Question about delivery and assurance

Started by miroR, July 28, 2020, 10:09:50 PM

Previous topic - Next topic

miroR

I looked around in the forum but I didn't find a place where to post this, so since what I just ordered is an:
LIME2-SERVER-128GB-SSD
(and various components), I thought I'd post my question here.
I have no suspicion on Olimex whatsoever, but what if the delivery would get intercepted, and compromised? How could I know?

Let me explain. I wish I didn't have to show the treatment that I had in a similar occasion, which is a purchase of just a cellphone, but shows the potentially non-friendly environment where I live:

The Central Deployed A Hack to Mount an Expoit by Android Debug Bridge from my Nowhere-Ever-User-Connected Huawei Y6 2019
https://www.croatiafidelis.hr/foss/cap/cap-190626-Huawei-adb-sr0/

It happened. It has nothing to do with Olimex, except I wish to be able to know how to verify, upon delivery, that the package that Olimex accepted for delivery, as I just paid 171.60 EUR online with my Visa Electron card, is not intercepted and modified?

Pls. is it possible, by looking up how it is packaged, and that all is sealed well, just as when it was sent, as I suppose it will be... Is it possible, but looking at the parcel as it will be delivered to me, to know that it is the parcel as Olimex has sent to me?

Pls. tell me any details to be aware of when signing up my acceptance of delivery my DHS!

Thank you in advance!

LubOlimex

Aside from the making sure that the packing is intact and not compromised there not much else you can do. Furthermore, DHL follow a lot of policies about these things, I don't think they are part of some global conspiracy network.

However, I shouldn't worry about the possibility of someone fiddling with the hardware in such a way - it is far too low-spread and specific product to be worth of exploiting. A development board rarely contains sensitive data to be gathered, furthermore these boards are operated by more educated Linux savvy people and hackers would naturally target less educated users. Mobile phones make more sense to be compromised.

As far as I understand you are afraid of software exploit being installed by someone between the moment we sent the shipment and the moment you received it. Do not worry for such problems, the board comes without software installed. You need to re-write the SD card with one of the official image from here:

http://images.olimex.com/release/a20/
Technical support and documentation manager at Olimex

miroR

Quote from: LubOlimex on July 29, 2020, 11:10:07 AMAside from the making sure that the packing is intact and not compromised there not much else you can do. Furthermore, DHL follow a lot of policies about these things, I don't think they are part of some global conspiracy network.
That's reassuring and I feel more confident.


Quote from: LubOlimexHowever, I shouldn't worry about the possibility of someone fiddling with the hardware in such a way - it is far too low-spread and specific product to be worth of exploiting. A development board rarely contains sensitive data to be gathered,
True, but there weren't any whatsoever of my own user's data --other that videos that I was recording at a public meeting-- in that cellphone. Sometimes it's purely malice or political mischief...

Quote from: LubOlimexfurthermore these boards are operated by more educated Linux savvy people and hackers would naturally target less educated users. Mobile phones make more sense to be compromised.
You are also right about that, they probably didn't expect I would expose what they did with my cellphone, else they wouldn't hack it... Just, it wasn't hackers, I mean it wasn't hackers with no deal in massive survaillance entities at power, local in this case, a hacker generally can't just get to know out of nowhere who just bought a cellphone, not easily.

Quote from: LubOlimexAs far as I understand you are afraid of software exploit being installed by someone between the moment we sent the shipment and the moment you received it.
I really worry about any kind of malice/mischief for actually no reason, but I am going the risk of purchising the board, and a few components, as I have no way of buying it anywhere in Croatia, and making a journey to a neighboring country would in itself, the mere journey, be more costly that this risk.

I hope it will be fine and that I will be opening my LIME2 server this upcoming Friday or Monday, and surely follow your tip:
Quote from: LubOlimexDo not worry for such problems, the board comes without software installed. You need to re-write the SD card with one of the official image from here:

http://images.olimex.com/release/a20/
Just before I close this post of today, a more precise question about the little that I can do when DHL delivers it to me, i.e. the:
Quote from: LubOlimexmaking sure that the packing is intact and not compromised
And if any of the happy LIME/LIME2 owners who were delivered their boards via DHL or such, would prefer to reply, as I dislike bothering good Olimex developers/moderators, I will be happy with that too:

What does it look like, how is the parcel wrapped, are there on the parcel adhesive labels/some such things, that can not really be unstuck without damaging the parcel?

Anybody has a few photos what that looks like, the greater the resolution, the better?

If not, I promise I will have. Not anymore for myself, but occasionally there will be people targeted for mischief like me, who will eventually find this post before purchase, so they will, hopefully, be assured they can order their Olimex boards safely.

Thanks, @LubOlimex!

miroR

#3
Quote from: miroR on July 29, 2020, 08:21:05 PMAnybody has a few photos what that looks like, the greater the resolution, the better?

