All Your Bits are Belong to Google?

I recently saw a demo of Android booting up in a CoWare environment, and I couldn’t help but notice this line in the Android boot console:

...
Freeing init memory: 96K
init: HOW ARE YOU GENTLEMEN
init: reading config file
...

That’s a little scary. If you don’t get the reference, it’s the infamous first words of CATS, followed by the immortal phrase “all your base are belong to us“.

I mean, I love the google search application, but I am a little bit disturbed by the masses of people trusting all their bits to google — their email, their desktops, their photos … soon their phones (no, I don’t use gmail — I must be the last person on earth who doesn’t — but the idea of ads showing up based on what’s in my email is disquieting for a variety of reasons). And I think that surely the Android developers cannot claim ignorance to the context of the phrase: all your base are belong to us // you are on your way to destruction // you have no chance to survive make your time.

Now, Don’t be Evil!

Incidentally, CoWare is a really neat tool; one of their other demos is a hardware simulation of the chumby platform. It’s absolutely amazing that they have a cycle-accurate simulation of the chumby hardware platform that boots our code and runs almost real-time. Since it’s a hardware simulation, you can jump in and inspect the state of signals between components, wiggle lines, and set breakpoints based on hardware state (as well as software state). This is one of those cool things that come out of having an open platform; without access to our source code and documentation, creating this demo without the help of chumby would have been much more difficult. And while some consumer electronics companies would go batty over someone emulating their platform, I say to them hats off for such a clever hack and such a powerful product.

14 Responses to “All Your Bits are Belong to Google?”

  1. Karl says:

    Interestingly enough, the hiptop/Sidekicks also say this in the syslog as it’s booting, along with some other humorous messages (“audio:the audience is now deaf” and “Hello Dangerous World”… the hiptop is made by Danger Inc.):

