Question about delivery and assurance

Started by miroR, July 28, 2020, 10:09:50 pm

Previous topic - Next topic

miroR

I looked around in the forum but I didn't find a place where to post this, so since what I just ordered is an:
LIME2-SERVER-128GB-SSD
(and various components), I thought I'd post my question here.
I have no suspicion on Olimex whatsoever, but what if the delivery would get intercepted, and compromised? How could I know?

Let me explain. I wish I didn't have to show the treatment that I had in a similar occasion, which is a purchase of just a cellphone, but shows the potentially non-friendly environment where I live:

The Central Deployed A Hack to Mount an Expoit by Android Debug Bridge from my Nowhere-Ever-User-Connected Huawei Y6 2019
https://www.croatiafidelis.hr/foss/cap/cap-190626-Huawei-adb-sr0/

It happened. It has nothing to do with Olimex, except I wish to be able to know how to verify, upon delivery, that the package that Olimex accepted for delivery, as I just paid 171.60 EUR online with my Visa Electron card, is not intercepted and modified?

Pls. is it possible, by looking up how it is packaged, and that all is sealed well, just as when it was sent, as I suppose it will be... Is it possible, but looking at the parcel as it will be delivered to me, to know that it is the parcel as Olimex has sent to me?

Pls. tell me any details to be aware of when signing up my acceptance of delivery my DHS!

Thank you in advance!

LubOlimex

Aside from the making sure that the packing is intact and not compromised there not much else you can do. Furthermore, DHL follow a lot of policies about these things, I don't think they are part of some global conspiracy network.

However, I shouldn't worry about the possibility of someone fiddling with the hardware in such a way - it is far too low-spread and specific product to be worth of exploiting. A development board rarely contains sensitive data to be gathered, furthermore these boards are operated by more educated Linux savvy people and hackers would naturally target less educated users. Mobile phones make more sense to be compromised.

As far as I understand you are afraid of software exploit being installed by someone between the moment we sent the shipment and the moment you received it. Do not worry for such problems, the board comes without software installed. You need to re-write the SD card with one of the official image from here:

http://images.olimex.com/release/a20/
Technical support and documentation manager at Olimex

miroR

Quote from: LubOlimex on July 29, 2020, 11:10:07 amAside from the making sure that the packing is intact and not compromised there not much else you can do. Furthermore, DHL follow a lot of policies about these things, I don't think they are part of some global conspiracy network.
That's reassuring and I feel more confident.


Quote from: LubOlimexHowever, I shouldn't worry about the possibility of someone fiddling with the hardware in such a way - it is far too low-spread and specific product to be worth of exploiting. A development board rarely contains sensitive data to be gathered,
True, but there weren't any whatsoever of my own user's data --other that videos that I was recording at a public meeting-- in that cellphone. Sometimes it's purely malice or political mischief...

Quote from: LubOlimexfurthermore these boards are operated by more educated Linux savvy people and hackers would naturally target less educated users. Mobile phones make more sense to be compromised.
You are also right about that, they probably didn't expect I would expose what they did with my cellphone, else they wouldn't hack it... Just, it wasn't hackers, I mean it wasn't hackers with no deal in massive survaillance entities at power, local in this case, a hacker generally can't just get to know out of nowhere who just bought a cellphone, not easily.

Quote from: LubOlimexAs far as I understand you are afraid of software exploit being installed by someone between the moment we sent the shipment and the moment you received it.
I really worry about any kind of malice/mischief for actually no reason, but I am going the risk of purchising the board, and a few components, as I have no way of buying it anywhere in Croatia, and making a journey to a neighboring country would in itself, the mere journey, be more costly that this risk.

I hope it will be fine and that I will be opening my LIME2 server this upcoming Friday or Monday, and surely follow your tip:
Quote from: LubOlimexDo not worry for such problems, the board comes without software installed. You need to re-write the SD card with one of the official image from here:

http://images.olimex.com/release/a20/
Just before I close this post of today, a more precise question about the little that I can do when DHL delivers it to me, i.e. the:
Quote from: LubOlimexmaking sure that the packing is intact and not compromised
And if any of the happy LIME/LIME2 owners who were delivered their boards via DHL or such, would prefer to reply, as I dislike bothering good Olimex developers/moderators, I will be happy with that too:

What does it look like, how is the parcel wrapped, are there on the parcel adhesive labels/some such things, that can not really be unstuck without damaging the parcel?

