China cracks down on wi-fi in public spaces

Discuss life, the universe, and everything with other members of this site. Get to know your fellow polywell enthusiasts.

Moderators: tonybarry, MSimon

DeltaV
Posts: 2245
Joined: Mon Oct 12, 2009 5:05 am

China cracks down on wi-fi in public spaces

Post by DeltaV »

http://www.physorg.com/news/2011-07-chi ... paces.html
China has ordered public spaces offering wi-fi web access to install costly software to enable police to identify people using the service, state media said Thursday.
The real reason webcams are in almost every new computer.

hanelyp
Posts: 2255
Joined: Fri Oct 26, 2007 8:50 pm

Re: China cracks down on wi-fi in public spaces

Post by hanelyp »

DeltaV wrote:The real reason webcams are in almost every new computer.
There's a hardware fix for that as simple as a post it note. Or better, run an operating system that puts the computer's owner in control, not some remote entity that may not share their interests.

DeltaV
Posts: 2245
Joined: Mon Oct 12, 2009 5:05 am

Re: China cracks down on wi-fi in public spaces

Post by DeltaV »

hanelyp wrote:There's a hardware fix for that as simple as a post it note.
Unless it's one of those pesky hyperspectral quantum dot array webcams.
hanelyp wrote:Or better, run an operating system that puts the computer's owner in control
Do you know of such an operating system? The ones I know of are all incomprehensible train wrecks with abundant Big Brother potential.

DeltaV
Posts: 2245
Joined: Mon Oct 12, 2009 5:05 am

Re: China cracks down on wi-fi in public spaces

Post by DeltaV »

DeltaV wrote:Unless it's one of those pesky hyperspectral quantum dot array webcams.
Sure, there's a hardware fix for that, as simple as some glue and a piece of lead foil.

But there's a software/wetware fix for that, as simple as Facebook.
And so the game evolves...

hanelyp
Posts: 2255
Joined: Fri Oct 26, 2007 8:50 pm

Re: China cracks down on wi-fi in public spaces

Post by hanelyp »

DeltaV wrote:
hanelyp wrote:Or better, run an operating system that puts the computer's owner in control
Do you know of such an operating system? The ones I know of are all incomprehensible train wrecks with abundant Big Brother potential.
http://www.linuxmint.com/ is promising. For really serious control of your system gentoo is good, but requires a bit more technical knowledge.

Ivy Matt
Posts: 689
Joined: Sat May 01, 2010 6:43 am

Post by Ivy Matt »

Sometimes I assume the PRC government prefers gradual reform to revolution, and sometimes I'm not so sure.
DeltaV wrote:Do you know of such an operating system? The ones I know of are all incomprehensible train wrecks with abundant Big Brother potential.
Well, it's often a trade-off between paranoia and user-friendliness. If you're sufficiently far enough on the paranoia end I would recommend OpenBSD. Security doesn't stop at the OS level, though, so a secure operating system only takes you so far.
Temperature, density, confinement time: pick any two.

DeltaV
Posts: 2245
Joined: Mon Oct 12, 2009 5:05 am

Post by DeltaV »

Maybe a radical departure from the concept of "Operating System" and "Motherboard/Backplane" is called for, in order for binary logic based personal computation to reach its full potential. (This rant is inspired by how well USB devices work.)

From one viewpoint, there are only a few things that actually take place (often simultaneously) when a computer is used:
- get human input
- read stored data
- crunch numbers
- store/replace/erase data
- output data in human-readable form
- send/get data to/from ports, busses and networks

I've no doubt omitted details, but in this view there are on the order of ten (at the very most, a few tens of) fundamental things a computer really does.

I propose completely modularizing the above basic functions as plug-and-play hardware (with embedded software), with only the hardware/data/power interfaces between modules being strictly defined by a set of optimized, worldwide, draconian standards.

The module interface standards would, of course, have to evolve as hardware technology improves, but for any given interface there would be only one worldwide standard, valid for some minimum amount of time (say, 2 years). The standards would upgrade only at some periodic, publicized time.

