• 0 Posts
  • 1.8K Comments
Joined 2 years ago
cake
Cake day: June 18th, 2023

help-circle
rss











  • So there’s this radio editorial from 1973 called “America: The Good Neighbor”, written by George Sinclair. I think a lot of what Sinclair described has been lost, unfortunately, but this line always pops into my head:

    You talk about scandals, and the Americans put theirs right in the store window for everybody to look at.

    I feel like this part is still true. For better or worse, as a nation even when we feel shame due to the behavior of our politicians we don’t try to hide it, pretend like it doesn’t exist. Our politics is theater and we all know it. It’s on display for everyone to see.

    You can read the whole thing here: https://thinkingagain.com/html/american_tribute.php

    It is an artifact of history, and just… keep in mind that it needs to be read and understood in the context of the time it was written. The Apollo program had just ended the year before, and US troops had just withdrawn from Vietnam. The Watergate scandal was current news and is specifically what Sinclair was referring to in the quoted line above. Martin Luther King Jr. had been murdered only 5 years prior, and the civil rights movement of the 1960s was a recent memory. It had been only a decade since John F. Kennedy was assassinated.

    And there was video and live discussion of all of it just on display for everyone to see on the still quite new platform of broadcast television.

    Things haven’t changed much.





  • Well right, and coating them with plastic means that they leave plastic residue behind if they break down in an uncontrolled environment, and increases the cost and complexity of recycling:

    If the paper has a plastic or aluminum coating, it can be recycled, but it is much more expensive and complicated.

    Some plastic coatings can be separated from paper during the recycling process. Still, it is often cheaper and easier to use virgin materials to create new products than recycling paper coated with plastic.

    Paper coated with plastic isn’t suitable for composting, and most times, such products are incinerated for heat or landfilled rather than recycled.

    https://www.almostzerowaste.com/non-recyclable-paper/

    Yes they already exist. They are not really better than pure plastic, they’re kind of a form of greenwashing because they appear to be environmentally friendly.


  • Aida said the new material is as strong as petroleum-based plastics but breaks down into its original components when exposed to salt.

    If this means that it does not break down when exposed to just water, that’s a pretty big deal. Water solubility has been the major issue making biodegradable plastics useless for food packaging (typically you want to either keep the food wet and water in, or dry and water out - either way water permeability is a problem).

    Of course most foods also contain salt, so… I guess that’s why the article talks about coatings. If the material has to be coated to keep it from breaking down too fast, what is the point? either the coating will prevent it from breaking down, or it just moves the problem to the coating not breaking down.


  • How often do older devices get breached

    A meaningful answer would require specificity about “older” (5, 10, 20+ years?) and would have to be broken down into manufacturer / major software / use case / target market groups. Also… would you include breach reports for software in the statistics? For instance, if an Adobe app was breached and leaked user account data, but it only affected devices running an older version of Android, is that an Adobe breach or an Android breach, or both?

    and is there any way to continue using an “older” device safely

    Basically, once a device stops receiving security updates from the manufacturer it should be considered untrustworthy. The only caveat to this would be if you knew the hardware (CPU/APU/GPU, storage, RAM, and especially NICs and TPMs), knew the firmware for all of it, knew the software running on top of it, knew that it had been audited, knew that there weren’t any major unpatched vulnerabilities for any of it, and probably limited its use to known/trusted networks. That’s a lot of work and some of it is probably impossible due to proprietary hardware & firmware.

    But you’d also have to weigh all of that against your threat model like I described above. The question is always “How much effort would someone put in to hack me?” There is never zero risk, even with a brand new, fully up to date device. Security is always a game of “I don’t have to outrun the bear, I just have to outrun you.”

    I feel like short security update lifecycles are a form of planned obsolescence.

    There’s some truth in this, but also recognize that every CPU model has its own specific microcode, every discrete device will have its own firmware and driver, and every mainboard will have its own specific firmware that makes all of those devices work together. Every version of every phone model ever produced has some amount of device code that is specific to that version and model. Keeping on top of updating every one of them would be a monumental task. Testing every update for every device before deploying the update would probably be functionally impossible.

    All of that is a big part of why Apple controls the hardware of their devices so tightly. It allows them to standardize things and limit the amount of code they have to write, and in general Apple supports their devices with security updates much longer than other mobile device manufacturers. Their support range seems to be about 7 years.

    Don’t get me wrong, I’m not personally an Apple user. I prefer the broader freedom of choice in hardware and software in the Android market, but I understand that there’s a tradeoff due to the lack of standardization. Apple’s approach has benefits - there is a degree of safety in the walled garden that is not possible outside of it.

    What really needs to happen is that buyers need to demand end-of-life information and support commitments from the manufacturers. For instance, the Fairphone 5 has guaranteed security updates until 2031, eight years after the launch date. That way you can make an informed decision before you buy.


  • The danger is essentially that anything being done on the phone is not secure.

    If all she does with the phone is look at cat pictures and talk to friends and family, there’s probably not much critical information there to worry about.

    But does she use the phone for banking? tax records? health care? Does she use the phone for multifactor authentication to log in to her bank account &etc?

    Anything involving financial or personal information could be used for identity theft and fraud. Even if she doesn’t have much money personally, her identity has value on the black market for opening fraudulent credit cards and other accounts. If her phone is no longer getting security updates then her email may be exposed, and basically if you can get into someone’s email then you can get into all of their other accounts (through “I forgot my password” links). Also keep in mind that the phone is a tracking device, so if it’s not secure then anyone with the time and interest could use it to track her location.

    It’s worth noting that switching the phone to another OS like Lineage may not solve this problem. Android uses a core security feature of ARM processors called TrustZone to handle cryptographic functions like security keys. This depends on processor microcode that only gets updated by the manufacturer. If the device is no longer supported, then it will probably stop receiving updates. A third-party developer like Lineage won’t have the capability to update this code.

    The potential threat from this is not usually immediate. Just because a device might be vulnerable doesn’t mean that it’s worth anyone’s time to actually hack it. But frequently what happens is that someone finds a vulnerability that can be exploited and then builds some software that can do the necessary steps automatically, after which any device with that vulnerability is not secure at all.

    Deciding how critical all of this is for your mother depends a lot on context. Does she have financial assets that might make her a target? Is she politically active? Is she a member of a sociopolitical group that might be a target? Does she have a social media account with a lot followers? Does she have any close friends or relatives that someone might want to target through her? Does she know anyone who works in security for a large corporation, government or bank? Her own vulnerability might make someone else vulnerable by proximity.

    There’s no way to eliminate risk completely. The only way to answer the question “how dangerous is this?” is to assess the severity of possible losses and the likelihood of potential threats (threat modeling) and then make judgment calls based on priority.