How is this possible? Are phones willing to connect to any cell and blindly trust that text messages from there are genuine and really coming from the numbers they claim to be coming from? Isn't there some cryptographic verification?
Agree. I do a lot of travel and in 3rd-world countries it is quite common to get 2g spam, it's really unacceptable that Apple doesn't offer a way to turn off 2g short of lockdown mode.
Are you sure it's not sourced from the visited network? In that case, 3G or beyond wouldn't help you, as mutual authentication does not imply end-to-end authentication of all traffic between you and your home provider.
It's always amusing to me how apple tries to hide basic security features behind there super duper totally secure mode which nobody will enable because it destroys usability.
Meanwhile GrapheneOS in the default mode is as much or much more secure (and private duh) than there marketing mode with little to no usability decrease.
I was curious about this so I looked around a bit. My interpretation is that GrapheneOS still has not cracked this nut. Neither has iPhone, unless you enable "Lockdown Mode"
It doesn't matter what the network is doing; the phone needs to disable 2g. There's various ways to get the phone to downgrade to 2g otherwise, eg https://montsecure.com/files/2021_downgrade.pdf
And if you have a modern enough SIM+phone combo, it won’t even display the 2g network as an available network, nor 3G on my device.
I wonder if this mostly hit international SIMs, since they wouldn’t be running the same level of SIM code to prefer various network locks like a local SIM.
Helps you stay under the radar and gov services over SMS is a lot more advanced outside of Canada if you want to do some fraud.
>And if you have a modern enough SIM+phone combo, it won’t even display the 2g network as an available network, nor 3G on my device.
Source? It might just be that your carrier retired its 2g/3g network, not that the phone/sim refuses 2g/3g connections. If some cell tower popped up claiming to 2g/3g, your phone still might happily connect.
Unfortunately, I think there's no way for a SIM card to indicate to the phone that it would like it to please never connect to any 2G (or any non-mutually-authenticated) network.
Absent that, maybe this happens via a carrier profile (or equivalent mechanism)?
I don't think that matters, since the phone has no way of knowing from the SIM card alone whether it should still connect to 2G networks or not.
It sounds like a good idea to at least restrict 2G connections to non-roaming scenarios, but then you have the next practical problem: How does your baseband know that you're abroad?
Sure, all solvable at the application layer (the phone could use location heuristics to figure out where it is etc.), but not trivial and full of edge cases that could easily result in your phone mysteriously not connecting while abroad or, worse, not being able to make an emergency call or similar.
I also kinda figure there’s some magic running to “stick” to your home network where available/visible because of international border areas and people historically getting regularly upset about being roaming charges despite never leaving their home country.
SIMs can define both their home network (both implicitly since the IMSI starts with MCC/MNC of the issuer/home network, and explicitly in the form of a list of "equivalent networks", which is useful for MVNOs with their own MNC that don't want the "roaming" icon to show up) and a ranked list of preferred roaming networks. The phone should usually define those.
Of course, in some situations you might only get signal from across the border, and then none of these mechanisms can help.
That's incredible, here in Australia they not only shut down all 2G networks almost a decade ago, but they've already shut down 3G as well!
Although now looking at Wikipedia there are a lot more 2G networks sticking around than I realised, still hard for me to believe given what's happened here!
Funny enough its the tower that tells the cellphone modem which network is "better" and it does this in an unencrypted cell reselection message. So it is easy to force a phone to select 2G.
The original standards weren't expecting anyone but carriers to send messages and ramping up security has been a slow process, so downgrade attacks probably work nicely.
SMS is old infrastructure and the sender identity in an SMS is not like a signed email domain or an end-to-end verified chat identity. A lot of trust sits in the carrier network and interconnects
Guessing the spammer doesn't want to overload towers or be foxed within the same 3 so they're driving. Maybe the hats(?) shut off on rotation... or eSIM?
