The amount of hidden engineering in Analog systems is mind blowing. Imagine how many hours were spent in a lab figuring out the exact right timings, chemical mixtures, and circuit design needed to make modern Cinema exist as we know it.
Yeah, I read stuff like this and think the engineers back in the 50's were some of the smartest. I certainly would not have been able to cut the muster back then.
Numerous examples in early digital era as well, see e.g. fast inverse square root, cga color hacks (also entire demoscene) and endless tricks in software that has been outrunning hardware for a while.
Later these were declared wrong, considered harmful, having bad smell, not passing code review and it all became a boring task of combining lego blocks. Sure these analog guys had insane tricks in their sleeves, but our “collective industry” would probably stigmatize them immediately if met today.
Hey, don't spoil it. I was enjoying the image of him standing alone, pulling out a sword and charging at a battalion of soldiers arrayed on a parade ground.
Certainly I think we should ignore the trope that we've left that analog crap behind up and realise that those are just some of the giants whose shoulders we stand upon.
Every generation has its challenges, but we can be greatful that the generation before us gave us new ones. It has not always been the case.
It's possible for analogue engineering to be incredibly challenging impressive and, to put it crassly, a bit crap.
I certainly don't miss the days of adjusting tint settings, headroom, over-scan and interlacing. Digital isn't without its issues of course, but even a lot of those trace their history back to analogue hacks - article case in point.
There is this side effect of digital lowering the bar though. Back in the analogue days, you needed to be a wizard to get anything done, which meant a lot of the people then seemed to care about the details more than they do now. Digital makes everything so easy that anyone can do it, which can go both ways.
Spinning rust drives store analog magnetics that get error corrected to digital. Same with electron potentials in ram. Same with SSDs. Signals over HDMI are converted to analog to display.
Sure, it's nice to deal with crisp neat digital signals... But to get there, you always need to deal with analog.
It's often in retrospect as well. It can take time for the impact of certain innovations to unfold, and it often begins with a small group of people. The breadth of human innovation is now so wide that a scientist/engineer from the 1950s simply doesn't have the same scope of problems and areas of study to work on.
That's why people like Leonardo da Vinci could exist, the scope of human understanding was much smaller and so their work was much more wide-reaching and foundational. Today, you can dedicate your life's work to some hyper-specific problem in a very specific field. Tomorrow, this work might seem fundamentally primitive or foundational in the way that previous generations are perceived.
Only because you are sitting on top of a million prebuilt tools and products. Essentially the same as someone who just purchased the hardware and plugged a video feed in from the camera.
Usually the protocol stack is PHY/MAC/IP/TCP/TLS/application which is 6 layers. It's the same as the OSI stack except for the lack of a session layer, which is somewhat split between TCP 3-way handshake and TLS authentication/authorization.
TCP and IP exist as part of the Internet stack. The OSI stack consisted of an alternate set of standards (like LAPB and X.400) which were not widely adopted.
Even if you map Internet protocols to the OSI model -- which is imprecise at best -- TCP represents the transport layer, and IP the network layer. They're not a single component.
You made me stop and question myself for a second, but this definitely isn't right. Usually when people talk about "TCP/IP" it's shorthand for the whole "Internet Protocol Suite", but even naively TCP and IP are two different layers.
Yep, the slash is meaningful. I think of writing "TCP/IP" that way as in a fraction -- "TCP over IP" or "TCP on IP". At least, that was how my brain learned it.
It's a shame that they can't transition it to a read-only archive type site, where everything is still accessible and playable- jut no new updates or content.
That's what kongregate did I believe. They disabled the forums, the chats, no new games, no new achievements and that's it. It's a strange sensation to enter kongregate which had such a thriving community and see everything so... static
Literally nothing? Just leave it as is. There is a browser extension called Ruffle that lets you play older (AS2) Flash games, and eventually it will support newer (AS3) Flash games too.
Edit: most users won't have the Ruffle extension, so the one great thing they could do is add it to the site with a single <script> tag :)
Flash games are static content (except for high scores). A Flash game is just a SWF file, typically a couple MB (or KB!).
If you'd like to experience the games that were available on Miniclip back in the day, your best bet is FlashPoint, a big offline archive of Flash games (ships with integrated FlashPlayer and a nice UI to search for games).
Not really. Nomad is closer, and Mesos (the old one) is closer still.
I wrote my own as a rust library, and I'm in the progress of further breaking it apart. Might get a prototype finished this weekend and if so, I'll share it here.
Same & Agreed. Be aware of what you're doing, and make sure you can realistically be sober 10 out of every 14 days. Dependence/Addiction needs to be avoided at all costs.
I think the part of the discussion that is ignored here is the security aspect.
Apple has hardened their hardware against attackers replacing components of the phone with compromised versions. Sure, at the same time it prevents 3rd party repairs, but I don't think Apple's only motivation for doing this was to screw over 3rd party repair shops.
When the NSA leaks came out, there was some sections that showed how shipments of electronics could be intercepted and backdoored. I would 100% believe there are groups out there that have or are working on chip level attacks for iPhones and other mobile products. Swap Apple's Face unlock chip with a custom one that includes other embedded profiles that can unlock the phone without the owner's knowledge does not seem far fetched.
A lot of the changes to the MacBooks seem to also have been done with device hardening in mind.
