Tag: Software

Being Evil

No Comments

I am referring, of course, to Google, which has refused to remove the Absher App, which the House of Saud wrote to, among other things, keep women from traveling freely.

I know that these ratf%$#s think that they are somehow making the world better place, but they aren’t.

They are just another bunch of pimps: (This applies to Apple, as well, they are mentioned in the story.)

Google has declined to remove from its app store a Saudi government app which lets men track women and control where they travel, on the grounds that it meets all their terms and conditions.

Google reviewed the app — called Absher — and concluded that it does not violate any agreements, and can therefore remain on the Google Play store.

The decision was communicated by Google to the office of Rep. Jackie Speier, a California Democrat who, with other members of Congress, wrote last week to demand they remove the service.

………

INSIDER last month reported how Absher — an all-purpose app which Saudis use to interact with the state — offers features which allow Saudi men to grant and rescind travel permission for women, and to set up SMS alerts for when women use their passports.

………

Rep. Speier and 13 colleagues in Congress wrote to Google CEO Sundar Pichai and Apple CEO Tim Cook on February 21, demanding that the app be removed.

………

Apple has also not responded to a request for comment from INSIDER.

Rep. Speier told INSIDER: “The responses received so far from Apple and Google are deeply unsatisfactory.”

“As of today, the Absher app remains available in both the Apple App store and the Google Play Store even though they can easily remove it.”

“Not only do they have the capability to take action, they have done so previously with the removal of the Living Hope Ministries app, which encouraged users to ‘convert’ LGBTQ individuals, based on its ability to cause harm.”

“Facilitating the detention of women seeking asylum and fleeing abuse and control unequivocally causes harm. I will be following up on this issue with my colleagues,” Rep. Speier said.

Seriously, Apple and Google are one step above slave traders.

Being Evil

No Comments

It looks like Google, now that an anemic Firefox is the last other browser standing, will cripple ad blockers in Chrome.
What a surprise, an advertising company who dominates the browser market is crippling ad blockers:

Google engineers have proposed changes to the open-source Chromium browser that will break content-blocking extensions, including ad blockers.

If the overhaul goes ahead, Adblock Plus and similar plugins that rely on basic filtering will, with some tweaks, still be able to function to some degree, unlike more ambitious extensions, such as uBlock Origin, which will be hit hard. The drafted changes will limit the capabilities available to extension developers, ostensibly for the sake of speed and safety. Chromium forms the central core of Google Chrome, and, soon, Microsoft Edge.

In a note posted Tuesday to the Chromium bug tracker, Raymond Hill, the developer behind uBlock Origin and uMatrix, said the changes contemplated by the Manifest v3 proposal will ruin his ad and content blocking extensions, and take control of content away from users.

………

“If this (quite limited) declarativeNetRequest API ends up being the only way content blockers can accomplish their duty, this essentially means that two content blockers I have maintained for years, uBlock Origin and uMatrix, can no longer exist,” said Hill.

The proposed changes will diminish the effectiveness of content blocking and ad blocking extensions, though they won’t entirely eliminate all ad blocking. The basic filtering mechanism supported by Adblock Plus should still be available. But uBlock Origin and uMatrix offer far more extensive controls, without trying to placate publishers through ad whitelisting.
“Users should have increased control over their extensions,” the design document says. “A user should be able to determine what information is available to an extension, and be able to control that privilege.”

But one way Google would like to achieve these goals involves replacing the webRequest API with a new one, declarativeNetRequest.

The webRequest API allows browser extensions, like uBlock Origin, to intercept network requests, so they can be blocked, modified, or redirected. This can cause delays in web page loading because Chrome has to wait for the extension. In the future, webRequest will only be able to read network requests, not modify them.

The declarativeNetRequest allows Chrome (rather than the extension itself) to decide how to handle network requests, thereby removing a possible source of bottlenecks and a potentially useful mechanism for changing browser behavior.

“The declarativeNetRequest API provides better privacy to users because extensions can’t actually read the network requests made on the user’s behalf,” Google’s API documentation explains.

