Posts by doublelayer

Re: enabled?

There's what the OS is capable of: nearly everything, and what the UI lets you do: much less. It has a file system. It is capable of creating directories, putting files in them, and moving or copying big sections at a time. Pretty much everything can do that. But until not that long ago, you couldn't do it manually on IOS, because they wouldn't let you at the file system. Individual apps could provide you with access to their own sandboxed sections of the file system, but to get anything in or out required going through IOS's transfer system which works on single files only. Now, they've slightly relaxed that and have a file browser on the device. It can do some things. But it can't do everything you typically do in seconds from any desktop OS, and some of the things it can do are significantly more painful.

As for the shell, it can run one. As you've pointed out, you had to jailbreak for that one. The point being that, as Apple has designed it, you can't have a shell. So you can't do certain things like writing a script to do some batch file changes, firing up python to use it as a calculator, or curl a file from the internet, which are all useful things for the more technically-minded of us. The device and OS are capable of it, but the layers above the kernel have been set up to make it hard to do so.

So, while IOS remains that way, I maintain that it is not fully featured for the uses to which desktops and laptops are put. Apple can fix this if they want, and they don't have to do much. Just add access to the filesystem (writing a good GUI file browser is optional because if the access if available, someone will), give us full access to the utilities through a terminal, give us the ability to install code directly from the device (which currently requires a tether to a mac), and we're done. They don't have to do lots of nice things, like give us root access or open the doors to unsigned code. But until they do those things, the OSes are not similar from the standpoint of a technical user. If they do those things, they've effectively just made IOS a slightly different version of Mac OS with a touch input layer.

Re: Big Brother Watch

I think these organizations are well worth supporting, but at the risk of seeming quite cynical, I have to ask whether they have an effect. Oh, they do incredibly useful work in looking at and protesting and in some cases launching legal attacks at surveillance programs. But their efforts haven't seemed to stop any of the major abuses being passed, nor have they managed to get increased public support. The legal cases seem to keep coming out on their side without getting anything changed. I hope that, with sufficient support, they can get more public interest and action such as protests together because that seems like the only method that hasn't really been tried yet. Sadly, it seems very difficult to organize and with a tenuous hope of success as well. My major hope is for some political group to start to realize the importance of this, as I haven't seen anything above a single politician understanding the importance of privacy, so my vote is pretty much pointless on this issue.

Re: Single Point of Failure?

It's not quite as single a point of failure as it seems. There are many protocols that are not affected by this--if these keys expire, many parts of the DNS root system continue to run like clockwork.

But, let's assume that all the people who do this are killed at once by some type of internet-hating terrorist group. What would happen is that IANA would get in a locksmith and break into the safe again. They might need more time, and they might need to do a bit of trial and error if there are any passwords involved, but they can handle that.

Let's assume the terrorists also take out the facility where the safe is. IANA just moves over to Virginia where there is a second copy of the safe and breaks into that one, then probably copies the contents and reestablishes the two-locations system again.

Let's assume that both locations and all participants are destroyed. In this case, IANA are a little stuck, but that's assuming they have no backups of the system somewhere (and nobody managed to copy the keys for a laugh). Given how secure they want this to be, it's possible they don't have them, but I wouldn't be surprised if that weren't the case. But if that happened, the problem would eventually fall down to the next set of servers. For a while, cached results from the root servers would be fine and nobody would have a problem. That's why attacking the DNS root servers, even if it works, doesn't immediately bring down the internet. During this time, users continue to act as normal while IANA and other DNS operators decide what needs to be done.

Let's assume they fail to do it. They don't have the ability to create a new key and have it trusted implicitly, and nobody has an idea of a quick way out of this. What happens then is that people have to fall back to other DNS information without authentication. It has problems, but it has also worked for quite a while. We're just back to that. Many places will have to change their system configurations. We'd see a lot of annoyed users. We technical folk would get a large helping of blame we don't really deserve. But life, the internet, and everything would continue to exist. IANA might get a lot of bad consequences for that, but that's where it'd end.

