What happens when you cancel your subscription to Apple Music? Does it redownload the original music you had before you installed the malware service onto your computer? Or are you forever stuck having to use Apple Music to gain access to your own files?
My best interpretation is that the software is a destructive virus. At worst it is holding your personal data to ransom.
Currently all parts of an animal are used, so we get all the different cuts, and lower grade meat too. We won't stop killing animals until we get all the products we need from other sources.
Obviously, with cultured meat, nobody need suffer the lower grade cuts! But when cooked correctly, they can have their own unique flavours.
Also, I hope it will be more than just beef being made, in the long run. We can open up manufacturing of all types of meat that are rarer now - Zebra, Alligator, Sloth, Human, etc.
However I fear it will lead to less choice in the long run, unless you pay a lot lot more for real meat. Good for the environment though, meat production isn't exactly an efficient use of agricultural resource.
I wonder just how low the cost of cultured meat can go?
It's not a bus, the article says that. It's public transport, but I think the conveyance is a lot smaller than a bus - maybe a mini-bus size, or even a people carrier size.
The road use enhancements come from multiple such vehicles being able to drive in close formation due to the autonomous and cooperative nature of the system.
And of course even if a carriage only has two or three people in it (maybe 6 people per 10m of road), that's higher density than 1 person in a car (which is 1 person per 10m of road).
Autonomous Taxi Train might be a better term.
Also in other countries, bus use isn't looked down on as it's not a ghetto transport mechanism.
Pick up is via individual carriages, in the outskirts of the city where density is low.
As the carriages get closer to the centre, they couple up (maybe not physically - just driving really really close) to other carriages going in the same direction.
It then decouples near the destination to take each small compartment of people to their actual drop off points.
Well currently the sites give the choice to accept or reject third party cookies in an annoying popup (this has already been forced by law), and if you say no, then as third party advertising is how they make money, the site will typically have to either present a limited experience, or no experience.
Now they want to force the sites to give an experience even if you reject the cookies. Maybe that would change the relationship between advertisers and sites (who would click yes in that situation!) so it is viable, or the sites will just not get any money and go out of business.
Sometimes I think that I should be able to pay a sub for "the techy website package" and have ad-free access to a range of techy websites, which share the income. Some sites do this themselves (e.g., Phoronix, Ars) already, but that's a PITA.
What I never understand about air dryer installation is the lack of drainage.
Sure, for the old hot air dryers, they actually dried the hands, that made a bit of sense.
But these accelerated cold air jet dryers push the water from your hands elsewhere. The previous model of Airblade didn't have a solution, it just puddled on the bottom or was flung out of the side (presumably the side is open for the air jets to escape, so the water does too).
My workplace now has presence-activated taps/soap/air dryers that at least blow the air into the sink area. If you use your elbows to open the doors you might get out of the bathroom without incurring too much germy filth.
This guy has learned the hard way about losing data because he wrote bad code.
He had a backup, but his code bypassed common sense and mounted the backup server's remote drives in the filesystem. Which he then wrote a script that ran as root that in this case deleted everything because it didn't sanitise inputs before running the 'rm' command. Ideally he would have built the path to be deleted, so he could check that it was sane, i.e., starts with "/users/" or similar, before passing it to 'rm'. Worse, is if he was using an off-the-shelf-hosting-package that did this. But when you do, assume it is broken, keep a wall between the systems it can touch, and your last hope (your backups).
Backup systems should ideally be push only, with any delete action only occurring after validating the replacement. And let's be honest, in this day and age, you can keep multiple generations of backups, push them into Amazon Glacier to keep things cheap.
I truly hope he was a low end hoster that gave ftp access for website uploads only, so the customers can re-upload their sites, once he reprovisions his servers. Although that's the best option, any databases (for example) would have been wholly reliant on his backup strategy.
Sheesh, who makes their backups part of the system that is being backed up! It's meant to be isolated because of, frankly, the situation that occurred.
I don't see why the damned thing is so costly though. Sure, it's basically a touchscreen Smart TV (where the Smarts are Windows 10 in this case) with a wheelable stand thing. But $8999?
