Get back to me when you have a high temperature of 7. And poor you, with your hour-long bus ride to get to work. That's normal for public transportation in any city of size that isn't named New York, and I'll bet there are plenty of cross-borough routes that would still take an hour.
When I lived in Portland it easily took an hour to get from home to work if I used Tri-Met, which I did about half the time. And Portland isn't anywhere close to as expensive or spread out as the Bay Area.
It's not the only region. There's plenty of customer service jobs in Ohio, Indiana, etc. If she's restricting herself to the second most expensive city in the US, then she's going to have problems making ends meet, and that's just a fact.
It used to be that the minimum wage was $4.25 an hour (when I started working). Making $12.50/hr before taxes was pretty good when I was fresh out of school.
It's possible to move without hiring a moving company. I had a friend that was long-term unemployed, got a lead on a job in Florida, put the stuff he wanted into a shitbox 1980s Toyota Corolla and drove.
He now lives where he wants, because he makes more than $150k a year, because he made a good decision, worked his ass off, and had a little bit of luck go his way after a long streak of not.
We don't know the whole story. Did she find it necessary to get a $4 coffee every morning that could have been avoided? Does she smoke, which is the closest thing you can get to literally burning your money ($7/pack in San Francisco)? Did she have roommate(s)? Etc.
That being said, it's well known that Yelp is managed by asshats, so really neither the appalling salary, nor the reprehensible silent firing should shock anybody.
There's a reason why most companies don't put call centers in New York, Chicago, San Francisco, etc. Why pay someone $25/hr to answer a phone and email in those places when you can pay half that for someone to do the same job at the same quality in Indianapolis, Phoenix, Atlanta, or Salt Lake?
The point behind the phrase "thousands of years" isn't to be accurate in any way, but to instead show that it is an insurmountable task which would require a fantastic amount of resources for a ludicrous amount of time in order to do.
And, "thousands of years" is also a subset of a few billion years, so you can still take it literally and it would be true, if inaccurate.
Well, the OS updates have been delivered over the air since iOS 5 or so. Which means that if this backdoored OS image exists, you're one man-in-the-middle attack from having it on your phone without your knowledge.
1. The PIN is not the encryption key for the file system. It is a PIN that is used to get the security subsystem to cough up the actual key, which is generated from several different pieces of information, including sensor entropy. 2. The file system is actually encrypted with AES-256. So good luck brute-forcing that. 3. The phone doesn't allow for electronically entering the PIN, so it will take substantially longer to try all 10000 or more combinations. This is what the FBI is trying to get Apple to change for them.
That particular phone, they can. It's an iPhone 5C, which doesn't yet implement the hardware encryption and secure enclave that they cannot decrypt. It's the last model where they can technically perform what the FBI is asking for.
Unless they contacted people by way of an app that uses encrypted messaging. Which is quite possible, as the phone in question ships with such an app pre-installed.
On the device in question (iPhone 5C) it is not implemented in hardware. It's the last model where it wasn't. 5S, 6, and 6S all have the Secure Enclave, and what the FBI is asking is impossible.
Because in this case, the "shielding the communications of mass murderers" is indistinguishable from "shielding my financial data from identity fraud." What makes you think that if they make this tool for the FBI to use, it will only ever be used this once, on this one device? Are you really that naive, or are you just an Apple hater using the excuse du jour to express your irrationality?
Once a hole is added, it can't be filled again. And, setting this legal precedent won't just affect Apple. It will have far-reaching effects on the entire concept of digital cryptography.
It is built in, now. The iPhone 5C is the last model without the "Secure Enclave" which stores the key, arbitrates all access to it, and wipes it after 10 attempts unless told not to.
If this was ever needed in a slashdot discussion, it's now:
[citation needed]
Go ahead, take a locked iPhone into an Apple Store and ask them to help you unlock it. They'll politely tell you that they can't, and that all they can do is reset it, and you'd better have a backup.
Take your ignorant fucking screed and shove it up your ass. Don't you think that if the hundreds of Apple Stores out there had the means to do what you say, that the FBI wouldn't already be in that phone right now?
New Slashdot Owners: This is an example of why we need new moderation categories, such as -1, Wrong.
Well, that's exactly what they've asked Apple to do - create a version of iOS that allows for electronic entry of the unlock code, so they can have a computer hammer thousands of codes through it. Apple doesn't even want to create such an image, because it *will* leak out and be used more than this once. Someone will hand it off to CIA / NSA / whoever, and that's the ball game.