    – ——– ——– ——– ——–
    ..[0] 0c000000 000000cc 00000cbc 5bda4738 5bda4738 00000001
    ..[1] 0c0036f0 0006603d 00000d88 5e998038 5a491531 00000002
    ..[2] 0c003400 000001cd 00066dc5 608aae54 15655e84 00000002
    ..[3] 0c092b20 0002b520 00066f92 e1f31fae fc3b6935 00000002
    .}
    }
    boot_info @ 0x0c000100 {
    .magic 0x18675309
    .version 0x00000000
    .rom_base 0x00010024
    .boot_state 0xb0070040
    .prev_rom_base 0x00010024
    .prev_boot_state 0xb0070060
    .boot_count 42
    .fail_count 0
    .ram_size 0x02000000
    .persistent_base 0x0dff7f00
    .squash_base 0x00000000
    .altrom_base 0x00000000
    .sanity 0x17982c03
    } (SANE)
    area_info @ 0x0c0b7010 {
    .ram_base 0x0c000000
    .boot_info_base 0x0c000100
    .cpu_stack_base 0x0c000400
    .text_base 0x0c003400
    .romstash_base 0x0c13fd38
    .jvm_heap_base 0x0c1409f4
    .kpage_base 0x0ddd2000
    .offscreen_base 0x0dfd26f0
    .onscreen_base 0x0dfe5300
    .persistent_base 0x0dff7f00
    .squash_base 0x00000000
    .altrom_base 0x00000000
    .ram_top 0x0e000000
    }
    extended_flash_info @ 0x00000000 {
    .flash_info {
    . magic 0xea000079
    . rom_offset 0xe28ff303
    . sanity 0xe28ff303
    .}
    .version 0xe28ff303
    .romhead_length 0xe28ff303
    .fs_offset 0xe28ff303
    .fs_length 0xe28ff303
    .flash_top 0xe28ff303
    .sanity 0xe28ff303
    }
    How are you gentlemen!!
    ———————–
    Build 57324 : 101.turner.100
    32MB RAM @0x0c000000, ROM @0x00010024, Boot #42
    CPU is running at 48000000 Hz
    module: box_early
    module: box_display
    AMD_IdentifyFlash(0): read mfr 0x0001 dev 0x00d7/0000/0018
    IdentifyFlash: Flash @ 00000000 is Unknown AMD Flash
    System has 00800000 bytes (8 MB) of Flash @ 00000000
    flash_init(): found a valid efi @ 0x00010000
    extended_flash_info @ 0x00010000 {
    flash_info @ 0x00010000 {
    magic 0x11235813
    rom_offset 0x00000024
    sanity 0x11235837
    } (SANE)
    version 0x00000000
    romhead_length 0x0000ffdc
    fs_offset 0x00010000
    fs_length 0x007e0000
    flash_top 0x00800000
    sanity 0x11dca7eb
    } (SANE)
    fs: 1200 blocks free (4896000 bytes)
    hstr_find: found @ 0xc348000
    page_init: 0xc1409f4 .. 0xddd2000
    page_init: 0xe45 (3653) pages, aka 29224k
    page_init: 0xc dead space @ 0xc1409f4 .. 0xc140a00
    page_init: page map @ 0xc140a00 .. 0xc147c28
    page_init: 0x3d8 dead space @ 0xc147c28 .. 0xc148000
    page_init: pages @ 0xc148000 .. 0xddd2000
    page_init: total dead space 0x3e4
    heap_init: found datastore @ 0xc348000; moved to 0xddd0000
    handle_init: 0x10000 handles @ 0xc148000 .. 0xc248000
    chunk_init: info @ 0xc13f080
    module: box_pwrmgmt
    module: pdiusb_usb_init
    pdiusb: usb_init()
    kernel: task 17 (startup task) started by task -1
    * EXTERNAL BUILD *
    kmain2: product-specific inits
    module: box_init
    rtc_init(): time is Tue May 4 17:30:20 2004
    kernel: task 27 (soft_reset) started by task 17
    module: blit_init
    module: usb_task
    module: input
    module: network_stack
    module: audio
    kernel: task 45 (keyboard) started by task 17
    kernel: task 46 (power) started by task 17
    kernel: task 49 (light sense) started by task 17
    kernel: task 52 (blitter) started by task 17
    kernel: task 70 (usb task) started by task 17
    kernel: task 74 (watch_dog_check) started by task 17
    kernel: task 78 (Network Timer) started by task 17
    kernel: task 88 (radio_worker) started by task 17
    kernel: task 101 (DNS Reader) started by task 17
    kernel: task 22 (*idle*) started by task -1
    ### audMixerNew ###
    ### AUDIO SUTAATO ####
    audio:BAE Bank version: 1 1 0 result 0
    kernel: task 110 (audio:render) started by task 17
    audio:the audience is now deaf
    module: java_runtime
    module: libcrypto
    kernel: task 17 (startup task) done, status 0
    kernel: task 113 (audio:idle) started by task 17
    kernel: task 117 (JVM) started by task 17
    kernel: task 123 (busy) started by task 117
    JVM: try to load from ffs or ROM
    CHARGE: state change NotCharging –> Current @ 1
    CHARGE: Started timer with timeout 16200 seconds
    CHARGE: state change Current –> Voltage @ 1
    CHARGE: Cancelled timer
    CHARGE: Started timer with timeout 9000 seconds
    CHARGE: state change Voltage –> Current @ 1
    CHARGE: Cancelled timer
    CHARGE: Started timer with timeout 16200 seconds
    CHARGE: state change Current –> Voltage @ 1
    CHARGE: Cancelled timer
    CHARGE: Started timer with timeout 9000 seconds
    *** loaded fallback font (199098) @0xc284004 ***
    *** LOADING BUNDLES ***
    RadioInt: int 0 dcd 0
    RadioInt: int 0 dcd 0
    %%% get special handles %%%
    loader: java.lang.Object loading
    jlobj = 0xc1a8b00, sz = 96
    *** java/lang/Class *** 0xc148000 0xdc44d00
    RadioInt: int 1 dcd 1
    kernel: task 127 (demux_task) started by task 88
    kernel: task 140 (packet pusher) started by task 88
    JVM: success. starting.
    vm: run 0xc342a50 w/ 0xc2402b0
    kernel: task 148 (SysInit) started by task 117
    (148) Hello Dangerous World

