Gta04-owner@goldelico.com http://lists.goldelico.com/mailman/listinfo.cgi/gta04-owner
Re: [Gta04-owner] QtMoko2
Hi Sven, > Am 18.04.2019 um 17:33 schrieb Sven Dyroff : > > Hello Nikolaus, > > > Well, this will give 99% of the time false positives, at least initially. > > yes, indeed! That is called apprentice's due. Or a German word translated in > English: If you do planing, you'll produce shavings. > > > My key argument is that it may not be possible to learn by trial and error > > how to distinguish > > because the distinguishing information is missing... > > Here's a little difference between us both: I know exactly for what I'm > searching for. But no more comment to this. The question is if you are searching for the right thing. It may just be a honey-pot for you and the really rogue things are hidden and undetectable... It could use steganography. This is why I still hold my claim that you can't detect all such activities and not by simple means like the neo900 does. IAW: if you have to cross a swamp don't try to dry it but use a boat or helicopter. > > To give a specific example: how can a current consumption detector or RF > > activity measurement distinguish > > between a cell handover which leaks 2-3 bytes private data from one without > > sending that. IMHO, a good > > detector should be able to report exactly that. > > In this case you need some completely different detectors, located > additionally outside of the phone. But no more comment. There is one more thing: communication does not end at the phone. It continues through networks and to the remote end. This is the area where you and your device(s) has no control over. This is why end2end security is so important. To some extent it ends in the trivial cognition that the only safe communication is the one you are not doing :) > > > Therefore I believe (yes it is also a believe :-) more in encryption > > technology than the extra hardware planned for the Neo900. > > This believe is not justified. We all know Moore’s law. As long as this is > still valid, everything that will be encrypted today can be decrypted later. Not necessarily. There are ideas around to solve this problem as well, e.g. quantum-cryptography. And: Moore's law is not a physical law. It will come to an end in not too far future. Some even say it already ended 10 years ago and nobody did notice: https://spectrum.ieee.org/nanoclast/semiconductors/devices/what-globalfoundries-retreat-really-means Yes, computing power world-wide raises and raises, even if chips don't shrink as fast as the past 60 years. So if something is encrypted by a key strength that needs 20% of the world-wide computing power for 1 year, you are almost safe :) Because only 5 encrypted files are decrypted per year... > > > > On the other hand, what Outlook does the Linux kernel have? > > Regularly fixed release dates! Never underestimate this! I talked about > synchronizing individual fun experiences. Ok, we can do that for QtMoko2 as well - if there are enough new contributions. Without such, we can only re-release the last release every week... BR, Nikolaus ___ Gta04-owner mailing list Gta04-owner@goldelico.com http://lists.goldelico.com/mailman/listinfo.cgi/gta04-owner
Re: [Gta04-owner] QtMoko2
Hi Sven, > Am 18.04.2019 um 15:09 schrieb Sven Dyroff : > > Hello Nikolaus, > > >> Neo900 planned a couple of stuff that would have domesticated that beast > >> at least up to a certain level. > >> Such smart things like measuring its power consumption and validate if > >> it's reasonable compared with > >> its current instructed actions with the option to automatically switch it > >> off. > > > > Well, I have my own opinion on this... > > It is: this stuff is useless. > > > > The reason is that nobody can test if these detectors really work. > > To test a fire alarm you must make some smoke. But how can you trigger the > > modem to make rogue activities to check if they are detected? > > I completely disagree! > > The fact that the fundamental nature of rogue activities is that they CANNOT > be triggered by you, because the roguishness persist exactly in the fact that > it will be triggered by others, consequently results in the NEED for exactly > this stuff. > > The proceeding is quite simple: You claim anything to be weird that you don't > understand. Just an ordinary trial-and-error approach. And this stuff is > exactly what you need for that! Well, this will give 99% of the time false positives, at least initially. My key argument is that it may not be possible to learn by trial and error how to distinguish because the distinguishing information is missing... If you are not looking precisely at smoke (but e.g. sound and illumination) you can't learn when to ring a fire alarm. To give a specific example: how can a current consumption detector or RF activity measurement distinguish between a cell handover which leaks 2-3 bytes private data from one without sending that. IMHO, a good detector should be able to report exactly that. But if you claim that there is a detector you must be able to exactly tell what it detects. So there is no detector but there are devices from which it is believed (!) that they may provide enough information. That is my criticism here: there is no proof. Just a believe. And there can't be a proof because the fire alarm can't be tested at all. Therefore I believe (yes it is also a believe :-) more in encryption technology than the extra hardware planned for the Neo900. > > >> It just needs a look behind the big firewall of China. I claim the > >> situation there is already apocalyptic. > >> And it's no dream anymore. It's already damned reality. > > > > Yes, I know. But that is not a technological issue. Technology was second. > > The situation is there for 30 years or more... > > The book "The Shockwave Rider" meanwhile is more than 40 years old and the > described scenario is independent from any concrete political situation. It > rather depicts a general interplay between evolution of technology on the one > hand and degenerating of freedom of society on the other hand. So there's no > reason not to fear that this could also happen to us. In fact it's just a > question of time. > > >>> Therefore we simply must restart with something as a big team. > >> > >> Yes, indeed. But you'll get such a big team only if you can provide a > >> clear aim. > >> One of the last Sourceforge Newsletters provided a very interesting > >> article about > >> the needs how to build a good and effective Open Source team. > > > > Yes, I remember similar articles. A key aspect is that people must see a > > benefit with the results. > > Either a personal for hobbyists (could be learning something, appreciation, > > presenting as a good > > software developer) or a commercial one (saves money for the company they > > are working for). > > I heavily doubt that a pure materialistic benefit is the reason for the need > of a clear outlook. Ah, no. The clear outlook is also needed of course. But the outlook must show some benefit to contributors. On the other hand, what Outlook does the Linux kernel have? It is just a pile of everything contributors submit and maintainers accept (with quite different and contradicting policies). But it has a clear benefit for silicon vendors like Intel, TI, Broadcom, etc. so that they pay developers to contribute to Linux. Because it is still cheaper for them to pay contributions than developing and maintaining their own OS. This is where it saves the silicon companies a lot of money and that makes kernel.org a steadily growing and well financed project. > Instead of that I assume that the real need for it is a result out of the > individual fun factor of programming: You need a means for synchronizing all > the individuals in some way. So you need to place milestones and you need to > make transparent if or how much they have been reached in order to prevent > exactly that diffusing that you have here in this project. Here again, Linux kernel has no milestones if taken in total. Yes, some subprojects and development groups have their own milestones, but it does not seem widespread.
