d@nny disc@ mc²Apple's reasonable technical assistance may include, but is
not limited to: providing the FBI with a signed iPhone Software
file, recovery bundle, or other Software Image File ("SIF") that can
be loaded onto the SUBJECT DEVICE.
this isn't a legal term and the government doesn't ask. anyone yeah that sounds legal include it but don't limit it
The SIF will load and run from Random Access Memory ("RAM") and will not modify the iOS on the actual phone, the user data partition or system partition on the device's flash memory.
ok we went from "passcodes" to "RAM" and yes we correctly capitalized iOS on the typewriter. the partitions the phone shows the end user are the only partitions we know of
The SIF will be coded by Apple with a unique identifier of the phone
"a unique identifier of the phone" ohhhhhhh man THAT's fun to think about. "a"
so that the SIF would only load and execute on the SUBJECT DEVICE.
we are publicly asking you to develop an end-to-end product specifically for us without pay and of course since we have a WARRANT!!!!!!! we are also publicly describing to you how to limit it
The SIF will be loaded via Device Firmware Upgrade ("DFU") mode, recovery mode, or other applicable mode available to the FBI.
i don't know or care enough about ios but i bet DFU is script kiddie shit
Once active on the SUBJECT DEVICE, the SIF will accomplish the three functions specified in paragraph 2.
trolling. you're supposed to find paragraph 2 like this is a way people write for a WARRANT!!!!!!! and say wow this typewriter shit sucks
The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility;
completely insane thing to say
if the latter, Apple shall provide the government with remote access to the SUBJECT DEVICE through a computer allowing the government to conduct passcode recovery analysis.
environmental storytelling through me through you through the typewriter through the black lexus is300
the verizon network is something apple can access
If Apple determines that it can achieve the three functions stated above in paragraph 2, as well as the functionality set forth in paragraph 3, using an alternate technological means from that recommended by the government, and the government concurs, Apple may comply with this Order in that way.
this is how legal talk works when there is a WARRANT!!!!!! no. the government cannot imagine a way to solve this. but maybe apple can
Apple shall advise the government of the reasonable cost of providing this service.
this is a real document that we provided to apple. we let them set the cost. apple. to the government. we just do that.
Although Apple shall make reasonable efforts to maintain the integrity of data on the SUBJECT DEVICE, Apple shall not be required to maintain copies of any user data as a result of the assistance ordered herein. All evidence preservation shall remain the responsibility of law enforcement agents.
now THIS! this is significant.
because it's the exact opposite of what AB 1043 claims to require
we don't win anything
To the extent that Apple believes that compliance with this Order would be unreasonably burdensome, it may make an application to this Court for relief within five business days of receipt of the Order.
COMPLETELY FUCKING UNSERIOUS
so the government types out an order for apple to the hacker stuff with the passcodes and set the price and your place or mine
it is not remotely reminiscent of any attempt to undermine security i have had the misfortune to observe since then
the government says "including but limited to" then describes releasing a version of the software for the iphone that does the hacker stuff with the passcodes
https://www.eff.org/files/2016/03/03/16cm10sp_eff_apple_v_fbi_amicus_court_stamped.pdf
anyway the eff's compelled speech line is extremely limited. to review:
that its Order places a significant burden on the free speech rights of Apple and its programmers by compelling them to write code and then to use their digital signature to endorse that code to the FBI, their customers and the world.
and it fucks up the rhythm cause "write code" hardly makes sense. and nobody mentioned the digital signature?
the EFF is the one saying apple's blatant DRM protects against government overreach—ooh wait i have a fun fact
the maintainer of osxfuse may or may not have been trying to extort twitter inc when we wanted to ship the git fuse layer? because he had a signing key and could therefore sign code particularly the kernel module with our fixes? oh and then a few months later that wasn't a problem
DRM: it protects innovation!
Apple’s code and digital signature, separately and together,
lost lovers......torn apart......romeo.....juliet......forever..........
code and digital signature, separately and together https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless
i have so many more receipts but now is not the time
this is about whether app developers (persons, not necessarily natural) can be made to perform speech. the EFF's argument
code and digital signature, separately and together
you know i'll give them one thing. they are shameless
oh holy shit they keep going. ok now there is more context i have on this. it's not good context
https://docs.pypi.org/trusted-publishers/using-a-publisher/#github-actions
This looks almost exactly the same as normal, except that you don't need any explicit usernames, passwords, or API tokens: GitHub's OIDC identity provider will take care of everything for you.
https://docs.pypi.org/trusted-publishers/security-model/
Trusted Publishing is primarily designed to be a more secure alternative to the long-lived API tokens that have traditionally been used for publishing to PyPI.
wait for it
In recent years, theft of credentials such as API tokens
it's signing keys. what this is useful for is ensuring you do not speak for yourself, you cannot disrupt the supply chain, but you can still be blamed for not pushing out packages fast enough
jia tan behavior
Pioneered by amici Martin Hellman, Ronald Rivest
hellman.......my man hellman.........we gotta talk about this ok
rivest is a plant hellman rocks
that's why he was named first
To the extent the analogy breaks down,
like you give a fuck about analogies
Digital signatures have thus rightly been given a legal significance on par with that of physical signatures.
it is 2016. i had taken two summer courses on cryptography many years before this. "the TA was NSA" yeah and the instructor was the only person in my entire life who ever tried to correct children in middle school for saying "sucks". never left me. if the US of all places can fund education centers openly describing NSA instructors the DOJ is pulling the laziest con. a typewriter?