Re: Dedicated device

"This should be a tiny disposable wearable."

That's a bad idea pretty much whatever you think about the plan. Please consult the following list and choose the rebuttal based on what you think about the idea of tracking contact.

Tracking's great and everyone should do it: With a small disposable device, people will forget to check that it's charged. When they do charge it, it will be away from them and they might do something without it. It might break. In order to sync keys out, it will need a connection to something, probably either WiFi or Bluetooth, which makes it tricky to set up. You have to get one to everybody which is harder than digital delivery of an app.

Tracking's terrible and we should disobey en masse: With a small dedicated device, it becomes easy to verify if someone is complying with tracking. Police could ask to look at it and make it a crime not to have one on you. If the device has a connection, they will know any time you don't have it on. If it doesn't have a connection, there will be the ability to suggest random enforcement checks. With a hardware device, most likely with completely closed firmware, it won't be easy to investigate it, either to understand what it's doing or how to get around it.

Tracking is bad, but in this case a necessary evil: The small device has many downsides compared to a mobile app, see the rebuttal for "tracking's great". It also may lead to additional surveillance afterward, see the rebuttal for "tracking's terrible".

I have to live with tracking: This works in addition to any other opinions you have selected in this list. If we do need to do tracking, and it's done with a device, you need to remember to charge it. To check whether it's working. To not wear it in a place where it gets wet when you wash your hands (I'm assuming they don't make it waterproof because they want them cheap and disposable). To sync it with the key storage place or the key-retrieval-and-checking program on your computer or phone.

Re: IPXE's CX protocol solves this

Sure, it sounds nice. However, I note a few problems. First, there aren't those apps yet, though it is stated they'd be easy to create. Second, there are no providers of dangerous seeds (which would have to be set up by health providers), so it'd be useless even if there were such apps.

The third problem concerns this quote from their documentation. This is how you find out that you've been in contact with someone:

"The healthcare provider publishes a notification list of hazardous seed values corresponding to positive diagnoses. Each participating device downloads this list and compares the hazardous contact identifiers against its own record of observed contact identifiers."

Or, in simpler terms:

1. Device creates a seed at some time.

2. Every [short amount of time], it uses that to generate a new identifier. The page doesn't say how long, so I'm going to guess twenty minutes.

3. That identifier is broadcast for that [short amount of time].

4. The user tests positive.

5. Their seed is uploaded to a database which is region or country-wide.

6. Everyone downloads a list of seeds and uses them to generate the identifiers.

7. Identifiers match, and alerts can be generated.

The problem is that generating a bunch of identifiers from random seeds when they change so frequently is intensive from a processing perspective. If a seed is generated a month ago, then to check the identifiers for that seed means my device has to generate 2160 identifiers and check 1008 of them against my list. Also, I need to know when that seed was generated. I have to do this for every person in the country who tests positive. Every day. Probably most of that would get done while I sleep and the phone charges, but it could cause battery drain and slow processing if the phone is trying to do that while I'm using it. The severity of this would depend on the extent of the outbreak and of testing. In Australia, I'd have to generate and check about 82000 identifiers per day. In Germany, it'd be about 7.79 million.

Is the system gravely flawed? No. It's been thought through with some care from the look of things. But it has some flaws, and they may be severe enough that it doesn't get adopted elsewhere. I'd be happy to add this to the list of possible ways to do this, but it won't solve any of the major problems still facing the concept, including these:

1. The concept only works with thorough adoption.

2. The concept only works with thorough testing.

3. The concept only works with comprehensive support from health authorities.

4. The concept does not have much time to start to be useful before it ends up being too late and mostly useless.

5. The concept can promote anxiety if it is too broad.

6. The concept can promote complacency if testing is insufficient or contacts are not correctly logged.

7. The concept could be modified to add additional surveillance which would undermine confidence. (Yes, this approach slightly mitigates that concern, but if seeds can be collected by some means including a government-created app implementing the rest of the protocol, it would still allow surveillance).

