Monthly Archive::
August 2021
Dr. Neal Krawetz, one of the leading experts in the area of computer forensics research, digital photo analysis, and related topics, has penned a blog post in which he takes apart Apple’s recent announcement and the technology behind it. He actually has a lot of experience with the very problem Apple is trying to deal with, since he is the creator of FotoForensics, and files CSAM reports to the National Center for Missing and Exploited Children (NCMEC) every day. In fact, he files more reports than Apple, and knows all the ins and outs of all the technologies involved – including reverse-engineering Microsoft’s PhotoDNA, the perceptual hash algorithm NCMEC and Apple are using. The reason he had to reverse-engineer PhotoDNA is that NCMEC refused to countersign the NDA’s they wanted Krawetz to sign, eventually not responding to his requests altogether. Krawetz is one of the more prolific reporters of CSAM material (number 40 out of 168 in total in 2020). According to him, PhotoDNA is not as sophisticated as Apple’s and Microsoft’s documentation and claims make it out to be. Perhaps there is a reason that they don’t want really technical people looking at PhotoDNA. Microsoft says that the “PhotoDNA hash is not reversible”. That’s not true. PhotoDNA hashes can be projected into a 26×26 grayscale image that is only a little blurry. 26×26 is larger than most desktop icons; it’s enough detail to recognize people and objects. Reversing a PhotoDNA hash is no more complicated than solving a 26×26 Sudoku puzzle; a task well-suited for computers. The other major component of Apple’s system, an AI perceptual hash called a NeuralHash, is problematic too. The experts Apple cites have zero background in privacy or law, and while Apple’s whitepaper is “overly technical”, it “doesn’t give enough information for someone to confirm the implementation”. Furthermore, Krawetz “calls bullshit” on Apple’s claim that there is a 1 in 1 trillion error rate. After a detailed analysis of the numbers involved, he concludes: What is the real error rate? We don’t know. Apple doesn’t seem to know. And since they don’t know, they appear to have just thrown out a really big number. As far as I can tell, Apple’s claim of “1 in 1 trillion” is a baseless estimate. In this regard, Apple has provided misleading support for their algorithm and misleading accuracy rates. Krawetz also takes aim at the step where Apple manually reviews possible CP material by sending them from the device in question to Apple itself. After discussing this with his attorney, he concludes: The laws related to CSAM are very explicit. 18 U.S. Code § 2252 states that knowingly transferring CSAM material is a felony. (The only exception, in 2258A, is when it is reported to NCMEC.) In this case, Apple has a very strong reason to believe they are transferring CSAM material, and they are sending it to Apple — not NCMEC. It does not matter that Apple will then check it and forward it to NCMEC. 18 U.S.C. § 2258A is specific: the data can only be sent to NCMEC. (With 2258A, it is illegal for a service provider to turn over CP photos to the police or the FBI; you can only send it to NCMEC. Then NCMEC will contact the police or FBI.) What Apple has detailed is the intentional distribution (to Apple), collection (at Apple), and access (viewing at Apple) of material that they strongly have reason to believe is CSAM. As it was explained to me by my attorney, that is a felony. This whole thing looks, feels, and smells like a terribly designed system that is not only prone to errors, but also easily exploitable by people and governments with bad intentions. It also seems to be highly illegal, making one wonder why Apple were to put this out in the first place. Krawetz hints at why Apple is building this system earlier in this article: Apple’s devices rename pictures in a way that is very distinct. (Filename ballistics spots it really well.) Based on the number of reports that I’ve submitted to NCMEC, where the image appears to have touched Apple’s devices or services, I think that Apple has a very large CP/CSAM problem. I think this might be the real reason Apple is building this system.
Read More
Every good operating system needs a web browser, especially as more and more apps move to the web. To that end, Google is preparing to bring the full Google Chrome browser experience to Fuchsia OS. This was inevitable, of course. As the article notes, Fuchsia already has the Chrome engine to display web content if needed, and now they are bringing the whole actual browser over as well. Just another step in the long journey to replace the underpinnings of Android and Chrome OS.
Read More
Apple also addressed the hypothetical possibility of a particular region in the world deciding to corrupt a safety organization in an attempt to abuse the system, noting that the system’s first layer of protection is an undisclosed threshold before a user is flagged for having inappropriate imagery. Even if the threshold is exceeded, Apple said its manual review process would serve as an additional barrier and confirm the absence of known CSAM imagery. Apple said it would ultimately not report the flagged user to NCMEC or law enforcement agencies and that the system would still be working exactly as designed. After yesterday’s news and today’s responses from experts, here’s a recap: Apple is going to scan all photos on every iPhone to see if any of them match against a dataset of photos – that Apple itself hasn’t verified – given to them by the authorities of countries in which this is rolled out, with final checks being done by (third party) reviewers who are most likely traumatized, overworked, underpaid, and easily infiltrated. What could possibly go wrong? Today, Apple sent out an internal memo to Apple employees about this new scanning system. In it, they added a statement by Marita Rodriguez, executive director of strategic partnerships at the National Center for Missing and Exploited Children, and one of the choice quotes: I know it’s been a long day and that many of you probably haven’t slept in 24 hours. We know that the days to come will be filled with the screeching voices of the minority. Apple signed off on that quote. They think those of us worried about invasive technologies like this and the power backdoors like this would give to totalitarian regimes all over the world are the “screeching voices of the minority”. No wonder this company enjoys working with the most brutal regimes in the world.