Anybody has a few photos what that looks like, the greater the resolution, the better?

If not, I promise I will have. Not anymore for myself, but occasionally there will be people targeted for mischief like me, who will eventually find this post before purchase, so they will, hopefully, be assured they can order their Olimex boards safely.

Thanks, @LubOlimex!

miroR

August 01, 2020, 05:43:04 pm #3 Last Edit: August 01, 2020, 05:53:21 pm by miroR
Quote from: miroR on July 29, 2020, 08:21:05 pmAnybody has a few photos what that looks like, the greater the resolution, the better?

If not, I promise I will have. Not anymore for myself, but occasionally there will be people targeted for mischief like me, who will eventually find this post before purchase, so they will, hopefully, be assured they can order their Olimex boards safely.
Here:
https://www.croatiafidelis.hr/foss/cap/cap-200731-LIME2-server/

And I'm not more than 99% confident it is as sent from Olimex facilities. 99% percent confident that it's just sloppiness by the packaging personnel, at DHL, IIUC, pls. see the edges, how labels are not uniformly applied... That does look like human work, not some robot.

OTOH, if there were the black plastic wrapping tracks at hand (whatever the more correct name to them), the original black tracks could have been cut with scissors, and other ones wrapped around, looking the same, and with the labels put carefully back and taped on... This parcel could, well at least theoretically --I give it 1% probability, but that's my imperfect assessment-- been opened, and reassembled back to look as before.

In other words: with more care if they were packaged, I would be more confident (I do hope it's just not really well packaged... not that it matters much, but it does leave a little doubt). Also, the adhesives should have been more "agressive" I'd believe --haven't unstuck anything yet, just it looks so.

I haven't opened it yet. Still pondering over.

Anybody have their thoughts?

miroR

August 04, 2020, 10:16:12 am #4 Last Edit: August 04, 2020, 10:25:38 am by miroR Reason: say more
Anybody can't open the link:
Quote from: miroR on August 01, 2020, 05:43:04 pmHere:
https://www.croatiafidelis.hr/foss/cap/cap-200731-LIME2-server/
or maybe anybody can't open the link to this very topic:
https://www.olimex.com/forum/index.php?topic=7772
?
(Of course I'm a little ironic...)
Namely, I got a reply from the local DHL (<dhl> dot <hr>, by email ) that (in Croatian):
Quote from: undefinedNismo u mogućnosti otvoriti linkove.
which translated into English reads:
Quote from: undefinedWe are not able to open those links.

I still haven't opened the parcel. The courier didn't allow me to open it in front of him (which may be fine, maybe that's their policy), but the front label is so sloppily put onto the parcel, that I have a tiny suspicion the parcel may have been opened, and the label after possilby some action, put back.

Of course, I did send, on Saturday, a short mail to Olimex, to that effect, and I said I don't mind if they do not reply soon, because it was weekend, and they go on vacation, but that I am ready to wait till August 17th when they are back. I have no suspicion whatsoever on Olimex.

Now let's see what DHL (the local, who can't open links) will reply.

miroR

Original text:
Quote from: DHL.hrPrema dostupnim informacijama tijekom tranzita i isporuke pošiljke nije uočena nikakva nepravilnost iste.
Ukoliko uočite oštećenje sadržaja ljubazno molimo da o istom obavijestite pošiljatelja.
S obzirom da je ugovor o prijevozu sklopljen između pošiljatelja i DHL Bugarska, reklamacija se riješava između dvije
+ugovorene strane.
Translated:
Quote from: DHL.hrAccording to the available information, during transit and delivery of the parcel no fault has been found to have occurred.
If you find any damages to the content of if, we kindly ask you to send notice to the sender about it.
Given that the contract of delivery has been made between the sender and the DHL Bulgaria, the claim is to be solved between the two parties to the contract.
Nope! My suspicion is on DHL Croatia, i.e. DHL Hrvatska. And I just kindly asked them to whom I can complain of their refusal to check up on the fact about the state of their delivery.