Readit News logoReadit News
disruptiveink commented on Patching 68K Software – SimpleText   tinkerdifferent.com/threa... · Posted by u/mmoogle
mjg59 · a month ago
This is beautiful, but the real takeaway should be that even proprietary software you only have binaries for is still mutable. The computer runs the code you want it to run. We always need to maintain that and prevent scenarios where general purpose computers stop being the default.
disruptiveink · a month ago
Cat's out of the bag there already. We all have general purpose computing devices in our pockets, locked down on purpose. Android used to allow you to gain admin rights but it's been getting more and more impossible to do so while still keeping most of your programs working. It's not only a cat-and-mouse game against "rooting detection" SDKs companies licence and plug into their apps out of a misguided duty of care, but it's especially bad with anything that uses Google's remote attestation lately.

Android is also about to lock down "sideloading", another "great" dysphemism for "installing software".

Moving the Overton window on this has been so successful, that even people in our industry happily accepted the much maligned dysphemisms of "jailbreaking" and "rooting" for what used to be called "local admin rights" and look upon such access as if it's only something pirates, criminals or malware spreaders would want to do.

I say this as someone who is running an Android phone with a kernel with some backported patches applied and compiled by myself. The fact that I can do it is great. The fact that the entire industry is trying to make it as frustrating as possible for me to do this under the guise of false premises such as "security" is disheartening.

disruptiveink commented on Internet's biggest annoyance: Cookie laws should target browsers, not websites   nednex.com/en/the-interne... · Posted by u/SweetSoftPillow
vmaurin · 2 months ago
Same goes for age verification.

There was the DNT header, that was a bit to simplistic, but was never implemented https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/...

The thing people need to understand here is that the annoyance is not due to lack of technical solutions, or regulations forcing something. It is explicitly wanted by the industry so they can maximize the consent rate. The browser solution is probably the best technical/user friendly one, but ad tech/data gathering industry won't have any consent. As they control most of the web, they will never do that

disruptiveink · 2 months ago
Correct. Age verification and privacy consents belong on the browser. The issue is that on the browser, things work a bit too well (remember https://en.wikipedia.org/wiki/P3P ?), so the big players are incentivized to ignore completely the browser-based mechanisms and say/do nothing whenever they see lawmakers going on a dumb direction (risking fines is a reasonable price to pay in order to kill adoption of an actual browser/OS based control that would cause a dent to their tracking operations) that puts the onus on individual website operators.
disruptiveink commented on EU age verification app not planning desktop support   github.com/eu-digital-ide... · Posted by u/sschueller
baq · 3 months ago
This is hardware attestation in a nutshell: a double edged sword, and a sharp one at that.

The biggest issue is that the attestation hardware and the application client is the same device with the same manufacturer, who also happens to have a slight conflict of interest between monetizing customers and preserving any sort of privacy.

IMHO the pro-attestation forces are so overwhelming that we should all cherish the moment while we have anything open left.

disruptiveink · 3 months ago
The insane question here is, why would the EU mandate hardware attestation controlled by two private American companies in order to access services?

That seems completely contrary to the spirit of EU laws and regulations, which tend to be about protecting the consumer, preventing monopolies, ensuring people can generally live their lives where all things that are mandatory are owned and ran by the state and foster a certain degree of EU independence, with a recent focus on "digital sovereignty".

This one is a five for one against all of those goals? Harms the customer (you could see this as the polar opposite of GDPR), strengthens entrenched monopolies, force citizens to be serfs of one of two private corporations in order to access information, and on top of that, like it wasn't enough, willingly capitulates to the US as the arbitrates of who is a valid person or not.

This is so against the spirit of the EU itself that it would almost be funny if people weren't serious.

disruptiveink commented on Google: 'Your $1000 phone needs our permission to install apps now' [video]   youtube.com/watch?v=QBEKl... · Posted by u/robtherobber
m463 · 4 months ago
Kind of like "jailbreaking" as a term. It makes it seem like you're a criminal escaping from confinement enforced by good and decent society.
disruptiveink · 4 months ago
Agreed. I refuse to use the terms "rooting" and "jailbreaking" in professional environments, I always use terms like "admin access to the mobile device".

Because that's what it is, despite the extremely successful campaign to paint people who want admin access on their mobile computers to be painted in the same light as pirates.

disruptiveink commented on Online Safety Act – shutdowns and site blocks   blocked.org.uk/osa-blocks... · Posted by u/azalemeth
hn_throw2025 · 4 months ago
Voting British is genuinely awful.

This is another draconian powergrab designed by a Tory government and supported by a Labour government.

The Uniparty is real. The control freak technocrats are cut from the same cloth.

disruptiveink · 4 months ago
Starmer is as authoritarian as the Tories at this point. There is no difference here.
disruptiveink commented on Online Safety Act – shutdowns and site blocks   blocked.org.uk/osa-blocks... · Posted by u/azalemeth
coldtea · 4 months ago
Yeah, the government that let the strets go rampant with crime, that they don't even bother tracking anymore, is concerned about the people's "online safety"...
disruptiveink · 4 months ago
We have a near perfect system for finding the location of phone thieves, yet the police will not go and knock on the doors of criminals even when explicitly shown proof of "this is where the thief is currently".
disruptiveink commented on Online Safety Act – shutdowns and site blocks   blocked.org.uk/osa-blocks... · Posted by u/azalemeth
disruptiveink · 4 months ago
I'm not victim blaming here, but does anyone have this nagging feeling that in this case, we, the "techies" caused this by refusing to engage with lawmakers?