Read More
A large number of security and privacy experts, legal experts, and more, in an open letter to Apple: On August 5th, 2021, Apple Inc. announced new technological measures meant to apply across virtually all of its devices under the umbrella of “Expanded Protections for Children”. While child exploitation is a serious problem, and while efforts to combat it are almost unquestionably well-intentioned, Apple’s proposal introduces a backdoor that threatens to undermine fundamental privacy protections for all users of Apple products. The open letter contains tons of arguments, scenarios, and examples from experts about just how bad this technology is, and just how easily it can be abused.
Read More
Oliver Kuederle, who works with the image hashing technology used by Apple’s new technology that’s going to scan the photos on your iOS device continuously, explains that it is far, far from foolproof: Perceptual hashes are messy. The simple fact that image data is reduced to a small number of bits leads to collisions and therefore false positives. When such algorithms are used to detect criminal activities, especially at Apple scale, many innocent people can potentially face serious problems. My company’s customers are slightly inconvenienced by the failures of perceptual hashes (we have a UI in place that lets them make manual corrections). But when it comes to CSAM detection and its failure potential, that’s a whole different ball game. Needless to say, I’m quite worried about this. This is just one of the many, many problems with what Apple announced yesterday.
Read More
Airyx is a new open-source desktop operating system that aims to provide a similar experience and compatibility with macOS on x86-64 systems. It builds on the solid foundations of FreeBSD, existing open source packages in the same space, and new code to fill the gaps. Airyx aims to feel sleek, stable, familiar and intuitive, handle your daily tasks, and provide as much compatibility as possible with the commercial OS that inspired it. An ambitious but interesting effort, that seems to align quite well with helloSystem.
Read More
Solène created a week-long personal computing challenge around old computers. I chose to use an Amiga for the week. In this issue I write about my experience, and what modern computing lost when Commodore died. I also want to show some of the things you can do with an Amiga or even an emulator if you’d like to try. I’ve tried to get into the Amiga-like operating systems – MorphOS, AROS, Amiga OS 4 – but the platform just doesn’t suit me. I find them convoluted, incomprehensible, and frustratingly difficult to use. Not that it matters – I’m not here to ruin the Amiga community’s party – but if they want to sustain that commun
ity instead of having it die out as their user numbers dwindle due to old age, they might want to consider making their operating systems a little less… Obtuse.Read More
Apple has announced impending changes to its operating systems that include new “protections for children” features in iCloud and iMessage. If you’ve spent any time following the Crypto Wars, you know what this means: Apple is planning to build a backdoor into its data storage system and its messaging system. Child exploitation is a serious problem, and Apple isn’t the first tech company to bend its privacy-protective stance in an attempt to combat it. But that choice will come at a high price for overall user privacy. Apple can explain at length how its technical implementation will preserve privacy and security in its proposed backdoor, but at the end of the day, even a thoroughly documented, carefully thought-out, and narrowly-scoped backdoor is still a backdoor. Basically, Apple is going to scan your iCloud photo library, and compare cryptographic hashes of your photos to known photos containing child pornography. It’s hard to argue against this because it makes it seem as if you’re arguing against catching the sort of people that have such material. However, the issue with tools like this are not the ends – all of us are on the same side here – but the means. It’s more than obvious that this scanning is a gross invasion of privacy, but at the same time, you could easily argue that this is a bit of privacy we’d be willing to give up in order to aid in catching the worst elements of our society. The real problems stem from the fact that tools like this are simply never going to be foolproof. Software is incredibly unreliable, and while a random application crashing won’t ruin your life, an algorithm wrongfully labeling you as a pedophile most definitely will. On top of unintended consequences, malicious intent could be a major problem here too – what if some asshole wants to ruin your life, and sends you compromised photos, or otherwise sneaks them onto your device? And with Apple’s long history of working very closely with the most horrid regimes in the world, imagine what governments can do with a tool like this? On the ends that Apple is trying to get to here, we are all on the same side. The means to get there, however, need to be carefully considered.
Read More
The latest ReactOS newsletter has been published. Timo Kreuzer (tkreuzer) worked hard on various parts of the kernel and HAL, fixing issues here and there. Structured Exception Handling (SEH) support for the amd64 architecture was finished, various bugs around the kernel are fixed. A major issue with interrupt handling in HAL was also fixed in May, which finally allowed a semi-stable boot in a virtual environment. There’s also work being done on support for multiple monitors, improved support for SMP, and more.
