lets suppose for the sake of discussion that the nsa promised intel all sorts of goodies to hardware backdoor all of their processors. do you think it would be possible for intel to get away with this? is it possible to audit for this sort of thing? is anyone auditing for this sort of thing?
From what I've read up on, yes. It's even possible to do this in a plausibly deniable way, hence "insidious" in my previous post. I suspect that it would be unwise to use this sort of exploit on a widespread scale, as it only increases the chances that Intel get bad publicity from having "exploitable flaws" as opposed to deliberate backdoors. I think it's best to assume that all systems at all levels are breakable in one way or another; start all plans to secure your digital stuff with that assumption. thats super weird to me. i really need to learn more about computer architecture because i thought processors all performed the same very basic process only some faster than others and some with more parallel instances of that basic process than others. in-fact im going to go get started on that right now. thanks for the info. *edit* you know if it seems my assumption was basically right. since it is just a couple of simple processes we are dealing with here, perhaps electronics engineers are adding layers of complexity in-order to achieve marginal gains in performance at the behest of consumers seeking cutting edge performance. perhaps if consumers were more interested in security and were willing to trade some performance for security than fractalen processors could be build that would make security audits easy as pie. i hope this makes sense.
|
|
|
so once this thing goes live what will we need to do?
Is it just the majority of miners who need to adopt this fork and everyone else gets defaulted in? Or will we need to download a new client, import our keys, make a new address and send our coins to that address?
|
|
|
Ever since reading The Cold Cash War many years ago I've tended to figure this kind of stuff was coming. That they actually talk about it outside of classified documents nowadays might mean its been around a lot longer than you might think and might be in a lot of chips you might not expect stuff like that to be in... -MarkM- if thats true this could be very very bad for bitcoin. maybe its time to start thinking about and talking about open source hardware, or what ever is the nearest thing to it? The real issue is Intel's SGX. Software Guard Extensions basically means you don't have control over your computer anymore. It means that unless you reverse-engineer the processor itself, you can make malware that is impossible to analyze -- a dream for an entity like the NSA. Additionally, Intel could easily be forced to hand over the private keys used by SGX, allowing the NSA to bypass it. Even if the processor was entirely open source, and you verified that an off-the-shelf processor exactly matched the open source specification transistor for transistor, you STILL wouldn't be able to prove Intel backdoored SGX, because all it takes is knowledge of the private key. No. This is all true, if SGX turns out to be everything Intel says it will be. And it only causes an issue if your OS hasn't been re-engineered with the new instructions in mind. And if OS design properly leverages the capabilities of SGX, you could end up with a more secure machine/system than there's ever been. So it's more appropriate to say that this is potentially a very sharp double edged sword type affair, not "Intel engineers the most insidious backdoor ever". No, even if your OS has been re-engineered to take advantage of SGX, you're still fucked. You'll end up with a more secure system against some adversaries, but it's really a false sense of security since you'll be at the mercy of anyone with the private keys (Intel), and anyone who can force Intel to hand over the private keys (the US Government). Plus, you can still make malware that's impossible to reverse engineer under SGX, making antivirus programs useless. Again: No. That's not how the SGX model is said to work, that's the (admittedly possible) tin-foil hat version. But Intel aren't going to sell processors to which only they have the private key to run enclaved code, and more to the point, consumers won't buy them. What sort of a "feature" would that even be? Intel could use much more insidious ways to back-door their processors. lets suppose for the sake of discussion that the nsa promised intel all sorts of goodies to hardware backdoor all of their processors. do you think it would be possible for intel to get away with this? is it possible to audit for this sort of thing? is anyone auditing for this sort of thing?
|
|
|
I am not much for his wordy feelings and philosophy YT channel bullspit, but this video was extremely well-researched and well-done.
his whole series called "the truth about ____" refrains from most of the "bullspit" and sticks to facts. Who said it didnt? who said i said someone said it didnt?
|
|
|
I am not much for his wordy feelings and philosophy YT channel bullspit, but this video was extremely well-researched and well-done.
his whole series called "the truth about ____" refrains from most of the "bullspit" and sticks to facts.
|
|
|
or you can, you know... use an AMD processor
oh yea amd could be doing all this crap also but atleast they arnt bragging about it publicly. the next processor i buy will definitely be an amd.
|
|
|
I listened to this one last night.
yep i know. i saw you in the comments . yea that's a little creepy.
