I've been working on the cold boot problem for a while. Read my glorious paper! Then, download aes-amnesia.S and come back here to figure out how to use it.
WARNING: DO NOT USE HARDWARE OR SOFTWARE SUSPEND WHILE THE LOOP.KO MODULE IS LOADED OR YOU WILL TOTALLY TRASH YOUR HARD DISK -- WE'RE TALKING EXTREME, IRREVERSIBLE DISK CORRUPTION -- UPON RESUME!
WARNING: DO NOT USE ON A SYSTEM CONFIGURED WITH SMP SUPPORT OR YOU WILL TRASH YOUR HARD DISK! PROBABLY NOT AS BAD AS IF YOU SUSPEND, BUT STILL PRETTY BAD!
AND THIS WILL CERTAINLY HAPPEN. IT'S NOT, LIKE, WELL, MAYBE IT WILL HAPPEN. IT WILL HAPPEN EVERY TIME. YOU ABSOLUTELY MUST NOT SUSPEND YOUR COMPUTER WHILE USING THIS. YOU ABSOLUTELY MUST USE A NON-SMP KERNEL WHILE USING THIS. AND IF YOU DON'T KNOW WHAT A NON-SMP KERNEL IS, YOU SHOULDN'T USE THIS. BECAUSE YOU'LL TRASH YOUR HARD DISK IF YOU USE THIS ON A NORMAL LINUX SYSTEM. ALL OF YOUR FILES. GONE. FOR GOOD. AND YOU WON'T KNOW AT FIRST. MAYBE YOU CAN RECOVER SOME OF THE FILES USING A TOOL LIKE PHOTOREC BUT DON'T GO THERE JUST DON'T USE THIS UNLESS YOU'RE ABSOLUTELY REALLY DAMN SURE YOU KNOW HOW TO AVOID CORRUPTING YOUR HARD DISK. THIS IS PRE-ALPHA QUALITY SOFTWARE. DO NOT USE THIS UNLESS YOU KNOW WHAT YOU'RE DOING. AND EVEN IF YOU DO KNOW WHAT YOU'RE DOING, DON'T SUSPEND YOUR COMPUTER, EVER, WHILE LOOP.KO IS LOADED. IF YOU DO ACCIDENTALLY, PULL THE PLUG ON THE LAPTOP AND TAKE OUT THE BATTERY RATHER THAN RESUMING BECAUSE ONCE YOU RESUME, YOUR FILES ARE DEAD. IF YOU DO RESUME, WELL, AGAIN, IMMEDIATELY TURN OFF THE COMPUTER TO AVOID FURTHER DAMAGE. IF YOU USE WITH AN SMP KERNEL, YOU'LL CORRUPT YOUR FILES MORE SLOWLY SO YOU WON'T KNOW AT FIRST. DON'T USE THIS WITH AN SMP KERNEL. IF YOU DON'T KNOW HOW TO DO THESE TWO THINGS -- NOT SUSPEND AND ONLY USE WITH A KERNEL YOU HAVE COMPILED WITHOUT SMP SUPPORT, DO NOT USE THIS SOFTWARE. THIS SOFTWARE CAN DESTROY YOUR DATA. ALL OF IT. FOREVER. DON'T USE THIS SOFTWARE UNLESS YOU UNDERSTAND THIS ENTIRE WARNING AND KNOW HOW TO MAKE SURE YOUR DATA DOESN'T GET DESTROYED.
This is what you do to use it (works with AES128 on 64-bit Linux only): 1. Get Loop-AES here. 2. Configure your kernel for Loop-AES. While you're at it, disable hardware performance monitoring (oprofile) and multiple CPUs (we don't support SMP systems unless compiled without SMP support ... yeah, I know, that needs to be fixed, and it can and will be). 3. Copy aes-amnesia.S to aes-amd64.S. 4. Make sure you've configured Loop-AES to use its AMD64 assembly language implementation of AES, which we just copied over. Note that things like Via PadLock and AES-NI are not supported currently; configure them out. 5. Compile Loop-AES as normal. 6. Some tests will fail because Loop-Amnesia doesn't support AES-192 or AES-256 yet. 7. Set up an encrypted volume with Loop-AES using AES128. You're now immune to cold boot!
