HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ng55QPSK

no profile record

comments

ng55QPSK
·2 anni fa·discuss
which means: you tell the compiler
ng55QPSK
·3 anni fa·discuss
i can understand everything, but why is Apple as global company fixes jobs like this to a single site?
ng55QPSK
·3 anni fa·discuss
Is the same infrastructure available in Windows and MacOS?
ng55QPSK
·4 anni fa·discuss
Do we know, where it is submitted?
ng55QPSK
·4 anni fa·discuss
At home we use a phrase from an interview with a EU politician that was done BEFORE the ukraine war and asked about the US/CIA warnings of an upcomming war and he said "Always remember, the CIA was the agency that told US presidents for years the vietnam war would be over next week" ...
ng55QPSK
·4 anni fa·discuss
i still don't understand. Should i put a bet (like €50), i can find an operator that closes such databases, or that you find an operator that doesn't?

I'm part of the mobile communication industry (while being in research) and part of my job is interacting with operators.
ng55QPSK
·4 anni fa·discuss
It shocked some managers in telco, something we consider a good thing ...
ng55QPSK
·4 anni fa·discuss
Well, you're invited to join research on network ... because it's impossible to hide your ID from your access network. Tor and similar can hide your ID in transport, but that's no option in RAN.
ng55QPSK
·4 anni fa·discuss
So you have ID41323 and ID53242 over night (or at daytime) in the same location, how do you map this back to names?

It's not impossible, but you need data that exists (like house-to-name mapping) from databases outside of the reach of the operators.

And the location information in the network is only as precise as needed. Most of the time this is a cell area, so 100s of m2.
ng55QPSK
·4 anni fa·discuss
You just explained the TMSI - something that was used since GSM networks in the early 90s
ng55QPSK
·4 anni fa·discuss
Serious answer: I have seen operators taking this serious. It's also a european trend not to blindly accept law enforcement requests to open data anymore.

For US companies: read something on the recent twitter example.
ng55QPSK
·4 anni fa·discuss
i'd recommend to watch the presentation https://media.ccc.de/v/mch2022-273-openran-5g-hacking-just-g... in which it's made clearer, that the telco part wasn't the issue. 5G systems can be operated rather secure, but operators or subcontractors that build these cloud installation have strange ideas about trust and config.

On the topic of 'telcos don't take security seriously', CoryD recently wrote some wise words in https://pluralistic.net/2022/08/12/regulatory-uncapture/#con...

"The public-private surveillance partnership is very old, and it's key to monopolists' strategy. It took 69 years to break up AT&T, because every time trustbusters came close, America's cops and spies and military would spring into action, insisting that the Bell System was America's "national champion," needed to defend it from foreign enemies. The Pentagon rescued Ma Bell from breakup in the 50s by claiming that the Korean War couldn't be won without AT&T's help"

I know some people in designing 5G, that were rather frustrated by outside influence on "can we have another unsafe option also, just in case we need it?"
ng55QPSK
·4 anni fa·discuss
Both informations are abstract identifiers and are decoded in a database to 'real' values only, PHY doesn't care about your decrypted ID. If the operator keeps that database closed, a reasonable privacy of who and where can be done.
ng55QPSK
·4 anni fa·discuss
Actually in 5G network there is almost nothing that isn't encrypted. What Karsten decribes is that cloud installations very often trust the infrastructure, but that's no special 5G problem.
ng55QPSK
·4 anni fa·discuss
"weather models" "better" - how do you actually rate weather models? Exact prediction or prediction of outliers like catastrophic events? Is there more value in knowing tomorrow's temperature to be 24C or a thunderstorm happening at 15:00 ?
ng55QPSK
·4 anni fa·discuss
Just wrong. The more correct input you have and the more correct your model of the real world is, the more accurate your predictions are.

We already see helpless activities to be better with AI (and a lot of computing) then classical optimisation theory (think solving PDEs) and failing.

Just more computing power will not help (except people whose business model relies on selling you computing power)
ng55QPSK
·4 anni fa·discuss
The point here is: if the owner of the IMSI catcher has some preknowledge about the target phone.

There is no way to avoid this.
ng55QPSK
·4 anni fa·discuss
Tracking down 'strange' configuration will work in 5G the same way. It still could be, and the pdf covers this, 'strange' configurations can happen in early deployments in 5G also. It will be a false positive for checks like this.
ng55QPSK
·4 anni fa·discuss
as explained in the pdf: There is a part of the connection setup, that will happen before any mutual authentification: The telephone offers the IMEI/IMSI to get an initial connection. The network learns this number and it's the counterpart of a MAC address in Wifi networks.
ng55QPSK
·4 anni fa·discuss
"You can't see all of the issues and all of the problems and how your design really doesn't work until you actually try to build it." - assuming you build something, nobody has tried to build before.

In the 95% of other cases, use a library solutions, read about solutions that exist, try to learn from similar solutions. Don't reinvent the wheel.

It's not wrong to do experiments, learn from that and apply the know-how to production code.