Re: Respect

The only possibility is people wishing to use bitcoin like a currency but frustrated about not having many people willing to accept it. True, they could exchange the crypto for cash and use that, but that requires either a physical trip to wherever the exchange is or a bank account (and many people interested in cryptocurrencies don't like banks). So it could theoretically be used for legitimate purposes in the same way that most other tools primarily used by criminals could. I'm doubting most of their business was intense crypto-promoters though.

Re: Wot, no Sammies?

From the Lineage OS supported devices list, it doesn't seem like Samsung is terrible. Of every manufacturer on the list, Samsung has the highest number of supported devices (71 versus 33 for the next highest, LG). However, I note that Samsung's list has quite a few old devices and that some of their devices are listed many times for carrier-specific variants. I think it's a constantly-moving target in that a manufacturer can either be magnanimous with bootloader access or make mistakes that make it easy with one model and then turn around and change their tune quickly, similar to how Huawei locked its bootloaders a couple years back and have fallen of the list of good devices for replacement firmware.

The other side of that coin is that a device can have a completely open software stack and still not get much attention. Only if the phone is owned by enough people will the work get done. At one point, I had found a device where basically everything was open (even most of the hardware, strangely), but it was not found by anyone else because it didn't even have a brand name (I still don't know who made it), it was intended as a very cheap device with poor specs, and by the time the previous owner gave it to me for erasure and I figured out how open it was it was three years old.

True, but if you publish them where the general public can read them, then you'd better hope that you and everyone else have protected against what it says. What would be useful is to create a closed group of organizations that distribute them internally when they are obtained (and if they can be obtained by theft or without completing a payment I'm all in favor) and another public site where the pathetic wrong ones get released publicly. Anyone who finds that public site won't be able to complete a fraud with the instructions, and we avoid funding the how-to-commit-fraud industry.

An alternate suggestion is that we create some guides of our own, which we submit to the reviewers on these sites until they let us on, then we send all those who purchase it a PDF of that guide but with extra malware inserted. Bonus points if the malware can be written to turn these people in.

Perhaps I should clarify my policy. An app can ask for location permission and need it to work (E.G. navigation), and I will grant that permission. An app can ask for location for a clearly-identified feature, such as adding geotagging to photographs, and I will deny it, but if it still works, it can stay. If an app asks for location and does not have either of the previous two excuses, including where I don't know why it wants location, then I will decide the app is untrustworthy and I will discard it entirely. It doesn't matter to me if it works without the permission--if it asked for that, it might be doing other things it didn't ask about but I don't trust.

Re: Only took Apple 2 years...

There are a few, but they're not necessarily what you want. For example, the Unihertz Atom XL was reviewed here not that long ago and has a small screen. However, you would then be dealing with a relatively unknown manufacturer, so there are provisos if you decided to buy it. It seems the general public has decided that they don't need to fit their phone anywhere and will take massive screen real estate over compactness; I don't understand why either, but somehow the majority has decided against us.

Re: Let me see

We have that. It's a password manager (they can store keys too). This one is more than that because they want to run authentication through their infrastructure. That can sometimes be useful, but there's a reason most current players in that realm are providing secondary-factor authentication rather than primary-factor.

That assumes that when they said inexplicable, they meant "the perfectly logical way everyone expects". Maybe, when they said inexplicable, they meant inexplicable in the sense of nobody really knows why the icon changed but it shouldn't have. This app got set up really fast and rolled out to a billion devices--you have to expect that there will be bugs when that happens, including incorrect reports or syncing issues or system malfunctions. It happens with things much simpler than this.

