Archive for July 7, 2023

Friday, July 7, 2023

French Bill to Allow Police to Commandeer Phones

Tosin Ajuwon (via Hacker News, 2, 3):

A bill that would allow police in France to spy on suspects by remotely activating cameras, microphone including GPS of their phones has been passed.

The bill allows the geolocation of crime suspects, covering other devices like laptops, cars and connected devices, just as it could be remotely activated to record sound and images of people suspected of terror offences, as well as delinquency and organised crime.

I hope that Tim Cook will have a statement about whether this is possible with Apple devices. Has Apple has been asked to assist or has it been done via exploits? Edward Snowden has mentioned stuff like this before, but I don’t recall seeing specifics about which devices were affected.

Google and Meta have proactively announced that they will block links to Canadian news sources over a link tax. Would Apple go to bat for privacy?


Ethernet at 50

Iljitsch Van Beijnum (via Dave Nanian):

But in the end it was Ethernet that won the battle for LAN standardization through a combination of standards body politics and a clever, minimalist—and thus cheap to implement—design. It went on to obliterate the competition by seeking out and assimilating higher bitrate protocols and adding their technological distinctiveness to its own. Decades later, it had become ubiquitous.

If you’ve ever looked at the network cable protruding from your computer and wondered how Ethernet got started, how it has lasted so long, and how it works, wonder no more: here’s the story.

Om Malik:

There must be something to this whole notion that “time flies!” I distinctly remember writing a short essay about the incredible adaptability of the Ethernet, the technology protocol, on the 31st birthday of the technology that came from Bob Metcalfe’s work at Xerox PARC in the early 1970s. Metcalfe and David Boggs (who passed away in 2022) invented the Ethernet. It was inspired by ALOHANet, a packet radio network used to communicate among the Hawaiian Islands.

It just turned 50 years old — remarkably, it still powers our networks into the future. That is some serious resilience and longevity — no wonder (belatedly, in my opinion) Metcalfe got the 2022 Turing Award. In 1973, Metcalfe wrote a memo on a “broadcast communication network” linking personal computers (PARC Altos) to create a local network that moved data at 2.94 Mbps per second. In 1976, the follow-up work on the memo led to the publication of the seminal paper “Ethernet: Distributed Packet Switching for Local Computer Networks.”

Update (2023-11-20): Joanna Goodrich (via Hacker News):

The PARC facility also is known for the invention of Ethernet, a networking technology that allows high-speed data transmission over coaxial cables. Ethernet has become the standard wired local area network around the world, and it is widely used in businesses and homes. It was honored this year as an IEEE Milestone, a half century after it was born.


Currently, the IEEE 802 family consists of 67 published standards, with 49 projects under development. The committee works with standards agencies worldwide to publish certain IEEE 802 standards as international guidelines.

A plaque recognizing the technology will be displayed outside the PARC facility.

iPad Pro for Coding

Jesse Peterman (via Hacker News):

The #1 reason I started to consider buying an iPad a few years ago was for one thing, and one thing only: to read coding books. I have a kindle and I love it, but for coding books it is terrible. The large color screen especially comes in handy with code snippets as well as for color syntax highlighting.

Indeed, the best uses I’ve found for my iPad are reading books/papers that don’t fit well on a Kindle and watching videos. It seems like I’m not really taking advantage of what the hardware and software can do, though I do use multitasking with OmniFocus.

The #2 reason I considered the iPad was because Apple had announced at WWDC 2021 that their Swift Playgrounds app would be updated to support SwiftUI and be able to release complete iOS apps on Apple’s AppStore.


If you’re just learning Swift in Swift Playgrounds then sure, you can use it for coding, but you could also do the same thing with the base model iPad for a fraction of the cost.


After buying a powerful pro model, a decent keyboard, and a pencil the price ended up being MORE than a laptop I could have used for even more coding activities.


The keyboard shortcuts and operating system aren’t quite as power-user friendly as I would prefer.

The MacBook Air is so good these days. For most use cases, it’s more capable, it weighs less despite having a larger screen and a full keyboard, and it costs less, too. If you’re choosing one or the other, it’s the better choice unless you really need something only iPad can do.


Update (2023-07-10): Dave Verwer:

I’ve never been very excited about the prospect of Xcode on iPad. I don’t think many people would get much done with it without attaching a hardware keyboard, and with one, it feels like the very best it could be would be a slightly worse version of using Xcode on a MacBook.

You may have to give me a minute to explain myself after reading what I’m about to speculate on, but is visionOS where we will see the first iOS-based version of Xcode? From everything we’ve seen of Apple’s new platform, it’s clear this is a project with a long-term vision, and I think a version of Xcode could make sense.

Is It Safe to Store Passwords and 2FA Codes Together?

Megan Barker:

It’s important to acknowledge that 2SV is a very valid way to secure your accounts, and improves upon the standard use of a username and password (one-factor authentication). The additional required step can prevent account compromise by someone who gains access to your login information; it acts as a barrier regardless of TOTP location.

But there’s an incredibly specific (and unlikely) scenario in which storing your TOTP in a separate authenticator app may offer additional protection. If an attacker got ahold of your 1Password login information (and your 2FA secret if you’ve added that layer of protection to your 1Password account) but didn’t have control of your device, the separation between your passwords and TOTP could prove useful.

I hedged with may and could because this theoretical attacker who somehow gained access to your 1Password sign-in details would know your email address, Secret Key, and account password (at minimum). Anyone with the ability to gather that much sensitive intel is unlikely to see an authenticator as much of a challenge. And, to my knowledge, there’s no authenticator app or password manager on the market that can safeguard data on a compromised device.


Update (2023-07-10): See also: Accidental Tech Podcast, Sebastian Cohnen.

Update (2023-07-11): Adam Engst:

I dislike putting all my security eggs in one basket, and having 1Password contain both kinds of secrets—account passwords and TOTP codes—has given me some pause. I’m pretty confident in my 1Password setup and in 1Password’s integrity and security, but the fact remains that if someone were to gain control of my 1Password account, two-factor authentication wouldn’t restrict access to my most important accounts.


Two-step verification is a significant improvement over plain password-based authentication because it presents an additional hurdle to anyone attempting to log in to your accounts. But as long as that TOTP code is delivered on the same device and in the same pathway—you unlock 1Password for passwords and TOTPs using the same method—it’s not two-factor authentication. That’s the case if the TOTP code comes from 1Password, Authy, or some other authentication app running on the same device you unlock using a password, Touch ID, or Face ID. However, logging in on your Mac and looking up the TOTP code in Authy on your iPhone would be true two-factor authentication.


I’m not sure I buy Apple’s answer—if someone were to steal my Mac and guess my login password, they could accept two-factor authentication prompts just as in the iPhone passcode theft scenario we wrote about earlier this year[…] Maybe it’s more like 1.5-factor authentication[…]

He has an interesting idea that maybe 1Password could implement true two-factor authentication since it runs on multiple devices that communicate with their server.