BC TECH
Saved by @Jacobtldr

So is Apple's anti-theft security a wonderful boon to users?

Or is it just another evil corporation strengthening it's monopoly power?

 I had the misfortune of buying a 2018 Mac Mini on ebay a few days ago. Unfortunately, it had not been wiped, and it's security defaults had never been changed.

This essentially turns it into a very shiny paperweight.
And this is where everybody jumps to blame the victim. "But everybody knows you have to make sure the seller wipes the Mac."

My how the corporate overlords have trained us to be their apologists.
To be clear, I'm a software engineer. Part of my job is supporting Mac users. Where I work, people hold on to their computers for several years generally, and the T2 chips are only a couple of years old, so I hadn't run into this situation at work.
Of course, I'd read about them, but I was confident that whatever condition the computer arrived in, I'd likely be able to deal with it.

Unfortunately I hadn't read up enough to be an expert on their T2 chip and Activation lock.
The point is, I'm not an average user. I'm a very above average user. If I can find myself in this situation, almost anyone can.
It's not sufficient for the seller to wipe the mac. They have to do a number of iCloud-related steps to fully erase their identity from the mac. Thanks to the security chip, even a full erase and re-install doesn't do that.
If you don't do these steps, the new owner can not simply erase and reinstall the system. They can't boot into single user mode or boot from an external drive and wipe things that way.
Only a network reinstall, which verifies the iCloud status and requires an iCloud password will work to solve this problem.
So this leaves someone like me who has — entirely legally — purchased a used Apple computer stranded, with the only recourse to hope that I can explain to the seller what they now must do (which is now considerably more complicated) to get this system to be usable by me.
And frankly, the simplest option (which I do not advocate, but that many will use) is going to be to share their iCloud account and password with the buyer. This is of course a significant security hole.
Any security solution which encourages bad security practice is not in fact a security solution.
What they properly must do is to use one of their other Apple devices that they've logged into with the same iCloud account, and tell it to forget the device they've sold.

But there's a lot of assuming happening there.
Apple assumes that the seller owns other Apple devices. There's plenty of Macs for sale used that were bought by someone who wanted to try it, and didn't care for it, and so now they're selling it (and these people are among the most clueless).
Apple assumes that the seller knows the iCloud password. See the last tweet about clueless sellers. But also, laptops can legally come to you with no knowledge of the iCloud account that was used. Like an inherited computer for example.
Apple assumes that the seller gives a damn. Depending on the perfectly legal selling mode they used this may not be true.

Ah but the buyer should beware, right?
Really, imagine any other product, like a car, or a washing machine, or... ANYTHING where the buyer has to beware of the seller having a secret, permanent, unfixable lock that makes the product 100% unusable.
But it prevents theft right?

Maybe. We'll assume yes now for the sake of argument.

Great. Why does Apple care?
Like any corporation Apple only really cares about the bottom line. Does theft cost them money? Yes in theory some portion of stolen computer purchasers would otherwise buy a new computer.
But what if Apple could make ALL used selling of computers a pain the ass, not just stolen ones?

That'd be a MUCH bigger profit incentive for Apple than merely cracking down on stolen computers
And that's what's happened here. Let the buyer beware?

Any buyer who knows about this is going to be VERY worried about buying a used computer. Apple has effectively drastically reduced the used computer market for their computers.
https://t.co/0SIAdtuARJ
There is one other alternative to getting these old computers to work. It turns out that Apple has the ability to trivially reset them. You just have to bring it in to have it serviced.

Which costs money.

AND you have to have the ORIGINAL proof of purchase.
Again, this destroys the reseller market. But this particular loophole is even more sinister.
It turns out things can go wrong with the security chip. There are tales of people who've bought refurbished computers FROM APPLE, only to have a bug in the security chip fail on an update and make their computer unusable.
But because the purchaser did not have the ORIGINAL purchasing papers, Apple wouldn't reset these.
Hopefully that's an extreme example which is rare and which Apple has managed to address. But the knowledge that things like this are possible further dampens the market for used Macs.
It does however turn out that there is a way to hack the security chip in these Macs. It was discovered last fall.

This may provide me with recourse, because I have the expertise to do it (though it's unclear if I have the patience — I may just get my money back from ebay).
But you know who DOES have the patience to do something like this? Because they'll likely do it more than once?

