These are benign tumors that were asymptomatic, and they only found them because people in the unit complained about some other health concern, and screenings began
We have so many subdivisions, and in many/most cases there's no accountability (by design) from one level to the next
Feds can't force states to use .gov addresses, and most states don't force counties or cities to use whatever the state's top level is. Some do, or try to encourage, but it's like herding cats and when there's 50 states and a couple thousand counties, and then tens of thousands of cities that all have varying levels of authority to enforce anything on the next level down it's never, ever going to be uniform for us
You seem to be misunderstanding. We're taking about https://en.m.wikipedia.org/wiki/Reverse_DNS_lookup. Either putting records directly on the in-addr.arpa. ___domain (what I originally had in mind), or if that's not possible, on the ___domain it points to (which seems a pretty watertight proof method).
I think even when companies project arrogance from their c-suite, it’s more to keep the market happy and calm nerves. I’d be shocked if RIM wasn’t also sweating bullets internally after that iPhone presentation. They weren’t morons, and saw what happened with iPods.
> In the summer of 2007, however, Lazaridis cracked open a phone that gave him pause. “They’ve put a Mac in this thing,” he marvelled after peering inside one of the new iPhones.
> Lazaridis shared the revelation with his handset engineers, who had been pushing to expand BlackBerry’s Internet reach for years. Before, Lazaridis had waved them off. Carriers wouldn’t allow RIM to include more than a simple browser because it would crash their networks. After his iPhone autopsy, however, he realized the smartphone race was in danger of shifting. If consumers and carriers continued to embrace the iPhone, BlackBerry would need more than its efficient e-mail and battery to lead the market. “If this thing catches on, we’re competing with a Mac, not a Nokia,” he said. The new battleground was mobile computing. Lazaridis figured RIM’s core corporate market was safe because the iPhone couldn’t match BlackBerry’s reliable keyboard and in-house network delivery of secure e-mails. But in the consumer market, where the Pearl phone was competing, RIM needed a full Web browser. BlackBerry was a sensation because it put e-mail in people’s pockets. Now, iPhone was offering the full Internet. If BlackBerry was to prevail, he told RIM’s engineers, “We have to fix everything that’s wrong with the iPhone.”
I know people who were at RIM at the time, including someone who was in the room when they passed around the first iPhone they got a hold of. They firmly believed the iPhone was dead on arrival both because the product was "terrible" (no keyboard, no battery life, etc. etc.) and, more importantly, because they were so confident Apple would not be able to pull off the networking required and people wouldn't be able to use the device at all.
People forget just how powerful RIM was in the business world, and the keyboard WAS a real stickler (even today, you can go to any large conference and ask "who here misses the blackberry keyboard" and you'll get a decent show of hands).
It was a real issue and a real opportunity - I remember for years after the iPhone came out the blackberry die-hards were insisting that they'd easily be able to make something that was "iPhone like with a blackberry keyboard" - but during those years more and more people started carrying two phones, an iPhone for home and a blackberry for work.
> I remember for years after the iPhone came out the blackberry die-hards were insisting that they'd easily be able to make something that was "iPhone like with a blackberry keyboard"
Part of the problem is that there were not enough of them to sustain a company the size of RIM. The vast majority of the market did not care and instead valued the other side of the tradeoff, the things you can do with a touch screen but not with a physical keyboard.
in terms of (4) the thing is that the government policy isn't solely concerned with "hiring the best candidate", or at least not necessarily considering cheap labor to be one of the criteria factoring into "best"
the government policy is concerned with protecting the jobs of citizens as well. it's a balance. it is meant to be a relief valve for employers when they legitimately can't find employees, it's not meant to be a mechanism for creating a wage ceiling or indenturing your employees so they can't move
You have it backwards. The existing policy (assessed as it works in practice) lowers wages for high-skilled roles such as I mention and endentures employees so they can't easily move.
For the roles I am familiar with the progression is (1) foreigner ineligable to work in US (2) OPT visa (3) H1B visa (4) Permanent resident (5) US citizen. Between each step of the progression are barriers with the effect that employees at a lower level have less negotiation power and must accept lower wages and cannot easily move to another job.
The barrier between (1) and (2) is a masters or PhD in a STEM subject area from a US university. From (2) to (3) there is a visa lottery. From (3) to (4) is the PERM process involving the fake job search as I described.
While under OPT or H1B visa, you MUST have a job or be deported. Timeframes to find an initial or a new job are very short. This is what gives employers increased power in the relationship, lowering wages and creating the nearly indentured status.