Well, based on what I'm gleaning from https://www.smsbroadcaster.com/ (yes, they sell these brazenly in the open), I suspect they're doing some SDR shenanigans to bring up fake cell networks and leverage Cell Broadcast instead of just SMS.
They are also interfering with connections and attempting downgrade attacks to do 2G SMS messages as well (and is likely where Canadian carriers were picking up the 'millions' of attacks against its network and failed authentication attempts).
Amusingly this was all also caught because of Telus reviewing those SMS messages that were reported as spam from people on iOS/Android and realizing that the messages weren't being terminated inside the cell network at all when they tried tracing them out and suspected that this was the case.
The biggest problem is that Canada shares a long land border with the US but is isolated by oceans from other countries. Having alternatives is good, but conflict with the US is dangerous. The US could do a huge amount of damage just by blocking trade with Canada. They're also capable of blocking trade between Canada and other countries, and occupying Canada. It is probably unwise to escalate conflict when the other side can escalate a lot more.
Nuclear weaponry is offensive in nature, and Canada does not need them. The population broadly does not want them. Most people may acknowledge (after slight thought) that if we were to obtain/produce them, certainly other countries won't be happy and if we were to 'use' them, well I'm sure the fallout will end up on our own soil after it's swatted out of the sky. So, let's build AA defence/defense networks of our own, instead.
> there is no other way to resist US military power
I'm struggling with how to articulate the idea that seems to be in so many Canadian heads, regardless of their military experience.
Assume the worst case, that the US invades Canada and that no allies come to assist, for whatever reason.
The best the US can hope for is a pyrrhic victory: while it may well be true that the Canadian military and population cannot hope to resist the US military, anyone thinking there would be anything other than a pyrrhic victory does not understand how, uh, what words to choose, hmm, bloody mindedly petty and vindictive Canadians can be.
There is that old trope about mistaking "polite" for "nice". Canadians are mostly are the former, and are mostly the latter most of the time, and can even be the former while not at all being the latter. But remember too the trope as to why so many of the specific rules of the Geneva Convention, etm., exist.
Canadians don't pick fights, generally, but see fights to the end, always, and almost always no matter what. And it's not a red mist thing: That comes and clears. What is left is cold. Sober. Focused. Are you still here? Are you not retreating fast enough? Do I still have functional limbs/weapons/comms? Carrying on....
We don't stop until it is safe to stop, and by safe I mean we can stand down and not have to stand to again, or until there is no we left.
Now, more tropes:
Longest sniper kill: Canada has the top spot and at least two more of the top five. Those are all recent.
Only force to meet its D-Day objectives: Canada, with fighting as fierce on Juno as elsewhere.
Only western soldier to fire on a Soviet: A Canadian with the group sent to protect Denmark from Soviets who were rolling fast and hard over northern Germany. The RoE were sort of vague on that point, but they were explicit about not withdrawing, about not giving up an inch. Words didn't work, triggers were pulled, a standoff occurred until sufficient forces arrived to convince the Soviets to withdraw to their agreed lines.
Before becoming PM, Lester B. Pearson won the Noble Peace Prize for the idea of UN Peacekeepers, of putting Canadians in harm's way to separate combatants in hot zones. The idea was taken seriously because memories of Canadian performance in WWII and Korea were fresh in mind. "Oh, those guys? Yeah, OK, ceasefire and separation sounds good."
Again, I am not in anyway suggesting that the US would not win in an invasion of Canada, if Canada stood alone. What I am suggesting is that what would be left (of the US, let alone Canada) would make the victory hollow and bitter.
(You do know that the Canadian boycotts that are so impacting tourism and distillers, among others, are not economically motivated, right? So many US talking heads cite tit-for-tat tariff nonsense, and very few miss the point entirely: Canadians mostly didn't give a damn about tariffs, but when "51st state" was mooted, even if as a joke, Canadians stopped buying US stuff. The tariffs could disappear today and many would still push for closer ties with the EU, possibly even membership, for distancing Canada from the US even more, all because we are fiercely independent, and willing to sacrifice a great deal to retain that independence. Canadians are mostly quiet about it, but never mistake silence for acquiescence or consent.)