I cannot tell you how much damage my iPhone 12 Pro has taken without the screen cracking, which makes me personally think the reasons these changes have been made are not just related to 3rd party repairs.
If you look back at the history of Apple you'll find they've always been authoritarian control-freaks, ever since the original Macintosh. This is merely another step in the same direction.
The article even says that the repair shops have already found ways around it, so whatever element of "security" it provides is clearly extremely low. It only exists as a (low) bar against third-party repair, with "security" as an excuse.
As the saying goes "those who give up freedom for security..." etc.
The workaround requires physically moving the original chip to new phone screen. Assuming that chip is where the important Face ID stuff happens, this ensures the important component hasn’t been tampered with and would thwart the NSA hardware intercept attacks op mentioned. Can anyone confirm this chip is also where the Face ID profiles are stored/enforced?
That said, I’m still doubtful this is entirely for security. What’s frustrating with Apple is that their moves to secure their hardware at every level also have the effect of tightening their stranglehold on the ecosystem. Unclear what the core motivation is.
So a marginally sophisticated player motivated by say stealing someone's content can still do it relatively easy, but if my 14-yr-old breaks her screen, we're SOL. You don't actually think this would even slow down the NSA do you? It's about Apple locking out independent repair businesses.
Would this stop the NSA? No way. But assuming this component is critical for Face ID security, then yes I do think it would slow down the NSA. And it's probably moot since well-funded state actors have access to RCE 0-days anyway.
But raising the cost of an attack might put it out of reach for lower-level actors. For example, there's a small industry of stalkerware [0] out there where the attacker is someone close to the victim. Like with a couple going through a divorce. This measure might make it infeasible for a stalker to compromise a victim's phone by replacing the Face ID chip with a hacked one.
Is security the only reason Apple's doing this? Not a chance. But I also don't think this is 100% useless security theatre. The better way to combat this is to fight against the false dichotomy Apple presents. They act like there's no middle ground between security and user control.
Rather than say all these security measures are useless, we can acknowledge that they have some value but present an alternative solution. I'm sure there are many options but here's a simple one: Don't put the secure Face ID chip on the replaceable screen! Put it somewhere else in the phone next to all the other secure hardware chips.
If I understand this correctly, this leaves the options of either keeping the existing chip that knows your face but isn’t backdoored, or replacing it with one that is backdoored but doesn’t know your face.
If so, I think it would slow down the NSA. They would have to figure out how to add a new face to an existing chip and, ideally, keep that hidden from the phone’s owner.
The chip establishes an authenticated, encrypted channel for faceID sensor information.
The goal is to prevent someone from silently replacing the camera module with a new device that is no longer capturing local/live data.
Since the ability to replace the camera is audited though, I would assume that this does lock out replacements of the FaceID module by unauthorized third parties, _unless_ there is also a process to do so via a full hardware/storage reset.
> Assuming that chip is where the important Face ID stuff happens, this ensures the important component hasn’t been tampered with and would thwart the NSA hardware intercept attacks op mentioned. Can anyone confirm this chip is also where the Face ID profiles are stored/enforced?
It can't be, otherwise Apples techs would not be able to replace it either. Even if it was, there wouldn't even be a reason to put it on the screen's ribbon cable. It could be integrated into the Apple-designed CPU, making the parts cheaper and more modular (i.e. easier to repair, even for Apple)
Right, the happy middle ground here would be to separate the security critical hardware from the fragile part which often needs replacement. It's unclear whether Apple repeatedly choose not to do this because of lack of incentive, lack of capability, or hostility towards repair.
i know so many inner city repair people, people of color who's business relies on fixing these phones. apple is effectively trying to dismantle these businesses by doing this type of tampering, i don't think it's right and it's effecting an already vulnerable segment of society.
Wow, that’s low. Not only are you needlessly bringing race into this, your comment comes across as deeply condescending to the very people you are purporting to support.
Except that the 'work around' does maintain security since it preserves the original FaceID chip assembly.
"The most sophisticated repair shops have found a workaround, but it’s not a quick, clever hack—it’s physically moving a soldered chip from the original screen onto the replacement. "
I'm not convinced by this - if you look at an iPhone 13's screen, it's entirely separate from the face ID hardware. https://i.imgur.com/D63HrIT.png (screenshot from [0])
On iPhones X through 12, if you kept the Face ID hardware and only changed the display, Face ID would continue to work. On the iPhone 13 series, if you keep the Face ID hardware and change the display, Face ID stops working.
The chip which people are removing seems to serve only to identify the display - nothing to do with the Face ID system. Apple has been using this chip for years to disable "true tone" display functionality when the screen was swapped (unless it was programmed by a proprietary tool, only available to first-party repair shops) - they're now also tying it disable Face ID.
You're wrong to say that the element of security it provides is low because, even with this workaround, you still don't have access to the data on the device. All this "workaround" does is keep the chain of trust from the original device. You'd still need to be able to unlock the device in order to get anything from it. It doesn't reset the FaceID information or bypass it in any way.
way to make a total strawman. that quote about freedom has nothing to do with digital security which enhances your privacy and the knowledge that your phone isn't compromised.
i'm all for right to repair and for apple to provide cheaper repairs and more authentic parts to resellers, but don't be obtuse about the reasoning.
the way around it, as i read, was to solder a chip to another board, which has some information authenticating the part and digital trust chain. anyway, i'm sure people like you just love to find reasons to hate apple, as it's grown to be a sort of cult rivaling the one that supports 'em
I mean, yes, this change makes them more money. But Apple is weird, because they are actually able to convince themselves that they're doing this for a good reason, and if you follow them closely you can almost see their central argument: when it comes to security, they trust nobody but themselves, not even the user they sell the device to. It's kind of a strange mindset, but if you look at it under that lens a lot of the concerns about sideloading and repairs make sense from their perspective ("we don't trust the user to do the right thing for their devices").
