Posts by Charles 9

But it'll be interesting to see if some firms, especially big ones, find it easier to lawyer their way out of it. I've yet to see a method which is totally lawyer-proof.

Re: So how is an eSIM better

"The MNOs would need to cartelise in your scenario to end up with MVNO having no options."

CAN, WILL, and HAS happened. I've been there, firsthand. Don't think Europe. Think Asia. One place I go has three MNO providers in the entire country, each owned by a media giant. If there are any MVNOs out there, they're just labels belonging to the aforementioned.

"You don't need an internet connection to provision the SIM - it does not depend on wifi."

Oh, great, so someone can COPY the damn thing and steal my account, maybe even without my knowledge. And this ain't conjecture. I've seen it happen with my own two eyes in parts of Asia.

Re: What about auto-updates?

And if you LOSE the damn thing? AND you can't download a new one due to the Catch-22 of the eSIM being your Internet access?

Re: eSim = NoSim

It is if the phone is your ONLY access to the Internet. Unless you can transfer an eSIM without any Internet or store access in the middle of nowhere outside business hours, without being accused of stealing an account and so on, then like SD cards, I'll stick to my physical SIM which I can move to nigh any phone I wish (even *gasp* OLD and DUMB phones). There's just something to be said about being able to transplant my access to whatever phone I damn well please without having to go through anybody in the process.

PS. We'll just have to agree to disagree, as my own, personal, firsthand experience tells me not to take anything built-in unless you're willing to live without or lose the feature for an extended length of time. I've had to replace components (including batteries) too many times in my life to trust anything like that to the manufacturer. If it comes to the point it's take a sealed device or leave, I'm leaving.

PSS. Someone gave a thought. WHY must it be built-in? Why not just create a separate, physical eSIM (a user-reprogrammable SIM) so that you can shop around as you please before you get somewhere, downloading credentials onto the SIM, YET you can still plug the damn thing into whatever phone you damn well please and switch phones in a blink if you gotta. Best of both worlds, if you ask me.

T-Mobile was GSM, too, even then. Why were they left out?

Re: So how is an eSIM better

Not really, since the MNOs can control the MVNOs, they can always undercut or value-add. MVNOs are mostly a mug's game because you'll eventually hit something they missed or skimped.

Re: Apple is ramming this down the carrier's throats.

Download site breaks, you're svrewed. Hard to beat "unplug, replug" because if that doesn't work, you have bigger problems. Keep It Simple, Stupid!

Re: And jolly useful it is too....???

eSIM activation...or eSIM TRANSFER from a bricked phone? With a physical, it's just transfer the SIM and you'you're set. An eSIM transfer will inevitably have complications.

Re: eSim = NoSim

"And why's that a problem?"

You've never had your phone BREAK on the road, haven't you? I keep a backup phone for just such an occasion, and it worked brilliantly when my Note 4 died while out of the country. A quick switch and I was back in business while I worked on a replacement for when I got back.

Re: And jolly useful it is too....???

And another challenge for starters. Brick your eSIM phone and get back in business with a backup phone in three minutes or less.

Re: Apple is ramming this down the carrier's throats.

"customers demand eSIM support, carriers that want their business will supply it."

Since when? First, if it really is a standard, where are all the other supporting phones. Second, what happens when an eSIM phone breaks? It's not like I can pull an eSIM, slip it in a backup phone, and be back in business, eh?

Re: is this the SIM equivalent of the "smart" meter ?

Speaking of which, a physical SIM, like a physical SD card, is a lot easier to transplant WHEN (not if; I speak from firsthand experience) the phone BREAKS.

Re: is this the SIM equivalent of the "smart" meter ?

Not without risk of a whistle being blown. Say I pop in a friend's SIM (which I know works). If it gets rejected...you gotta lotta 'splainin' to do...

Re: And jolly useful it is too....???

You first. Prove you can actually do everything you describe AND ensure it survives a factory reset. Perhaps post the proof on YouTube.

Re: pick a side

"So unless there are consumer protection laws that exclude eSIMs speifically, the disadvantages apply to physical sims just the same - hacking, carrier locking, and so on. A SW update blocking an eSIM can block a physical SIM too."

