Classifying IP sets is a fantastic idea, I’ve seen mail bounce for the ASN. That parameter is unchanged between IPv4 and IPv6. Certainly, you can do it only when the provider is a classic spam heaven.
The real difference is in latency: I tend to use the same operator on the fixed and mobile line, with Wireguard.
SSH, SMB and Matrix respond almost as if you were in LAN.
If I add the cost for bandwidth and storage of a data center, then the economic choice is obvious.
> How do both parties determine the keys used during a conversation?
They don’t: public key cryptography is not initially used.
The sender generates a random AES-256 key, applies it in CTR mode and uploads the encrypted blob to GCS.
Every receiving device gets a message with the key, the URI, and the SHA-1 of the blob. These messages are encrypted as usual and sent via APNS (<n>-courier.push.apple.com:5223)
> you’d think they would wrap it so at minimum they could tweak the underlying infrastructure without requiring every client to update
Apple does this: two other endpoints are *.blobstore.apple.com and the Chinese Guizhou-Cloud Big Data.
In my logs blobstore is used less than 1% of the time.
It just means Google may provide access to metadata outside of Apple’s control. Those metadata could be useful to do classification of anomalies on the basis of pattern of life analysis, or similar.
On one occasion the traffic to google cloud is systematically not proxied: every time one sends an attachment in iMessage, the file (or the media) is encrypted on device and sent to gcs-{eu,us,asia}-00002(?).content-storage-upload.googleapis.com, received from gcs-{eu,us,asia}-00002(?).content-storage-download.googleapis.com
This should be pretty visible to Google, the rest of the traffic is handled better.
I think that in this context the meaning of the term trust is different.
Any code executing in privileged mode can bypass security, and is therefore inherently part of a system's trusted computing base (TCB). (Linux is a monolithic kernel running in ring 0)
Most companies are not Linux contributors, they are trusting the kernel developers to write bug free, secure code.
Minimizing the TCB and opting for an auditable open source TCB are really useful concepts in security.
But the cause of these breaches is much more trivial than what you are worrying about: these companies are basically installing whichever piece of software can decrease their costs without thinking about what they’re doing.
> Speculative, and likely contains errors, misconceptions, and omissions; thoughtful, informed comments are welcome. Intended for a general scientifically curious audience, not requiring much detailed specialist background.
I enjoyed the reading, it is well written. Like you, I think there is a bit too much speculation to consider it an article suitable for a "scientifically curious audience". From my point of view the parallels and the "connections" between phylogeny, elements, matter and physics make it very little pseudo-scientific and too metaphysical.
It's safe to deduce our brain can't simulate the universe, but only a "less powerful" description/representation of it. Otherwise the assumptions are inconsistent, and a paradox arises.
Obviously, since we don't know how the brain nor the universe work... It's all speculation
I think Apple would need to ship a different OS in China.
Cloud services offered there must store data in the country and be operated by Chinese companies. (Apple is complying with this)
But Chinese companies HAVE TO assist the authorities in obtaining systematic access to private sector data. (This is not possible with E2E for backups and photos)