………

“If this (quite limited) declarativeNetRequest API ends up being the only way content blockers can accomplish their duty, this essentially means that two content blockers I have maintained for years, uBlock Origin and uMatrix, can no longer exist,” said Hill.

The proposed changes will diminish the effectiveness of content blocking and ad blocking extensions, though they won’t entirely eliminate all ad blocking. The basic filtering mechanism supported by Adblock Plus should still be available. But uBlock Origin and uMatrix offer far more extensive controls, without trying to placate publishers through ad whitelisting.

………

Hill observes that several other capabilities will no longer be available under the new API, including blocking media elements larger than a specified size, disable JavaScript execution by injecting Content-Security-Policy directives, and removing the outgoing Cookie headers

This means that it is almost certain that NoScript, for example, whose security bona fides are such that it is distributed with the TOR browser, will never work effectively on Chromium based browsers.

This does not help user privacy or security, it’s just Google being evil, again.

What Fresh Hell is This?

No Comments
In response to repeated news about how they are contemptible liars, Facebook has adopted a new strategy, they are cutting details with phone manufacturers to install their app and make it unremovable:

Sorry #DeleteFacebook, you never stood a chance.

Yesterday Bloomberg reported that the scandal-beset social media behemoth has inked an unknown number of agreements with Android smartphone makers, mobile carriers and OSes around the world to not only pre-load Facebook’s eponymous app on hardware but render the software undeleteable; a permanent feature of your device, whether you like how the company’s app can track your every move and digital action or not.

Bloomberg spoke to a U.S. owner of a Samsung Galaxy S8 who, after reading forum discussions about Samsung devices, found his own pre-loaded Facebook app could not be removed. It could only be “disabled,” with no explanation available to him as to what exactly that meant.

It means that your privacy is toast.

A Facebook spokesperson told Bloomberg that a disabled permanent app doesn’t continue collecting data or sending information back to the company, but declined to specify exactly how many such pre-install deals Facebook has globally.

How many times has Facebook promised this, and has been found to be lying through teeth?

OK, too tough.  You run out of fingers, and toes.

How many times has Facebook promised this, and has been found to be lying through teeth ……… THIS YEAR?

Seriously, I highly recommend rooting your phone.

ALIS is an Off Switch

2 Comments
Lockheed-Martin has tightly integrated its Autonomic Logistics Information System (ALIS) into the F-35, and now nations that are taking deliveries are concerned about the massive volumes of data being sent back to servers in Fort Worth, Texas, and they are demanding that they gain control of this data:

Lockheed Martin received a $26.1 million contract to develop data transmission controls for foreign customers of the F-35 and its autonomic logistics information system (ALIS).

International development partners and foreign customers of the F-35 have expressed concern that ALIS, which manages and analyses the fighter’s systems, training and flight logs, would automatically transmit information back to Lockheed’s hub in Fort Worth, Texas, possibly giving the company and the USA insight into their military operations.

“This effort provides F-35 international partners the capability to review and block messages to prevent sovereign data loss,” says the contract notice online. “Additionally, the effort includes studies and recommendations to improve the security architecture of ALIS.”

Previously, international development partners and foreign customers of the F-35 had programmed short-term software patches for ALIS that allowed them to control what data was sent back to the USA.

The F-35 does not fly without ALIS after a few days without a deep access to the source code, which only LM and the DoD have.

It isn’t just a matter of the ALIS system being a massive security hole for our allies, it is an off switch.

If Only We Can Apply this to Twitter

No Comments

Bethesda Softworks has come up with an inventive way of dealing with trolls in its most recent online game, Fallout 76.

Basically, they have literally painted bulls-eyes on the backs of abusive gamers:

When Bethesda mentioned that Fallout 76 was an online game, you could hear alarm bells ringing in fans’ heads. How were they going to deal with the inevitable trolls who come in to ruin other players’ fun? Now we know: it’s making them a part of the game. In a presentation at QuakeCon, game lead Todd Howard revealed that people who kill unwilling victims will get bounties on their heads, with the money coming out of their total cap balance (that is, currency) and reflecting their character level. They’ll also be impossible to miss — you’ll see a red star on the map.