How can a software update block the PHYSICAL act of changing the SIM? And since it's hardware-based, blocking can risk a pitfall if the same carrier issues a new series. Software will always carry a risk of it being subverted since, being SOFTware, it can be altered.

Re: the Group Policies for determining whether it should use Hardware Encryption or not

Even if that were true, it could've been fine at first then borked (without Microsoft's knowledge) later. Or, in this case, something slipped through which standardization wasn't set up to catch.

Re: Full Disk Encryption Not Good For SSD

But then you're gonna need a good backup scheme FOR your backup scheme since you never know when Murphy will strike and take out your backup just when you need it. And then you'll need a backup for that, too, and so on. Turtles All The Way Down.

At some point, you're gonna just have to shrug and say, "That's as far as I can go."

Re: Yes and no.

"That is exactly the correct thing to do. it is so hard to get this stuff right, unless you have *tens* of years experience, it is dereliction of duty to roll your own."

Isn't it ALSO a dereliction of duty to pass the job off to someone to whom you can't really trust? And that apples to just about everyone around you since everyone has something to hide?

So what do you do? You can't trust yourself, and yet you can't trust anyone else.

Re: Reinvest in a small nuclear powered engines program. NOW!

Unless we can invent massless kinetic induction, there will always be a need for physical fuel for space thrust: for the reaction mass if nothing else, if we trust the Laws of Motion to hold today.

Re: The argument to simple to me

How do you know how to contact sneakydomain.com for your DNS request if you need a DNS request to find out what IP address sneakydomain.com resolves to in the first place? Thus why DNS lists are always numbers. I've already mentioned Microsoft defeats DNS-based firewalling with an hardcoded IP list for its telemetry stuff (and IIRC the IPs also match those for the update system meaning blocking telemetry also blocks security updates--submit or be pwned). Plus, as someone already mentioned, it's possible for a rogue state-level router to perform IP-based rogue routing (making 8.8.8.8, for example, go where they want it to go instead of Google).

Basically, if you're that paranoid, then the Internet is already screwed for you. In fact, ANY form of technology is probably already screwed for you if you live in that kind of world. After all, what's to stop them enforcing their regime at both local manufacturers AND at customs?

Re: The argument to simple to me

Piggyback your DNS over the basic traffic needed for the app to run. Block it, block the app, you have a paperweight. Indeed, what was stopping apps from eschewing DNS and keeping an internal IP list like Windows 10 does? Firewall-proof!

Re: kid control / smut filtering

"Blocking DNS except via trusted (blacklisting) servers does that for me, has done that for me, and I hope will keep doing that for me."

This presents a dual-use problem. If you can control your kids' Internet, then Big Brother can control YOUR Internet. The only way around that means your kids can get around your controls and pwn your LAN.

Leaving you three choices: submit to Big Brother's Stateful Internet, accept the anarchy of an Anonymous Internet, or throw up your hands and go, "Stop the Internet! I wanna get off!"?

Re: Who do you trust?

Creates a part-and-parcel problem, though. If DoH and HTTPS both use the same port, suppose say Cloudflare simply piggybacks DoH on ALL its HTTPS addresses (which includes IPv6 ranges, meaning you can be talking quite a bit of Internet real estate). Then the only practical solution to blocking Cloudflare's DoH is to block Cloudflare, full stop. Only an inward-looking oppressive power (who would be against the likes of Cloudfare in any event) would dare to do that because anyone else risks collateral damage from blocking a provider as big as Cloudflare.

Re: Tough

You could always use bottled water or a well...

Re: The argument to simple to me

Except straight-up DNS is a UDP protocol, while most Internet protocols with which people are familiar (including HTTP) are TCP-based, and their basic function is too different to be all that interchangeable, meaning it's not as simple as you make it out.

Re: third parties?

Any any oppressive power can just hack YOU (usually through pre-established channels enforced at manufacture/import) and perform outside-the-envelope attacks (that work PAST any obfuscation), in which case you're probably already screwed with no way to cover it up.

DOH uses HTTPS for its base. Guess what protocol is supported in the browser and usually NOT in an OS network stack? And without HTTPS as an obfuscator, how can you get network requests through without a distinct risk of it being sniffed and/or altered by an oppressive power?

