Very cool! This seems almost like physical cryptography. Maybe there is a better term for it, but I’d be very interested in other work along these lines.
> We describe the first MITM-resistant device pairing protocol purely based on a single wireless interface with an extensive adversarial model and protocol analysis. We show that existing wireless devices can be retro-fitted with the VP protocol via software updates, i.e. without changes to the hardware.
I once wondered if the colorful fibers in bank notes — which, like the nonpareil spheres, are distributed at random throughout the paper on which the notes a printed — can also be used to generate a unique number.
Examples (aha, including a teaser to an upcoming product called “Verifibre”!) can be seen here:
Instead of a lookup table, that number could be signed and the signature printed onto the bank note itself. It would be impractical to either deduce the signing key or duplicate the pattern of fibers in a way that the signature was still valid.
I don’t know if there’s a signature algorithm though that is resilient to lossy and unreliable input data and which can also produce short enough output that could be printed on the face of a bank note.
In the book, "This Is How They Tell Me the World Ends: The Cyberweapons Arms Race" or "Pegasus: How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy" (sorry, I read both recently), the author describes an incident where when she got back to her hotel room one night her door was open, the safe was open, and her laptop was laying there. She did cybersecurity reporting and wed how some governments abuse spyware to spy on their citizens.
I imagine the target audience for this type of security would be journalists and cybersecurity researchers whom governments might target. I'm sure other jobs could use this information to protect themselves better.
Large government agencies can afford to design systems that probably do not need these requirements, and they also probably wouldn't have any sensitive information on any unattended device.
It seems that this might blow other types of cover, though.
If the border guard notices glitter-covered screws on Ordinary Joe's laptop, that might tip off the Imperial Guards to keep a close eye on him during his stay.
If success requires getting people to care about anything at all we've already lost. Electronics should just come with tamper-evidence as a feature. They should come with these things pre-applied so that everyone has them whether they care or not. Then they can't single you out for having them.
I run a service that needs some measure of L1 security (true randomness), and the servers that actually generate the random numbers get this sort of treatment. We get all the manufacturer's features like intrusion detection switches that tie into the TPM, but we also do some other tamper protection.
I am not going to detail everything that happens to these servers, but glitter epoxy and other annoying seals on the places the server might be accessed are some of the physical protection features.
I was in the park with some friends yesterday and we took a cooler with some ice and beers in it. Not long after we arrived a lady came over and asked if we had seen a red purse she had lost. We hadn’t, but helped look in the immediate surrounding area for a few minutes.
She asked very shyly, if it wasn’t too much trouble etc., if she could look under the cooler as well. It might sound silly but I think it was completely understandable. While unlikely, she wanted to eliminate the possibility that the purse was in our area, before moving on.
I think a lot of tamper seals are like this. If you have a leak and need to decide if it was either from an unscrupulous employee in the office or from someone else at home tampering with your laptop then being able to definitively eliminate the latter will help you focus on the other possibilities.
It's fiddly and annoying, the exact opposite of what you'd put in a movie, or even a boring novel.
From my year in the (redacted) MoD, I still get bad memories of having to deal with stuff like https://www.3m.com/3M/en_US/p/d/b5005310025/ or rather the equivalent from twenty years ago...
btw. is anyone working on Haven or a reboot (eg. looking at https://github.com/guardianproject/haven/issues/465)
This is not the way security works in a professional context. Did someone search my hotel room? who cares? Did someone go through my phone? who cares? The real purpose of detecting an intrusion is not to protect something there. The purpose is the detection--and you don't want an adversary to know you detected their activity. It's a test. You don't have anything in this world that you can actually protect. So the question to answer is, "Am I of interest?"
Procreate is great, and reason alone to buy an iPad if you are a digital artist. But Apple's Flow and Notes will probably grow in capability over time. Apple is also building in AI image generation, which arguably replaces not just Procreate but also the artists who use it. ;-(
Apple's "pro" apps - Final Cut Pro and Logic Pro - are fairly successful in their categories. Personally I'm a big fan of GarageBand, especially on iOS. MainStage is also kind of cool. I wish Aperture hadn't been killed before its time.
And I still find that I use Preview, Safari, Mail, Terminal are on a day-to-day basis even though I have some good alternatives in each category. Keynote is my go-to presentation program even though I also have PowerPoint.
„…the letter then complaints some of its signees cannot use it for their work. "Work that could easily include productions for your very own Apple TV+ service," it states.“
> Students said they were given little information about when and if the devices would be returned, and many wondered if they’d lose access to the work saved on the laptops, which need to be placed into a dock to upload or download information. Students enrolled in community colleges also expressed concern that they lost access to their devices immediately before winter quarter finals.
Not exactly a non-story… one women’s prison was put on lockdown so the laptops could be seized. I get that a lot of Americans like their carceral state really carceral, but the article makes it pretty clear that just having the default password doesn’t get you a lot with a device that has no usable ports.
Wait, why are people not allowed to change their mind on something? If anything this would make it more explicit and understandable when people did change their mind on something.
> Wait, why are people not allowed to change their mind on something?
In theory, changing your mind should signal that you are capable of thinking about things, and changing your mind based on what you learn.
In practice, most people's opinions are determined by peer pressure. You believe X because the important people around you believe X.
From that perspective, changing your mind means that your loyalty has changed. Previously you tried to be friends with people who believed X, now you are trying to be friends with people who believe Y. No one likes a traitor.
>Wait, why are people not allowed to change their mind on something
I don't think parent comment is suggesting that people aren't allowed to change their mind.
They are pointing out that many people yell "hypocrite!" when someone does change their mind. It's already a phenomenon on social media where people will dig through someone's post history and drag them through the coals, using previous stances on a topic in an attempt to discredit the current stance. Parent is suggesting that this problem would be exacerbated.
I think that people will stop yelling "hypocrite!" once they themselves get repeatedly get called out on the same by others.
Our reactions to stuff like that are defined largely by our cultural expectations, but those are in turn constantly shaped by what is made possible or impossible by technology. Back in the pre-voicemail phone era, for example, people would routinely call someone and expect them to be available for a half-hour chat - you could turn it down, sure, but in many cases it would be considered impolite to do so as a matter of social convention. Then voicemail appeared, and SMS was the final nail in that coffin.
So I think that this problem will exist for a while, but if the tech that enables it persists long enough, it will eventually go on as conventions change to adapt to it.
Started downloading FLAC music after discovering how bad Spotify compression is even at the highest quality. I still subscribe to Spotify for discovery and convenience, but almost never use it.
Apple Music supports lossless music and uploading your own songs, that's part of why I prefer them over Spotify. Though I'm not sure if they support lossless uploads now or not.