DO NOT SUSPEND YOUR SYSTEM WHILE LOOP-AMNESIA IS IN USE OR YOU WILL ABSOLUTELY FOR SURE CORRUPT YOUR HARD DISK. In fact, you can do this to make sure it's working: 1. Unmount every encrypted volume except for a small loopback volume WHOSE CONTENTS YOU DON'T CARE ABOUT. 2. Software or hardware suspend the disk. 3. Resume and unmount your test volume DO THIS AND YOU WILL NEVER SEE THE DATA IN THE TEST VOLUME AGAIN IF YOU ARE USING LOOP-AMNESIA. 4. Use "losetup -d" on the loop device you used for the test volume. 5. Unload and reload loop.ko. IF LOOP.KO WON'T UNLOAD, YOU SHOULD BE VERY VERY AFRAID THAT PERHAPS YOU HAVE ANOTHER PARTITION LOADED AND OH GOD YOU'RE GOING TO LOSE ALL YOUR DATA FOR SURE IF YOU UNMOUNT ANYTHING YOU CARE ABOUT SO DON'T DO THAT AND DON'T TYPE "sync". JUST PULL THE PLUG IF YOU MESSED UP AND HAVE ANYTHING OTHER THAN A DUMMY TEST PARTITION MOUNTED. IF YOU'RE LUCKY, MAYBE YOUR DATA WILL STILL BE THERE WHEN YOU TURN THE COMPUTER BACK ON. 6. Verify that the loopback volume's filesystem is corrupted. If it's not, you've done something wrong and are using a non-cold-boot-immune Loop-AES implementation, not Loop-Amnesia!
Best of luck, and comment on this blog post if you have problems! Also comment if you want SMP support; I'd get to adding it faster if I know people are wanting to use it :)
UPDATE: The people who did AESSE (mentioned in my paper) have continued to work on the cold boot problem and have also released code. If you have a computer with AES-NI support, or a 32-bit CPU, you may want to have a look at TRESOR. TRESOR is a project similar to Loop-Amnesia but uses dm-crypt as its base rather than Loop-AES. TRESOR can also make use of the AES-NI registers to provide better performance than Loop-Amnesia on computers that have them (I will add AES-NI support to Loop-Amnesia if there is demand, however), and, unlike Loop-Amnesia, TRESOR also supports 32-bit versions of Linux (which Loop-Amnesia will never do). Unlike Loop-Amnesia, however, TRESOR does not support mounting multiple encrypted partitions. This means, for instance, that if you want cold-boot-immune data and swap partitions, you'll have to use Loop-Amnesia, not TRESOR.
When I was in elementary through high school, my public school district used an Internet filtering system to stop students from accessing "evil" websites, such as those containing nudity or email. I have no idea if the PISSED (inside joke) school district has decided to lighten up any, but I decided to do a comparison of my school district's censorship system with that of China. I have also decided to include instructions on evading censorship of each.
PISSED school district: - Annoying picture of stupid dog displayed when site is blocked. - No DNS hijacking. - Dedicated servers for censorship. - HTTPS not blocked and not censored because contents of website couldn't be examined. - I seem to recall port blocking was in effect, with only ports 80 and 443 allowed through. - Unknown whether running an ssh server on port 80 or 443 would work (would unless they're doing deep packet inspection). - CGIProxy was effective. - Booting Linux eliminated need for login.
Communist China: - Blocked site simply fails to load. - DNS hijacking stops effectiveness of evasion tools that do not also tunnel DNS. - Dedicated servers for censorship (assumed). - Contents of HTTPS websites not examined; some https websites might still be blocked. - No port blocking in effect. - CGIProxy not tried but should work if run as https server.
I have successfully evaded both of these censorship systems in the past. Now, I want to tell others how to do this, too.
For the PISSED school district system, the following method should work: 1. Run a proxy server using SSH SOCKS5 proxying or HTTPS CGIProxy on your home Internet connection. If you choose SSH, use port 443. 2. Boot a PISSED computer from a Linux Live CD or DVD so that you don't have to log in and can't be tracked. 3. Connect to your proxy server. 4. Visit blocked websites.
For Communist China, the following method should work: 1. Run a proxy server in another country using SSH SOCKS5. CGIProxy probably won't work because of China's DNS hijacking. 2. Configure Firefox to redirect DNS requests through SOCKS to evade the DNS hijacking by setting network.proxy.socks_remote_dns in about:config. 3. Connect to your proxy server. 4. Visit blocked websites.
On Linux, to connect to an SSH server from a client and use it as a proxy, do ssh -C2qTnN -D 8080 username@remote_machine.com. Add a "-p 443" if you configured your SSH server to use port 443 to evade PISSED port blocking.
