Archive for January 12, 2021

Tuesday, January 12, 2021

Don’t Forget Your Bitcoins

Nathaniel Popper (via Matt Levine):

The password will let him unlock a small hard drive, known as an IronKey, which contains the private keys to a digital wallet that holds 7,002 Bitcoin. While the price of Bitcoin dropped sharply on Monday, it is still up more than 50 percent from just a month ago when it passed its previous all-time high around $20,000.

The problem is that Mr. Thomas years ago lost the paper where he wrote down the password for his IronKey, which gives users 10 guesses before it seizes up and encrypts its contents forever. He has since tried eight of his most commonly used password formulations — to no avail.

[…]

Of the existing 18.5 million Bitcoin, around 20 percent — currently worth around $140 billion — appear to be in lost or otherwise stranded wallets, according to the cryptocurrency data firm Chainalysis.

I don’t understand how they can measure this. In any case, it’s a good reminder to use a password manager or have a physical record of your important passwords.

Update (2021-01-13): Dave Jevans:

As co-founder of IronKey I will tell you that we spent $50M building it. NSA reviewed it. We worked with Atmel on a custom AT98SC smart card to store the encrypted AES key and RSA private keys. It will cost a lot to reliably crack one without the chip resetting itself.

Dave Jevans:

IronKey/Atmel security features include voltage, frequency and temperature detectors, illegal code execution prevention, tampering monitors and protection against side channel attacks and probing.

iTunes at 20

Kirk McElhearn:

On January 10, 2001, Steve Jobs went on the stage at Macworld Expo in San Francisco and presented a new app that would change the course of Apple. iTunes would become Apple’s most important app, not only because it was the companion of the iPod that would be released later that year, but also because it would become the framework for all of the company’s future online stores. (Watch the original presentation: part 1, part 2.)

[…]

It’s interesting to look back at the first presentation of iTunes, to see how little the iTunes interface has changed in twenty years. Aside from the fact that, on the Mac, it’s not iTunes any more – when Apple released macOS Catalina, they split it into four apps – the Music app is a direct descanted of the original iTunes. (iTunes still exists for Windows, with the same features as the previous integrated app on macOS.)

Previously:

Wikipedia Is 20

The Economist (via Hacker News):

The site has no shareholders, has generated no billionaires and sells no advertising. Today’s aspiring tech giants burn vast quantities of investors’ money subsidising taxi rides (Uber) or millennial messaging (Snap) in pursuit of “scale”. Wikipedia grew organically, as more and more ordinary people decided to contribute. The site has its roots in the techno-optimism that characterised the internet at the end of the 20th century. It held that ordinary people could use their computers as tools for liberation, education and enlightenment.

[…]

Wikipedia may not have vanquished its doubters in theory. But it has triumphed in practice. With over 20bn page views a month, it has become the standard reference work for anyone with an internet connection. As social-media sites are lambasted for censorship, “fake news”, disinformation and conspiracy theories, its reputation is higher than ever.

[…]

Wikipedia compares well with other reference works when it comes to honest mistakes, but it is uniquely vulnerable to vandalism and pranks. In an effort to combat them, says Mr Negrin, the site has developed algorithms that monitor articles for mischief.

See also: Jimmy Wales on Systems and Incentives.

WhatsApp Privacy Policy and Encryption Canary

Dan Goodin (Hacker News, Bruce Schneier):

WhatsApp, the Facebook-owned messenger that claims to have privacy coded into its DNA, is giving its 2 billion plus users an ultimatum: agree to share their personal data with the social network or delete their accounts.

The requirement is being delivered through an in-app alert directing users to agree to sweeping changes in the WhatsApp terms of service. Those who don’t accept the revamped privacy policy by February 8 will no longer be able to use the app.

Tim Hardwick:

Encrypted messaging app Signal faced big delays in verifying the phone numbers of new accounts on Thursday because of a sudden surge in people trying to join the platform.

Alec Muffett (via Hacker News):

Why have @WhatsApp changed their E2E white paper regarding “at no time…access to private keys”? Answer: Because Facebook plan to offer Bots in the Cloud for WhatsApp “Business” Users

Hartley Charlton:

WhatsApp is now assuring users that “Our privacy policy update does not affect the privacy of your messages with friends or family.” It has also added to its FAQ to address users’ privacy concerns relating to data sharing with Facebook.

The FAQ explains that WhatsApp and Facebook cannot see a user’s private messages or hear their calls. Logs of who users are messaging and calling are not retained and shared location, contact information, and group membership is kept private.

WhatsApp suggests that the majority of data sharing with Facebook is derived from communicating with businesses that use hosting services from Facebook or after using Facebook-branded commerce services such as Shops. Either may result in targeted ads being shown to users.

