If Real ID is so good, why do we have CLEAR? Why can I not skip the line with RealID?
If we are forced RealID, why not just make all the TSA checkpoints like Global Entry (or in several countries with IDs), fully automate them, using Real ID. That would get rid of CLEAR, and a lot of TSA agents.
CLEAR is basically (mostly) self-service pre-verification by a commercial entity, achieves near the same exact thing as it is done at the TSA agent with RealID now.
The CLEAR system uses CAT or CAT-2 to send info to TSA to validate. Same, exact protocol and information as it is with the TSA Agent.
The only meaningful difference is that the biometrics is pre-stored with CLEAR, while the other travelers are collected at the TSA agent stands and compared to RealID.
There are multiple countries where all of this is done with dark technomagic. You can see this witchcraft working with Global Entry (CBP, not TSA).
What is interesting about this is that CLEAR has a relationship with the airports (mostly), not TSA. Airports are the ones pushing CLEAR so they do not have insane queues, not TSA.
There are plenty of Faraday bags readily available for cell phones.
Look in the digital forensics industry. Field forensic investigators can get bags or boxes (look like Pelican(r) cases), or inserts for Pelican cases (a 1615 fits just right into a sedan's trunk).
Long time ago when mobile forensics was in its infancy they were given out as swag.
The #1 problem is of course that if not in airplane mode, some not too smart phones keep increasing the power to the radio (smarter ones do this for a few minutes then power down radio, then cycle up again). Guess what happens with a bunch of juice dumped into electronics in a locked case inside a trunk in a hot car, with half dozen other phones doing the same thing (because it is never a single burner phone).
In a pinch, 3 to 5 layers of aluminum foil, stainless steel cocktail shaker, ammo can, or combination thereof works.
edit: Yes, if we are discussing this with physicists, RF cannot be blocked, it can be attenuated. The strength of the RF signal is reduced as it travels through different materials, and in theory it can never be completely eliminated. In practicality, the signal only needs to be attenuated until it cannot be picked up sufficiently even when very close by a receiver.
I came here to say what you did. I used to work in three letter agencies and took part in testing faraday bags for clandestine operators. Something about faraday bags that most people don't know is that they have a shorter life than you would think. As they move around and bend, they start to "leak" more RF. WaitWaitWha is also correct that in a pinch, some aluminum foil works pretty well if you're careful. The service will be so bad, that the phone won't likely get packets out or in. Just be thorough when doing it.
Also, I worked with clandestine people and for most of them had threat models more relaxed than a lot of people on HN. What are you all up to???
There used to be an option called "Cat guard" built into several historical (BBS ) software. On (and cannot remember the name) one software that did synchronization with other networks (e.g., FIDO, uunet) it was considered a major feature.
Primary purpose was to lock the keyboard so when the cat walked all over it, it would not disconnect.
If so, is this 'fuse' per-planned in the hardware? My understanding is cell phones take 12 to 24 months from design to market. so, initial deployment of the model where this OS can trigger the 'fuse' less one year is how far back the company decided to be ready to do this?
Lots of CPUs that have secure enclaves have a section of memory that can be written to only once. It's generally used for cryptographic keys, serials, etcetera. It's also frequently used like this.
Fuses are there on all phones since 25+ years ago, on the real phone CPU side. With trusted boot and shit. Otherwise you could change IMEI left and right and it's a big no-no. What you interact with runs on the secondary CPU -- the fancy user interface with shiny buttons, but that firmware only starts if the main one lets it.
> ... The hackers would still need physical access to the hard drives to use the stolen recovery keys.
This is incorrect. A full disk image can easily obtained remotely, then mounted wherever the hacking is located. The host machine will happily ask for the Bitlocker key and make the data available.
This is a standard process for remote forensic image collection and can be accomplished surreptitiously with COTS.
Although this article is about what new hardware got certified last month, I have never heard of this certification and think might have some potential.
> To solve these problems, Umbra, the research predecessor of CedarDB, invented what Andy Pavlo now affectionately (we assume ;)) calls “German-style strings”.
This is how Borland Turbo Pascal stored strings as far back as the first version in mid-80s.
I think is about the kind of union they use, to store it differently depending on the string length, not the fact of length+data. Anyway is/was also nothing remotely new (the idea) as many lisp and scheme implementations have done so for strings and numbers basically for ages.
German-style strings is a way to store array of strings for columnar dbs. The idea is to have an array of metadata. Metadata has a fixed size (16 bytes) The metadata includes the string length and either a pair of pointer + string prefix or the full string for short strings. For some operations the string prefix is enough in many cases avoiding the indirection.
The historical P-strings are just a pointer, with the length at the head of the buffer. Hence length-prefixed strings, and their limitation to 255 bytes (only one byte was reserved for the length, you can still see this in the most base string of freepascal: https://www.freepascal.org/docs-html/ref/refsu9.html).
{length, pointer}
or
{length, capacity, pointer}
is struct / record strings, and what pretty much every modern language does (possibly with optimisations e.g. SSO23 is basically a p-string when inline, but can move out of line into a full record string).
My experience at several large companies I worked for, the promotion comes because the activities are already at the new, higher level. i.e., working at SVP/level 7 when officially at VP/level 6 for a period when the promotion is offered.
Good or bad, this is how the industry I work in promotes.
I think the best approach is to take on extra, above position responsibilities, accountabilities after discussion with superior, after agreeing in writing that this is part of a path to promotion.
I agree. I'd argue that if you can't start a conversation with your superior about future promotions and job goals, you're probably not gonna get that promotion anyway.
Your manager is gonna be the one asking their own manager to pay you more, and will be the one doing reviews.
Also: stepping on other people's toes can crush team morale, which can sure delay promotions. Saw it happening. Keeping the manager in the loop is a good way to avoid it.
Often you need not only to be at the higher level, but someone to call out that if they don't promote you you might leave. I've seen a lot cases (at many companies) where one person that everyone knows is good quitting for a promotion gets a dozen others promoted in the next few months. So if you realize you are not getting a promotion your leaving may be the trigger to get your coworkers promoted.
True, that can happen, but that feels toxic. A threat by the employee will always breed some negative feelings towards the employee, even if it is subconscious.
I am just writing about relatively sane, stable organization where the employer-employee relationship is stable and acceptable.
I think you (and the other) misunderstood. You are not threatening to leave here! Either you actually leave (their first notice is your two weeks), or someone else does and the company realizes if they don't promote good people fast those others will take the same hint and leave.
I agree that threatening to leave is a bad thing. Either get out or be content where you are: middle grounds do nobody any good.
If we are forced RealID, why not just make all the TSA checkpoints like Global Entry (or in several countries with IDs), fully automate them, using Real ID. That would get rid of CLEAR, and a lot of TSA agents.
reply