It really doesn't matter until one tries to enforce an AGPL provision. If you do, that's where as you say will be arguments whether one added something substantial enough; basically the AGPL terms can really only be enforced on those additions.
You're forgetting that U.S. healthcare costs are also massively overblown compared to other western countries, due to the absence of proper collective bargaining. (And possibly even collusion between insurers and healthcare providers to rip off citizens and the government.)
The root comment implies that if not for warmongering, you could have had healthcare.
That's not the case. If the USA had a more functioning political system (ranked choice voting etc) and didn't hate 'communism' so much then they would have healthcare.
Not exactly surprising; unless you establish some type of shared secret between the TPM and CPU (e.g. by burning it into fuses in both devices, or through some signature scheme), the bus connecting the two will always be a problem…
Also not exactly surprising: It requires direct physical access to the hardware, if an attacker has that level of control you're a goner no matter what you do. In any case since Moxa devices have historically been riddled with buffer overflows and XSS and RCEs and similar vulns, no attacker will ever need to use this attack because there's much, much easier ways to get in that don't require that you travel to where the device is, get past the physical security at the site, remove the device, dismantle it, and attach probes to internal buses.
I've thought about it but haven't checked too hard: can they not do a key exchange? In my existing research I've found no reason they can't, just that they don't.
I guess we only see the ones that don't in the news. Makes sense. I have yet to see one of these where the data is encrypted and they M'dITM to get it, but I'm sure it's happened.
Exactly this. Burning in a shared secret works; alternatively you could do something with private keys burned into each device, signed with some PKI scheme whose public keys are known to the other entity.
Notably both of these turn it into a 'microscope' problem, alternatively if the key leaks somewhere…
At the end of the day, if the system is to process the data, it needs to access it. (Homomorphic encryption nonwithstanding.)
I thought security chips put (extra?) metallization over top the logic to prevent the microscope problem. Do they not or can that still be defeated? I guess if you're careful enough you can strip off that extra layer
People are very creative in defeating those mechanisms. It's mostly a question of time. Also doesn't help if there's some side channel or software leak.
The only "truly" 'safe-ish' thing is active battery powered intrusion detection. It's done for high end HSMs… which easily sell for 5 or 6 digit prices.
That happened when Hamas attacked Israel and Israel started a full blown war in Gaza. The whole situation was very convenient for Russia, weapon deliveries were slashed to supply Israel.
It's just funny that people can't stomach that their own ruling class is leading them down the primrose path so they have to go casting about for a foreign bogeyman who's making it happen, despite the fact that every major Western power has bent the knee to this action against Iran.
I mean… just ask about something "naughty" and they'll fail? At the very least you'd need to use setups without safeguards to pass any Turing test…
The Turing test could also be considered equivalent to "can humans come up with questions that break the AI?" and the answer to that is still yes I'd say.
reply