Indeed my MacBook Pro is 4.5 years old and still pretty darn powerful (4C8T, etc). Added an SSD. Bumped to 16GB. But it was top of the line back then.
The only reason to upgrade would be to get a retina display model. Intel have done sweet FA with their CPUs since Sandy Bridge apart from save a little power and increase their profits. But the same goes for old PCs with C2D, C2Q, Nehalem, SB, etc. They're good enough for most things, still.
But indeed I agree that the comments made could be interpreted as 'poor bashing'.
Java is absolutely massive on the server side. If you are writing stuff like this, that means you actually have no idea at all about how absolutely massively ingrained Java is in most large businesses globally to run their back offices, their website backends, and so on.
Relating to this story, one of the common features of corporate backends is generating documents, so this PDF parsing, generation and manipulation library will surely be used by many many places.
Why is it used? The tooling and framework support, the fact it is actually fast (despite your outdated conception of it), because the JVM supports many languages besides Java (Scala and Clojure being two such languages commonly in use today), and most of the memory use is actual data being held in memory, the small amount of additional memory the application might use over a C++ application is negligible in today's world.
My logic is that as they are a small company, they are not hiring entry level programmers as they don't have the in-house resource to train and mentor them effectively. So what you are seeing is a mid-range, senior, architect type range. The developer 'buckets' have no concept of senior specialisations and cross-team architectural skills, and thus they are not offering enough, IMO. It's also seems to be self-selected...
A slight win of the gimmick currently is that people may be aware of them and they can avoid recruitment vampires entirely and hire people directly.
OTOH there is a 5% salary bonus per year of service. But that only works long term, it's a good retention mechanism that more companies should adopt, especially given the cost of the hiring process.
I think it is a good idea in principle. You should be able to see what you will earn as you progress in your career development. https://open.buffer.com/transp...
However... the base salary is very high, and the 'master' salary is only 30% higher. That's not a very inspiring career progression!
So either they don't hire graduates and juniors, or this is the company to get into if you are one of these!
In my experience, 'master' developers develop code that is far better (through experience) than a graduate or junior would, in terms of clarity and maintainability. They also can pick the best technology for a task very quickly via accumulated knowledge. OTOH grunt work should be rewarded, and there needs to be a baseline set for the cost of living in a certain location.
The 5% per year loyalty bonus on salary is a nice idea, that will retain employees far more than the master multiplier. Indeed that might explain a lot about the mechanism - it's a first year salary guide.
Basically I think Apple is trying to tell the FBI to actually pull the device apart and risk breaking it.
1) it's pretty much the only way to get any data, especially if a Secure Enclave is used 2) Apple can't create a custom OS image without knowing information that is in the Secure Enclave anyway 3) Using a high-end FIB that can work well against FIB-hardened Security Systems is still probably cheaper than creating the special OS and all that 4) Apple doesn't want to spend its money on a dead end task 5) There is reputational risk to Apple if they can somehow do this, their security isn't that good, etc (never mind the fact it's a 5x, not a 7S) - the cost could run to billions on their stock price. Are the FBI willing to put up a bond to cover this?
They could even do a hacky solution like finding a way to disable the wipe after incorrect attempts and brute forcing from there.
How? This isn't done in software. This may not even be done in highly embedded firmware (ROM, not flash).
These hardware security systems are designed so you can't just "disable the wipe". The wipe is an intrinsic part of the pin unlock hardware. Disabling the wipe requires the pin... another dead end.
All the software can do is:
1) Set Security Hardware Register X to be the entered pin value
2) Signal the Security Hardware to Unlock the Encryption Key using the value in X (and other static hardware values) (side effects include destroying the encryption key, as well as passing the encryption key to the AES unit that needs it should the pin be correct. An Atomic Operation. Do, or destroy. Never let the user see the key.
It's not that Apple don't want to help, they can't. And then there's the privacy ramifications even if they could (if that iPhone's Ax processor has some form of bug or hardware backdoor already). I'm sure that Apple already checked any iCloud data they could get access to.
Regardless of that, to disable the key destruction logic they would need to know the user's credential anyway. And the logic that does this comparison is in hardware, not software, and that comparator is connected to the destruction logic. Basic hardware security 101.
