kitonthenet

Jokes on them I was only pretending

We’re making propaganda… Join us… the 4chan thread instructs

So the campaign is coordinated

4chan

The visual guide instructs potential posters to create images that are “Funny, provocative. Redpilling message (Jews involved in 9/11). Easy to Understand.” Under an image that shows a crying Pepe the frog with a needle next to its arm and a gun pointed to his head, the guide says “vaccines enforced by violence.” Under an AI-generated image of two Black men with gold chains chasing a white woman, the guide said “redpilling message (migrant crime in scandinavia).”

So they’re white supremacist fascists

MAKE, EDIT, SHARE

So they are inundating people with it

whether you think it’s random fun or not is subjective, but the way they’ve described it is accurate.

Ok

Ok, so I can come change your locks then

To exfiltrate the login password from a keylogger on a macbook, for example, you need to have some software running on the cpu as well as the keyboard itself. This makes it very difficult to do in reality, as you have to infect both devices and if you do not have physical access, your exploit needs to be done across the keyboard interface, which makes it very hard to do in practice. Swapping any random keyboard in that could potentially be malicious introduces two issues, as now the keyboard itself may have a keylogger, as well as opening the possibility of exploiting some vulnerability in the cpu from the keyboard itself. You therefore open two attack surfaces that were previously closed, which is highly significant.

people have different levels of risk acceptance and that’s ok

Except it is the editorial agenda of ifixit to promote legislation that requires this lesser level of security, which makes it not ok. Outlawing verification in software requires all devices to have the same vulnerability at the interface, it would even affect users who want to buy OEM.

I’m not saying it has to be absurd, but no one is acknowledging that the security risks are real, and requiring a lesser standard of security is a cost of legislating this stuff, which it is the editorial stance of ifixit to support

It absolutely could, if the processor trusts that the data coming from the faceid sensor is accurate, the faceid sensor can simply lie. You’re removing a layer of defense, which necessarily impacts security

So then you’ll let me change the locks on your front door to one I choose?

Removed by mod

No, give me the argument that you can secure these interfaces, some of which provide biometric security, without verifying vendor origin in software

often are genuine, but Apple makes features not work unless paired

Because unless you pair the screen, the device has no way to know it’s genuine. If it’s not, it could implement any number of attacks, including keyloggers, screen stealers, etc

don’t believe

Why shouldn’t I? No one has given an argument that you can actually secure these peripherals without software locks, I bought my iPhone and MacBook because they offer security, even when I run Linux on it my MacBook has far superior boot security (the only thing apple has engineering control over in that use case) than any intel machines I’ve used

Also lol that article, you know the difference between one incident and a pervasive effort to mine your privacy for profit

Removed by mod

Mfs out here want to install their bootleg faceid in my phone at their sketchy self repair place so they can sell my data and break its security. Let’s not pretend ifixit isn’t the exact same rent seeking that apple is, they just want to be the middle man

It doesn’t hurt that the same companies that did all the things that made people cynical about technologies are the ones perpetrating this round of BS

Because they live in the same society as you, and they get to decide who goes to jail as much as you do

I just look at this and ask myself if the slots really needed a direct always online connection to the same database that the employees log into

have people go back to using pen and paper

If it’s so important losing access to it costs you $50 million a day I would look at the supposed savings it brings you and gauge your risks accordingly

NIST already has recommendations for quantum resistant algorithms. https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms

I don’t care. Organizations should have better security culture or use fewer computers, this is an abject win in my view