How does this look like from the outside? I think there are genuinely a lot of people who actually agree with this. Actually, I think almost everyone agrees with this to some extent: people only have a limited amount of effort they can spend managing different parts of their life. The conflict occurs for the parts where people do feel like they can make better decisions than Apple, but they can't because Apple won't let them. For most people, going to an Apple Store or AASP to get a repair is generally fine and saves them hassle. But for the people who are willing to save money to go elsewhere, or do their own repairs, it really sucks.
it would be easier to stomach “apple owns the device not the loser customer” if there was a single major oem who was focused only on producing customer-owned devices
“ It can be debated whether the Librem 5 should be called "free hardware" or "open hardware" since most of the complexity of a smartphone lies within the individual components which are not open hardware. The Librem 5 is free/open hardware in the sense that anyone can take the schematics and legally produce their own versions of the phone, but it isn't free/open hardware in the sense that people can't access the source files for the SoC, cellular modem, WiFi/Bluetooth, GNSS, USB controller, etc., so most of the functionality is hidden.”
Let's examine your premise: Apple acts in the best interest of the customer. In this light FaceID is a bug, not a feature. If somebody wants to get into your phone they don't even need to beat you up; they just have to restrain you, take your phone, point it at your face, and they're in.
With a decent password, the adversary has to at least use a rubber hose. More important, cops can't legally use a rubber hose but they can damn well take your phone and point it at your face with no repercussions.
> when it comes to security, they trust nobody but themselves, not even the user they sell the device to. It's kind of a strange mindset
It is a strange mindset until you remember that obvious phishing attempts are still crippling organisations and so does ransomware and social engineering.
The security aspect is commonly brought up for justification for moves like this.
Would something like this even remotely stop an actor with the resources like the NSA? Does this even remotely benefit people that are not being targeted by intelligence services? I'd guess no. Security benefits for most people don't outweigh the downsides. If they are so security conscious why even have FaceID at all? It's already been shown to be not that secure why not instead require users to enter a 15 digit password and use 2FA to unlock their phone instead? Is it that they value convienence over security in that case but not where it potentially loses them money?
I think you got it backwards. The main reason is to exclude 3rd party repairs and extra security is a side effect that can be used as justification. Follow the money.
IMO there is way more money, like orders of magnitude more, to be made from successfully branding the iPhone as the most secure and private smartphone, compared to the repairs market.
They can already do that without harming repairs. As if replacing the hardware with physical access and giving the phone back to you to tap you is an attack people are actually afraid of... (and if they were, e.g. targeted by state actors or whatever, they could just get a specialized phone, not a mass market one).
They already have non-E2E-encrypted iCloud backups where they give access to the Feds and others.
The same argument could be made for any security hardening. Why bother with MFA, biometrics etc when the chances of being compromised are statistically very low. The reason is that it does happen and on a scale that's hard to quantify.
We have examples in Australia of ordinary citizens being targeted by China for promoting Hong Kong or showing support for Uyghur Muslims. And evidence has come to light that their phones and cloud accounts were hacked and friends/families targeted.
So for me personally I will take security hardening any day over saving a few bucks to go to a cheap screen repairer.
>The same argument could be made for any security hardening. Why bother with MFA, biometrics etc when the chances of being compromised are statistically very low.
No, the chances there are statistically very big. Because a thief might get your phone, and then can exploit access to it without MFA, biometrics, etc, and stole your bank account, data, etc.
But the chances of people (a) getting your phone, (b) replacing the camera module and compromising the OS, (c) giving your phone back without you noticing, to get your data, are statistically tiny.
And we've somehow managed for 15 years of smartphones without those mitigations...
>And evidence has come to light that their phones and cloud accounts were hacked and friends/families targeted.
Where they hacked in the way we're talking about here? If not, how is this relevant?
Give me a break. A screen swap in a modern smartphone is not something you can do in a bar in the time it takes somebody to go the bathroom. You need tools like a heat gun to even get the things open which greatly greatly limits the scenarios where and when something like this could occur.
Yeah, sure. Let me put millions to compromise a supply chain and get access to what thousands of people are sending on their WhatsApp accounts /s.
There is a reason why any type of security analysis needs to depend on your treat model. Unless the target is worth it, it doesn't make sense to do what you described.
Instead, millions of people lose a option of doing their screen repairs for cheap. And of course, Apple will have access to more money as always. But sure, security...
What are you on about? All you'd need to do is find the place where your target is going and either bribe the teenager behind the counter or, depending on the value of the target, compromise the distributor from wherever the parts are coming. This is neither expensive nor difficult to do.
> All you'd need to do is find the place where your target is going and either bribe the teenager behind the counter or, depending on the value of the target, compromise the distributor from wherever the parts are coming. This is neither expensive nor difficult to do.