I mean, for the first 100 yearsish of our existence we actively traded mostly with the "mother country" via shipping through the St Lawrence. Fur trade and then agriculture and forestry goods, etc. Our entire initial infrastructure from rail to canals was built for west -> east movement of goods.
The (over) emphasis on north south came a bit later. And certainly since the signing of the FTA it's been the most important thing.
Shipping to China from ports in Vancouver and to Europe from ports in the gulf of St Lawrence is actually quite strategically advantageous.
Maybe motivation needs to be considered separately from intelligence. Pure intelligence is more like a tool. Something needs to motivate use of that tool toward a specific purpose. In humans, motivation seems related to emotions. I'm not sure what would motivate an artificial intelligence.
Right now the biggest risk isn't what artificial intelligence might do on its own, but how humans may use it as a tool.
I invite you to search HN for 'libor' and see how many of the American users of this website were affronted by the vast fines dished out by the US government to UK-headquartered banks for manipulating the LONDON Interbank Offered Rate from their offices in London, UK. If you can find a single one I'll eat my hat.
Being a country means you can make your own laws so the authority question has a pretty clear answer. Unless you disaviow national borders and state power and such stuff generally of course. See https://en.wikipedia.org/wiki/Sovereignty
If it affects UK citizens, living in the UK, then there's jurisdiction. Either the entities comply, remove their services to the UK, or they risk sanctions/being arrested when abroad/etc.
Why should a US company harm UK citizens just because they're in the US?
If you want to serve a market in another country you have to follow their rules.
In this case, Imgur have been misusing UK children's information. Considering the laws are pretty similar, I suspect they're misusing EU children's information too.
It was about authority, synonymous with jurisdiction, I understood it. A sovereign country can decide they have authority/jurisdiction in anything they want. For example various countries have decided they can legally assassinate people in other countries even though other counties might not agree.
Placing the fines is pretty easy; they just go through their legal system, finish up the case and get their judgement. Russia has a giant outstanding fine against Google for example since Google is not censoring things the Kremlin doesn't like, even though Google has no corporate presence in Russia and the fine is iirc now larger than the entire world economy. (So it's an unrealistic amount designed to deter Google more than anything else in practice.)
The difficulty is getting enforcement; in practice, what happens is that the fine is put down as outstanding and if any executive or employee of the company enters the country, they're arrested and held hostage until the company pays up (or are held directly responsible for whatever the company is accused of). Most countries usually have corporate presency laws to avoid this sort of scenario though.
Alternatively, the judgement can be enforced through diplomatic channels, but that's a giant clusterfuck and unlikely to succeed unless it's something that's very blatantly a crime in both countries, since it's effectively retrying the case. (And even then it can depend on if the country just doesn't feel like cooperating for that specific case, for no other reason than spite; France for example is fond of doing this.)
Arresting executives is pretty extreme and not normally done. Generally countries will only go after assets and revenues in the country.
Even for local companies. I had a UK ltd company and it got some fines for not filling in the correct forms but you can just close it down still owing money, which I did, and there's no liability for the director(s).
Right, but the UK is saying they'll fine Imgur even after Imgur blocked access. At that point, what tooth does the fine have? "You must pay this fine if you want to, err, nothing I guess"?
They used to have UK legal presence, and planning to move out. The UK is saying something like "crimes done during your presence won't be ignored".
If Imgur never had UK presence, then yeah there would be no teeth. But if you're doing business in a country you can't break the law then leave and expect them to just ignore what you did during that time.
Why does it have to be immediately enforceable? Now Imgur have thrown the baby out with the bath water and cannot serve the UK and it leaves a big market for another company to come along and capitalise on that.
American companies are too use to being able to bully their way in America. Some countries do have better consumer protection laws.