Franchising is weird when the service being provided isn't physical. Usually, you don't need one and you don't have one, and most exceptions only have local affiliates (usually not franchised) to provide local support. Signal doesn't have national franchises now, and for a very good reason: they'd be useless. But let's assume that they did set one up. Essentially, they provide the main system and a national franchise is created which links citizens to it. If the local franchise is connecting people to an encrypted system, they can't access the data being sent. If they were sent an order to divulge that data, they wouldn't be able to comply and could be charged. The owners of the company who authorized the franchise could also be charged on the basis that they did not intend to follow the laws when they agreed to establish a franchise. Enforcing that charge if the owners were out of the country would be difficult, and getting judges and juries to agree would also be tricky, but it is certainly possible in the law to do so.

Consider a simpler example of a franchise: an international chain restaurant. If a local franchise is formed which needs to get ingredients, and the ones they are required to buy break local health laws, the owners of that franchise can be charged for that violation. In addition, the owners of the main business can be charged with breaking the same laws by making that requirement, which is illegal. Again, this isn't a guarantee of a legal victory, but it is a case that can be made which often leads lawyers to try to avoid that risk.

Re: If you're not part of the solution, you are an idiot.

Original quote: ""You are strongly requested to stay in your house, and when you go out for exercise, please be courteous to others and keep 2m apart, and please don't congregate with people you're not living with", well, that's got a chance of being done."

Response: "And Neil Barnes, [original quote] has worked really well so far, hasn't it? They tried that. It did not work. What did you do when Boris said "we are advising you to stay indoors"?"

Not really connected to the rest of your comment, but you appear to have missed their point. The point was about wording, specifically "order" versus "strongly request". The opinion stated there was that "strongly request", though technically a weaker statement than "order", would have produced a smaller sense of injustice and would have been better adhered to by the public. If you knew that, then you know that "strongly request" was not tried by the U.K. authorities (it is much stronger than "advise", and the statement I found when searching for that one had some limits on it), meaning we can't know whether the stated opinion was correct or not. For the record, although I'm not in the U.K., when I received my suggestion (yes, mine was a suggestion) to stay at home, I did so. I have not come within range of others since that time.

Re: Apps

Sideloading is easy. But it might not be enough. Google's APIs may be proprietary, sketchy, prone to crashes, and completely unauditable. However, many apps have decided to use them. If you don't have them, and this doesn't, then you may run into problems after sideloading. For example, I am running Lineage OS which I have decided not to poison with Google's APIs. I've just tried a few apps that need them. In general, they look completely fine until they've finished the first set of loading screens, then they crash repeatedly until the phone decides not to try and start them again. This is not a problem for me--I was running these as a test and I could find replacements anyway. For the general public, they might not know why it's crashing like this, and they probably won't understand how to fix it. For those who understand the former but not the latter, they might find unreliable, crash-prone or malware-laced versions of those APIs instead. Whether this is a problem for the consumer hasn't really been determined, but it's worthwhile to understand that sideloading doesn't by itself fix the problem.

"What's bizarre about turning your router and mobile off at night? I don't see any point in them consuming energy when I'm asleep and therefore have no need for them."

That's not bizarre. What is bizarre is people turning them off some of the time because they think they are dangerous. It's already bonkers to think that they are dangerous after so many tests, but if someone was convinced that they were dangerous, they shouldn't have them turned on at all. It's like saying "I know that driving without a seat belt faster than the speed limit with my lights turned off is dangerous, so I'm only going to do it twice a week instead of three times.". Even the nutcases don't believe their nonsense enough to do what would be warranted if their ravings were true.

Re: People don't buy encryption

I've heard this argument before. It was stupid then, and it is now. There are three solutions to the problem of not being able to offer some features and provide end-to-end at the same time. They go like this:

1. Offer end-to-end and work on enabling the features in a more security-conscious way (store recordings on the cloud in an encrypted form that cannot be decrypted without the user-stored key, have dedicated call-in boxes with encryption built in that cannot continue to store keys and have individual trackable keys so only authorized ones can be added).

2. Offer end-to-end, and if someone tries to enable one of the features that doesn't work with it, you tell them they can only have one and prompt them to choose.

3. Don't offer end-to-end, don't lie about having it anyway, and cite those reasons when people ask (and most won't ask).