Maybe earlier Apple SoCs have flaws or workarounds, hence Tim Cook's wording - it may be possible. But later SoCs certainly won't allow it.
Exactly. To disable the auto-wipe feature, the hardware would need the credential they are trying to find, as it would compare before (re)setting the feature flag. All done in hardware, not firmware.
If it's implemented correctly, there is simply no way that Apple can create a software to do what the FBI want, however much they would want to.
Agreed. ARM Trustzone is an ARM Cortex A5 with its own secure firmware, for example. Even AMD's chips use this.
But you can also do the key aspects without even the firmware ROM. It's basic hardware functions - A Counter. A Comparator that increments the Counter upon Not Equal. Something to blow fuses to erase the current key should the counter reach 10 (hardwired). Compare and Set of the Credential (passcode, fingerprint hash thing). Some registers to set the supplied credential before kicking off the comparator.
And yes, on top of that you have anti-FIB mechanisms (you have to destroy the circuits to reach the logic, metal layer faraday-ish cages, etc). Hell, even the presence of PoP memory makes things difficult. The encryption key will be encrypted by a hardware key unique to each chip, so even if you read the secure key storage it won't work, you'll need to find that distributed set of fuses on the SoC...
I think there is a presumption that the Apple A6 does not do all of this in hardware, so there is some software support, even in later versions of iOS, that could be modified for this court order to work.
Obviously a sane implementation would put it all in hardware, with a hardware enforced (and non-changable) slow decrypt rate (brute force cannot occur) to boot. The A7 and beyond are suggested to do it all in hardware, and it's the apple A7+ that handles storage encryption and keys, not the flash, because of credential management.
I don't know if it is custom Apple, or ARM trustzone, or similar, but access to the hardware key is restricted by the passcode (or fingerprint in later devices) credential, and if the comparison of credential is done in the hardware too, with the hardware key destruction (or regeneration) hardwired too, then things become a PITA to work around. Literally, your hardware provides a single function: void unlock(credential) (side effect: key destruction) (side effect: provide the encryption key to the hardware storage decryptor).
But wait, you say, there's still an API to update the credential, surely. I'm sure that's hardware compare and update though, so you still need to have the previous credential.
But wait, maybe all this is done by embedded firmware exposing that function? Nope. Hardware. A resettable counter (10 attempts), a comparator, secure key storage (space for several keys, only one active at a time), some I/O to activate it.
As others have said, the court order may be ordering Apple to unburn a burned down house, and also create a unicorn farm to boot.
In fact, unless the A6 is less secure than the above, I think the FBIs best chance is to either decap the SoC, and find a way to stop the counter, counting (allowing unlimited unlock attempts) with precision laser surgery, or give up.
Bah, I feel like stirring up some nutty X-Files level conspiracy shizzle...
Why would you do this? You're reassigning the scientists, not firing them. It's not about costs.
So basically, those in ultimate power, the ones pulling the strings, expect things to get much much worse, far far quicker than even the science to date has suggested.
In order to keep control, to keep the status quo as long as possible, they have decided that it is too risky to risk the science getting more accurate results that would expose the real situation. That might risk profits!
So they've cut the climate change funding completely. This isn't head-in-sand ostrich politics, this is happening for a real reason, and that's to cover up a worse reality than even the current state of climate science suggests.
Everyone knows there is more to learn, more accurate models to build, more precise future situations to demonstrate, , so the only reason to transfer these people away from those roles is to stop people from learning what that is.
Slashdot Mirror
What happens when you cancel your subscription to Apple Music? Does it redownload the original music you had before you installed the malware service onto your computer? Or are you forever stuck having to use Apple Music to gain access to your own files?
My best interpretation is that the software is a destructive virus. At worst it is holding your personal data to ransom.
Currently all parts of an animal are used, so we get all the different cuts, and lower grade meat too. We won't stop killing animals until we get all the products we need from other sources.
Obviously, with cultured meat, nobody need suffer the lower grade cuts! But when cooked correctly, they can have their own unique flavours.