Re: "accept [...] is dominated by a small number of big players [..] to improve everyone's privacy"

"What stops them if you query 8.8.8.8 via DoH to route, once decrypted, all requests to the local Miniluv?"

Because it can't be decrypted until it's IN the actual 8.8.8.8, meaning it shouldn't be going anywhere once there. The only way around that is to either take over 8.8.8.8 itself (can't--out of the country) or obtain the top-secret decryption keys (a state-level espionage operation). At which point, it would be easier to just insert spy chips into all the local machines (enforceable at customs and local manufacturers) and perform outside-the-envelope attacks.

Re: Not one to nitpick but...

Too easy to confuse with DNSSEC, which deals with authentication rather than integrity.

Re: @El Reg Your ANTIFA t-shirt is showing...

"And thus the bar gets lower over time, and things that were unthinkable 20 years ago become commonplace, and our government gets further and further away from the ideals of the founding fathers."

Which is the takeaway of the Great American Experiment. Nothing, and I emphasize NOTHING made by man can truly withstand the test of time, and there's nothing we can do about because the rot is inherent to the human condition. In most given choices, there are winners and losers, and in humans, losers hold grudges if not engage in immediate revenge. Plus, if they feel they're threatened (and it's easy to trigger that in us), humans are instinctively inclined to cheat (and the cheating is meta, meaning cheating can be cheated, meaning there's no real way to curb it).

TL;DR: We're just screwed as a species. Unless we evolve better (and we're not well-equipped to get to that point), we probably need a deus ex machina to come save us.

"The copyright is not what was being discussed. It was that Apple wants to control what users can do with their computers after they have bought it. Such as not allowing some programs to run, not allowing apps to be installed unless it comes from their app store (phones and tablets) unless the hardware has been jail broken, etc."

And you're confusing the issue. If a computer user wants to do what they want with their machine, they simply need to install a freer-rein operating system like a Linux distro and go from there. Anything you're working through another piece of software (like Apple's MacOS), you're essentially at their mercy. No ifs, ands, or buts, it's part of their Copyright and laid out in their Terms of Use. If you don't like it, don't use MacOS, end of.

If you want real, REAL control over your machine, perhaps it's time to go back to the build-your-own computer kits of the 1970s where you learned what really made the machine tick: since you see all the bits and bobs for yourself...and only had a KB or so of RAM to work with.

PS. Last I checked, I cannot run a Linux program in Windows, so I CANNOT just run anything I want. Switching to Linux mans sacrificing access to Windows-only software, especially games, and keeping Windows means losing some control over the inner working of the computer to a proprietary OS. And since I lack the technical expertise to roll my own, I'm kind of stuck.

Mm, yes it is. There's this thing called COPYRIGHT. See, it may be YOUR hardware, but it's still THEIR software (read the terms), and without the software, how will you run your hardware the way you want it? Happen to be fluent in x64 assembler?

Re: Colin, you have my empathy & sympathy.

Does this hold true even if the PDF pages are GRAPHIC rather than textual (raw vs. OCR'd)?

Is there any particular reason you MUST use Node.js, then? I would take the constant warnings as a sign to find another method, if not roll your own.

Re: So who's buying all these unsecured cloud instances?

"Also the ones who can see that 'the light at the end of the tunnel' means 'get off the tracks'."

But usually, by the time you DO see the light, you're hemmed in by the tunnel walls and have no way to "get off the tracks" (not even up, due to the ceiling). And turning around, you discover ANOTHER light at the OTHER end of the tunnel. Stuck like that, "get off the tracks" isn't an option. At that point, all you can do is pray.

Re: Fuel? Why no solar panels?

"But with hindsight, given the beast weighed over a ton, couldn't they have gone for an 8-gallon tank instead?"

When it comes to launching things into space (and believe me, there's just no easy way around beating the Earth's inertia), weight is a very sensitive matter. We're talking ounce-precise calculations and so on due to the cascading problem that it takes fuel to get things into space...but fuel is weight that must be lifted up as well, which takes more fuel, and so on, and so on...

Not only that, there wasn't any panic. A smooth, orderly wind-up with everything of value obtained in time. As far as "one-way" missions like this go, this is a best-case scenario.