Sure you won't find strange that your smartphone disappear and appear later on, probably turned off (or at least asking for password) because I can't imagine someone doing this procedure with it powered on.
BTW, if you're really a so important target that your life depends on your phone not being tapped, you probably at this point would just throw away your phone and buying another, even if it is completely secure (that I am sure it iPhones isn't). I can imagine many other ways of compromising your privacy just by adding a small GPS tracker or something similar, and this way I don't even need to have access to the original hardware.
Now, of course only a small handful of people needs that amount of security. For most people, having hardware-level encryption of the data contents is fine, of course with trusted path with the bio-metric sensors so a just swap of parts doesn't give access to all its data. This level of security is available in any Android/iPhone. Anything else is just justification to allow Apples to earn even more money.
> If your argument is that insecure devices are ok for most people, you’ve already lost.
Quoting things out-of-context is really bad.
What I meant for that amount of security is the kinda of security where if you lose your device from your sight consider it already compromised. People that needs that amount of security will not be better with the Apple's new security theater.
Android devices are sufficient secure if they're up-to-date (this is not always true, sadly). iPhone devices are secure when they're up-to-date (more likely) and not suffering from the 0-day exploit of the week (that is happening more and more frequently). Arguably every iPhone user would be much better if Apple started to take software security more seriously, but they prefer to increase their profits by making screen repairs harder "in name of security".
Just to make it clear: you don't need to have "Apple certificated repair shops" replace the screen to have secure bio-metrics. The Google Pixel 6 shows this, you can change the screen, this will disable the bio-metrics until the device is re-calibrated (that doesn't need special hardware). Once re-calibrated the device will wipe itself, so there is no security issue here [1].
But even still, this is probably too much. 0-days seems to be so bountiful those days that buying a 0-day seems to be much cheaper than doing custom hardware, even when the hardware itself is not authenticated. Still, if you're gonna do it, do as Google at least.
As far as I know they didn't trash their reputation among normal end-users, as long as they don't know or care apple can pull shit like that all day while still raking in money from the "security-conscious" crowd.
Also as far as the NSA is concerned, surely it'd be easier if they have a single supply chain where they are guaranteed to be able to compromise every single iPhone?
Seems a lot easier than compromising some random repair shop.
If Apple actually cared about security & privacy they would make iCloud et al. E2E encrypted but they don't.
A sophisticated hardware attack is probably going to be government sponsored anyway in which case that government can just request data from Apple directly.
You can care about security and privacy and also still care of ease of use. For 99.99% of their customers, encryption is enforced by default and being able to recover their data is more important than E2E encryption.
I make encrypted iOS backups to my computer. Happens automatically when I plug in my phone. Data never touches the cloud.
Also Apple does use E2EE for some iCloud backup data like Health, and Keychain (passwords). If you lose access to all of your iDevices you can't recover that data.
I totally agree that Apple should just make all iCloud backup data E2EE. Given that users already lose some types of data from their backup when they lose the key, that doesn't seem like that much of a barrier. Supposedly the reason they're not all E2EE is because of pressure from the FBI[0]. But people like me that care can still have encrypted backups.
Making it an option results in people taking that option without fully understanding the consequences. Then those users forget their password and when Apple tells them it is impossible to recover their data they run to the local news station and Apple gets a black eye. Regular people see it on the news and stop buying iPhones.
On the other hand, by not making it an option, Apple annoys power users and others at the extreme tail of the distribution. These users write about it in the tech press and Apple gets a black eye there… But Apple has always been criticized in the tech press so it doesn’t really change anything.
You seem to be implying that E2E is impossible without client-side CSAM scanning, but this is obviously false since other companies offer E2E without that.
Not technically impossible, but legally risky, and Apple are very risk-averse, legally-speaking.
Client-side CSAM detection would allow full client-side secrecy unless there’s a pattern of in-violation imagery destined to be sent (presumably E2E encrypted and thus undetectable) to iCloud.
It's easy to view every move Apple makes through the lens of money.
Their platform is locked down so that nobody can carve out their own turf. No custom browsers with modern web features. No runtimes. Apple's rules and taxes, or you're banned.
I've never been afraid of batteries compromising my system. Or new screens. Apple wants the extremely lucrative device repair market, and this is how they get it. Screens are the most common and expensive part to replace.
I am, however, afraid of my device reporting files that the government doesn't like. The Russian FSB is salivating at Apple's new device spying "CSAM" capabilities. Apple built this system to satisfy totalitarian regimes so they could still sell their devices. It turns their entire platform into a dragnet so that intelligence knows exactly who to target. The FBI probably put pressure on the DOJ for these same capabilities too. Apple is deathly afraid of antitrust breaking up their gravy train and would bow to pressure.
This is about money. Apple wants it all. They need extreme growth to justify their stock price and future outlook.
>I've never been afraid of batteries compromising my system.
Another case of "this doesn't affect me so there's no way anyone else would need it" that has recently plagued this site. This doesn't affect you but it does affect the millions of users that depend on the security of the phone - any enterprise level corporation with employees, government organizations, companies that deal with sensitive data, hospitals and other parts of the medical industry.
You're not afraid of batteries compromising your system but you're not the only person using these devices. Offering a more secure solution benefits everyone using these devices, even if you don't personally recognize a benefit from it.