As far as the hardware and software within each module, there would be absolutely no standards (other than safety-related, e.g. fire). Any entity, from IBM to your next-door neighbor working in a garage, could produce and market modules if and only if these modules completely meet the interface standards. The modules must be small and simple enough that the resources of a huge corporation would not be needed to bring one to market, resulting in a wide variety of brand choices (like micro-brewed beer!).

Multiple, interconnected "black boxes", exactly one black box per fundamental computer function above. A functionally de-integrated system, the diametric opposite of a fully-integrated "PC on a chip".

Any module which meets its interface standards must, to an external observer, be indistinguishable from any other module meeting the same standards. Module developers would be encouraged to keep the internal details of their modules secret (like beer recipes!), and to use a variety of design approaches.

So instead of buying one box with everything (including an OS) already packaged together, you would buy the 10-20 required modules from the vendor mix of your choice, confident that they can be plugged together like Legos and still work well as a system.

Hackers and malware writers would have no idea which specific internal hardware/software was in your particular choice of module brands. Module combinatorics (x things taken y at a time gives z combinations) would increase the hacking challenge. Module producers who intentionally publicized the internal details of their designs would be barred from selling modules for years, or de-certified.

Some steps in this direction have already been taken (modular video, audio, mouse/trackball, memory stick, USB standards, etc.), but the tyrannical and vulnerable OS is still prevalent in the current paradigm.

Operating systems are a holdover from the disk drive era. In this new (?) paradigm, application programs interact directly with the various modules to produce useful results, without the need for an OS to handle data transfers. There would be one module dedicated to application program storage and one to application interface with the other modules (whatever the optimum topology for that would be...)

(?) "Web-based" computing might involve similar concepts, but here I'm talking about "local" computing only.

EEs and CSs are hereby granted permission to shred this proposal, which is born of user frustration with the poor consistency, robustness and system longevity for the current PC/OS paradigm.

Ivy Matt
Posts: 689
Joined: Sat May 01, 2010 6:43 am

Post by Ivy Matt »

An interesting idea. Sounds a bit like the Unix philosophy, applied to hardware. I've always been fond of the idea of agreeing on the protocols and competing on the implementations. I have little CS experience and less exposure to EE, but in my experience the biggest problem with your idea would be the large number of existing systems (PC architecture, Windows or Unix operating system) already in place. If Plan 9 (the OS, not the movie) couldn't make it, I'm not sure how well your idea would fare.

EDIT: Let me add another problem: competing "standards". It seems as long as there are commercial entities with monopolistic tendencies and competitors who fear them, there will always be competing "standards".
Temperature, density, confinement time: pick any two.

ScottL
Posts: 1122
Joined: Thu Jun 02, 2011 11:26 pm

Post by ScottL »

You're proposing a cluster f*ck if I'm not mistaken. IBM's blackbox/code + Microsoft's + your neighbors all done different and you're hoping and praying they'll play together nicely? There's just no guarantee yours and your significant other's black box will play nicely together...etc.

Personally I think users should always....ALWAYS be in a 5 year turn-around time-table. If you aren't, you're a fool and/or lazy. Computers aren't some foreign object, they're in our lives and have been the greater part of the past 2 decades at least (some 3). The fact that people still go to Best Buy or CostCo (Sam's club for you east coasters) and buy El Cheapo systems thinking they're cutting-edge is laughable. You don't buy a car because a sleazy salesman tells you to do so, you buy what you want hopefully because you've researched it even the slightest amount. The same should go with any major purchase, including the very thing that will be partially responsible for your identity management or keeping predators away from your children.

I blame the users and always will...

</end Server\Network Admin's rant>

DeltaV
Posts: 2245
Joined: Mon Oct 12, 2009 5:05 am

Post by DeltaV »

ScottL wrote:You're proposing a cluster f*ck if I'm not mistaken.
I thought I was proposing a solution to the current one.

But you both have valid points... human nature and economic realities would kill this idea.

OSes have escaped the lab and it's too late to corral them.