Re: [Gta04-owner] QtMoko2
Hello Nikolaus, >> Neo900 planned a couple of stuff that would have domesticated that beast at least up to a certain level. >> Such smart things like measuring its power consumption and validate if it's reasonable compared with >> its current instructed actions with the option to automatically switch it off. > > Well, I have my own opinion on this... > It is: this stuff is useless. > > The reason is that nobody can test if these detectors really work. > To test a fire alarm you must make some smoke. But how can you trigger the modem to make rogue activities to check if they are detected? I completely disagree! The fact that the fundamental nature of rogue activities is that they CANNOT be triggered by you, because the roguishness persist exactly in the fact that it will be triggered by others, consequently results in the NEED for exactly this stuff. The proceeding is quite simple: You claim anything to be weird that you don't understand. Just an ordinary trial-and-error approach. And this stuff is exactly what you need for that! >> It just needs a look behind the big firewall of China. I claim the situation there is already apocalyptic. >> And it's no dream anymore. It's already damned reality. > > Yes, I know. But that is not a technological issue. Technology was second. The situation is there for 30 years or more... The book "The Shockwave Rider" meanwhile is more than 40 years old and the described scenario is independent from any concrete political situation. It rather depicts a general interplay between evolution of technology on the one hand and degenerating of freedom of society on the other hand. So there's no reason not to fear that this could also happen to us. In fact it's just a question of time. >>> Therefore we simply must restart with something as a big team. >> >> Yes, indeed. But you'll get such a big team only if you can provide a clear aim. >> One of the last Sourceforge Newsletters provided a very interesting article about >> the needs how to build a good and effective Open Source team. > > Yes, I remember similar articles. A key aspect is that people must see a benefit with the results. > Either a personal for hobbyists (could be learning something, appreciation, presenting as a good > software developer) or a commercial one (saves money for the company they are working for). I heavily doubt that a pure materialistic benefit is the reason for the need of a clear outlook. Instead of that I assume that the real need for it is a result out of the individual fun factor of programming: You need a means for synchronizing all the individuals in some way. So you need to place milestones and you need to make transparent if or how much they have been reached in order to prevent exactly that diffusing that you have here in this project. Once again I claim that it was a failure to declare it as an project for arbitrary tinkering on anything that vaguely looks or acts like a phone. > Well, my vision for QtMoko2 would be: > > * modernized base: latest kernels, latest development tools, latest Debian as basis > * remove bugs - just make it work out-of-the-box > * modularized: just apt-get install what you want to have (or even write a GUI app for that - sort of an Appstore) > * runs on different hardware (existing and upcoming) > > IMHO a lot of aspects to work for. +1 > In the early days, the benefit of QtMoko was to get something which did not exist before (besides iOS 1.0 and Android 0.5). Ooops. Did I mess up something? As far as I know OpenMoko was the first smartphone on the market and Apple, Google and Co. did unscrupulous cherrypicking from its ideas. Am I wrong here? Best regards Sven Von:"H. Nikolaus Schaller" An: List for communicating with real GTA04 owners Datum: 17.04.2019 20:48 Betreff:Re: [Gta04-owner] QtMoko2 Gesendet von: "Gta04-owner" Hi Sven, > Am 17.04.2019 um 20:31 schrieb Sven Dyroff : > > Hello Nicolaus, > > > Well, I don't fear the modem. > > I do. And I exactly know why. > > > As soon as you want to make use of it you have to turn it on and accept that it is not trustworthy and can't be. > > Neo900 planned a couple of stuff that would have domesticated that beast at least up to a certain level. Such smart things like measuring its power consumption and validate if it's reasonable compared with its current instructed actions with the option to automatically switch it off. Well, I have my own opinion on this... It is: this stuff is useless. The reason is that nobody can test if these detectors really work. To test a fire alarm you must make some smoke. But how can you trigger the modem to make rogue activities to check if they are detected? > > > As long as it is a separate one connected through e.g. USB and some AT commands for control. > > We all agree that this is essential. But I claim that this is by far not enough. With the GTA04 you just had good luck with your modem choice by