> Offering a more secure solution benefits everyone using these devices, even if you don't personally recognize a benefit from it.
It's a detriment to me. I don't need that level of security, so why should I pay extra for all my repairs which is effectively me subsidizing enterprise corporations and governments? Plus it's increasing the original development and manufacturing costs, so I'm paying a lot extra for something that doesn't benefit me at all.
If those companies and governments really need those security features, let them pay for them. I don't care if their phones cost $5k.
A monopoly like Apple, hoarding and gatekeeping the tech, raising their prices. Making 3rd party apps and services more expensive because they have less margin due to Apple taxes.
Apple is not a monopoly so the rest of your statement is meaningless drivel. Also, if I recognize you from other threads, you tend to be pretty sensationalist so forgive me if I feel like you're the one selling a boogeyman.
Accusing a business of being motivated only by money is completely trivial and in informative.
For example iFixit clearly cares absolutely nothing for user security and is only motivated by money. They simply don’t care if devices are secure as long as they can sell repair kits.
Also it is clearly in ifixit’s interest to have unreliable devices that break often and need more repairs. This is true of the entire repair business - all they care about is money.
iFixit's business incentives are more aligned with the interests of consumers than the incentives of manufacturers like Apple who obstruct the repair of the devices they sell. The negligible security difference that Apple is using as an excuse to enforce high repair charges plays a minimal role in an informed user's decision to use a third-party part.
Clearly this isn't the case. It seems that the majority of consumers prefer the higher security posture of the iPhone as opposed to the low repairability. You claim it's a negligible security difference yet government organizations and enterprise customers choose iPhones a majority of the time for exactly the security posture used by the iPhone.
Someone who purchases an iPhone does not automatically endorse every single aspect of the iPhone. Many people choose iPhones because they are fashionable, and not for any security consideration.
Governments and enterprises contract with original equipment manufacturers for repairs because it is more convenient at that scale. Most phone users are not government or enterprise users, and have lower budgets. The cost difference between an Apple repair and a third-party repair is negligible for an enterprise, but much more significant for the average user.
Apple also intends to make money on repairs, which is why they are charging a higher markup for parts and labor compared to independent repair shops, and implementing anti-competitive restrictions to make it more difficult for third parties to repair Apple products when they break. Many phones from other manufacturers are also bought secondhand, just check eBay for examples.
Or maybe the only way independent companies can undercut Apple is to use sub-standard replacement parts, such as screen glass which isn’t toughened. In my experience this is very common. And it means that people who are prone to breaking their screen get replacement after replacement after replacement — ultimately costing them more.
This exact scenario has happened to two close friends and I’ve heard of it occurring with other people. Replacement screens break easily and the cost of the first and second repairs is more than one repair by Apple.
Many independent repair shops use high-quality parts, and consumers can check reviews or rely on past experiences to determine the quality of the repair before choosing a shop that works for them. Risk-averse consumers who are able to afford the higher upcharge can still choose to go to Apple for repairs if they want to. Obstructing independent repair options does a disservice to the consumers who prefer them.
In my experience, even the "high quality parts" are junk.
And regardless how high the quality is, these are still basically counterfeit products. Nobody would think it's okay for a company to sell counterfeit iPhones. Why is it okay to sell counterfeit iPhone components?
1) The market has a wide range of solutions at various prices for consumers. You wouldn't prevent people from buying a cheap Kia or Ford because it'll cost them more in the long run, would you? Must they buy a BMW? And then only source their parts from the original manufacturer in licensed dealerships?
2) If Apple cared about quality so much, why do their cables fray so easily? I've had to replace all of my charging cables, even on my recent M1 Mac.
In any case, your anecdotes are not the whole marketplace. A world where we can buy only Apple is a nightmare hellscape. Pray that doesn't happen.
>Someone who purchases an iPhone does not automatically endorse every single aspect of the iPhone.
While this is true, it does point out that that's not an important enough factor for them to not buy the phone, though. All these claims that this is in the interest of consumers is meaningless when people aren't buying the other phones but are buying iPhones. It seems Apple is nailing the "interests of consumers" pretty well, if that's the case.
Until phones and other electronics become indestructible, iFixit and independent repair shops continue to serve a consumer need by offering more cost-effective repair options than Apple and other manufacturers do.
Sure - but of course ifixit profits from devices that break easily, whereas Apple benefits from making devices more and more indestructible, which is why they keep working on that.
"Sure, at the same time it prevents 3rd party repairs, but I don't think Apple's only motivation for doing this was to screw over 3rd party repair shops."
Is that why they don't let you replace the microphone jack on a macbook and prevent their suppliers from selling me a replacement battery, keyboard or display?
Yes. If you can replace the microphone jack, or any of the other hardware you mention without verifying its integrity, you can add surveillance hardware to the device. I could replace your microphone with one that records everything and sends it to me and you'd be none the wiser.
If Apple Stores have the ability to pair a new FaceID module after an "official" repair, then why wouldn't the NSA have that same ability? Only third-party repair shops don't have that ability.
Presumably it would be some sort of signing solution, which would be a level of cryptography that not even the NSA with their infinite resources can defeat. Their only hope is to find bugs in the system that can be exploited. In this case such a “bug” would be replacing a module that doesn’t have any hardware integrity checking.