If not, I promise I will have. Not anymore for myself, but occasionally there will be people targeted for mischief like me, who will eventually find this post before purchase, so they will, hopefully, be assured they can order their Olimex boards safely.
Here:
https://www.croatiafidelis.hr/foss/cap/cap-200731-LIME2-server/

And I'm not more than 99% confident it is as sent from Olimex facilities. 99% percent confident that it's just sloppiness by the packaging personnel, at DHL, IIUC, pls. see the edges, how labels are not uniformly applied... That does look like human work, not some robot.

OTOH, if there were the black plastic wrapping tracks at hand (whatever the more correct name to them), the original black tracks could have been cut with scissors, and other ones wrapped around, looking the same, and with the labels put carefully back and taped on... This parcel could, well at least theoretically --I give it 1% probability, but that's my imperfect assessment-- been opened, and reassembled back to look as before.

In other words: with more care if they were packaged, I would be more confident (I do hope it's just not really well packaged... not that it matters much, but it does leave a little doubt). Also, the adhesives should have been more "agressive" I'd believe --haven't unstuck anything yet, just it looks so.

I haven't opened it yet. Still pondering over.

Anybody have their thoughts?

miroR

#4
Anybody can't open the link:
Quote from: miroR on August 01, 2020, 05:43:04 PMHere:
https://www.croatiafidelis.hr/foss/cap/cap-200731-LIME2-server/
or maybe anybody can't open the link to this very topic:
https://www.olimex.com/forum/index.php?topic=7772
?
(Of course I'm a little ironic...)
Namely, I got a reply from the local DHL (<dhl> dot <hr>, by email ) that (in Croatian):
Quote from: undefinedNismo u mogućnosti otvoriti linkove.
which translated into English reads:
Quote from: undefinedWe are not able to open those links.

I still haven't opened the parcel. The courier didn't allow me to open it in front of him (which may be fine, maybe that's their policy), but the front label is so sloppily put onto the parcel, that I have a tiny suspicion the parcel may have been opened, and the label after possilby some action, put back.

Of course, I did send, on Saturday, a short mail to Olimex, to that effect, and I said I don't mind if they do not reply soon, because it was weekend, and they go on vacation, but that I am ready to wait till August 17th when they are back. I have no suspicion whatsoever on Olimex.

Now let's see what DHL (the local, who can't open links) will reply.

miroR

Original text:
Quote from: DHL.hrPrema dostupnim informacijama tijekom tranzita i isporuke pošiljke nije uočena nikakva nepravilnost iste.
Ukoliko uočite oštećenje sadržaja ljubazno molimo da o istom obavijestite pošiljatelja.
S obzirom da je ugovor o prijevozu sklopljen između pošiljatelja i DHL Bugarska, reklamacija se riješava između dvije
+ugovorene strane.
Translated:
Quote from: DHL.hrAccording to the available information, during transit and delivery of the parcel no fault has been found to have occurred.
If you find any damages to the content of if, we kindly ask you to send notice to the sender about it.
Given that the contract of delivery has been made between the sender and the DHL Bulgaria, the claim is to be solved between the two parties to the contract.
Nope! My suspicion is on DHL Croatia, i.e. DHL Hrvatska. And I just kindly asked them to whom I can complain of their refusal to check up on the fact about the state of their delivery.

miroR

#6
I've updated:
https://www.croatiafidelis.hr/foss/cap/cap-200731-LIME2-server/
today.
My parcel is still intact, i.e. I have still not opened it. See above for some 1% chance (search for the 99%, 1% is the inverse) that it has been compromised.
I'm not sure whom can the gaping slit at:
https://www.croatiafidelis.hr/foss/cap/cap-200731-LIME2-server/LIME2-server-compo-2020-08-01_14:01:42.jpg
be attributed to, to packegers at Olimex or at Bulgarian DHL branch, but if it is to Olimex, that's really the only minor fault of theirs, and only if we're pedantic (I admit that I am)...
The rest of my uncertainty should be solved by DHL. Whom I have had no more replies from, really.
Will try and contact them again.

I'm not in a rush. I had to save for some 10 months to buy me these good things which I longed for years. And 1% of risk estimate is a lot when you save for it for 10 months.

I'm still curious to read what any of you other Olimex users think of this quest for assurance of mine.

olimex

Hi MiroR,

Sorry for the belated reply we have been in Summer Vacation.
Please tell me what are your exact concerns?
The pictures seems ok and the package looks like not being opened. The black stripes are intact and I confirm that we use such black strips to seal the package.
There is DHL lable on the stripes and the AWB above them, so if one wanted to open the package he had to break these labels, AWB and stripes and definitely would leave traces as the glue of these labels is quite strong.
I do not see makrs of the package being opened.
Best regards
Tsvetan