Also, I hope it will be more than just beef being made, in the long run. We can open up manufacturing of all types of meat that are rarer now - Zebra, Alligator, Sloth, Human, etc.
However I fear it will lead to less choice in the long run, unless you pay a lot lot more for real meat. Good for the environment though, meat production isn't exactly an efficient use of agricultural resource.
I wonder just how low the cost of cultured meat can go?
It's not a bus, the article says that. It's public transport, but I think the conveyance is a lot smaller than a bus - maybe a mini-bus size, or even a people carrier size.
The road use enhancements come from multiple such vehicles being able to drive in close formation due to the autonomous and cooperative nature of the system.
And of course even if a carriage only has two or three people in it (maybe 6 people per 10m of road), that's higher density than 1 person in a car (which is 1 person per 10m of road).
Autonomous Taxi Train might be a better term.
Also in other countries, bus use isn't looked down on as it's not a ghetto transport mechanism.
I expect it's a road train bus thing.
Pick up is via individual carriages, in the outskirts of the city where density is low.
As the carriages get closer to the centre, they couple up (maybe not physically - just driving really really close) to other carriages going in the same direction.
It then decouples near the destination to take each small compartment of people to their actual drop off points.
Well currently the sites give the choice to accept or reject third party cookies in an annoying popup (this has already been forced by law), and if you say no, then as third party advertising is how they make money, the site will typically have to either present a limited experience, or no experience.
Now they want to force the sites to give an experience even if you reject the cookies. Maybe that would change the relationship between advertisers and sites (who would click yes in that situation!) so it is viable, or the sites will just not get any money and go out of business.
Sometimes I think that I should be able to pay a sub for "the techy website package" and have ad-free access to a range of techy websites, which share the income. Some sites do this themselves (e.g., Phoronix, Ars) already, but that's a PITA.
Oh, AdBlock.
Fair point, but after soaping up your hands, you rinse them off.
It didn't inform me that the site uses cookies, but I checked, and there are 2.
Standard JSESSIONID and one that stores the value of whether the user has JS or not.
As an aside, the consultation is the least accessible piece of lawyer speak I have seen in a long time.
What I never understand about air dryer installation is the lack of drainage.
Sure, for the old hot air dryers, they actually dried the hands, that made a bit of sense.
But these accelerated cold air jet dryers push the water from your hands elsewhere. The previous model of Airblade didn't have a solution, it just puddled on the bottom or was flung out of the side (presumably the side is open for the air jets to escape, so the water does too).
My workplace now has presence-activated taps/soap/air dryers that at least blow the air into the sink area. If you use your elbows to open the doors you might get out of the bathroom without incurring too much germy filth.
Like this? http://metro.co.uk/2016/04/13/...
I thought the point of drying your hands was to dry them after washing them, presumably with hot water and soap.
So how are they slinging shit around, unless someone sat on one and performed a wet runny colon evacuation?
This guy has learned the hard way about losing data because he wrote bad code.
He had a backup, but his code bypassed common sense and mounted the backup server's remote drives in the filesystem.
Which he then wrote a script that ran as root that in this case deleted everything because it didn't sanitise inputs before running the 'rm' command.
Ideally he would have built the path to be deleted, so he could check that it was sane, i.e., starts with "/users/" or similar, before passing it to 'rm'.
Worse, is if he was using an off-the-shelf-hosting-package that did this. But when you do, assume it is broken, keep a wall between the systems it can touch, and your last hope (your backups).
Backup systems should ideally be push only, with any delete action only occurring after validating the replacement. And let's be honest, in this day and age, you can keep multiple generations of backups, push them into Amazon Glacier to keep things cheap.
I truly hope he was a low end hoster that gave ftp access for website uploads only, so the customers can re-upload their sites, once he reprovisions his servers. Although that's the best option, any databases (for example) would have been wholly reliant on his backup strategy.
Sheesh, who makes their backups part of the system that is being backed up! It's meant to be isolated because of, frankly, the situation that occurred.
We've had one in the office for a month or so.
I don't see why the damned thing is so costly though. Sure, it's basically a touchscreen Smart TV (where the Smarts are Windows 10 in this case) with a wheelable stand thing. But $8999?