What? Apple will just give them a signing key or, more likely, build a portal for law enforcement to use. If they can provide those tools to authorized repair centers they’ll have to give them to the government when compelled.
> they’ll have to give them to the government when compelled.
Says who? The whole bruhaha in the San Bernardino case was that Apple would not create a custom version of iOS that would bypass the passcode system. If what you say is true, the FBI could've just compelled them to hand over the root CA for signing iOS builds, built a custom iOS iPSW that's pre-jailbroken (as was a thing in the years before the bootrom became more locked down), and been done.
Or if an employee of a store can do this, just pay or get an employee hired. I haven't heard of this seems concerning to me. I use a long passcode only on both phone and laptop.
That's why this exists, though. You can't compromise the person if the hardware signing/check are done via software that's connected to a server. There's nothing a person can do to override that if the hardware doesn't send back the right key.
> When the NSA leaks came out, there was some sections that showed how shipments of electronics could be intercepted and backdoored. I would 100% believe there are groups out there that have or are working on chip level attacks for iPhones and other mobile products. Swap Apple's Face unlock chip with a custom one that includes other embedded profiles that can unlock the phone without the owner's knowledge does not seem far fetched.
Which class of attackers are those hardenings supposed to deter? For three letter agencies, or groups with the resources to produce chip level attacks, this is child's play.
It was fair when Apple banned 3rd party home button(TouchID) replacement because it's sensor itself so it's natural that they should make tamperproof. But this case is FaceID. I'll accept they ban to replace FaceID module, but why they integrate security chip onto display module (say, most fragile part) despite it wasn't? It looks they aren't legit for me.
Techniques like this; tying hardware together and not allowing legitimate owners pair them to work is purely anti-competitive garbage. We've seen this with coffee pods, automated cat litterbox cleaners, dish washers, inkjet printers, and more.
Apple finally wanted the market for themselves. And since they control the hardware, well, yeah.
You are wrong. With a state actor in the room, it is quite possible to place a complex die with static ram on a thin substrate inside a multilayer board, using the +5 and ground and a number of traces that lead to I/O ports etc,
https://hackaday.com/2019/01/18/oreo-construction-hiding-you...
Remember these are all from 15 down to 10 nanometer parts and at that size circuit complexity takes little space and since they live beneath other chips, they are hard to find with x-rays if there is a +5 and ground plane that hides them.
Remember are 16 billion gates in an Apple M1 CPU,
https://www.macrumors.com/guide/m1/#:~:text=M1%20Macs%20max%....
A million gate parts is as small as a poppy seed and would need to have a fan out - perhaps they could have an optical I/O and live within the corporate data stream, only waking up when special complex command sequences occur and they read their RAM and do their job - back to waiting...
What a straw man! Coffee pods, automated litterboxes, dish washers, and all the rest don't carry an individual's entire digital life on them. You're literally comparing devices that really don't need any kind of security (other than, at worst, network security) to devices that demand privacy and security.
This is either a disingenuous attempt to downplay the important of hardware security or an extremely ignorant analysis of the situation being described.
> This is either a disingenuous attempt to downplay the important of hardware security or an extremely ignorant analysis of the situation being described.
All of those examples have to do with one primary concept: DRM.
DRM doesn't serve the end user. Nor does the coffee pods with Keurig, all the stupid stuff around inkjet cartridges, cat litterbox cleaner, and more. They ALL do have to do with customer capture and profit enforcement.
The parent comment wasn't talking about simple DRM. They were making a specific point that Apple's motivation for hardening the hardware security of phones had nothing to do with actual security but was "anti-competitive garbage" and then compared it to devices that don't need security. It's not the same thing.
I agree that all those things have needless DRM but that doesn't support or prove the parent's point at all.
It is not my responsibility to disprove that replacing the screen is some sort of anti-nation-state thing. It's their job to prove that.
The obvious and most direct answer is this is being used to prevent repair by all the phone repair companies that have popped up. They now want a cut, and have enforced a serial-number-on-a-chip that kills a whole industry.
That's not how it works. You're the one making the claim, you have to show the evidence to support that claim. They have only claimed that their intention in doing this is to improve security on these devices and they've literally published white papers showing how this does that. There's an entire white paper dedicated to the Secure Enclave and another dedicated just to FaceID.
There's no obvious and direct answer here because you haven't challenged their claim or their evidence that doing this makes these devices more secure because it does. It may have the additional side-effect of making repairs more difficult but if you want to make the claim that their motivation is not what they say it is then you have to provide the evidence for that.
I'm not against blocking government level physical security attacks on personal devices but I am against the idea such a thing warrants or truly requires every user to be blocked from all but first party repairs.
If whatever infallible repair process and repair techs Apple is using internally can truly not be open to 3rd parties without compromising against such nation level attacks then at the very least protections against such attacks should be an option you enable which tells the security processor to never accept new hardware, not a forced default for all consumers which just happen to need repairs over time and are given only one place to get them.
Yeah. This should be what regulations enforce. I’m fine with parts serialization to help identify genuine, certified parts, but as the user I should be able to bypass it if I want to use compatible parts.
It shouldn't be a mere "bypass" as in "press OK to forgo cryptographic security", but rather should include the ability to replace or augment the root of trust with additional keys.
But how would you know someone hasn’t accepted the additional keys for you? You’re making the system weaker while making it appear stronger - that’s the worst possible outcome.