  2. Ken Kennedy says:

    I hear you, Bunnie…I don’t use GMail for the same reason (I have an account, but it’s just for throwaway mailing lists and such), and I spread out my “digital life” to Flickr, magnolia, my own servers, etc. to try and minimize who has what.

    I have to admit, though…I’m pretty excited about Android. Having a gadget that’s open, with wireless as well as wifi access, seems to be quite a winner to me. It IS F/OSS, after all…even though I’m not planning on compiling it myself (I didn’t do that for my chumby, either, though…*grin*), I expect that there will be enough eyes on the code to minimize the chance of backdoors and such. In any event, ANY eyes on the code beats what we get from BB, Windows Smartphones, and such today!

    Google could certainly pull a fast one. But in this case, I think there’s already plenty to worry about if we want to start worrying. You definitely are making me pause and think it through, though.

  3. Mark says:

    The guy that that started Danger (maker of the Hiptop/Sidekicks) is the same founder of Android – that was aquired by Google. That would explain the double reference, and possibly some IP theft.

  4. Won says:

    I was considering moving off my gmail account, but then I decided to work at Google (consider that disclosure). I don’t work on Android, though. Here is my personal opinion (and does not reflect the veiws of my employer):

    Um, maybe it is just a joke? It is kind of a leap to suggest that a reference to “all your base (pointers) are belong to us” is more nefarious than a debug message. It is also kind of a big leap to suggest that there was some IP theft involved (quite a serious accusation, really). Anyway, you will be able to confirm/deny this when the source is released.

    I am very glad that bunnie and friends are out there calling people out on security and privacy, and I certainly understand your reluctance to use gmail (or any other third party mail service). This is a bit of a stretch though.

  5. ladyada says:

    yah funny you should post this. i was on gmail for a few years but just last week i decided that “man this is kinda stupid” & began my quick transition from @gmail.com.
    gmail doesnt do SSL and if you’re going to IMAP then why not just DIY? i have my own server so it is pretty easy.

    quickbooks once installed google desktop ‘for me’ and completely destroyed my windows box requiring a complete wipe :(

  6. Torkell says:

    You’re not the only one still avoiding gmail, though my reason for staying clear of it is simply because I already have enough email accounts spread around. Let’s see… webmail x2, university, old ISP #1, old ISP #2, current ISP, domain name, phone… that’s eight distinct personal email accounts and all of them are active to some degree. I just don’t see a use for yet another webmail one when I’ve got an actual IMAP server on my primary account.

  7. Ken Kennedy says:

    Yep, ladyada, with your own IMAP server, it’s not too bad. Just fyi, mairix is a good ft-search utility, which made no gmail archive not too painful for me. Particularly good hooks to mutt (my MUA), but it should work with most anything: http://kenzoid.com/blog/archive/782/

    And note: I agree that the “all your base” reference is basically a joke. But it brings to mind the larger picture, which is relevant. Google is obviously the 800-lb gorilla b/c of the amount of data it collects and can correlate. But in fact any online service that holds data about you weakens your privacy protections (in the US, based on 4th Amendment). It doesn’t mean I’m going to stop using the Web, but when I can protect my data, I do.

  8. Karl says:

    I doubt that there’s any IP theft going on, unless quoting some obscure phrase from an old Sega Genesis game on startup now qualifies for protection. One happens during the boot of the hiptop kernel, and the other happens in Android’s init (userland) binary.