Read More
As part of our ongoing efforts to keep our users safe, Google will no longer allow sign-in on Android devices that run Android 2.3.7 or lower starting September 27, 2021. If you sign into your device after September 27, you may get username or password errors when you try to use Google products and services like Gmail, YouTube, and Maps. Android 2.3.7 was released on 21 September, 2011. That’s ten years of support. I think that’s fair.
Read More
Google is announcing the Pixel 6 and Pixel 6 Pro today, though it might be better to call it a preview or a tease. Rather than releasing all the details on its new Android phones, Google is instead putting the focus on the new system on a chip (SoC) that will be inside the new Pixels. It’s called the Tensor SoC, named after the Tensor Processing Units (TPU) Google uses in its data centers. Tensor is an SoC, not a single processor. And so while it’s fair to call it Google-designed, it’s also still unclear which components are Google-made and which are licensed from others. Two things are definitely coming from Google: a mobile TPU for AI operations and a new Titan M2 chip for security. The rest, including the CPU, GPU, and 5G modem, are all still a mystery. Less mysterious: the phones themselves. I spent about an hour at Google’s Mountain View campus last week looking at the phone hardware and talking with Google’s hardware chief Rick Osterloh about Tensor. After all that, my main takeaway about the new Pixel 6 phones is simple. Google is actually, finally trying to make a competitive flagship phone. This looks like a really premium product, and it will most definitely have a price to match. Google finally switching over to its own SoC, after years of relying on Qualcomm, which is technically great for competition, but much as with Apple’s chips, it’s not like anyone else is really going to benefit from this. Assuming Google plans on selling this new Pixel in more than three countries, and assuming the claims about the cameras are backed up my real-world reviews, this will definitely be my next phone, since my current smartphone is ready for replacement. And what a surprise – smartphone camera quality suddenly matters now that I have a kid.
Read More
It’s no secret that the ACPI CPUFreq driver code has at times been less than ideal on recent AMD processors with delivering less than expected performance/behavior with being slow to ramp up to a higher performance state or otherwise coming up short of disabling the power management functionality outright. AMD hasn’t traditionally worked on the Linux CPU frequency scaling code as much as Intel does to their P-State scaling driver and other areas of power management at large. AMD and Valve have been working to improve the performance/power efficiency for modern AMD platforms running on Steam Play (Proton / Wine) and have spearheaded “ was not very performance/power efficiency for modern AMD platforms…a new CPU performance scaling design for AMD platform which has better performance per watt scaling on such as 3D game like Horizon Zero Dawn with VKD3D-Proton on Steam.” Valve has single-handedly made Linux a viable choice for people who play games, and with the Steam Deck on its way, their efforts are only going to ramp up. They’re doing this for their own bottom line, of course, but this is one of those cases where a corporate interest lines up perfectly with a consumer interest.
Read More
In the 1980s, Radio Shack parent Tandy Corp. released a graphical user interface called DeskMate that shipped with its TRS-80 and Tandy personal computers. It made its PCs easier to use and competed with Windows. Let’s take a look back. I’ve never used DeskMate – or Tandy computers in general – but there was a whole (cottage) industry of DOS graphical user interfaces and alternative Windows shells during the 3.x days, most notably Norton Desktop. If you ever have an empty weekend you want to fill up- fire up a DOS or windows 3.x virtual machine, and go to town. You can easily lose days researching this particular technological dead end.
Read More
After many months of work, Simon and I are pleased to announce the WireGuardNT project, a native port of WireGuard to the Windows kernel. This has been a monumental undertaking, and if you’ve noticed that I haven’t read emails in about two months, now you know why. WireGuardNT, lower-cased as “wireguard-nt” like the other repos, began as a port of the Linux codebase, so that we could benefit from the analysis and scrutiny that that code has already received. After the initial porting efforts there succeeded, the NT codebase quickly diverged to fit well with native NTisms and NDIS (Windows networking stack) APIs. The end result is a deeply integrated and highly performant implementation of WireGuard for the NT kernel, that makes use of the full gamut of NT kernel and NDIS capabilities. That’s an impressive porting job, and further spreads the availability of this protocol to entirely new users and settings.
Read More
IBM today announced IBM z/OS V2.5, the next-generation operating system for IBM Z, designed to accelerate client adoption of hybrid cloud and AI and drive application modernization projects. I have several IBM Z mainframes running in my garage running our family’s Minecraft server. This update will surely lead to downtime, which is a major, major bummer, especially since IBM is shoving ever more ads into z/OS to get us to subscribe to IBM Music.
Read More
As a weekend blast from the past, the Linux 5.14 kernel saw some Alpha CPU architecture updates — including various fixes and the removal of an Alpha-specific binary loader for running a decades dated x86 software emulator. While past the merge window, the Linux 5.14 code this week has dropped “binfmt_em86” from the kernel. This is an Alpha binary loader for Linux focused on running i386/i486 binaries via the EM86 emulator in user-space. This was part of the effort for allowing Intel Linux x86 binaries back in the day to run on DEC Alpha hardware. How will I run x86 Linux binaries on my AlphaServer ES47 now? What a preposterous commit. Linux is definitely going down the drain.
Read More