<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Mar 23, 2016 at 5:30 PM, Jerry Leichter <span dir="ltr"><<a href="mailto:leichter@lrw.com" target="_blank">leichter@lrw.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">From <a href="http://appleinsider.com/articles/16/03/23/apple-moves-to-bring-icloud-infrastructure-in-house-predicated-by-backdoor-fears---report" rel="noreferrer" target="_blank">http://appleinsider.com/articles/16/03/23/apple-moves-to-bring-icloud-infrastructure-in-house-predicated-by-backdoor-fears---report</a>....<br></blockquote><div> ....</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
Apple's multi-year effort to develop its own servers and networking hardware has reportedly been driven in large part by security concerns, as the company worries that supply chain tampering may lead to deeply embedded vulnerabilities which are difficult to find and remediate.<br></blockquote><div> ...</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
Unfortunately, Apple's worries are not unfounded.<br></blockquote><div> ...</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
"You can't go take an X-Ray of every computer that hits the floor. You want to make sure there's no extracurricular activity" by building servers in-house, one source told the publication.</blockquote><div><br></div><div>Photographing including X-ray imaging is not terribly difficult. Factory imaging systems are </div><div>not crazy expensive including X-ray. It is the disassembling and reassembling that</div><div>is a PITA.<br><br>Astronomers have marvelous imaging libraries. <br><br>The obvious question "Is this one another one just like the other one" is the easy </div><div>question and has gotten better given the fact that images can be contraband.<br><br>Hardware test is almost all JTAG scan and can also be automated. So looks good and scans as good</div><div>is possible and can be automated.<br><br>There are a lot of turtles but if you can inspect and "trust" a couple layers of turtles some things are safer, <br>depending on the turtle the bad boys sit on.</div><div><br></div><div> A room of old SGI or Sun servers with old compilers from old media in a locked room could cross</div><div>compile and improve the trust of a number of turtles of type utility and compiler.<br><br>A binary editor could craft the foundation words of FORTH... </div><div><a href="http://www.eecs.wsu.edu/~hauser/teaching/Arch-F07/handouts/jonesforth.s.txt">http://www.eecs.wsu.edu/~hauser/teaching/Arch-F07/handouts/jonesforth.s.txt</a><br>And from there bootstrap a lot more.</div></div><div class="gmail_extra"><br></div>It is a problem. One difference is we have no Snowden from other nation's spook centers.<br>The big name service companies do see attacks and do have staff to inspect analyse and react.<br>They have reacted... to real attacks from near and far.<br><br>One layer to ponder is the network itself. I have wondered why Facebook spent money on this:<br><a href="https://code.facebook.com/posts/843620439027582/facebook-open-switching-system-fboss-and-wedge-in-the-open/">https://code.facebook.com/posts/843620439027582/facebook-open-switching-system-fboss-and-wedge-in-the-open/</a><br><br>But it is an arms race... <br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>