Indeed my MacBook Pro is 4.5 years old and still pretty darn powerful (4C8T, etc). Added an SSD. Bumped to 16GB. But it was top of the line back then.
The only reason to upgrade would be to get a retina display model. Intel have done sweet FA with their CPUs since Sandy Bridge apart from save a little power and increase their profits. But the same goes for old PCs with C2D, C2Q, Nehalem, SB, etc. They're good enough for most things, still.
But indeed I agree that the comments made could be interpreted as 'poor bashing'.
Java is absolutely massive on the server side. If you are writing stuff like this, that means you actually have no idea at all about how absolutely massively ingrained Java is in most large businesses globally to run their back offices, their website backends, and so on.
Relating to this story, one of the common features of corporate backends is generating documents, so this PDF parsing, generation and manipulation library will surely be used by many many places.
Why is it used? The tooling and framework support, the fact it is actually fast (despite your outdated conception of it), because the JVM supports many languages besides Java (Scala and Clojure being two such languages commonly in use today), and most of the memory use is actual data being held in memory, the small amount of additional memory the application might use over a C++ application is negligible in today's world.
> The Associated Press reports that the forthcoming event hasn't stirred "much passion."
Indeed. This isn't going to introduce anything new and therefore interesting unless they lump a Macbook Pro update with AMD Polaris GPUs into the mix.
Also, what is this doing here? Can't we just have concrete things, not vague crap like this?
My logic is that as they are a small company, they are not hiring entry level programmers as they don't have the in-house resource to train and mentor them effectively. So what you are seeing is a mid-range, senior, architect type range. The developer 'buckets' have no concept of senior specialisations and cross-team architectural skills, and thus they are not offering enough, IMO. It's also seems to be self-selected...
A slight win of the gimmick currently is that people may be aware of them and they can avoid recruitment vampires entirely and hire people directly.
OTOH there is a 5% salary bonus per year of service. But that only works long term, it's a good retention mechanism that more companies should adopt, especially given the cost of the hiring process.
I think it is a good idea in principle. You should be able to see what you will earn as you progress in your career development. https://open.buffer.com/transp...
However ... the base salary is very high, and the 'master' salary is only 30% higher. That's not a very inspiring career progression!
So either they don't hire graduates and juniors, or this is the company to get into if you are one of these!
In my experience, 'master' developers develop code that is far better (through experience) than a graduate or junior would, in terms of clarity and maintainability. They also can pick the best technology for a task very quickly via accumulated knowledge. OTOH grunt work should be rewarded, and there needs to be a baseline set for the cost of living in a certain location.
The 5% per year loyalty bonus on salary is a nice idea, that will retain employees far more than the master multiplier. Indeed that might explain a lot about the mechanism - it's a first year salary guide.
Wtf is a Happiness Hero?
Basically I think Apple is trying to tell the FBI to actually pull the device apart and risk breaking it.
1) it's pretty much the only way to get any data, especially if a Secure Enclave is used
2) Apple can't create a custom OS image without knowing information that is in the Secure Enclave anyway
3) Using a high-end FIB that can work well against FIB-hardened Security Systems is still probably cheaper than creating the special OS and all that
4) Apple doesn't want to spend its money on a dead end task
5) There is reputational risk to Apple if they can somehow do this, their security isn't that good, etc (never mind the fact it's a 5x, not a 7S) - the cost could run to billions on their stock price. Are the FBI willing to put up a bond to cover this?
They could even do a hacky solution like finding a way to disable the wipe after incorrect attempts and brute forcing from there.
How? This isn't done in software. This may not even be done in highly embedded firmware (ROM, not flash).
These hardware security systems are designed so you can't just "disable the wipe". The wipe is an intrinsic part of the pin unlock hardware. Disabling the wipe requires the pin... another dead end.
All the software can do is:
1) Set Security Hardware Register X to be the entered pin value
2) Signal the Security Hardware to Unlock the Encryption Key using the value in X (and other static hardware values) (side effects include destroying the encryption key, as well as passing the encryption key to the AES unit that needs it should the pin be correct. An Atomic Operation. Do, or destroy. Never let the user see the key.