To decrease the effect of lowered wages and indentured status requires a reduced number of people in visa states (2) and (3), which would be achieved by raising barriers between (1) and (2) or lowering barriers between (3) and (4). The distasteful PERM process is the barrier between (3) and (4).
If the policy goal was to raise wages, it would be designed differently. E.g. if the top 20% by taxable income of H1B holders were offered PERM status each year, it would be a different dynamic.
> The existing policy (assessed as it works in practice) lowers wages for high-skilled roles
Sure, not because of the law, but because of loopholes around the spirit of the law.
>For the roles I am familiar with the progression is (1) foreigner ineligable to work in US (2) OPT visa (3) H1B visa (4) Permanent resident (5) US citizen.
well yes, that's the point. They don't want international workers to be as easily hired as domestic ones. That's just common policy. Your workaround is just that, a way for the company to get what they want while "complying with law". AKA a loophole that breaks the spirit of the law.
Remember, the US isn't necessarily concerned with the best talent in the world. It ultimately wants to make sure the economy circulates from within.
>While under OPT or H1B visa, you MUST have a job or be deported. Timeframes to find an initial or a new job are very short. This is what gives employers increased power in the relationship, lowering wages and creating the nearly indentured status.
Yes, and I think we can lightly rework this as well. Basically let the H1b "own" the Visa. They find other work in the industry they have a visa in, they are still valid. Breaks all the chains while gaining from their talent.
You can put whatever you want in WHOIS, including just replicating the information that was there previously. What if the WHOIS email is an email on the ___domain in question?
Maybe registrars could set a unique ID per registrant, and if a ___domain expires and is purchased by a different entity/account than the previous one the registrant GUID is refreshed. That could then be a signal that all previous reliance on the DNS of the ___domain name should be null and void
2) RDAP does specify that the registration date should be of the last time registered - if a ___domain has lapsed and picked up by somebody else it's supposed to use the verb "reregistered". But of course, you're depending on the registrar to do that. It does look like "registered" is properly followed - I looked into some known cases of poached lapsed domains and checked their RDAPS and the registration date corresponds to the date the ___domain drop-caught but no past expiry or re-registration is listed (example[1]).
3) Either way, don't use the content of the WHOIS/RDAP, just the dates.
We're heading the opposite way of not being able to buy anything "dangerous" thanks to consumers that you're describing. I've been using a Xiaomi phone that stopped receiving updates in 2020, and have since been running LineageOS, which was made possible by the unlocked bootloader. Xiaomi has since changed its policy and it's basically impossible to unlock the bootloader on newer devices.
If not for the "dangerous" unlocking, I would have to run with dozens of severe vulnerabilities right now, all five years worth of them. A decent phone costs large amounts of money here, the hardware on mine is still very good, and so I would have used it regardless. (Yes, I understand that the firmware does not receive updates, but it's still much better than nothing.)
My guess is that you're assuming, wrongly, that vendor locked devices are "safe" and unlocked devices are "unsafe".
All computers that are connected to the internet are unsafe in some ways. The most dangerous apps on your computer are the vendor's own built-in web browser and messaging app.
Also, the vendor-controlled software stores are unsafe cesspools. You will never find a more wretched hive of scum and villainy. Moreover, the vendors deliberately make it impossible for you to protect yourself. For example, iOS makes it difficult or impossible to inspect the file system directly, and you can't install software such as Little Snitch on iOS that stops 3rd party apps—as well as 1st party apps!—from phoning home.
In any case, most computers, including Apple computers, have parental controls and the like, so you can lock down your own device to your heart's content if you don't trust yourself, or you don't trust the family member that you're gifting the device.
Today, yes, I can lock down the iPhone I give to my son, but if it can be unlocked to run arbitrary software then he can in theory unlock it. Yes, it is on me to continue to monitor the device to make sure he hasn't done it, but the point stands
And the assumption you refer to, there are varying definitions for "safe". Is a device with a locked bootloader 100% safe in all use cases and all circumstances? Of course not. But me being able to reasonably trust that someone hasn't put a compromised version of the OS on the device, or, won't be able to put a different firmware on the device to brute force my encrypted contents is a bit of safety in a certain set of circumstances that I want in my device
If Apple, or anyone else, were precluded from locking the boot loader yes, I would be forced to buy a device that the FBI or anyone else could in theory poke around on enough to try to get at my data
> Today, yes, I can lock down the iPhone I give to my son, but if it can be unlocked to run arbitrary software then he can in theory unlock it. Yes, it is on me to continue to monitor the device to make sure he hasn't done it, but the point stands
You're scared of the wrong thing. The greater danger isn't arbitrary software but rather your son running up massive App Store charges on IAP of exploitative games and other scams. And if you think Apple will refund you, think again. Locking the device to the crApp Store isn't the solution. To the contrary, the solution is to enable parental controls to prevent access to the crApp Store.