|
|
|
Ok but if it was open source you wouldn't necessarily need to go through transistor by transistor. The specs would be published so you could use software to analyze the specs to see whether or not, if the specifications were accurate, there would be hardware back doors. Obviously software wouldn't catch everything so the wider community could audit the specs in more detail not relying on any individual to do all the work. then one or a couple of individuals would only need to take a wide enough sampling of random sections of the processor to see if they conformed to the specs. so like for example if you checked the configuration of every 1000th transistor and its neighbors with a random distribution to see if it conformed to the specs. it would be analogous to hashing in the software world. of course there would be room for error with this method that doesn't exist with hashing but you could still have some relative degree of certainty that, after the hardware audit, the hardware conformed to the provided specs. sorry if that made no sense
|
|
|
Ever since reading The Cold Cash War many years ago I've tended to figure this kind of stuff was coming. That they actually talk about it outside of classified documents nowadays might mean its been around a lot longer than you might think and might be in a lot of chips you might not expect stuff like that to be in... -MarkM- if thats true this could be very very bad for bitcoin. maybe its time to start thinking about and talking about open source hardware, or what ever is the nearest thing to it? The real issue is Intel's SGX. Software Guard Extensions basically means you don't have control over your computer anymore. It means that unless you reverse-engineer the processor itself, you can make malware that is impossible to analyze -- a dream for an entity like the NSA. Additionally, Intel could easily be forced to hand over the private keys used by SGX, allowing the NSA to bypass it. Even if the processor was entirely open source, and you verified that an off-the-shelf processor exactly matched the open source specification transistor for transistor, you STILL wouldn't be able to prove Intel backdoored SGX, because all it takes is knowledge of the private key. ok but with hardware audits we could verify that intel hadn't put SGX or anything analogous to it in the processor, correct? or phrased differently, is it possible for someone knowledgeable in the the field to look in there with a microscope and confirm that intel had not included any sort of hardware that could in theory be backdoored?
|
|
|
it all depends on whether this guy who says hes releasing a merged mined patch soon is legitimate. if he is than yes, if he isnt than no.
|
|
|
I think ByteCoin would become just another SHA-256 altcoin like Terracoin. Its main purpose is to be an exact Bitcoin clone, however as a minor coin it cannot survive like that. Reason: huge difficulty drop, then flash mining, then up again
supposedly someone is working on a merged mined patch and there is pretty good consensus among the community for a hard fork.
|
|
|
Ever since reading The Cold Cash War many years ago I've tended to figure this kind of stuff was coming. That they actually talk about it outside of classified documents nowadays might mean its been around a lot longer than you might think and might be in a lot of chips you might not expect stuff like that to be in... -MarkM- if thats true this could be very very bad for bitcoin. maybe its time to start thinking about and talking about open source hardware, or what ever is the nearest thing to it?
|
|
|
idk if its really a mistake per say but he did fail to mention the very important drawback that bitcoin has right now, namely the scalability issue. Also he said transactions are free, which is true, but he failed to mention that they will not be free for long if we ever receive anything close to wide spread adoption.
|
|
|
He has nearly 100,000 subscribers on his Youtube channel. Very nice, complete presentation.
yep it most likely will reach quite a few people. that's why im surprised at so little response from this form.
|
|
|
Isn't that one of Alex Jones's websites?
yes I've watched a lot of his DVDs he seems schizophrenic, but he makes a good living spreading FUD and misinformation... Of course plenty of conspiracy theories are real and plenty are not. I dont think Alex puts a whole lot of effort into fact checking to filter out fact from fiction. He kind of just acts on the assumption that they are all true. I doubt this is due to schizophrenia however, more likely its just whats most profitable for him in his particular market niche.
|
|
|
Perhaps because people around here are already familiar with the facts. Great presentation anyway.
perhaps
|
|
|
Isn't that one of Alex Jones's websites?
yes
|
|
|
wow I'm surprised no replies.
|
|
|
i know what you are thinking and this is not a politics and society thread. atleast not yet. right now it is a technical discussion topic. http://www.infowars.com/91497/In a promotional video for the technology, Intel brags that the chips actually offer enhanced security because they don’t require computers to be “powered on” and allow problems to be fixed remotely. The promo also highlights the ability for an administrator to shut down PCs remotely “even if the PC is not connected to the network,” as well as the ability to bypass hard drive encryption...
"Core vPro processors contain a second physical processor embedded within the main processor which has it’s own operating system embedded on the chip itself,” writes Jim Stone. “As long as the power supply is available and in working condition, it can be woken up by the Core vPro processor, which runs on the system’s phantom power and is able to quietly turn individual hardware components on and access anything on them.” so my question is this, if we take everything that is written in this article for granted, would it even be technically possible to secure ones bitcoins on a computer with one of these vPro processors?
|
|
|
|