miroR

Quote from: olimex on August 19, 2020, 08:08:21 AMHi MiroR,

Sorry for the belated reply we have been in Summer Vacation.
Please tell me what are your exact concerns?
The pictures seems ok and the package looks like not being opened. The black stripes are intact and I confirm that we use such black strips to seal the package.
There is DHL lable on the stripes and the AWB above them, so if one wanted to open the package he had to break these labels, AWB and stripes and definitely would leave traces as the glue of these labels is quite strong.
I do not see makrs of the package being opened.
Best regards
Tsvetan
Thank you most sincerely for your careful reply. And thank you for your patience with me (I hope you enjoyed your vacations, you guys deserved it for sure!).
I think, along with a kinder reply from the DHL Express Croatia director that I received to my last night's repeated query, that the risk that I believed was there (my suspicion amounted to just a minor risk estimate) is now dissipating to nonexistence.
I will clear out one other uncertainty first. Will post next (I have to upload the Invoice PDF to make a clear question, need a little time. To cut suspense, it's about the weight that differs in the Invoice and on the parcel label. The Invoce has: Weight 1.420 kg and see the parcel, it has 0.750 kg, see e.g.: https://www.croatiafidelis.hr/foss/cap/cap-200731-LIME2-server/LIME2-server-compo-2020-08-01_14:00:43.jpg How is that?).
(And just a note: this topic was about assurance, more than insurance. I know English that well, it was not wrong word to use nor poor use of the word.)

olimex

it's normal do not worry as there is volumetric and real weight, I check our records and these numbers match so nothing to worry about :)


miroR

#11
Quote from: olimex on August 19, 2020, 02:16:29 PMit's normal do not worry as there is volumetric and real weight, I check our records and these numbers match so nothing to worry about :)
Sorry, I pressed F5 on my browser to reload ti, but didn't look carefully enough, and didn't see your post.
Thanks!

miroR


miroR

#13
Quote from: olimex on August 19, 2020, 08:08:21 AM[...]
The pictures seems ok and the package looks like not being opened. The black stripes are intact and I confirm that we use such black strips to seal the package.
There is DHL lable on the stripes and the AWB above them, so if one wanted to open the package he had to break these labels, AWB and stripes and definitely would leave traces as the glue of these labels is quite strong.
I do not see makrs of the package being opened.
Best regards
Tsvetan
That really was the information that I needed. Unfortunately I am not super-intelligent, also my eyesight is getting poorer with time (I'm 62)...
I also really hope this topic will be useful to others with similar uncertainties.
Viewing the video:
LIME2-server (and components), delivery parcel opening
https://open.tube/videos/watch/06735530-bf3c-4940-bae8-991e8a2a1bd2
leaves no doubt that the parcel is as packaged by Olimex, and as labeled by DHL.
Pls. note that the video is all one single shooting. No manipulation. I actually only, basically, applied this FFmpeg line to the original video as recorded by my relatively newly bought Huawei Y6 2019:
ffmpeg -i VID_20200819_142649.3gp -vf pad=1920:1920:0:420,rotate=PI,crop=1920:1080:0:420 VID_20200819_142649.mp4but that is only rotating the video by 180 degrees, i.e. upside down, because I wrongly placed the camera. Meaning: it's still not really manipulated in any way that changes content in any such way that modifies the looks and sounds of what happened, the reality of those 15 minutes of opening the parcel.

There is one thing I don't understand. Pls. view the video, and listen to it, after time:
13:40
and
15:25
from the beginning. That's a little before 2 minutes before end and some 30 seconds to end.

What is that sound from inside the server-HDD joined hardware?
This compound piece of hardware does not appear to me it needs to be taken apart before use.
And it is not clear to me what that sound is, what makes that sound, it's like a loose screw or screws are in there.
Pls. view it at those last two minutes and tell me, and direct me if necessary!

miroR

#14
Subtitle to this post:
The culprit couldn't resist and betrayed himself. And it has been arrested and brought to justice!
Quote from: miroR on August 19, 2020, 10:57:15 PM[...]
Pls. view the video, and listen to it, after time:
13:40
and
15:25
from the beginning.
[...]

What is that sound from inside the server-HDD joined hardware?
This compound piece of hardware does not appear to me it needs to be taken apart before use.
[...]
it's like a loose screw or screws are in there.
[...]
It was an loose screw. Pieces: one only. This morning, still wondering what that sound was, I made another "session" of turning that server-HDD hardware piece around, and...
And, guess what, it just fell out!

No sound anymore from the inside of the server-HDD hardware.
We have a saying that translates into English as: "He who works, errs." It happens, if there is no other fault to my LIME2-server, this is unimportant and negligable, I don't mind about it.

But there's one more uncertainty that I have.

It's my server's:
3.7V LIPO BATTERY CONNECTOR

It's all over the video, from time:
7:00 to end
in many places, mostly in background (intermittently seen, not countinuously), and one of the places it is seen best is btwn.:
13:00 - 13:10
which is some 3 minutes before end.

On the images that can currently be viewed at:
https://www.olimex.com/Products/OLinuXino/Home-Server/LIME2-SERVER-NO-HDD/
esp. the image:
https://www.olimex.com/Products/OLinuXino/Home-Server/LIME2-SERVER-NO-HDD/images/thumbs/310x230/LIME2-SERVER4.jpg
it looks like my connector is not placed in its slot as in those pictures.

Pls. tell me how is this, and can I fix this to be as on those pictures that I linked above, and should I do it, and tell me if you have any other advice about this.