People who steal computers.
So here's the final proof, the ultimate punch line. Computer theft rings are no longer stopped by this security. Only legitimate user-to-user reselling of computers remains as being substantially curtailed.
Of course, this was always the much larger chunk of their profit motive.
But it lays bare what Apple is doing. Your computer is no longer protected from theft. But it's going to be really hard to resell and lose a lot of value because of that. Which costs you money and makes Apple money.
Apple could reset any computer brought to them, no questions asked. If that sounds crazy to you, consider: has a car mechanic ever demanded you prove ownership before they'll fix your car?
Shouldn't it be insulting that their core assumption on every computer they see is to presume that it is stolen unless this can be otherwise proved?
And after all, if someone comes to them later on with proof of theft, Apple should still be able to find if this computer has been reused. This security lockdown doesn't add any real-world theft protection that they didn't already have with Find My Mac.
It just makes them harder to resell. Period.
I would love it if my Representative @RepKClark, and my Senators @SenWarren and @SenMarkey would read the above thread about corporate monopoly control.
I do want to clarify that the T2 chip does potentially add useful security mechanisms and protocols that are superior to previous technology.

It is Apple's administration of this new technology that is monopolist and outrageous.
Apple has the option to be much more lenient about resetting these systems, and it would have virtually no impact on Apple's ability discourage theft.

More from Tech

Nicolas
Nicolas
@necolas
A brief analysis and comparison of the CSS for Twitter's PWA vs Twitter's legacy desktop website. The difference is dramatic and I'll touch on some reasons why.

Legacy site *downloads* ~630 KB CSS per theme and writing direction.

6,769 rules
9,252 selectors
16.7k declarations
3,370 unique declarations
44 media queries
36 unique colors
50 unique background colors
46 unique font sizes
39 unique z-indices

https://t.co/qyl4Bt1i5x


PWA *incrementally generates* ~30 KB CSS that handles all themes and writing directions.

735 rules
740 selectors
757 declarations
730 unique declarations
0 media queries
11 unique colors
32 unique background colors
15 unique font sizes
7 unique z-indices

https://t.co/w7oNG5KUkJ


The legacy site's CSS is what happens when hundreds of people directly write CSS over many years. Specificity wars, redundancy, a house of cards that can't be fixed. The result is extremely inefficient and error-prone styling that punishes users and developers.

The PWA's CSS is generated on-demand by a JS framework that manages styles and outputs "atomic CSS". The framework can enforce strict constraints and perform optimisations, which is why the CSS is so much smaller and safer. Style conflicts and unbounded CSS growth are avoided.
TECH
Caleb Porzio
Caleb Porzio
@calebporzio
🎉🎉 PHP 7.3 is here!

Here are the things I'm excited about.

🚂 Trailing commas in function/method calls!

This will certainly be a required styling choice for me. Same delightful benefits of trailing comma in multi-line PHP arrays, and JavaScript objects.


🧵 Less disgusting heredoc syntax!

Inlining heredoc strings in any way right now is grrrosssss. Now we get sensible capabilities. Everything that was wrong with it is now fixed!

(Ignore the bad syntax highlighting)


☠️ Finally, not-so-silent json_decode error detection!

This really sucked before, now it just sucks a bit less (who wants to pass a 4th param and pass 2 default params first? (helper function anybody?)


📜 Not horrible functions for getting the first and last item (or key) from an array!

Before you either strung a bunch of functions together or messed with internal array pointers. This is a much-needed improvement.
TECH
Advertisement
Novid Houellebecq (That's Hollaback)
Novid Houellebecq (Tha...
@GarouGothic
I want to explain what happened to tumblr overnight. And why Twitter as reached it's dream (or have come ever so close to it)

Yahoo, who bought Tumblr years ago, used to have a huge adult presence on the early net. They allowed adult groups and what not.

However, people and bots (just like now) misused the service, and Yahoo were forced to make a choice. They made private the groups (and later closed them down and sold some of it to other companies) and then ended their chatrooms on yahoo messenger...

after a incident with one of the chatrooms vid cams. The damage was done, Yahoo Messenger lost a lot of people - and with the closing of the groups - backpage and Craigslist came more important.

Now backpage is no more and Craigslist is slowly passing away. Tumblr had a semi strong community, but once 2014 came around and both porn, and political bots exploded the quality started to go down,
TECH
James Felton
James Felton
@JimMFelton
Butt plugs were originally sold as a miracle cure for headaches, acne, and insanity

Thread, article here and h/t: @qikipedia :
https://t.co/Ts84xnmWKJ


For a long time, medicine was pre-occupied with the question "can this be solved by putting something in the butt?"