If you are personally suffering under the evil, anti-freedom regimes of China or PISSED, or otherwise have a need for evading Internet censorship, please post below so that I can assist you with your specific censorship evasion needs. I recognize these directions are rather skeletal; I feel that, if you are running into trouble, I can best help you by discussing the issue with you personally.
The fan on my recently purchased computer died, leading to overheating and malfunctioning of the power supply, leading to almost all capacitors on my video card exploding, leading to my noticing something was wrong. While this situation has since been rectified, and the computer is running fine (with a new power supply and an ATI Rage 3D XL instead of an NVidia GeForce 7600 ... >.<), I thought I'd ask my readership's opinion of a certain issue:
If I use a soldering iron to replace the blown capacitors ... would the dead graphics card live again?
Cleaning the fan of a computer system is approximately equivalent to changing the oil on a car. Most computer users, including me, rarely if ever bother to do it, but, if you don't, the computer may be more likely to be damaged over time due to overheating. On desktops, it's usually fairly easy to clean the fan, thanks in part to the widespread standardization of desktop PC components.
Laptops have always been less standardized than desktops, and therefore less user-serviceable. This situation is mainly due to space constraints requiring the use of custom-sized components. While this situation has been improving for a while, the improvement apparently hasn't been enough.
What happened is this: 1. Homosexuals mount a state court challenge asserting a right to marry in California. The California Supreme Court decides that California's constitution allows gay marriage. Yup, the state's fundamental legal charter allows gay marriage; it's just that no one's noticed this before in the 150 years California has been a state. 2. Opponents of gay marriage mount a successful political campaign to pass a ballot measure amending California's constitution to disallow gay marriage. In the Bizarro world of California, then, the founders of the State of California were supporters of gay marriage, but by constitutional amendment the citizens of California changed their fundamental legal charter to nullify this. 3. Homosexuals mount a state court challenge asserting that the amendment to the California Constitution is unconstitutional under state law ... or something stupid like that ... I don't know. Anyway, the California Supreme Court this time acknowledges that, no, the people have spoken and the California Constitution no longer allows gay marriage. 4. Homosexuals now mount a federal court challenge, suing the Governator in his official capacity, along with the attorney general. 5. Because these two individuals support gay marriage, they refuse to perform their duty as executive officers of the state to defend Proposition 8. The proponents of the proposition therefore filed a petition to intervene in the litigation, which was granted, and thereafter defended the law on the state's behalf. 6. It is widely believed that the defendants-intervenors did not do a very good job; in any event, they lost at the district court level. The Attorney General of California refused to appeal the ruling. The defendants-intervenors therefore are attempting to appeal the ruling on the state's behalf, but are running into trouble since there's a legal question of whether they have standing to do so.
People and entities that disgust me here: 1. The California Supreme Court. I highly doubt that the founders of the state intended to write into the California Constitution that gay marriage was a fundamental right. This is judicial activism. I don't particularly dislike the result, but it's the job of the democratic process to resolve the issue of how to provide for homosexuals wishing to marry each other. 2. Judge Walker, for ruling that we amended the Constitution back in 1868 to allow gay marriage, and no one noticed until he did just now. 3. The Governator and his attorney general, for not only failing in their duty to defend the laws of California but refusing to even complete paperwork on behalf of those wishing to do this job for them, thereby creating a legal question of standing. They are being maliciously negligent with regard to the interests of the state they swore to represent.
I don't particularly care whether Torrent-Finder was engaging in copyright violations or not or whatever. This seizure was done by a court order, not by ICANN, and this makes it a run-around against the ICANN procedures that Internet users in every other country in the world would have to follow. If the US is not a fair steward for the international institution that is Internet governance, the root DNS system WILL become fractured as nations and organizations compete to be "recognized" as the legitimate overseers of the DNS system. The US should stop doing end-runs around ICANN now or risk causing the root DNS system to unravel.
The current software patent situation in the United States is dysfunctional, in that they still exist. Bilski has declawed them to some extent, but a patent holder can still waste vast amounts of an entity's time and money by bringing a lawsuit. While I care about economic efficiency in general, I care about the FOSS ecosystem in particular to a greater degree, so this post is an analysis of strategies FOSS-supporting entities may use to counteract this threat.