It's not that Apple don't want to help, they can't. And then there's the privacy ramifications even if they could (if that iPhone's Ax processor has some form of bug or hardware backdoor already). I'm sure that Apple already checked any iCloud data they could get access to.
Regardless of that, to disable the key destruction logic they would need to know the user's credential anyway. And the logic that does this comparison is in hardware, not software, and that comparator is connected to the destruction logic. Basic hardware security 101.
Maybe earlier Apple SoCs have flaws or workarounds, hence Tim Cook's wording - it may be possible. But later SoCs certainly won't allow it.
Exactly. To disable the auto-wipe feature, the hardware would need the credential they are trying to find, as it would compare before (re)setting the feature flag. All done in hardware, not firmware.
If it's implemented correctly, there is simply no way that Apple can create a software to do what the FBI want, however much they would want to.
Agreed. ARM Trustzone is an ARM Cortex A5 with its own secure firmware, for example. Even AMD's chips use this.
But you can also do the key aspects without even the firmware ROM. It's basic hardware functions - A Counter. A Comparator that increments the Counter upon Not Equal. Something to blow fuses to erase the current key should the counter reach 10 (hardwired). Compare and Set of the Credential (passcode, fingerprint hash thing). Some registers to set the supplied credential before kicking off the comparator.
And yes, on top of that you have anti-FIB mechanisms (you have to destroy the circuits to reach the logic, metal layer faraday-ish cages, etc). Hell, even the presence of PoP memory makes things difficult. The encryption key will be encrypted by a hardware key unique to each chip, so even if you read the secure key storage it won't work, you'll need to find that distributed set of fuses on the SoC...
I think there is a presumption that the Apple A6 does not do all of this in hardware, so there is some software support, even in later versions of iOS, that could be modified for this court order to work.
Obviously a sane implementation would put it all in hardware, with a hardware enforced (and non-changable) slow decrypt rate (brute force cannot occur) to boot. The A7 and beyond are suggested to do it all in hardware, and it's the apple A7+ that handles storage encryption and keys, not the flash, because of credential management.
I don't know if it is custom Apple, or ARM trustzone, or similar, but access to the hardware key is restricted by the passcode (or fingerprint in later devices) credential, and if the comparison of credential is done in the hardware too, with the hardware key destruction (or regeneration) hardwired too, then things become a PITA to work around. Literally, your hardware provides a single function: void unlock(credential) (side effect: key destruction) (side effect: provide the encryption key to the hardware storage decryptor).
But wait, you say, there's still an API to update the credential, surely. I'm sure that's hardware compare and update though, so you still need to have the previous credential.
But wait, maybe all this is done by embedded firmware exposing that function? Nope. Hardware. A resettable counter (10 attempts), a comparator, secure key storage (space for several keys, only one active at a time), some I/O to activate it.
As others have said, the court order may be ordering Apple to unburn a burned down house, and also create a unicorn farm to boot.
In fact, unless the A6 is less secure than the above, I think the FBIs best chance is to either decap the SoC, and find a way to stop the counter, counting (allowing unlimited unlock attempts) with precision laser surgery, or give up.
Bah, I feel like stirring up some nutty X-Files level conspiracy shizzle...
Why would you do this? You're reassigning the scientists, not firing them. It's not about costs.
So basically, those in ultimate power, the ones pulling the strings, expect things to get much much worse, far far quicker than even the science to date has suggested.
In order to keep control, to keep the status quo as long as possible, they have decided that it is too risky to risk the science getting more accurate results that would expose the real situation. That might risk profits!
So they've cut the climate change funding completely. This isn't head-in-sand ostrich politics, this is happening for a real reason, and that's to cover up a worse reality than even the current state of climate science suggests.
Everyone knows there is more to learn, more accurate models to build, more precise future situations to demonstrate, , so the only reason to transfer these people away from those roles is to stop people from learning what that is.
Okay, I don't thin Apple really has much to worry about except their pricing model.
This tablet can't be any worse than any version of Android on a tablet, given the quantity of Android Apps with a good tablet UI (not many at all).
Can it?