Adding additional keys should wipe the whole device, require a significant amount of time (a few days tethered in a debug mode), and the boot screen should display the trust root.
Would it be that bad if it were a persistent check that happened on boot? All you'd need to do to validate the hardware in your phone is reboot it and it would barely have any impact during normal operation.
I don't know. Maybe a few weeks ago. The point of doing it on boot is that if you're so important that your threat model includes avoiding non-certified parts, you have an on-demand check to validate the entire chain of hardware in your device.
So if you take your phone in for a repair, reboot it afterwards to make sure the parts are all certified. After that you don't need to do it again unless you leave your phone unattended or have a reason to suspect someone swapped parts on you. There could even be an option to toggle on super persistent warnings if needed.
The point is, you don't need persistent warnings to give a normal user the tools they need to check if they have all genuine parts. Reboot your phone after a repair to ensure you received genuine parts is a pretty simple concept to teach people.
We don’t really have to assume that Apple is intentionally harming 3rd party repair, but even if we believe they are operating in good faith they seem to be ignoring third party repair. Which means they don’t really care about saving their customers time and money or reducing waste.
Since you can bypass it with a microscope and soldering, moving a chip from the old screen to the new screen, this doesn't seem like much added difficulty for someone who is already implementing a hardware-based attack?
I'd guess the aim is to be secure on all components (most of these things have their own processor(s)). If you can compromise one component you can move from there to compromise another one, until you get to something worthwhile.
I don't think my main concern would be three letter agencies (they're going to find a way in to your average consumer one way or another). Probably more likely some organized crime gang backdooring cheap replacement screens and using that to perform an attack on financial data or similar. Attacker doesn't have physical access to the device, just manipulated the supply chain.
So they have all these restriction for security and privacy, but they’re all worthless if Apple decides they’re going to provide surveillance for the government, right?
IMO this is a win win for Apple. They get to pretend the anti-repair shenanigans are for your protection, but they also have the option of turning around and selling access to you and your device to whoever they want.
The NSA spying isn’t comparable either. That was mass surveillance. Swapping a piece of hardware, which requires hands on the device, doesn’t scale to the point of being a threat like that IMO.
For me, the negatives of non-repairability outweigh the pros of the security provided. I’m not worried about the government swapping my screen to gain access to my device.
Users who choose to repair the products they own with the parts they want at the price they're willing to pay are not being "manipulated" into anything.
This. Every iPhone owner gains some tangible value from every disappointed thief. And this will rise as more and more of the userbase converts to totally locked down phones.
Cumulatively over every user, that seems to be a huge value add.
So, we worry so much that the NSA will conduct a supply chain attack against an adversary (domestic surveillance does not fall under the NSA) that we further lock down our own devices?
Everything Apple does in the name of security or privacy is about enforcing Apple's control over what you do with their hardware after you buy it. They give not one thin damn about your privacy: They want to know everything you're doing with your Apple hardware. Put a sniffer on your Mac and count the daemons phoning home to Apple. Your jaw will drop.
As to the supply chain issue, microsoldering is trivially easy for serious adversaries, as TFA suggests. Apple just wants that sweet revenue stream from people who drop their phones. That's what they're protecting.
This is the most ridiculous thing I read this year - and I've read a lot of mad stuff. Let's assume your justification is true and Apple cares so much about the privacy that they implemented this feature just to protect them and that they don't care about the money from repairs.
So, in your scenario, someone would have to steal my phone, disassemble it, and replace the face unlock recognition chip with a custom version. Let's assume this is easy technically, i.e. you could actually do it in the iPhone 12 and the phone would happily accept the modified version (not a small feat if you ask me). Now, while I don't think it's absolutely impossible, the means to accomplish this are usually available to nation-state actors, and in cases like this one the xkcd 538 comes to mind.
I'm splitting my time between a Pre-Series A startup, a Series E startup that's my fulltime gig, and developing my own cloud platform similar to AWS in Rust.
The cloud platform is fun. Learning the different components and just giving myself the freedom to do things in the best way I can figure out- writing my own RPC Framework, Scheduler, VM Management Tooling, etc... The end objective is to build a "not for profit" cloud platform for personal and small projects. So you can build awesome cloud-native applications for communities and other areas that are not profit driven.
Also might start trying to build a custom digital rifle scope for my AR-10. Something that can do range finding and basic sight adjustments based on distance and wind. That'd be cool...
Yep. SRE is not a substitute for high level, overarching architects and designers.
One pattern I see is that, as the company grows the development gets split into different product groups which will organically diverge unless there is rigid enforcement of design patterns. In some places, SRE does this implicitly because they will only support X, Y, or Z but in others each product group will have their own group of SREs.
There becomes a point when you need one or a small group of people who are the opinionated developers who can make design decisions and who have the authority to cause everyone else to course correct. If you don't have this, you'll wind up with long migrations and legacy stuff that never seems to go away.
I don't find having high-level architects to be a good pattern. They can make mistakes like anyone else; indeed having people who are no longer day-to-day coding make decisions that they don't feel the effects of makes wrong decisions more likely.
SRE exists to support product functions and like everything else should be attached to and understood in terms of those functions. Yes, every product group probably should have their own SREs, so that product group can own its whole lifecycle. Yes, different groups will do their own things and there will be mismatches and duplicated effort. That's less bad than the alternative.