Take, for example, tobacco smoke enemas, in which 18th Century physicians saw drowning victims and attempted to de-deadify them by blowing tobacco smoke up their rectums with a pipe.


Despite having no medical benefit whatsoever, the practice was popular, and enema kits lined the Thames like lifebelts, ready to be used as one final humiliation for somebody who was crap at swimming.

This practice ended sometime after 1800 when it became apparent that it didn't really work, given how the anus famously isn't really connected to the lungs, but doctors weren't quite finished with having a poke around in the old anus to see what happens just yet.
TECH
Mateusz Czeladka | Plan \u20b3
Mateusz Czeladka | Pla...
@matiwinnetou
(1) Since some people laugh at Cardano project and it's peer review aspect, let me share a story from work for all of you
(2) There is company called Databricks and they open sourced recently a technology called: https://t.co/gpZyKKiMVD . This technology is super important

(3) In BigData delta allows one to perform DELETE and MERGE operations contrary to Hadoop + Hive where this is not possible, seeking through many partitions finding customer data to remove and then rewriting it is not only expensive as an operation but also very dangerous

(4) This promising technology is something that many companies, which have big data turn into as they need to be GDPR compliant.
(5) I was always reading and accepting all details from their website as given and the "truth"

(6) There is however an amazing Principal Developer at our company that found some of the claims from their website as dubious, e.g. ACID claims on such a distributed file system
(7) It turns out this is not the first time this company advertises something that is simply not true

(8) on another occasion this company made untrue claims about Cassandra database and this then became source of disputes e.g by dr. @martinkl - my fave expert in distributed systems
(9) All professional developers also know of course famous Jepsen tests ->
TECH

You May Also Like

Kevin Roose
Kevin Roose
@kevinroose
On press call, Zuckerberg says FB users "naturally engage more with sensational content" that comes close to violating its rules. Compares it to cable TV and tabloids, and says, "This seems to be true regardless of where we set our policy lines."

Zuckerberg says FB is in the process of setting up a "new independent body" that users will be able to appeal content takedowns to. Sort of like the "Facebook Supreme Court" idea he previewed earlier this year.

Zuckerberg: "One of my biggest lessons from this year is that when you connect more than 2 billion people, you’re going to see the good and bad of humanity."

This is how Facebook says it's trying to change the engagement pattern on its services. https://t.co/3p0PGc912o


[email protected] asks Zuckerberg if anyone is going to lose their job over the revelations in the NYT story. He dodges, says that personnel issues aren't a public matter, and that employee performance is evaluated all the time.
TECH
Werise
Werise
@We_Have_Risen
I was working on something before the election that became the election...

Color revolutions are real and we just witnessed one live and direct...

1.
POLITICS
Advertisement
SPACVet
SPACVet
@SpacVet
My number 1 stock pick for 2021 is: Pine Island Acquisition Corp.

$PIPP

Let me break down why I think this will be THE SPAC of 2021. 👇

TL:DR – the management team is loaded with President Biden’s closest friends and advisors. No other SPAC has this level of access.

$PIPP company overview:

-focused on defense, government service & aerospace
-perfect focus when you consider who is on their Management Team


$PIPP Management

-here's where it gets EXCITING
-founded by John Thain (ex Merrill Lynch CEO and Uber director)
-then STACKED with veteran Government and Administration key figures


$PIPP Insane Management Connections

-the list of PIPP "DC Partners" includes:

-- President Biden's pick for Secretary of State (Tony Blinken)
-- President Biden's pick for Secretary of Defense (Gen. Lloyd Austin).


$PIPP - The Joe Biden Connection

- Tony Blinken and President Biden are close allies.
- Blinken has been an advisor to Biden for decades
- Blinken set to be appointed Sec. of State
TRADING , CATEGORY
Sahil Lavingia
Sahil Lavingia
@shl
Something I wish everyone knew: the bar's not as high as you think.

You can get that job, meet that person, start that company.

But because you think the bar's so high, you won't even try. Which is what makes the bar so low!
LIFE
Rachel Andrew
Rachel Andrew
@rachelandrew
After almost 20 years of explaining websites don't need to look the same in all browsers I think I'm done. You have the ability to make progressively enhanced websites, more so than ever before. Use it. Don't use it. Just don't argue with me about it!

I'm writing my talks for next year and we will be looking to the future. I am nothing if not pragmatic. I build sites and applications that have to WORK everywhere, that support as many places as possible. But "look" the same. No. Not possible.
ALL