> But me being able to reasonably trust that someone hasn't put a compromised version of the OS on the device, or, won't be able to put a different firmware on the device to brute force my encrypted contents is a bit of safety in a certain set of circumstances that I want in my device
These are possible without vendor lockdown. Devices can be and are designed so that the consumer can lock the device down and prevent modification, etc. Of course you can't constrain yourself, if you have the credentials to unlock the device, but you can constrain everyone else, whether they're children on the one hand or thieves/attackers on the other.
> but if it can be unlocked to run arbitrary software then he can in theory unlock it.
I'm effectively the admin several machines with many users on them. I have root access. I'm not at all concerned that they'll gain root access. Just make yourself admin on your child's phone, I don't see the issue. Apple and Google can even make gaining root access require some technical (but documented) methods. Look at the requirements to gain root on an android phone currently. You should be comfortable going into a terminal and using ADB. I'm not worried about the average user doing this nor even the average smart child. Hell, follow Apple's lead and require a 1hr lockout if you're really concerned about someone getting root on your device. How often will that happen if it requires being connected to a computer for an hour?
For some, the absolute locked down-ness is a selling point. Why should those who want to buy something that can't be messed with not be able to?
If you don't want to buy something you can't install whatever you want onto, don't buy it. 100% the ability or inability to modify the firmware of a device should be disclosed, but if it's disclosed the seller should be able to set the policy to whatever they want
This is an extremely weak argument, and I'd like to stop seeing it perpetuated. If you don't want an unlocked bootloader, just don't unlock your bootloader. Why should we remove the ability to unlock the bootloader entirely just because some people don't want to use it?
Because the fact that it can't be unlocked makes me reasonably reassured that I can trust the software running on it comes from the vendor of the device
It's the same reason I don't want "the good guys" to have decryption keys to my messaging service, because even if I did trust the FBI, the fact that there is a backdoor at all means it could be exploited by someone I don't trust
Again, if you don't want to use a device that has a locked bootloader, don't buy it. I fail to see how this business model should be legally foreclosed upon. You'll always have the option to buy a device that can be unlocked, someone will always sell such a device. But if you can't lock them, then I can't buy one even if I want to
Phones with unlockable bootloaders aren't going to be sold for much longer just like dumb TVs aren't sold anymore. There's just too much profit to be earned by corporations locking devices, plus banks and governments want to lock down phones. And once they lock down phones they'll go for desktops as well.
Maybe in the US, but not in my country. I tried looking for "signage displays" but all I could find was Samsung professional monitors that still had the smart stuff
Yeah, this is just a fundamental misunderstanding of how bootloader unlocking works. The people repeating this argument seem to think that their bootloader will unlock if they look at their phone wrong, when in reality the bootloader unlock process can be made such that the user must consent. If some malware can bypass that, then it could bypass your bootloader in the first place.
It's not just about malware you might accidentally download, it's also about adversaries that may have physical access to your device and can provide that consent
No matter how convoluted you make the rube goldberg machine to bypass the cryptography, if there's a way to bypass it it will be bypassed
There are ways to do it so that 'bypass' means you effectively wipe the device. If that's not good enough, how do you protect against them just replacing your device with a compromised one that looks similar?
> it's also about adversaries that may have physical access to your device and can provide that consent. No matter how convoluted you make the rube goldberg machine to bypass the cryptography, if there's a way to bypass it it will be bypassed
You claimed that an adversary with physical access to your device can compromise your unlockable phone, but presumably this won't happen with a phone that can't be unlocked. Is that not what you claim? If so, please detail how.
I was talking about a device with an unlockable bootloader, not one that cannot be unlocked
Wanting an uncompromisable bootloader is about more than just protection against malware that might modify the software on the device, it's about protecting a phone that can be unlocked from having the software modified by someone with the ability to provide the consent that the end-user would normally give. For example when I hand my phone over in customs, or if it's seized by the police. If my bootloader is not unlockable, I haven't provided them with the keys to unlock the software, and those keys are reasonably strong, then I can be reasonably confident they haven't compromised by device
But, if they can unlock the bootloader for whatever reason, I have no idea now what is running on the device or what was run on it even if they restore it back to a locked condition
This is why I had mentioned in another comment, that it might make sense to require opening it with a screwdriver to enable/disable some features, and that you can add glitter or something like that if you want to detect physical tampering.