This will help you avoid troublemakers, but you’ll have a strong incentive to take them down. Fallout 76 will include a revenge mechanic that doubles the usual payout if you take down the person who killed you. You also won’t lose your core gear like weapons and armor, so you don’t have to worry that someone will swipe your hard-earned laser weapon.

There has to be a way to extend this to Twitter.

That place is a cesspool.

Burn Motherf%$#er, Burn

No Comments

I was waiting for someone to sue Apple for hacking their iPhones when they crippled older phones with OS updates:

The saga of class-action lawsuits looming over Apple’s iOS battery management took a new turn last week – as the Cupertino giant was accused of violating American hacking laws.

A complaint [PDF] filed in the US federal district court of northern California lists a violation of the Computer Fraud and Abuse Act among the charges filed against Cook and Co.

The lawsuit, submitted on behalf of everyone in America who bought an iPhone or iPad that had been subject to performance throttling on devices that suffered from diminished battery capacity, accuses Apple of illegally tampering with devices, amongst other things.

The suit argues that the iOS update slowed down a device in order to preserve battery life. In doing so Apple intentionally “damaged” its hardware without user knowledge or permission, violation of the CFAA, the plaintiffs – Alex Rodriguez, of Alaska, and scores of pals – claim.

“Apple violated [the CFAA] by knowingly causing the transmission of iOS software Updates to Plaintiff and class members’ devices to access, collect, and transmit information to devices, which are protected computers as defined in [the CFAA] because they are used in interstate commerce and/or communication,” the complaint reasons.

“By transmitting information to class members’ devices, Apple intentionally caused damage without authorization to class members’ devices by impairing the ability of those devices to operate as warranted, represented, and advertised.”

I really hope that Apple gets hung out to dry on this one.

Apple’s view of iPhones seem to be that, notwithstanding the money that people pay for the devices, it is Apple, Inc. that owns them.

They need to be disabused of this concept.

There Needs to be Mass Firings and Mass Prosecutions at ICE

No Comments

It has been revealed that the Immigration and Customs Enforcement agency has been hacking its own risk assessment software so that it can detain everyone it catches.

This organization is fatally flawed, and while its function is essential, the culture is beyond fixing.

Fire all of them and pull their security clearances, and prosecute those who have abused their power:

One of the more fascinating and horrible details in Reuters’ thoroughly fascinating and horrible long-form report on Trump’s cruel border policies is this nugget: ICE hacked the risk-assessment tool it used to decide whom to imprison so that it recommended that everyone should be detained.

………

Prior to ICE’s changes to its risk assessment software that result in mandatory detention for all apprehended immigrants, the only immigrants that would automatically be detained were those with serious criminal histories. According to the most recent data released by ICE cited in the Reuters report, the most serious crime committed by nearly half of arrested immigrants during the first 100 days of the Trump administration were traffic violations, which didn’t include drunk driving.

I’m beginning to think that ICE sees sadism as an essential requirement for new hires.

Microsoft is Conspiring to Silence Me

No Comments

It appears that Microsoft is instituting terms of service that ban profanity on things like Offic3 365 and Skype.

This will render me mute:

Microsoft has advised customers that offensive language on Skype, in an Outlook.com email, or in an Office 365 Word document is a potentially account-closing offense under its updated terms of use.

The tweaked services agreement, which comes into effect on May 1, 2018, now includes the following code-of-conduct item:

Don’t publicly display or use the Services to share inappropriate content or material (involving, for example, nudity, bestiality, pornography, offensive language, graphic violence, or criminal activity).

And if you disobey?

If you violate these Terms, we may stop providing Services to you or we may close your Microsoft account. We may also block delivery of a communication (like email, file sharing or instant message) to or from the Services in an effort to enforce these Terms or we may remove or refuse to publish Your Content for any reason. When investigating alleged violations of these Terms, Microsoft reserves the right to review Your Content in order to resolve the issue. However, we cannot monitor the entire Services and make no attempt to do so.