It's hardware based encryption, where half of the key comes out of a value burned into the CPU during manufacturing (and not recorded anywhere) combined with a value burned into the "Secure Enclave" during manufacturing (and not recorded anywhere). You take the storage image off the device, you lose half the key and you're fucked. You attempt to crack the PIN on device, you get 10 tries before the secure enclave overwrites the key with a new one, and you're fucked. If the auto-wipe was disabled by the user (it's on by default), then you get an ever-increasing time delay enforced by the hardware in between PIN attempts. It would take upwards of a year to brute-force a 4-digit PIN unless you get very lucky.
Oh, and the setting for the automatic wipe as well as the half of the key generated from sensor entropy is cryptographically stored in the Secure Enclave, which you cannot image or change values of. The crypto key for that is the user's PIN / password.
Is this impossible to break? Given near infinite resources, no. Is it hard enough that you could use the Theory of Limits from calculus to make it equal to impossible? Probably.
The one thing that might stop them is if Apple uses their firmware signing stuff, and then revoke the signing afterward. But that would only be a temporary stop until someone at FBI / NSA figures out how to man-in-the-middle the signing mechanism within their lab.
The court order is to create a version of iOS that has a back door, which could then be loaded onto the device. Do you really think the US Government would use this one time, and then destroy all copies of it, or do you think that a copy might get "accidentally" transmitted to the CIA / NSA and used whenever the fuck they want?
Which is why you pay a lawyer 4 hours to sit down with a cryptographer ("expert witness") who then writes a legal brief saying as much. You continue by saying that the only possible strategies for accomplishing what is asked in the court order is extravagantly expensive in either time, resources, or in this case, both. You provide documentation proving it to be true.
The legal phrase of note here is "unduly burdensome" and running a supercomputer that doesn't yet exist for a couple hundred years probably meets that definition.
The key isn't in an image-able bit of memory. It's in the secure chip. And that secure chip can't be removed from the device without fucking the key, as it's paired with a burned-in value in the CPU. The password try delay is enforced by that chip, and that chip erases itself after 10 tries unless you disable that feature, which (presumably) Apple will not be able to do, because that preference would be stored on-chip.
The only off-phone method you'd have is directly attacking the AES-256 encrypted image by brute-forcing the whole key. Good luck with that.
Slashdot Mirror
Usually it involves being in a large body of water though. Or, temperatures vastly above freezing.
Get back to me when you have a high temperature of 7. And poor you, with your hour-long bus ride to get to work. That's normal for public transportation in any city of size that isn't named New York, and I'll bet there are plenty of cross-borough routes that would still take an hour.
When I lived in Portland it easily took an hour to get from home to work if I used Tri-Met, which I did about half the time. And Portland isn't anywhere close to as expensive or spread out as the Bay Area.
What's entertaining is that the author actually DOES have an English degree. Which shows exactly what that is worth.
It's not the only region. There's plenty of customer service jobs in Ohio, Indiana, etc. If she's restricting herself to the second most expensive city in the US, then she's going to have problems making ends meet, and that's just a fact.
It used to be that the minimum wage was $4.25 an hour (when I started working). Making $12.50 /hr before taxes was pretty good when I was fresh out of school.
It's possible to move without hiring a moving company. I had a friend that was long-term unemployed, got a lead on a job in Florida, put the stuff he wanted into a shitbox 1980s Toyota Corolla and drove.
He now lives where he wants, because he makes more than $150k a year, because he made a good decision, worked his ass off, and had a little bit of luck go his way after a long streak of not.
You forgot:
3. Find a way to reduce expense.
We don't know the whole story. Did she find it necessary to get a $4 coffee every morning that could have been avoided? Does she smoke, which is the closest thing you can get to literally burning your money ($7/pack in San Francisco)? Did she have roommate(s)? Etc.
That being said, it's well known that Yelp is managed by asshats, so really neither the appalling salary, nor the reprehensible silent firing should shock anybody.
There's a reason why most companies don't put call centers in New York, Chicago, San Francisco, etc. Why pay someone $25/hr to answer a phone and email in those places when you can pay half that for someone to do the same job at the same quality in Indianapolis, Phoenix, Atlanta, or Salt Lake?
Yes. Anything with the TouchID fingerprint scanner has a Secure Enclave.
The point behind the phrase "thousands of years" isn't to be accurate in any way, but to instead show that it is an insurmountable task which would require a fantastic amount of resources for a ludicrous amount of time in order to do.
And, "thousands of years" is also a subset of a few billion years, so you can still take it literally and it would be true, if inaccurate.
Well, the OS updates have been delivered over the air since iOS 5 or so. Which means that if this backdoored OS image exists, you're one man-in-the-middle attack from having it on your phone without your knowledge.
That is exactly the issue here.
