I updated but then regretted since I learned that Firewire support is now removed. I shoot retro videos with an old Firewire camera so to be able to get footage out of it, I had to stop whatever I was doing and figure out how to create a dual boot system.
Apple doing things like this is quite annoying where the hardware has support for Firewire but software removes it.
Sauna is really helpful for getting rid of them, also the usuals, use clothing made from natural materials, wool, cotton, linen, replace your teflon pans with stainless steel or cast iron, replace plastic utensils with wood or metal, replace your plastic food storage boxes with glass or metal, use a reverse osmosis water filter for your drinking water etc. Having them in your blood is bad but passing them to your children might be called negligence.
I’m glad to see that the public awareness is increasing for this issue.
Not the parent but you can set up Dynamic DNS at home and Wireguard in your router and later use the Wireguard connection to connect to your home network and have a safe tunnel.
Yep! And TP-Link, Asus, GL.iNet, MicroTik, and other consumer routers also have Wireguard/OpenVPN servers and Dynamic DNS clients.
For the parent commenter: you set up an account at a Dynamic DNS service, and configure your router so when it's online, a dynamic DNS hostname will always point at your router's IP. Then you set up a Wireguard or OpenVPN server on your wifi AP. Then set up your phone, laptop, etc to connect to that server at the dynamic dns hostname. Now you have a VPN server running on your home wifi AP. Connect when you're away from home, and your traffic will go securely through your home ISP connection.
How does this show EU tech regulation being out of touch and not these companies operating in countries and not following the laws in those companies? Requesting user data is a good way to make sure there’s not more data than is required and it’s a feature most tech companies have already implemented.
Windsurf was also used by enterprises because of their on-prem plan. They gutted that after OpenAI acquisition was announced and since then I am sure none of those enterprises that used it will switch to their cloud offering and look for other venues.
Without knowing the exact details, it seems to me like Oracle has a point here:
Java Card supports, broadly speaking, two types of bytecode verification: "On-card" and "off-card". On-card is secure against even malicious applets; off-card assumes that a trustworthy entity vets all applets before they are installed, and only signs them if they are deemed well-formed.
The off-card model just seems like a complete architectural mismatch for the eSIM use case, since there is no single trustworthy entity. SAT applets are not presented to the eUICC vendor for bytecode verification, so the entire security model breaks down if verification doesn't happen on-card.
Unfortunately, the GSMA eSIM specifications seem to be so generic that they don't even mandate Java as a bytecode technology, and accordingly don't impose any specific Java requirements, such as "all eUICC implementations supporting SAT via Java Card must not rely on off-card bytecode verification".
In this case if you read the last few sections, they reported several issues to Oracle regarding their JavaCard Reference Implementation, but these have not been fixed stating that they are not supposed to be used in production. Oracle has the responsibility to fix these issues as they are the primary source for everything related to JavaCard’s and other vendors take their reference implementation as a reference.
Also see their previous reply[1] to the findings this company had from 2019 and I can’t help but agree with the article that if those issues were fixed back then, there is a chance that this wouldn’t have happened today.
Definitely, no reference implementation should have security bugs.
But do you know if Oracle's reference implementation for Java Card is one using on-card or off-card verification, or more generally is assuming installs from only trusted sources?
There are many Java Card applications where the assumption of all bytecode being trusted is reasonable, especially if all bytecode comes from the issuer and post-issuance application loading isn't possible. Of course, that would be a complete mismatch for an eUICC.
Then I’d say this just points to a concerning lack of understanding of the security model on the implementer’s side.
In an ideal world, there would of course only be on-card verification, but resource constraints on smart card chips are still a factor.
In the second best of all worlds, Oracle would have one reference implementation each for trusted and for untrusted byte code, and a big bold disclaimer on when to use which, but I’m not convinced even that would prevent against all possible implementation mistakes.
>The off-card model just seems like a complete architectural mismatch for the eSIM use case, since there is no single trustworthy entity. SAT applets are not presented to the eUICC vendor for bytecode verification, so the entire security model breaks down if verification doesn't happen on-card.
I thought the whole esim provisioning process required a chain of trust all the way to GSMA? Maybe the applet isn't verified by the eUICC vendor, but it's not like you can run whatever code either.
Seems like you actually could "run whatever code".
Apparently, GSMA recalled their universal eSIM test profiles. Prior to recall, those could be installed on ANY eSIM, and those profiles had applet updates enabled.
By installing a profile to eSIM and issuing your own update to it, you could run arbitrary applets.
There have been multiple occasions now where Oracle has outright dismissed or denied reported security vulnerabilities as being anything of note, or even existing at all.
Only to find out that nope, they were, and had been, or could be, exploited.
Very interesting to read Babbage’s thoughts on cryptanalysis of a cipher. I wish we could have read his thoughts on modern ciphers and what he would think of them.
Apple doing things like this is quite annoying where the hardware has support for Firewire but software removes it.
reply