Microsoft lists its online services covered by the agreement here. To save you the click, the list includes:

………

On The Register’s reading of the rules, a profanity-laden file written in Office 365, or an email with a nude selfie attached sent using Outlook.com, fall on the wrong side of the code, if reported to Microsoft by someone. As would asking Bing to look up “Simon Sharwood of The Register is sh*t” or telling Cortana to “f*ck off” if it somehow caused offense.

Obviously, I do NOT think that the changes to the Microflaccid TOS is a specific attempt to target me.

I am saying two separate things, that the folks from Redmond are conspiring (clearly, since it is a group effort), and that if fully implemented, it would have the effect of silencing me, because I am profoundly profane in my speech and writing.

I am simply a bug plastered to Bill Gates’ windshield.

Applying Software Ethos to the Real Word

No Comments
I am referring, of course to Elon Musk and Tesla Motors.

The author draws analogies to the bad old days of the US auto industry, where shipping was more important than shipping it right:

The idea that Silicon Valley could reinvent the auto sector the way Apple reinvented mobile phones is an appealing one, and by some metrics Tesla has done just that. The Silicon Valley automaker’s distinctive product features — blistering performance, long-range batteries and slick touchscreen interfaces –have beguiled legions of fans and investors, giving the impression that the future of the auto industry had suddenly arrived.

But recent reports call that glowing future into question. After 15 years, it’s increasingly clear that Tesla has nothing to offer in the area that, as the tech analyst Horace Dediu puts it, is where “almost all meaningful innovation occurs”: the production system.

Throughout its history, Tesla has been plagued by poor manufacturing quality and missed production deadlines. And now, CNBC’s Lora Kolodny has the scoop on Tesla operations tasked with “reworking” and “remanufacturing” poor quality cars and parts, illustrating a deeper problem than the poor quality itself. By reworking vehicles after they come off the line at its Fremont, California, assembly plant at a dedicated remanufacturing facility in nearby Lathrop — and even reportedly in its service centers — Tesla is taking automotive manufacturing back to dark ages.

Once upon a time, this was the standard practice for Detroit’s automakers. Driven by logic derived from Henry Ford’s manufacturing system, U.S. automakers kept production cranking in order to maximize efficiencies of scale, and then repaired defective cars after they rolled off the line. Though many factors contributed to the decline of the Big Three in the 1970s and 80s, the inefficiency and apathy entrenched in company culture by this approach to quality was one of the most important.

In contrast, Toyota’s cars may not have had the dramatic, chrome-draped designs or V8 performance of American competitors, but the legendary Toyota Production System (also known as TPS, or “lean”) did away with rework, and its dependable, high-quality cars eviscerated Detroit’s market share. By systematically eliminating all forms of waste — “muda” — from its manufacturing, Toyota found that both capital efficiency and quality benefited enormously from building cars right the first time.

………

Tesla seems either uninterested in or oblivious to the historical lesson here. On last quarter’s earnings call, chief executive Elon Musk told analysts that Tesla doesn’t see TPS as a model for his company, even as he reiterated his goal of “productizing” Tesla’s factories.

Manufacturers have learned that it’s better to get it right the first time over the past few decades, computer programmers, not so much.

Hence we see the bloated software that is as full of bugs as it is full of new features that no one really needs.

Rinse, lather, and repeat, and we have Elon Musk’s Tesla.

Jeff Bezos Is Attempting to Upload His Consciousness to a Machine

No Comments

Let’s look at the checklist of scary sh%$ that Alexa does:

  • Listens to everything you say.
  • Doesn’t really care except to sell you more sh%$.
  • Doesn’t really understand the real you.
  • Doesn’t care that they don’t understand the real you.
  • Doesn’t give a sh%$ about people generally.

And here is the final bit, unexpected bursts of weird incongruous laughter.