  9. grey says:

    As Mark mentioned there’s actually key ex-Danger people working on Android (another key low level ex-Danger person helped with the iPhone, and is now @ Palm). These devices are all still ARM after all. ;)

    ladyada: gmail does do TLS during logon, and if you instead specify https://mail.google.com when you initially login, it will stay under TLS for your entire session as well (whereas if you just go to gmail.com it will only do ssl for auth and then drop back to plaintext; or at least that’s what it used to do, I haven’t bothered with that method in ages).

    As for google having all your bits; it’s a viable concern – but as far as gmail goes: someone already has all of your email, smtp is plaintext after all. If you want to keep it private and over smtp, the old pgp is what people have been doing for far too long anyway. I mean, sure we could all use silc; but when it comes to smtp – I don’t think escrowing out storage and server maintenance top notch antispam and whoatnot in exchange for some ads (which can be trivially ignored with privoxy for example) is really asking much given the medium.

    It’s also kind of nice to let someone else deal with the headaches of boxes getting compromised (and having friends in and out of google secops, they’re pretty well staffed and often well ahead of the curve when it comes to what’s publicly disclosed).

    Don’t get me wrong, there’s definitely a place for privacy – but that doesn’t negate the usefulness of the services google offers either.

  10. ladyada says:

    thx for the https note, i tried it a while ago but it didnt work (probably because i had logged in ‘under’ http and then tried to switch over ???)

    gmail is an excellent service & is great for many people. but servers that pass the smtp data around dont log all of it and use it along with cookies to build a black-box of your habits. i am aware of ‘security’ threats so i dont transmit passwords, credit card data, etc. but how to defend against volunteering personally identifying information is much tougher :(

    for example, i would pay for google apps for my domain, but only if i could install it in-house.

  11. Brian says:

    I’m sad that modern hiptopOS no longer says “MAIN SCREEN TURN ON” when the LCD is initialized. I forget if that was my fault or somebody else’s (it’s been seven years now), but it always made me smile.

    I would advise against seeing dark conspiracies or “IP theft” in the random quoting of Zerowing dialogue…

  12. Jay Marm says:

    It’s clear that Google’s simple intention is simply about getting as much information on the internet user as possible for the sole purpose of being able to tell advertisers that they know *absolutely everything* about you. This is how they make money – targeted advertising. Like bunnie and others noted here I try to maintain a healthy distance from Google services that would provide them with even more personal information than they are all ready able to ascertain. Where my concern lies is that I have little faith that they will be unable to resist the temptation (or the secret gov’t court order) to provide this information to be used for unintended and unethical purposes in the not too distant future. They know who you associate with, have all your mail (bills, love letters, homework sent from the office etc.), calendar items, surfing logs, purchase information, etc. I’ll leave it up to the conspiracy theorists to dream up ways this information can be used improperly – but it scares me enough to turn down the shiny red apple that Google is offering.

  13. travis says:

    I don’t trust google at all, but it contains information to certain pages that I couldn’t find throught yahoo!, even when trying extremely hard to be precise in my words I type and searching. So I have to use it’s dam search engine. One of the ceo’s of google attends “Bilderberg” meetings.
    I don’t use gmail, I think it’s stupid. Seems to me google may be contributating to the world identfication system that is still being developed. 2017, a global ID system will be “universal”, but I bet there will be an extreme amount of bugs and problems, thus delaying it another few years. perhaps 2019.
    The bilderberg….the secret-nto-anymore-secret shadow government, as some call it. It is actually only part of the shadow government. The government in secret that upseats all the governments plans at the very last moment and controls america secretly, accroding to a founding fathers quote. The secret money powers are in fact the Federal Reserve banks all working together with the united states government, the banks themselves have been in question for years as to who might OWN them. The answer is revealed. The world rich, elitist familes own them. Rothschild, Rockefeller, Warburg, Schif, Morgan, Astor, Canegie, etc.

  14. will says:

    like ken my gmail account is a throw away my emails from it are forwarded to yahoo