This effect is - in some ways I fear, almost inherent to tech.
The same reason you call someone an idiot if they click an ad that looks like an error message, login to their bank on mybank.com.sketchysite.info, respond to a Nigerian scam or open that .pdf.scr file attached to an email. This stuff seems dead flat basic to people who are exposed to scams regularly. We don't call the scammers idiots for making millions on ransomware, most of us just delete their messages without a second thought - instead we call their victims idiots for falling for it in ways that seem obvious to us. Heck, even in much of the general public these are used as punchlines on occasion. Victim blaming and just expecting people to recognize these things as sketchy seems to be quite common for these sorts of technical issues.
True, just disabling it via PackageInstaller by default would do the trick, the root community could re-enable it easily and those who only needed to sideload the occasional app could do so via USB debugging.
It seems like every time I hope for a reasonable solution like this I get let down substantially though.
All they'd have to do in order to survive a factory reset is to write to the /system partition, which contains the main OS. A factory reset only wipes /data and a few caches.
Writing to /system requires it to be mounted read/write and permissions to do so, so they'd need a root exploit in order to pull it off, but there's quite a few to choose from especially as devices age and given that they're doing this outside Play Store where Google won't pick them up.
I'm just crossing my fingers advanced users don't lose the ability to side-load apps over bad publicity like this, maybe they should make it harder to enable though.
Wow, interesting to see Hikvision on this list, I own several of their cameras (and keep them isolated on a separate VLAN), but once you know them, you see them everywhere, they have a huge hold in the video surveillance market. Wonder if their main Chinese competitor, Dahua will pick up their market share in the US or if there's a more local competitor.
Huawei's HiSilicon fab makes purpose built ICs for these things, I've dumped the firmware for some whitebox ones done by a local tech retailer, but they were still heavily reliant on those ICs. Will be very interesting to see what happens in that market if this persists for long.
I think the philosophy here has sort of changed with newer versions of Windows, this is why the taskbar now has quicklaunch icons and regular app icons the same size and place. I keep all my "stuff that just stays open" like thunderbird, spotify, mumble and firefox to the left.
> when you loose your data you have only 30 days to get it back before Backblaze deletes it as well!
Uhhh... this one could be a significant issue for me right now. I've got a laptop that's been offline for about 2 months now due to a motherboard failure due to liquid damage. I haven't bothered dumping the drive yet because I figured even if it's got issues Backblaze has a copy.
You're telling me that if I login to my account right now, the data is gone? If so, they really need to make that one more obvious.
EDIT: Just checked Backblaze, still looks like the data is there after 70+ days. Has this policy changed at some point?
As I pointed out there's fairly simple ways for them to resolve this without these practices. No where did I suggest that the batteries don't work at all. The extents people go to on this site to defend Apple's shitty anti-consumer behavior is utter insanity.
You're right, keeping keys in SRAM and other trivial anti-tamper measures are way too expensive. Cutoffs are performed by the same IC. Should be trivial.
This was a business decision for sure. Apple doesn't want anyone but Apple to work on their devices. Now maybe you can say that alone is good for resale, but it's extremely shitty for customers, especially when their attitude is to tell people they need a new board and all their data is gone when a repair, often even a simple one is entirely possible.
I'm not even in their country, pretty sure I'm not going to get extradited for breaking the privacy laws of a jurisdiction in which I have no physical presence.
I'm just going to ignore them all until my actual operating jurisdiction implements one, I'm not beholden to the laws of another country, let alone a specific state in it.
You can't give someone paid leave if they don't work regular hours. I know everyone likes to mock them for calling them "contractors", but in some ways it makes sense - they're employees doing work on a per-contract basis. There's no magic number you can use to accommodate that, especially if something like this could cause them to lose other jobs and need the income.
Looks like some taxi companies suspend without pay over a lot less though, so do we just call that fair enough? I dunno. Doesn't seem ideal really.
> but IMO (criminal?) negligence to not protect other passengers from this person
So, what's your suggested fix? We should let any unproven accusation be enough to deny someone their income?
As far as I can see, the only reasonable course of action is to provide as much data as you can about the driver and location of the vehicle to police and let them sort it out before acting against the driver.
Yes, for less technical people that's great, but for people who are willing to deal with it for improved security, it's worth it. I'm not suggesting it to mom and pop here.
I'm avoiding the browser extensions, they seem to be a security nightmare. KeePass and similar are a better way to go, if slightly more labor intensive.
> that recommendation in the first place was an act of bad faith.
This seems a bit of a stretch to me.
The doctors prescribed it, even given readily available research, the FDA approved it, knowing full well this was a risk. Those are the guilty parties here. Purdue filled their role just fine, they just happened to be making an opiate and so they're getting chased for it now because China is dumping fentanyl. Pretty ridiculous really.
The same reason you call someone an idiot if they click an ad that looks like an error message, login to their bank on mybank.com.sketchysite.info, respond to a Nigerian scam or open that .pdf.scr file attached to an email. This stuff seems dead flat basic to people who are exposed to scams regularly. We don't call the scammers idiots for making millions on ransomware, most of us just delete their messages without a second thought - instead we call their victims idiots for falling for it in ways that seem obvious to us. Heck, even in much of the general public these are used as punchlines on occasion. Victim blaming and just expecting people to recognize these things as sketchy seems to be quite common for these sorts of technical issues.