Every device I've ever unlocked warns you on boot that it's unlocked. So if that's your threat model, just reboot the phone after the maid hands it back to you and see if you get a scary warning.
At least historically, that wasn't always fool-proof :-) – I know at least some Motorolas from around ten years ago where the bootloader warning was simply an alternative boot animation, so you could suppress that message by overwriting the "bootloader unlocked" animation with the regular boot animation.
> If you don't want an unlocked bootloader, just don't unlock your bootloader.
That kind of logic cuts both ways: "If you don't want a device with a locked boot loader, just don't buy a device with a locked bootloader".
Unfortunately, as consumers, we're trapped between a rock and a hard place. On the one hand, I would want 100% freedom to use my device exactly as I see fit and run any software I want, without any form of curation from the manufacturer.
On the other hand, there are plenty of software companies who do shitty things when given absolute freedom over what to do in a user's device (tracking / spying / etc) and I welcome buying a device where the manufacturer helps me fight some of that.
So I can absolutely see both arguments. And I think both types can coexist. I am happy my iPhone doesn't allow Meta to say "to use WhatsApp, you must install the MetaStore®, give it root and install it from there".
I would not be happy with those restrictions on my desktop.
> I am happy my iPhone doesn't allow Meta to say "to use WhatsApp, you must install the MetaStore®, give it root and install it from there".
I think the inverse is a much more credible threat, though. "Sorry, you cant sign in to your bank because you are using Linux. Please try again on windows 11 with secure boot turned on" doesn't seem far fetched at all.
> "Sorry, you cant sign in to your bank because you are using Linux."
That's not an hypothetical for us here in Brazil: online banking was Windows-only for quite some time, because there was no Linux version of the invasive "security plugin" banks require for online banking (the current version of that "security plugin" has a Linux version).
Not that I would agree with such a policy (I currently do online bank using Linux), but why is it not within the bank’s rights to make that restriction? If they determine (with whatever degree of accuracy) that online banking from Linux/rooted androids/jailbroken iphones is too risky, why should they be required to allow it?
I don't think I asserted that it isn't within their rights. But this is the direction things are headed, and it is a threat to free and libre computing.
> I am happy my iPhone doesn't allow Meta to say "to use WhatsApp, you must install the MetaStore®, give it root and install it from there". I would not be happy with those restrictions on my desktop.
You fix that by making root access inconvenient enough that companies can't rely on the average random user having it enabled.
For example force you to wipe the device to unlock it as another person said in another comment. Or make it so that if you don't unlock it within 7 days of the device purchase and first boot, you cannot unlock it anymore.
> You fix that by making root access inconvenient enough that companies can't rely on the average random user having it enabled.
AI TikTok voice “Hey guys, if you just bought a new iPhone, make sure you remove Apple’s restriction locks so they can’t control what you install. Just follow these easy steps, but make sure you do it as soon as possible, since you’ll have to set up your phone again!”
With the comments filled with people talking about how terrible Apple is for locking down their phones, everyone’s an idiot for buying such a locked down phone so they better at least unlock the bootloader, etc.
This is not a far-fetched scenario based on some videos I’ve seen sent to me by friends.
Don't forget in the video to tell them that it will allow them to install apps that get them more performance, better battery life, better cell signal, etc.
I would also be happy with those restrictions on a traditional PC-class computing device (laptop or desktop). Would I personally buy one? Probably not, but I'd feel a whole hell of a lot better if my non-techie wife or mother or brother were using one and they were no more susceptible to some kind of exploit on their PC device than they were on their phone
I could see Microsoft saying "we're only allowing apps installed through our 'store', for safety/security reasons, unless you opt out (gated by some scary warning that doing so is unsafe).
Even if they never charged a fee for running the store, I bet this would raise a lot of eyebrows.
They are on your desktop. Have you tried installing any game you bought through Steam lately? They all install a custom launcher / updater / stuff that ends up in startup.
Literally 0 games I own on steam have any startup items. Custom launchers yes, but not startup items. A few games have kernel anticheat, but they all start with the game.
The exception is FaceIt for counter strike, but that’s not distributed through steam and is entirely third-party.
I think that making a suitable operating system design can help with avoiding some of these problems (and others mentioned elsewhere) (I had mentioned some of my ideas about operating system design before on Hacker News). In combination with this, there is also hardware design to consider (including considerations having to do with the instruction set), and you can also have a package manager with a package repository where whoever manages the package repository will verify them (something that is already done in many systems, although the verification that is already done is often not good enough in some ways); this package repository management is not actually necessary for the security features of the system but makes it more difficult for authors of programs to work around these security features.
So, you're probably not far off