I can only conclude that this is a result of Bezos attempting to upload his consciousness to the cloud:

Over the past few days, users with Alexa-enabled devices have reported hearing strange, unprompted laughter. Amazon responded to the creepiness today in a statement to The Verge, saying, “We’re aware of this and working to fix it.”

………

As noted in media reports and a trending Twitter moment, Alexa seemed to start laughing without being prompted to wake. People on Twitter and Reddit reported that they thought it was an actual person laughing near them, which is certainly scary if you’re home alone. Many responded to the cackling sounds by unplugging their Alexa-enabled devices.

I’m beginning to think that this whole Internet thing was a mistake.

Forcefully Unmap Complete Kernel With Interrupt Trampolines

No Comments

Yes, Apple crippled older phones, and Intel said, “Here, hold my beer.”

Basically the error can allow low level programs to take over the kernel, with a result kind of like that scene in Raiders of the Lost Ark when they open up the ark.

There is a fix, but it involves changes to the operating system that causes a significant performance hit, and Linux developers were unamused:

2) Namespace

   Several people including Linus requested to change the KAISER name.

   We came up with a list of technically correct acronyms:

     User Address Space Separation, prefix uass_

     Forcefully Unmap Complete Kernel With Interrupt Trampolines, prefix f%$#wit_

   but we are politically correct people so we settled for

    Kernel Page Table Isolation, prefix kpti_

   Linus, your call :))

As near as I can figure out, Intel’s claim that this is, “Not a bug,” and this appears to be true.

This appears to be a direct consequence of their attempt to boost processor performance in their competition with AMD, which appears not to be vulnerable to the “KPTI” bug, also called “Meldtown”.

However, it does appear that speculative execution in general creates a whole host of potential (though thankfully more difficult) exploits across a much wider range of processors. (This one is called Spectre).

I’m beginning to think that it is time for a major change in CPU architectures.

Well, They Would Say That, Wouldn’t They*

No Comments

It appears that Oracle Corporation has gone to war against the “evils” of open source software.

Seeing as how it cost them money, and open source software had to be used fix disastrous issues with some of their recent projects, (**cough** failed healthecare exchanges **cough**) it should surprise no one that they have chosen to go full jihad against this:

Even though Oracle is based in the heart of Silicon Valley (I can see its offices from my own office window as I type this), the company has become sort of anti-Silicon Valley. It tends to represent the opposite of nearly everything that is accepted wisdom around here. And its latest crusade is against open source technology being used by the federal government — and against the government hiring people out of Silicon Valley to help create more modern systems. Instead, Oracle would apparently prefer the government just give it lots of money.

First, some background: over the past few years, one of the most positive things involving the federal government and technology has been the success of two similar (but also very different) organizations in the US government: US Digital Service (USDS) and 18F. If you’re completely unfamiliar with them there are plenty of articles describing both projects, but this one is a good overview. But the really short version is that both projects were an attempt to convince internet savvy engineers to help out in the federal government, and to bring a better understanding of modern technology into government. And it’s been a huge success in a variety of ways — such as creating federal government websites that are modern, secure and actually work. And even though both programs are associated with President Obama, the Trump administration has been adamant that it supports both organizations as well, and they’re important to continuing to modernize the federal government. The offices are not politicized, and they have been some of the best proof we’ve got that government done right involves smart, dedicated technologists.

………

A little more background: if it weren’t for Oracle’s failures, there might not even be a USDS. USDS really grew out of the emergency hiring of some top notch internet engineers in response to the Healthcare.gov rollout debacle. And if you don’t recall, a big part of that debacle was blamed on Oracle’s technology. So, perhaps it’s not surprising that Oracle might hold a bit of a grudge against USDS. Similarly, while Oracle likes to claim that it’s supportive of open source technologies, most recognize that open source has been eating Oracle’s lunch for a while now. 