In the case of E2E encryption, it's definitely a hill to die on, there is no way to make a backdoor "only the good guys" can access. But in this case, the long standing refusal for the tech industry to engage in even the lightest of lobbying towards having legal regulation for standards seems to bite us in the ass every now and then. We've seen it time and time even for things that are non controversial and would clearly benefit everyone: why is BCP 38 not mandated by law in any country? Why is IPv6 at the ISP consumer edge not mandated by law?

All of this could have had the same effect if instead of putting the onus of age verification on millions of websites, you instead put it onto the "customer end device", with some definition as to have it only apply to anyone who sells devices used to access online content with more than X% market share (meaning effectively Microsoft, Google on behalf of all Android OEMs and Apple, plus TVs and console makers).

You'd also put into law what content providers need to do to become compliant. It drops from "having a robust system of age verification" into "if you're serving content over HTTP and your content is for over 18, you need to send a specific over 18 header". If you're publishing an app on a walled garden app store, you need to specify the age rating (as one does already). If you state your page is good for under 18s when it's actually over 18, you then incur a fine.

Then it's really just up to OS makers to build support for the above into the parental controls functions that mostly already exist. Implement the header checking on the browser. Then restrict over 18 apps and outside app store that aren't explicitly authorised: this ensures no alternate browsers could be installed or ran by a child, while leaving them freedom to roam the web and install under 18 apps. The issue with existing parental controls is twofold: the web is a wild place and manually vetting every single app your kid wants to install is overbearing so everyone gives up on parental controls.

Then it's a matter of, when you buy a phone for your kid, you click a button "the user is a child, enable parental controls, set the grown up password". If parents fail to even do this, then clearly it's their own fault?

You'd specifically leave out non-HTTP protocols and leave a bunch of technical loopholes that could be exploited by technically minded people. It would both limit the amount of wreckage to things the common people doesn't even know it exists and make sure this wouldn't creep into places it doesn't belong. Sure, teenager who downloads Arch into a USB pen drive and boots off it can then access whatever they want, or someone who finds they can get into IRC and XDCC a bot for hot JPEGs, but at that point they clearly earned it.

I get the feeling that we've fucked it, left very important regulations up to people who have no clue and now we get the most onerous and worst implementation possible of things every single time put into law. We could have done the same with cookies, there's like, three browsers. Remember P3P? https://en.wikipedia.org/wiki/P3P

disruptiveink commented on Monitor your security cameras with locally processed AI   frigate.video/... · Posted by u/zakki
underdeserver · 4 months ago
My usual pet peeve -

They use the abbreviation NVR in the first sentence without saying what it means.

It means "networked video recorder".

Please don't do that. Not everyone who comes across your site is a member of your particular niche.

disruptiveink · 4 months ago
Usually I would agree with you, but this is an incredibly common initialism, used by not just people in the industry, but also by consumers. Sure, it may not be as widespread as VHS (global) or API (tech-adjacent), but anyone who is in the market for this software already knows what NVR means.

Most people would know the term from either being quoted or looking up CCTV solutions, all of which, unless they're fully "cloud-based", come with a component that is called the NVR. You wouldn't even consider this if you weren't aware of the concept. If NVR means nothing to you, Network Video Recorder doesn't mean anything to you either. This is meant to be a replacement for closed and inflexible hardware boxes that are sold together with security cameras, and the name of those boxes are "NVRs".

disruptiveink commented on The EU wants to decrypt your private data by 2030   techradar.com/vpn/vpn-pri... · Posted by u/senfiaj
vasac · 5 months ago
You know the answer, you’re just not comfortable saying it out loud.
disruptiveink · 5 months ago
I really don't, what is the answer? I assume higher ups at law enforcement, who are detached from the day-to-day operations, make up excuses about "end to end encryption being a challenge" because it's a meme, much like execs in our fields parrot "challenges" to boards and VC investors that are often fully removed from actual execution issues.

And then because it comes up in slides so much at that higher level, politicians actually start thinking that's why we haven't solved all crime, our guys are competent and clearly they're not understaffed, it's that pesky "not being able to break end to end encryption" that is preventing law enforcement from doing their work!

disruptiveink commented on The EU wants to decrypt your private data by 2030   techradar.com/vpn/vpn-pri... · Posted by u/senfiaj
disruptiveink · 5 months ago
I don't understand why they keep trying this over and over. It can't possibly be a moral crusade as it keeps happening with different players, but I don't understand the purpose.

We now live in a world where the opposite routinely happens: a crime happens, you give the police access to Apple or Google's Find Device / Find My data, they throw it in the trash. Law enforcement has more data to find and procecute criminals than they have time. People get scammed out of money by the thousands every day, over the phone, an insanely easy system to tap and trace. No one gets arrested.

Who is actually repeatedly pushing for things like these within the EU? For what purpose? What crimes went unprocecuted because of the unability to perform mass surveillance like this? It seems that all the time, when law enforcement actually cares about, it's trivial for them to get evidence? So why does this keep popping up every year?

d

u/disruptiveink

KarmaCake day627January 17, 2022View Original