Skip to main content

Privacy or not

On Feb 16 2016 Tim Cook the CEO of Apple Corp. posted an open letter to it's customers in response to an FBI request to get Apple's assistance in extracting data from a terrorists phone. While I applaud Mr Cook and Apple for his public statement I think there are just a few problems here:

Apple has already stated that they have provided all data that they currently have. I'm sure that means things like iTunes, iCloud, Maps, and maybe even iMessage. Of course if the phone was backed up then there is a good chance that the remaining bits of data are already available to the FBI.

Just what exactly does Apple need to do that the FBI cannot? Early iOS phones used a 4-number pin and depending on the configuration settings the phone may or may not delete itself. Whether or not the phone will self destruct is likely known to Apple in the data above. But it is 1000 combinations of 4-digits and the phone is unlocked. If it's one of the modern Apple phones then it's possible that a fingerprint might unlock the phone. Since the FBI has or had the bodies they have access to the phone.

Granted there has not been a trial and "the couple" has not been found guilty, however, the likelihood that they were not the killers is remote if not impossible. As such they have given up their rights. All of the laws that her have on the books are currently lawful and until they are tested must be complied with. I'm not sure that this is the best test case for challenging them. And even so; it would likely only effect future cases since this one is open and shut.

While this whole topic is filled with FUD (fear uncertainty and doubt) the security model likely does have a back door. The Apple Vault product, which allows the user to secure their entire harddrive, has some magic keys that "can" be stored on the iTunes server for later retrieval. It's very likely that this same feature is already present in the iPhone only we don't know it.

Furthermore, the user's pin and fingerprint are only used to unlock the first few layers of the cryptography scheme. A 4-digit or even a 6-digit pin it not big enough to encrypt a block of data let alone an entire phone. So chances are better than 50:50 that there is an NSA team that could get into the phone.

So why did Apple and Tim Cook make the statement?

They made the statement because the FBI made a very public request and if it were known that there was any sort of data leakage whether by accident or on purpose the iPhone and iPad brands would be destroyed and quite possibly Apple itself since so much of it's revenue is tied to those brands. Granted there is a segment of the population that would not care and maybe they would weather the storm but it would leave a mark nonetheless.

Popular posts from this blog

Prometheus vs Bosun

In conclusion... while Bosun(B) is still not the ideal monitoring system neither is Prometheus(P).

TL;DR;

I am running Bosun in a Docker container hosted on CoreOS. Fleet service/unit files keep it running. However in once case I have experienced at least one severe crash as a result of a disk full condition. That it is implemented as part golang, java and python is an annoyance. The MIT license is about the only good thing.

I am trying to integrate Prometheus into my pipeline but losing steam fast. The Prometheus design seems to desire that you integrate your own cache inside your application and then allow the server to scrape the data, however, if the interval between scrapes is shorter than the longest transient session of your application then you need a gateway. A place to shuttle your data that will be a little more persistent.

(1) storing the data in my application might get me started more quickly
(2) getting the server to pull the data might be more secure
(3) using a push g…

Entry level cost for CoreOS+Tectonic

CoreOS and Tectonic start their pricing at 10 servers. Managed CoreOS starts at $1000 per month for those first 10 servers and Tectonic is $5000 for the same 10 servers. Annualized that is $85K or at least one employee depending on your market. As a single employee company I'd rather hire the employee. Specially since I only have 3 servers.

The pricing is biased toward the largest servers with the largest capacities; my dual core 32GB i5 IntelNuc can never be mistaken for a 96-CPU dual or quad core DELL

If CoreOS does not figure out a different barrier of entry they are going to follow the Borland path to obscurity.

Weave vs Flannel

While Weave and Flannel have some features in common weave includes DNS for service discovery and a wrapper process for capturing that info. In order to get some parity you'd need to add a DNS service like SkyDNS and then write your own script to weave the two together.
In Weave your fleet file might have some of this:
[Service] . . . ExecStartPre=/opt/bin/weave run --net=host --name bob ncx/bob ExecStart=/usr/bin/docker attach bob
In sky + flannel it might look like:
[Service] . . . ExecStartPre=docker run -d --net=host --name bob ncx/bob ExecStartPre=etcdctl set /skydns/local/ncx/bob '{"host":"`docker inspect --format '{{ .NetworkSettings.IPAddress }}' bob`","port":8080}' ExecStart=/usr/bin/docker attach bob
I'd like it to look like this:
[Service] . . . ExecStartPre=skyrun --net=host --name bob ncx/bob ExecStart=/usr/bin/docker attach bob
That's the intent anyway. I'm not sure the exact commands will work and that's partly why we…