Even with all that background, the sheer contempt found in Oracle’s submission on IT modernization is pretty stunning. The letter complains about three “false narratives” that “have taken the [US government] off track”:

False Narrative: Government should attempt to emulate the fast-paced innovation of Silicon Valley. Silicon Valley is comprised of IT vendors most of which fail. The USG is not a technology vendor nor is it a start-up. Under no circumstance should the USG attempt to become a technology vendor. The USG can never develop, support or secure products economically or at scale. Government developed products are not subject to the extensive testing in the commercial market. Instead, the Government should attempt to emulate the best-practices of large private-sector Fortune 50 customers, which have competed, evaluated, procured and secured commercial technology successfully.

There’s even more nuttiness in the filing, but you can go through it yourself and count how frequently you gasp at just how wrong it is. This is an old, legacy company trying to cling desperately to old, obsolete, legacy ways. Oracle’s entire business was originally created to serve the US government as a customer, and it clearly doesn’t want to give that up. But, once again, things like this just make it clear why the top engineers coming out of school today don’t have much interest in going to work for a company with views like Oracle’s. 

As Upton Sinclair was wont to say, “It is difficult to get a man to understand something, when his salary depends on his not understanding it.”

*It’s a Mandy Rice-Davies/Profumo Affair reference.  Learn your modern British sex scandal history.

Throw Your Amazon Echo out the Window Now

No Comments

Such a good idea to give access to every conversation in your room to Russian hackers:

The data is also kept in the event it’s request by law enforcement, however Amazon fought police over what it saw as an overly broad request for audio logs on a murder suspect last year. (The company relented in April of this year and handed over the logs when the suspect voluntarily said he was willing to provide them.)

Amazon does not hand this data over to developers, The Information says, because such a move would undermine Amazon’s commitment to user privacy. However, because Google, which makes the most popular Echo competitor currently on the market, does give developers access to this data, Amazon’s Echo and Alexa divisions feel they are at a disadvantage, the report states. Google did not immediately respond to a request for comment on its data-sharing policies for the Home speaker.

For instance, some developers fear that without audio logs of requests, like those related to a food delivery order, they won’t know exactly what went wrong if the order is ultimately incorrect and the customer unhappy. According to The Information, Amazon does give some data over to a select few “whitelisted” developers, though how that system works is unclear. Amazon is considering granting third-party app developers access to transcripts of audio recordings saved by Alexa-powered devices, according to a report from The Information today. The change would be aimed at enticing developers to continue investing in Alexa as a voice assistant platform, by giving those app makers more data that could help improve their software over time. Amazon’s goal, according to The Information, is to stay competitive with more recent entrants in the smart speaker market, like Apple and Google.

Amazon declined to comment on its future plans for Alexa data-sharing policies. However, a company spokesperson told The Verge, “When you use a skill, we provide the developer the information they need to process your request. We do not share customer identifiable information to third-party skills without the customer’s consent. We do not share audio recordings with developers.”

As it stands today, Amazon records audio through Alexa devices like the Echo home speaker and the new Echo Look camera and Echo Show monitor, however only after a “wake word” like “Hey Alexa” is used to prime the software. These devices send these audio clips to an Amazon-owned server where they’re analyzed to produce a near-instantaneous response from Alexa, but where they’re also stored so Amazon can improve its digital assistant through artificial intelligence training techniques.

………

Amazon does not hand this data over to developers, The Information says, because such a move would undermine Amazon’s commitment to user privacy. However, because Google, which makes the most popular Echo competitor currently on the market, does give developers access to this data, Amazon’s Echo and Alexa divisions feel they are at a disadvantage, the report states. Google did not immediately respond to a request for comment on its data-sharing policies for the Home speaker.

For instance, some developers fear that without audio logs of requests, like those related to a food delivery order, they won’t know exactly what went wrong if the order is ultimately incorrect and the customer unhappy. According to The Information, Amazon does give some data over to a select few “whitelisted” developers, though how that system works is unclear.

Yeah, throw out Google Home as well.

Orwell in a f%$#ing box.

The Glory That Is the Free Market

No Comments

As you are no doubt aware, Apple has locked down its iPhone platform something fierce.