Against a large corporation, sympathetic to FOSS or not, such lawsuits are merely a nuisance. Large corporations have long had to deal with lawsuits, patent-related or not, frivolous or with merit, on a daily basis as a cost of doing business. This reduces the efficiency of the economic system, as does all extortion, but the use of FOSS does not make a large corporation more likely to be sued than not, and they can take care of themselves. FOSS development and use by large corporations is not at risk.
Small corporations which use FOSS are not regularly sued. This is likely to remain the case. While a patent holder can theoretically bring a lawsuit against a user of an infringing machine, how would the patent holder know that a small corporation is using FOSS software to begin with? Microsoft's salesmen currently use the threat of lawsuits as a FUD weapon against Linux. This likely has some unknown chilling effect on adoption, but, as Microsoft has never sued an end user for using server or desktop Linux instead of Windows, and is unlikely to do so for a number of reasons, all FOSS needs to do here is counter the propaganda. Red Hat and IBM salesmen are well-equipped to perform this role, and probably do not need our help. FOSS use by small corporations is not at risk.
Small corporations developing FOSS are in a more precarious position. It is not out of the question that a larger competitor may sue a FOSS-based startup in an attempt to crush competition. However, that the startup is using FOSS will not help or hurt the small corporation here. FOSS-based startups are at risk here, but it is a risk shared by all startups due to the deleterious legal environment for software. FOSS development by small corporations is not at a special risk here.
This leaves individuals and nonprofits, and this is where I see a risk, but also a solution. A patent troll would never sue an individual or nonprofit: there is no money there. However, Microsoft or another evil, monopolistic corporation could do so in an effort to stifle competition. This sometimes happens in real life: I wrote about Shazam threatening lawsuit back in July (and still have not gotten around to my anti-establishment vow since I am not actually all that interested in sound recognition). In the case of this happening, the individuals and nonprofits need a defense that can shut down the lawsuit quickly and cheaply. It is unlikely that an individual or nonprofit organization can afford to fight a full-on patent lawsuit, so, even when facing an invalid patent, it is likely an individual or nonprofit would be forced to concede. This is what the corporate bullies who would bring such a lawsuit hope for.
Attempts to deal with this threat are still undeveloped as this type of lawsuit remains an exceedingly rare phenomenon, likely due to bad publicity, the cost of a patent lawsuit for prospective plaintiffs, the lack of any chance of financial gain to the plaintiff and the fact that individuals and nonprofits are likely to remain off of a large corporation's radar. This is, however, still a chilling effect worth countering.
There are some organizations in the community that might step in to defend against a lawsuit if asked. The Linux Foundation might help; the OIN might help; the Linux Foundation Legal Defense Fund might help. I will now talk about legal arguments that may be used to thwart such an anticompetitive bully; I will also talk about ways to prevent such lawsuits from being filed in the first place. Because of the inconvenience caused by the second method, it should be used only if the law is interpreted against us.
What the Linux community needs is a test case that can serve as legal precedent that nonprofit and individual open source contributors cannot be liable for patent infringement, regardless of the validity of the patent. Such a precedent would allow an individual or nonprofit to defeat an anticompetitive lawsuit without needing to engage in the often prohibitively costly effort of proving that a particular software patent is invalid. Given current case law, it should be possible to set such a precedent.
There are three different types of infringement under US patent law. To create a safe harbor for noncommercial FOSS developers, we need court precedent stating that noncommercial FOSS development cannot render an individual or nonprofit liable for any of these types of infringement. The types of infringement are as follows: 1. Direct infringement: making or using a patented machine 2. Contributory infringement: offering for sale a machine which, while not infringing the patent by itself, has no valid use unless modified by the buyer of the machine to infringe the patent. 3. Inducement of infringement: actively encouraging another party to infringe a patent. This type of infringement requires (1) knowledge of the patent and (2) intent to cause another party to infringe the patent. Mere knowledge that another party is infringing the patent is not sufficient to prove inducement; there has to be intent to cause infringement.
Direct infringement is probably the hardest type of infringement to defend against, but I still think we can do it. First, FOSS projects do not distribute machines. Software patents must be construed to involve "a specific machine" so as not to be abstract; while it is unsettled law whether "a standard digital computer" is specific enough, this does not matter as FOSS does not distribute computers, only software for them.