Any one of those is a legitimate way to handle it. What they did wasn't.

Re: ah yes there were times at work they went round and audited the machines

I used an archive file format the name of which I cannot remember at one point which did work like that, at least to an extent. I think it would stop compressing further after about three runs. My guess was that the algorithm in use had some limits to ensure compression didn't take very long leading to inefficient choices being made. People liked sending files over slow connections at the time so this three-run trick got quite a bit of use.

I wouldn't count on that. Either someone ends up with a much better monopoly than everyone else and wins almost instantly, or you get into a stalemate where nobody owns a monopoly because they're all blocking others' monopolies but the players are too invested in their own chances to do anything about it. At one point during my childhood, I was playing with some people who were far too competitive so, when I finally achieved a monopoly, I added just enough houses to it such that, on average, people would pay me the amount of money they had earned since the last time they landed there, meaning that everyone's balance stayed static while mine climbed slowly but surely. They still didn't give up until we ran the bank out of the big bills. Ah, the freedom of youth where you can waste eight hours moving tokens and it's just an ordinary rainy summer day.

Re: Compromise

That will never happen. Google doesn't want anyone to see these who isn't friendly to them. This could be for one of two reasons. If the data they've submitted is designed to hide or simply doesn't contain damning information that in fact exists, they don't want anyone to stumble on it, whereas if the data they've submitted is genuine, they want absolutely none of it to ever get out, even in summarized expert-created form. Foundem wouldn't want to agree either, because if the evidence shows that they were not targeted or unfairly treated, they don't want to have anyone admit this in court and if the data is on their side, they don't want to have an expert hedge on the denunciation. Court cases so rarely involve amicable discussions.

Re: Wireless charging?

"It allows phones to be designed without physical connections, which in turn allows them to be made waterproof, and therefore more reliable."

Nope. There aren't any commonly-available port-free phones out there, and there are plenty of waterproof ones. Waterproof is not incompatible with ports.

"Also, it can prevent data theft or malware being installed"

Nope again. Unless the phone is so completely locked down that it can never be contacted, there is a mechanism for the manufacturer or repair staff to get to it somehow. Having no cable increases the likelihood that it is some magnetic data connector or purely wireless, which actually makes it easier to gain a connection without making it obvious. Whether it is easy enough to make that difference worthwhile depends on how that channel is set up.

Re: Bit of a non-story

I'm not going to accuse Amazon or this worker of lying about any of this, but if someone wanted to, there are some very easy lies that make a lot more sense. Instead of lying that he came in when he didn't, Amazon could lie that he was told not to. It is difficult to prove a verbal remark was made. If he wanted to come to work for whatever reason but was told not to, he could either lie that he was ever told not to or lie that someone informed him informally that he had to. The major problem remains, though. The story Amazon's using doesn't make a bunch of sense to me, whereas it has been called plausible above. Since it makes sense to somebody, I'd like to hear the theories that I've not thought to consider.

Re: All your health data are belong to us

I very much doubt that any manufacturer will balk at taking the data and using it as they see fit. However, if you're willing to accept some reduced functionality, there is an app called Gadgetbridge (look in FDroid) that can pair with some trackers and is local only. I don't know how well the supported devices work for your use cases, but for perfect privacy that's probably the only option.

Yes, it is.

Censor: Verb

(transitive) To review in order to remove objectionable content from correspondence or public media, either by legal criteria or with discretionary powers.

(transitive) To remove objectionable content.

Their changes are a censorship technique, just a small one that's voluntary. By using their technique, you agree to their definitions of what is acceptable and what isn't. That doesn't mean they're censoring by force or they're violating someone's rights, but anyone who uses the service grants them the right to decide what they think is objectionable. This is a tricky thing to get right, and there's always some site that, if they blocked it, would annoy you. As I'm not intending to use their filter list, it doesn't much matter to me what they do, but it is worthy of discussion when a place starts to make decisions about what they think is acceptable or not in case you disagree with them and might want to modify your behavior accordingly.