Among other things, it makes security research much more difficult, which makes bugs a rare commodity in the Apple security community.

Of course, under the laws of supply and demand, it means that the price of the bugs would increase, which means that Apples iPhone bug bounty program has no takers, because it’s not enough money:

For now, security researchers who have been invited by Apple to submit high-value bugs through the program prefer to keep the bugs for themselves.

In August 2016, Apple’s head of security Ivan Krstic stole the show at one of the biggest security conferences in the world with an unexpected announcement.

“I wanna share some news with you,” Krstic said at the Black Hat conference, before announcing that Apple was finally launching a bug bounty program to reward friendly hackers who report bugs to the company.

The crowd erupted in enthusiastic applause. But almost a year later, the long-awaited program appears to be struggling to take off, with no public evidence that hackers have claimed any bug bounties.
 The iPhone’s security is so tight that it’s hard to find any flaws at all, which leads to sky-high prices for bugs on the grey market. Researchers I spoke to are reluctant to report bugs both because they are so valuable and because reporting some bugs may actually prevent them from doing more research.

“People can get more cash if they sell their bugs to others,” said Nikias Bassen, a security researcher for the company Zimperium, and who joined Apple’s program last year. “If you’re just doing it for the money, you’re not going to give [bugs] to Apple directly.”

Patrick Wardle, a former NSA hacker and researcher at Synack who now specializes in MacOS research and was invited to the Apple bug bounty program, agreed. He said that iOS bugs are “too valuable to report to Apple.”

………

But it’s not just about the immediate reward. iOS is such a complex, locked-down, and secure operating system that simply to inspect and do research on it, one needs multiple, unpatched, zero-day bugs, perhaps even a full-fledged jailbreak, according to researchers. In other words, you need unknown bugs just to find bugs in other parts of the operating system that might be otherwise locked.

That’s why some prefer to keep their bugs and continue doing research rather than handicapping themselves for a reward of few thousand dollars.

“Nobody is going to kill bugs unless they’re fucking dumb,” Luca Todesco, a well-known iPhone jailbreaker, told me a few months ago. “Just because they will kill their own future […] If I kill my own bugs then I’m not able to do my own research.”

………

While the researchers were visiting Cupertino, they asked Apple’s security team for special iPhones that don’t have certain restrictions so it’s easier to hack them, according to multiple people who attended the meeting. These devices would have some security features, such as sandboxing, disabled in order to allow the researchers to continue doing their work. One researcher described them as “developer devices.”

But Apple, for now, isn’t willing to provide those special devices, according to three researchers who recounted the exchange.

These bugs actually have a legal market, helping law enforcement breaking into phones, as well as firms that sell jailbreak (which is legal) software to end users, which allows end users to evade Apple’s frequently arbitrary rules on how a user might choose to use their own phones.

In any case, Apple’s opacity has raised the cost of bugs to more than Apple is willing to pay.

As to whether this is a good or a bad thing, I will leave that to the reader.

This is an Epic Resignation Letter

No Comments

Paul Carr, who has been covering Silicon Valley misdeeds for many years, has resigned the beat, which he calls the “Silicon Valley Swamp.”

He’s not quitting writing, and he will remain at Pando, but he has found that his continuing exposure to the, “Endless perp walk of sociopaths, psychopaths and criminals with names like (Pando investor) Peter Thiel, Travis Kalanick, Emil Michael, Palmer Luckey, and Gurbaksh Chahal – not to mention their enablers and co-conspirators like Paul Graham and Sam Altman, Rachel Whetstone and Steve Hilton, Joe Lonsdale, Arianna Huffington, Shervin Pishevar, and a thousand more like them,” was soul destroying.

Here is the most profound bit of his opus, and it IS an opus:

But no. The fact that spotting tech toxicity has become my “thing” is exactly the problem. Another lesson I learned a long time ago: When something toxic comes to define you, it’s time to stop.

This should be on the wall of everyone’s cubicle.