Previously:

Update (2021-01-15): Reuters (via Mike Isaac, Hacker News):

The WhatsApp messaging service announced on Friday that it would delay changes to new business features after people around the world criticized the new policy.

The Facebook-owned company said it is “going to do a lot more to clear up misinformation around how privacy and security works on WhatsApp.”

Update (2021-02-22): Tim Hardwick:

WhatsApp has revealed how it will gradually cripple accounts held by users who do not accept the platform’s impending privacy policy changes, due to come into effect on May 15.

Update (2021-05-24): Prasham Parikh (via Hacker News):

WhatsApp has confirmed that while it won’t terminate accounts immediately, users who don’t accept the new terms will have only “limited account functionality” available to them until they do. In the short term, that means losing access to your chat list, but you will still be able to see and respond to notifications as well as answer voice and video calls. However, after a few weeks of that, WhatsApp will then switch off all incoming notifications and calls for your account, effectively rendering it useless.

Here Lies Flash

Adobe (MacRumors):

Since Adobe will no longer be supporting Flash Player after December 31, 2020 and Adobe will block Flash content from running in Flash Player beginning January 12, 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems.

Rich Trouton:

To assist with the process of removing Adobe Flash, I’ve written an uninstall script which will completely remove Adobe Flash.

Jordan Rose:

There’s a good chance mainstream browsers will straight-up stop supporting plug-ins soon after, so I’m downloading the standalone player app.

See also: Slashdot.

Mike Davidson:

Then one day in 1997, I clicked on a link to Kanwa Nagafuji’s Image Dive site and the whole trajectory of web design changed for me. It looked like nothing I had ever seen in a web browser. A beautiful, dynamic interface, driven by anti-aliased Helvetica type and buttery smooth vector animation? And the whole thing loaded instantly on a dial-up connection with nothing suspicious to install? What was this sorcery? Sadly, I can’t find any representation of the site online anymore, but imagine the difference in going not just from black-and-white TV to color TV, but from newspaper to television.

Nick Heer:

I am not as rosy-eyed about Flash as Davidson. Most of the Flash-based websites I remember loaded slowly, performed poorly, and were hard to use. I remain conflicted about a more interactive web and the entire notion of websites as applications, and I find it hard to be so kind to a plug-in that was responsible for so many security and stability problems.

[…]

It is impossible to know if we would have ended up with rich typography, streaming video players, full web applications, and online games without Flash — and, in the case of the latter two, Java. Regardless of my ambivalence, the web that we have today is rich, universal, and accessible, and much of that groundwork was catalyzed by Flash.

Lars Doucet (via Hacker News):

To this day, I am super mad at all the people who put for the codswallop that HTML5 was this perfect replacement for Flash.

It’s been 10 years since “Thoughts on Flash” was published and HTML5 STILL doesn’t (in actual practice) replicate what mattered about Flash.

What really mattered about Flash, in my view:

  1. For 95% of applications you can just distribute a single SWF file
  2. You have a robust authoring tool that is animation/graphics-first and newbie friendly
  3. You can send a link to your mom and she can just play it w/ no issues

Francisco Tolmasky:

“Thoughts on Flash” was never about the open web and was instead, if anything, about Apple controlling the iPhone ecosystem (and eventually the AppStore).

Joe Rossignol (Hacker News):

And starting today, Adobe has gone one step further and blocked Flash content entirely.

When a user attempts to load a Flash game or content in a browser such as Chrome, the content now fails to load and instead displays a small banner that leads to the Flash end-of-life page on Adobe’s website. While this day has long been coming, with many browsers disabling Flash by default years ago, it is officially the end of a 25-year era for Flash, first introduced by Macromedia in 1996 and acquired by Adobe in 2005.

Previously:

Update (2021-01-13): Jason Scott:

Now up and running at @internetarchive - 100s of “Flash Loops”, the most concentrated mind-melting outcropping of the Flash era - fast-looping visual images connected to audio hooks from a range of sources. These got into EVERYTHING back in the 2000s.

Update (2021-01-22): David Cohen and Yue Sun:

Depot staff were confused when their computers lost access to the local dispatch system on the morning of Jan. 12, according to the bulletin. The reason: Adobe’s last update to its Flash Player included a kill-switch set to go off that day, when the company ended support for the notoriously virus-prone web standard. Flash was little missed—except in the Chinese government, where it remains in widespread use.

[…]

The staff divided into hardware and software task forces, and attempted to restore an older version of Flash from a backup “GHOST system,” an effort marked by triumphs and defeats. By 10 p.m., they had mostly restored computers to backup states—when, suddenly, automatic updates caused the systems to disable Flash again.

Update (2021-03-15): Saam Pahlavan:

With the passing of Flash, I got some game dev friends to write eulogies for our beloved friend.