"A modified version of OpenHaystack to showcase the possibility of building a stealth AirTag clone that bypasses all of Apple's tracking protection features."
Impressive. Here is the blog post (also linked from their github) that talks about the bypass (the tldr; is that they rotate through public keys in a deterministic way, so Apple’s protections think it’s a new device each time and thus don’t warn about a persistent tracker).
Well, statistically average end-user internet connection in Europe is much faster than in the US. Maybe outside some places like most of western Germany, but these are an exception. Europe has really good bandwidth speeds, overall.
I absolutely agree with the rest, though, including the part saying any "serious" software will have such features (and better support in general), and I second the examples you gave.
USA it's huge and sparse, but Spain it's the same, it's like USA.rar. Crowded coasts, lots of mountains with a rough interior almost as empty as Lapland modulo Madrid.
So, yes, you can have the issues on phone signal issues.
This is increasingly often the case. Also, don't forget that modern WISP equipment allows for 100Mbps+ speeds for a price next to nothing (Ubiquiti, MikroTik).
Nokia 9000i, so you had to work on CSD (which is usually billed per-minute, like dial-up), not even GPRS. How much did that cost you? :P
BTW, an interesting thing is that some/most carriers allow you to use CSD/HSCSD over 3G these days, and you can establish data CSD connection between two phone numbers, yielding essentially a dedicated L2 pipe which isn't routed over internet. Can have much lower latency and jitter if that's what you need. Some specialized telemetry is still using that, however as 3G is slowly getting phased out, it will probably have to change.
God, the cost was probably horrid, but I was connecting in, setting tasks running and logging out. This was late 1999 in the UK, so per-minute prices were high. Also, these were Windows servers, so I had to sluggishly RDP into them, no nice low-bandwidth terminals.
Wow. I didn't knew that Nunavut is entirely satellite fed. That's very interesting to know, thanks. Do you have some more info, though? What kind of satellite - geostationary, LEO? Also which constellation has the most share of traffic from Nunavut?
Unsure if other telcos have their own setups, but:
> Northwestel, one of biggest internet service providers in the North, said it provides broadband service for all Nunavut communities using Telesat's Telestar 19 VANTAGE high-throughput satellite. After the satellite was deployed in July 2018, Northwestel said it would significantly improve broadband connectivity in the territory, increasing speeds to 15 megabits per second.
What does "national median" matter in terms of REMOTE jobs? In theory there should be one global market then, where only (hard and soft, of course) skills matter. But I know we're yet not quite there.
No such thing as a global market. Time zones, English proficiency, and cultural compatibility will always be real issues affecting real teams trying to build software.
Don't forget tax domains. Most remote companies in the US want to hire only in the US, not just anywhere in the world, due to needing to set up taxes in every single country their employee might be hired from.
THIS. Otherwise it's a huge clickbait and absolutely nothing more. We need more "specialized" IT job marketplaces, as most currently existing seem to be fulfilling exactly the same role and not a single one is bringing anything new. For example there was something like "AnonFriendly" posted here on HN some time ago, I really liked this idea.
Side note: Just checked are non-Android Linux OSes targeted by this spyware. Apparently, there's no public info in favor of such. So probably, nope. It looks mostly targeted against Android and iOS only.
Sure, but it runs Android Go (embedded Android) or KaiOS (embedded Linux) out of the box.
Any vulnerabilities that arises in Linux can also be weaponized on those OSes as well depending on when the OS image was deployed and whether or not the OEM supports upgrades and patches (generally they don't)
> Just checked are non-Android Linux OSes targeted by this spyware
It's safe to assume that any mobile phone OS will inevitably be targeted. There are always going to be unpatched and uncaught vulnerabilities, and the market for finding these vulns are very hot.
The bigger question is why do you think you'd be vulnerable to attack by a nation-state? If you are that prominent, you are screwed anyhow.
How would you define a "mobile OS" then, to keep the alignment of what you said, particularly this part: "There are always going to be unpatched and uncaught vulnerabilities"?
Everything which can fit into a pocket and has a HTML5 browser?
FYI, I know about how extremely vulnerable average cellular baseband is (and that it would often use unprotected or weakly protected DMA). Let's assume the device in question doesn't have one of these.
Just about every phone (smart or feature) is running some flavor of Unix (iOS/BSD for Apple, Android/Linux for most other smartphones, and KaiOS/Linux for feature phones).
The 1998 style Nokia brick is functionally non-existent as there is no financially viable demand for a product like that anymore.
The markets that are feature phone driven (much of Africa, poorer regions of South and Southeast Asia) are also heavily WhatsApp dependent, so the mobile OS needs to be lightweight but also support modern app functionality - which lends itself to the embedded Linux use case.
Also, no matter how much you modify and QA code, inevitably some bug will arise, and will be open to exploitation.
DC ("brushed") motors won't be affected by that, especially if controlled with no transistors. See for example how old DC-powered electric railway rolling stock was built, from pre-power electronics era.
Brushless motors have been the norm in e-bikes and e-scooters for a long time. And even modern brushed electric motors in EVs have electronic control via microcontrollers. There's no way you can get maximum power efficiency out of it without software control.
>And no, you don't have brushed motors in modern EVs
Would you be willing eat your words? Plenty of EV motor designs from Continental, ZF and Chinese companies are brushed (or other forms of physical shaft contact with slip rings). Not every EV is BLDC due to the desire to give up on expensive rare earth magnets on budget models.
The part where you go "nuh uh, this won't work on motors that no mass-produced electric bike or scooter ever uses". It probably won't work on horses, either, but that's not what TFA is about.
I have 3 PC game platforms, Discord's desktop client, 4 cloud services, and probably some company hubs for drivers (Nvidia, Logitech, Razer, etc) that phone home. You can definitely access all these through a browser intermediary, but many don't. Steam sort of needs to stay on your device for DRM purposes anyway.
https://github.com/positive-security/find-you
"A modified version of OpenHaystack to showcase the possibility of building a stealth AirTag clone that bypasses all of Apple's tracking protection features."
Other projects from them, like https://github.com/positive-security/send-my , also seem interesting.
reply