The regulatory hurdles here are quite small, actually. If COPPA were worded better, Imgur would've been in violation of that, too, from what I can tell of the complaint.
How do you expect the "pull out" to happen? They must have had a UK bank account or similar, whose transfers won't get approved as they're trying to escape from criminal prosecution. Or they'll work with the US to ensure responsible individuals are held responsible.
It isn't exactly the first time someone/something commits crime in a country then try to escape, there is lots of ways to work with others on this.
>they'll work with the US to ensure responsible individuals are held responsible.
I heard here recently during a similar discussion (about 4chan and this same British watchdog agency) that the US does not allow extradition of its citizens for breaking non-US laws if the behavior is legal in the US.
> they'll fine Imgur even after Imgur blocked access
after they have infringed the data protection laws.
For example, if I get a parking fine, and then move my car. I can't claim that now that I've moved my car, I'm not liable for the previous fine. This is no different.
There are various international economic laws, treaties and agreements between cooperating countries, whether or not any of them cover this scenario for to US, and whether the US would honour any agreement in the current political climate remains to be seen. But there are mechanisms in place that allow w the UK to reach US companies through each others legal systems to a degree and vice versa, regardless of asset location.
> whether the US would honour any agreement in the current political climate remains to be seen
That this is even a question is bananas to me. Isn't that handled by the judicial system rather than involving politics/the administration? Shouldn't be possible for the US to have a treaty, and there are questions about if the treaty will actually be enforced or not, how could anyone trust the US as a whole for anything if those aren't enforced?
If Imgur decides they want to make money in the UK after all, and they have an unpaid fine outstanding, that money can be seized to pay off the fine first.
The whole point of corporations is that the company is liable, not its employees. also the shareholders are only liable for the money they put in, and not anything else.
Convictions in the UK are non-transferable. you can't convict a company, then transfer guilt onto its employees, they need to be tried at the same time.
> Are you saying that the Pavel Durov situation wouldn't have been possible in the UK
first Durov is a French citizen, so its not like he's immune to french laws
Second france has a totally different legal system to the UK(legal code vs common law)
thirdly, he's the primary owner of telegram, not an employee
Fourthly he was arrested on fraud, money laundering and child porn charges. Those are all criminal charges, not civil(GDPR is mostly Civil, same with the online saftey act, howefver with the OSA "senior managers" could be criminally liable, but again that's for CSAM, of which possession and distribution is a criminal already)
> Seems naive.
I really wish people would actually bother to understand law, because its pretty important. For programmers is much easier, because we are used to reading oddly worded specifically ordered paragraphs to divine logical intent. The law is really similar to programming.
They're only threatening to fine them for previous violations of the law, not anything after they block access. Blocking access doesn't make the existing fine from when they were doing business in the UK go away, it just prevents future fines.
Whether they can collect the money while Imgur aren't doing business in the UK is a different argument, but it's not particularly controversial that a country can fine a business operating in its jurisdiction for violating that country's laws. Even if those laws are authoritarian bullshit.
Sure, I'm only saying that I don't think there's much they can do by way of enforcement if the company decides to stop doing business there, especially over fines this small (it's not like the UK will push to extradite over this).
Honestly, that's the most noteworthy part of this. The EU hasn't pursued any site that just blocks EU access (see any number of US sites than aren't GDPR compliant and I can't access from Europe). The UK is threatening to do something nobody else has really done before. It's crazy, imo, because I can see a whole lot of sites immediately blocking the UK to avoid any potential litigation.
Thanks. That needs to be in an HN guide somewhere, along with: online services cost money to run so don't be surprised that they need either fees or advertising.
Being accessible over the internet from a country can't be the same as having a physical presence there. Otherwise, anyone putting any content on the internet needs to comply with the laws of every single country.
The real problem is that society teaches people to suppress negative emotions. Then someone can harness those suppressed emotions and focus them on something.