I'm not saying that they should not be active developers, but people who can enforce change across the entire organization.
Previous Job (2500+ devs by the time I left) had an in-house RPc system that was being moved over to gRPC. That project was taking years because teams had no coordination on this process. The decision was made at some level and trickled out to everyone else. There was no single person or group who was in charge of:
- How services would be discovered
- Implementation Patterns of how Services & Methods will be defined
- Standardization of which libraries to use
- Examples and Pre-build shared libraries that provide the stuff like tracing, monitoring, retries, etc...
- Advocating for the changes
SRE seems to fall into the position of advocating business value for development practices that compete with business objectives that can provide value as well. At large organizations, if you don't have a central point that can set development objectives and be the one who teams can go to with "this pattern doesn't work for us, we can do this but we need buy in from other teams" issues and have directives handed down.
Unless you operate in an environment where the only cross-team communication is well versioned public APIs, then you will run into issues where you have to conflicting needs between teams and need someone to set a vision (this can be a group of people, rotating people, or a single person. how is not the issue)
The whole idea of enforcing technical mandates across the entire organisation is something I'm very sceptical about. No-one can hope to understand the constraints and requirements that 2500+ other devs are working under. Realistically the cross-team bandwidth is low, so if you don't have well versioned public APIs then you have barely understood interactions and no clear responsibility when they break.
There are probably some things do need to be standardised, but if there's a business need for standardisation then product teams should be able to understand and advocate for that (whether that means agreeing something with their directly adjacent product team, publishing something for clients to use, or something else). But in a lot of cases I think just accepting that different parts of the organization will work differently is the best way forward.
We recently decided as a company that the horizontal responsibilities structure doesn't work well at all, at least not at small scale. This was not in the software/infra teams but in our operations but I think there's some general truth here. The more vertically responsible your teams are, the better the final product is, and the more inefficiencies and impedance mismatches you can track down and fix.
For us it meant that the data processing teams have been made part of the drone operators team, so whenever we fly a mission a photography/3d rendering expert will also be part of the team that operates the drone. On paper it's more expensive to have office workers in the field, but in practice it leads to fewer reflights and happier and more productive employees.
I imagine that for the software departments, it could mean that every app development team has at least one member that has good operating system and network infrastructure knowledge, and/or maybe database expertise so that the team as a whole can largely operate a feature largely without having to depend on an outside SRE specialist.
And then the SRE's that you do have can focus on the site reliability, instead of having to constantly tell developers how the way they coded something is bad or whatever.
When you get very large you need both enterprise wide SREs that are responsible for consulting and approving architecture for reliability purposes AND localized per service or other small breakdown SREs to support small sets of services. How you break this down is tricky and there is definitely overlap.
Crappy attitudes towards support and reliability don’t scale, what you can get away with a few people keeping things barely held together stops working as you grow.
> There becomes a point when you need one or a small group of people who are the opinionated developers who can make design decisions and who have the authority to cause everyone else to course correct.
How many times have you been in the "everyone else" camp and was course corrected? How did those efforts work out for the firm in the long run? Any experiences to share that could be useful for the community?
Previous Job had an in-house RPC system and there was a desire to move to gRPC.
This process largely turned into "name and shame" because there was no incentive for some teams to put in the effort to make the changes. They had other objectives to complete, and swapping RPC frameworks was not one of them. The only way the change happened was putting a hard deadline before the old system was shutdown (by SRE), which is not the right way to do it.
There were a lot of stories like this. One team owned user information, but the business needs shifted this ownership to another team. This resulted in the ownership being split between three teams, and applications turning into transparent proxies for other applications. One service was a REST interface that provided a bit of logic on top of forwarding the request to a gRPC service.
The make up of the company was a bunch of loosely coupled product teams, and the only common connection was SRE and Data who worked with everyone. SRE became the team that had to work to resolve these "what the fuck, why can't you just sit down and figure out who should own this" issues. There really needed to be an architect or someone who could look at the big picture that could say "Why do we have this one internal REST service? Ok. Team A and B. You have this quarter to stop using Service Q and migrate to Service W."
$NewCompany, SRE is doing the course correcting (just due to small size), but we have a Principal Developer who is dictating that "Yes, we're going to implement new business logic in lambdas following this pattern." And they work to make sure that everything is done in a standard way, but at the same time take ideas for new patterns and make sure they are done in a smart way and don't conflict with anything else. He doesn't stand as a roadblock, but someone who can make sure teams are not going off and doing weird things (like use MySQL when we're a Postgres shop) that can cause issues later.
Yeah that's pretty much it -- "CGI, except containerized/as a single binary".
I guess I could make a Docker image that had a CGI-compliant server and an admin endpoint where you POST'ed file contents?
The current design I went with is that you upload a .zip or .tar.gz file that contains a "manifest.json" and then your source code.
The "manifest.json" points to the entrypoint file for each function you want to deploy, and says what HTTP endpoint it should live at, and what language it is.
It supports JS/TS, Python, Ruby, WASM, and LLVM langs (C/C++/Rust/Swift/Haskell/etc):
The platform runs as a single static binary, or a JVM application (can be in a container), and it does a bunch of magic with GraalVM to convert the source code into executable functions, perform any kind of bundling/dependency library installation, etc, and finally creates the HTTP endpoints.