DeltaV
Posts: 2245
Joined: Mon Oct 12, 2009 5:05 am

Post by DeltaV »

China's internal cyber-suppression is complemented by its external cyber-hooliganism...
McAfee Smells A Rat
Revealed: Operation Shady RAT

palladin9479
Posts: 388
Joined: Mon Jan 31, 2011 5:22 am

QNX Nutrino

Post by palladin9479 »

The OS you guys are talking about is QNX RTOS Neutrino
http://www.qnx.com/products/neutrino-rt ... -rtos.html

Typically OS's run something known as a monolithic kernel, that is a single large kernel that handles all I/O and processing requests. The users software runs in user space with permissions inherited from whatever access the user had. The kernel any everything inside runs in kernel space and has full root (UID 0) access. This system provides protection / security of the Kernel from user software, it's impossible for software the user acquires from damaging or undermining the system security, unless the user grants it permission to do so. Which comes to the ~real~ vulnerability in all modern day OS's, and that's the user. Running with root privileges (administrative rights in Windows) is batsh!t insane. Yet nearly every home user out there runs with admin rights. No matter how secure your system is, if your running with root privileges you just invalidated all your security. The fact that MS had to implement UAC at all is a testament to the stupidity of users.

Anyhow with something like QNX, instead of a monolithic kernel what you get is a micro-kernel and a ton of modules. The kernel itself is only responsible for communication between devices and managing access to the memory space for those modules. All hardware drivers run as modules with restricted permissions. All software runs inside the user module with restricted permissions. This type of system has it's own Pro / Con though. Benefit is that it's inherently more secure, its more responsive and it's highly scalable. You can strip the UI and everything out of the system, and all that remains is a very small system capable of running off a floppy disk (their claim to fame as an OS that run a networking stack and graphical internet browser from a floppy). The Con is that this system can only use software designed for it, meaning you must build / code everything specifically for it, no shared community software is really available. Also this kind of system has a performance penalty due to everything needing to use slow IPC (inter-process-communication) messaging to work. Device drivers can't just write to memory and do their job, they have to go through IPC for all I/O, this is slow but ensures that nothing sneaky happens.

This is all on the side though, because modern OS's are already extremely secure by design. The problem is that the users are not secure and will bypass all efforts of the OS in their desire to run some app they downloaded off the internet. Users will run with root privileges because they just want their programs "to work", of course making the programs "just work" requires giving them root privileges which again defeats the purpose of security to begin with. Ultimately it's a question of usability vs security and trust. The most secure system in the world is a system that's had it's power cut and all cables removed. Of course that same system is totally useless. And every piece of software a user puts on their system they must trust. If you don't trust it, don't use it period. If you need that functionality but don't trust the provider, then find another provider you do trust, otherwise write the software yourselves.

-=Edit=-

For the OP, there is an easy way around web traffic loggers. Use OpenVPN on TCP port 443 to a remote VPN site outside of China, then direct all external traffic requests to the external VPN IP address. 2048 bit RSA key using AES-256 or Blowfish and CBC mode, it's not being cracked anytime in the next few decades. TCP Port 443 is SSL, a protocol designed for encrypted transport of data and used in every https connection in the world. OpenVPN use's SSL as it's transport mechanism for tunneling the packets. From an external point of view, your box is just transmitting lots of encrypted web traffic, something done every moment of everyday by nearly the entire connected world population. Finding a needle in an African Jungle would be easier.

krenshala
Posts: 914
Joined: Wed Jul 16, 2008 4:20 pm
Location: Austin, TX, NorAm, Sol III

Re: QNX Nutrino

Post by krenshala »

palladin9479 wrote:The most secure system in the world is a system that's had it's power cut and all cables removed.
The most secure system is one with no power, no cables, locked in a room and the key kicked under the door ... and even then its not totally secure, as someone could kick down the door and take the system. :)

The graph found here very accurately demonstrates the nature of computer problems, based on my 20-some years of experience in the field.

ScottL
Posts: 1122
Joined: Thu Jun 02, 2011 11:26 pm

Post by ScottL »

VPN or secure proxy, but at some point they'll notice the bandwidth usage and do something about it. There was some promising work with a P2P style DNS, but I haven't heard anything in a while about it.

Post Reply