This leaves developer liability for making or using a patented machine. Because software development almost always involves running the developed software for debugging and testing, it is in fact likely that a FOSS developer will use "a standard digital computer" while developing software covered under the scope of a patent. A court may even find that it is a foregone conclusion that an accused developer has run the software he has written, although since it /is/ /possible/ to write software without running it, and there are circumstances in which this has been done, we don't know which way a court will rule on this point and should actively fight against a court's judgment to this effect. Isolating the potentially infringing component into a module of the open-source product which is compiled out by default and was written and is maintained by one or more anonymous or foreign contributors may help here if courts throw out the experimental use doctrine entirely.
Our best argument against liability for use of a patented machine is the personal use exemption for patent infringement established by Whittemore v. Cutter in 1813. While this doctrine has since been strictly limited, most recently in Madey v. Duke University (2002), if noncommercial FOSS development does not qualify as for "amusement, to satisfy idle curiosity, or for strictly philosophical inquiry," it is difficult to see how the exemption applies to any activities at all. In order to increase the likelihood that this defense will be accepted, nonprofit organizations should emphasize the philosophical, curiosity, and amusement aspects of open source development on their websites. Since Madey is a CAFC decision, a test case could be appealed to the Supreme Court, but we should attempt to achieve our aims without having to do that.
With direct liability thus disposed of, next follows contributory infringement. With open source software, it is incontestable that there is no sale. This should be enough; if it is not, other defenses are that the product offered is a description of the invention, not a component, or that the software has multiple uses, etc.
The final type of potential liability is inducement. Awareness of the patent is required for inducement; individual contributors may protect themselves by not making public statements showing awareness of the patent. Refusing certified mail may make it more difficult for the enemy to establish knowledge of the patent. However, it is likely that the plaintiff will be able to provably make contributors aware of the patent somehow. We should not rely on lack of knowledge alone.
Inducement also requires intent that another entity infringe. This is where we should focus our defensive efforts. Most contributors to an open source project will actually not intend that others infringe the patent; they are only working on a project that they enjoy and do not particularly care what others do. While they may hope it is useful for others, and may have knowledge that others might use the product to infringe a patent, it is unlikely that there is actual intent here.
Even if a court finds that the contributor intended the FOSS product to be used by others -- which, again, should not be a foregone conclusion, as the contributor may have only intended to distribute the product among developers who are not infringing the patent by virtue of the experimental use doctrine, or may have intended the code only to be used as a reference for the design of the patented machine (it is expressly allowed that one create references or designs for a patented machine) and not to be compiled at all -- the plaintiff has not established intent. The contributor may intend the product only to be used by foreigners not subject to US patent law. The contributor may be building a software product now but intends for use to occur only after the patent has expired. The contributor may intend for the product only to be used by someone with a license from the patent holder. Intent is always very difficult to prove. Of course, a contributor could help the enemy establish intent by posting an incriminating message on a public mailing list ("Screw M$ and screw software patents! I hope everyone in the U.S. uses my code to infringe the M$ patents and I hope M$ goes bankrupt!"). Contributors should be discouraged from making statements such as this. In this example, the contributor is probably admitting intent and may also be admitting awareness, although awareness of specific patents may or may not be demonstrated based on the context in which the statement was made.
This covers all possibilities. The main weakness I see is the reliance on the common law research experimentation doctrine, as this doctrine has recently been interpreted very narrowly. However, it does seem to me that FOSS development still falls under its narrowed scope. We could push for a law expanding the experimentation doctrine to cover FLOSS explicitly, although we will probably not get such a law. We can also hope the doctrine is expanded by the Supreme Court, which has a less expansive view of patent law than the Court of Appeals for the Federal Circuit.
If all else fails, what we have left is anonymous software development. With public-key encryption, it is possible to create developer pseudonyms so that collaboration is possible without anyone knowing who anyone else is. An adversary unable to discover the identity of the infringing developers will be unable to file suit.
I am not a lawyer and this is not legal advice, ---linuxrocks123
If you notice, the law specifies that if a person aged 18-20 commits 2 or more moving violations in a 24 month period, that person's license will be suspended. This is more severe than the penalties for moving violations committed by people 21 or older.
This law penalizes two people committing the same offense and with the same prior behavior differently solely because of who the offenders are. It is patently unfair and a gross violation of the 14th Amendment's principle of equal protection under the law. The law may pass constitutional muster; courts hold that age is not a protected class under the 14th Amendment and that driving license restrictions are subject to less scrutiny than criminal penalties. If it does not violate the letter of the 14th Amendment, however, it certainly violates its spirit.
In short, the home state of the president celebrated for winning the war that gave our country the 14th Amendment may have successfully found a loophole around it. How shameful.