If you want a custom resolution in Linux drm.edid_firmware= works well with the right EDID.
For me, the worst things about the Linux graphical console are lack of scrollback and horrible performance. Linux still has scrollback in VGA text mode, and of course it is super fast because each character is only 2 bytes. In graphics mode you can only fix this by running a program that provides its own graphical terminal, like kmscon or fbterm.
The best thing about the graphical console is ability to use bigger fonts, so your characters can be smooth and not pixelated. I like the Terminus fonts. As long as performance isn't a problem it's better to increase font size than to decrease the resolution.
Dumb question: when I boot a modern systemd-based distro installer in terminal mode, am I using "VGA text mode" or "graphics mode"? Do I have to be literally using VGA to use VGA text mode?
EDIT: I read TFA and it seems like the answer is that I probably have never used VGA text mode.
Depends. A UEFI boot is going to put you in graphics mode; I don't think you can get into VGA text mode from an UEFI boot, without some serious dark arts. UEFI has a text mode console API, but it's part of bootservices and those are exited somewhere on the way to starting the Linux kernel.
If you're doing a BIOS boot, you might be using VGA text mode, if you haven't loaded a framebuffer driver. VGA text mode works over BNC, DVI, HDMI, DP, etc, if that was your question, you don't need a VGA connector. EGA text mode might be similar enough to also work, but that's outside my depth.
I'm not sure that Linux uses it, but VGA has nice things to accelerate scrolling. You can set the top of the screen down into the buffer, and then set a line number where it resets to the top of the buffer. If you set the line stride so that it evenly divides the buffer (typically wider than the line width), it makes scrolling and wrapping around the buffer very simple and elegant.
UEFI GOP doesn't provide any mechanism for a buffer larger than what's displayed, so scrolling requires copying. :(
I was annoyed by this change so installed an older kernel to get it back. However I found, that any TTY switch clears that scrollback, so it is quite useless in practice. (This is probably why they were comfortable just removing it.) The actual change making the scrollback useless was perforce earlier. I wonder when and due to what that was.
What's the point of taking your own highly detailed photos of the moon? You can find much higher resolution images elsewhere. I usually only want to take a photo of the moon as part of a moonlit scene.
I love observing the moon, whether that's taking a picture with a telephoto or peeping through telescope.
There's something special about seeing the craters with your own eyes and then sharing that with friends. The framing & cropping, zoom, color of the sky are all unique to that experience.
Plus the moon is always looking slightly different each time, with different areas shadowed; fuzzy details one day are sharp the next.
And it's a skill like any other, which feels great to improve day after day.
Most people take photos of DSO's, but while you've got the gear, why not photograph the moon. It's also technically fun. Using a cooled camera, I video the moon/Jupiter at 20fps at 3000x3000. Then using software, I only take the frames where there is minimal atmospheric distortion. With the remaining frames, you stack them to get a very detailed image of the moon/planets.
Look up the other gear from ZWO the maker of the seestar.
They have active Peltier coolers and you use mains power, a portable battery box, or the 12V output from your car. You also need to power a computer or laptop to capture the images.
Roboscopes like the Seestar are an all-in-one kit and have internal batteries that last about 3-4 hours (although for the moon you don't need more than a minute or so). The S50 can take uncompressed video, which you can then process as GP describes but, compared to a more powerful setup, the camera is 1920x1080 and uncooled, the framerate is limited to 30fps, and it only has a 50mm aperture.
It seems like there is a continuum between being oblivious and delusional. You need to notice things, recognize their meaning, make connections and then make conclusions. Being oblivious can mean missing important signs and making bad choices due to not realizing what is happening. Being delusional can mean jumping to conclusions by "connecting the dots" in one particular way that leads to one conclusion even though that may not be the truth. A sane perspective would mean evaluating different hypotheses to come to a reasonable conclusion. Someone who is paranoid may be right about some things much earlier than others, but they may also be wrong about many other things.
reply