Except for three things:
1. The PIN is not the encryption key for the file system. It is a PIN that is used to get the security subsystem to cough up the actual key, which is generated from several different pieces of information, including sensor entropy.
2. The file system is actually encrypted with AES-256. So good luck brute-forcing that.
3. The phone doesn't allow for electronically entering the PIN, so it will take substantially longer to try all 10000 or more combinations. This is what the FBI is trying to get Apple to change for them.
That particular phone, they can. It's an iPhone 5C, which doesn't yet implement the hardware encryption and secure enclave that they cannot decrypt. It's the last model where they can technically perform what the FBI is asking for.
Unless they contacted people by way of an app that uses encrypted messaging. Which is quite possible, as the phone in question ships with such an app pre-installed.
On the device in question (iPhone 5C) it is not implemented in hardware. It's the last model where it wasn't. 5S, 6, and 6S all have the Secure Enclave, and what the FBI is asking is impossible.
Because in this case, the "shielding the communications of mass murderers" is indistinguishable from "shielding my financial data from identity fraud." What makes you think that if they make this tool for the FBI to use, it will only ever be used this once, on this one device? Are you really that naive, or are you just an Apple hater using the excuse du jour to express your irrationality?
Once a hole is added, it can't be filled again. And, setting this legal precedent won't just affect Apple. It will have far-reaching effects on the entire concept of digital cryptography.
It is built in, now. The iPhone 5C is the last model without the "Secure Enclave" which stores the key, arbitrates all access to it, and wipes it after 10 attempts unless told not to.
It doesn't have the fingerprint sensor. If it did, they could have unlocked it right there on the spot with the finger attached to the corpse.
If this was ever needed in a slashdot discussion, it's now:
[citation needed]
Go ahead, take a locked iPhone into an Apple Store and ask them to help you unlock it. They'll politely tell you that they can't, and that all they can do is reset it, and you'd better have a backup.
Take your ignorant fucking screed and shove it up your ass. Don't you think that if the hundreds of Apple Stores out there had the means to do what you say, that the FBI wouldn't already be in that phone right now?
New Slashdot Owners: This is an example of why we need new moderation categories, such as -1, Wrong.
Well, that's exactly what they've asked Apple to do - create a version of iOS that allows for electronic entry of the unlock code, so they can have a computer hammer thousands of codes through it. Apple doesn't even want to create such an image, because it *will* leak out and be used more than this once. Someone will hand it off to CIA / NSA / whoever, and that's the ball game.
It's hardware based encryption, where half of the key comes out of a value burned into the CPU during manufacturing (and not recorded anywhere) combined with a value burned into the "Secure Enclave" during manufacturing (and not recorded anywhere). You take the storage image off the device, you lose half the key and you're fucked. You attempt to crack the PIN on device, you get 10 tries before the secure enclave overwrites the key with a new one, and you're fucked. If the auto-wipe was disabled by the user (it's on by default), then you get an ever-increasing time delay enforced by the hardware in between PIN attempts. It would take upwards of a year to brute-force a 4-digit PIN unless you get very lucky.
Oh, and the setting for the automatic wipe as well as the half of the key generated from sensor entropy is cryptographically stored in the Secure Enclave, which you cannot image or change values of. The crypto key for that is the user's PIN / password.
Is this impossible to break? Given near infinite resources, no. Is it hard enough that you could use the Theory of Limits from calculus to make it equal to impossible? Probably.
The one thing that might stop them is if Apple uses their firmware signing stuff, and then revoke the signing afterward. But that would only be a temporary stop until someone at FBI / NSA figures out how to man-in-the-middle the signing mechanism within their lab.
The court order is to create a version of iOS that has a back door, which could then be loaded onto the device. Do you really think the US Government would use this one time, and then destroy all copies of it, or do you think that a copy might get "accidentally" transmitted to the CIA / NSA and used whenever the fuck they want?
Which is why you pay a lawyer 4 hours to sit down with a cryptographer ("expert witness") who then writes a legal brief saying as much. You continue by saying that the only possible strategies for accomplishing what is asked in the court order is extravagantly expensive in either time, resources, or in this case, both. You provide documentation proving it to be true.
The legal phrase of note here is "unduly burdensome" and running a supercomputer that doesn't yet exist for a couple hundred years probably meets that definition.
The key isn't in an image-able bit of memory. It's in the secure chip. And that secure chip can't be removed from the device without fucking the key, as it's paired with a burned-in value in the CPU. The password try delay is enforced by that chip, and that chip erases itself after 10 tries unless you disable that feature, which (presumably) Apple will not be able to do, because that preference would be stored on-chip.
The only off-phone method you'd have is directly attacking the AES-256 encrypted image by brute-forcing the whole key. Good luck with that.