it was 1995 elgamal was head of crypto at netscape and tls 1.0 was so fucked even the IETF wouldn't release that shit. why is elgamal's name a type of cryptographic key? why is anyone using lattice crypto methods that lose adversarial randomness? why did NIST choose a SHA-3 without resistance to length extension?
anyway they haven't mentioned quantum computing and need to see if there's anything in here
They are ubiquitous in commerce and computer security
so is cocaine
Digital signatures allow people to log in securely via trustworthy Internet accounts, and are required for modern access control devices like bankcards.
yes. bankcards require a digital signature. KYC is a digital signature. this is crazy this is all bitcoin puffery
Apple has shown a strong commitment to protecting the integrity and trust of this security system, using its signing key to communicate that it has done its best to ensure that signed code will protect the features designed by Apple to secure the device’s user against unauthorized access.
osxfuse extortion says no. you are only allowed to have a signature if you are apple inc?
Apple’s signature is the result of a mathematical calculation using a secret numeric signing key known only to Apple.
LLM output
ok The Code The Order Compels Apple To Write is relevant. the EFF won't defend us. but if there's a lawyer who will, this is relevant if only because it was high-profile. you can cite cases like this and get all rude about it. read judge mehta's google inc 2024 at the end.
The Order also compels Apple to have its programmers write code that will undermine its own system, disabling important security features that Apple wrote into the version of iOS at issue.
hm! curious. i wonder what lennart thinks about this
This code would defeat the very purpose of the security features: to protect users against access by someone who has stolen the phone or otherwise has physical access to it. This protection is important to users, since over 3 million cell phones were stolen in 2015 alone.
again, this argument is limited to code as speech and code releases as compelled speech. we'll consider the contrapositive after we leech out anything EFF said for apple. some great protest sign material
thank you for mentioning NIST. i also have a link about NIST when i posted public comment in the comment period about their digital identity guidelines and said hey you fucking losers biometrics are not secure id https://cosmicexplorer.github.io/ and then biden did more biometrics to spite me for mentioning how it put people i love in danger in an incredibly specific way
too bad they worked for a regulatory agency and not the NSA
oh now they're at an "argument"
THE FIRST AMENDMENT PROHIBITS THE GOVERNMENT FROM COMPELLING A PERSON TO SPEAK, ESPECIALLY WHEN THE COMPULSION HINDERS THE SPEAKER’S ABILITY TO COMMUNICATE ITS DESIRED MESSAGE
this was so loud jfc
let's flip to the contrapositive https://bsky.app/profile/hipsterelectron.bsky.social/post/3mhl43igpa22v
again this was sincere when i wrote it
I was confused about 1798.501 (b) (1) — but you do absolutely confirm the worst:
A.B. 1043 also requires application and software developers to collect this age bracket information when a user want to use that software or application.
That was very nonobvious to me. I really appreciate this.
regarding: https://legiscan.com/CA/text/AB1043/2025
(also cloudflare protection "to make sure you're not a bot" is the law in action already btw)
(b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.
so you're a developer. a person. you may even be lennart! because an os is a person or entity and that includes fedi entities. we are not discussing cyclic graphs yet
"the application is downloaded and launched"
ok none of this bill makes any fucking sense to me actually there are no definitions for this very critical launch sequence that includes """download"""
d@nny disc@ mc² (@hipsterelectron.bsky.social)
I was confused about 1798.501 (b) (1) — but you do absolutely confirm the worst: > A.B. 1043 also requires application and software developers to collect this age bracket information when a user want to use that software or application. That was very nonobvious to me. I really appreciate this.
c) “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.
shut the fuck up. you said application three times. you know what corporations do when there's any regulation they don't like? let me find a link. i can find so many fucking links
TikTok spokesperson said it was reviewing the findings.
"But requirements to ease data safeguards place the DSA and GDPR in direct tension," spokesperson said, referring to the General Data Protection Regulation, the EU's regulation on information privacy.
"If it is not possible to fully comply with both, we urge regulators to provide clarity on how these obligations should be reconciled," the spokesperson added.
impossible to comply with
remember warrant canaries? remember the white boy with dreads? https://www.nytimes.com/2016/10/05/technology/subpoenas-and-gag-orders-show-government-overreach-tech-companies-argue.html?_r=0
"government overreach, tech companies argue"
this is not actually helpful but i searched stanford because i hate them and they had a conference talk on how to respond to government investigations https://conferences.law.stanford.edu/directorscollege2019/sessions/breakout-responding-to-government-investigations/
The federal government’s investigations of corporate misconduct are increasingly focused on cooperation and self-reporting from target companies. The Department of Justice (DOJ) policy for Foreign Corrupt Practices Act cases creates a presumption that, absent aggravating circumstances, companies that self-report, fully cooperate, timely and appropriately remediate, and disgorge all ill-gotten gains will not face criminal prosecution, and the DOJ has begun using this policy as “non-binding guidance” in other areas of white-collar enforcement.
Breakout: Responding to Government Investigations - Directors' College 2019
The federal government’s investigations of corporate misconduct are increasingly focused on cooperation and self-reporting from target companies. The Department of Justice (DOJ) policy for Foreign Corrupt Practices Act cases creates a presumption that, absent aggravating circumstances, companies that self-report, fully cooperate, timely and appropriately remediate, and disgorge all ill-gotten gains will not face criminal prosecution, […]
the reason i mentioned nist earlier was because of this once-you-see-it paragraph from the EFF:
Broad Language Undercuts Policy Goals
A.B. 1043’s one-size-fits-all approach is also problematic because it disregards the many ways in which we make and use digital tools. It assumes the internet and digital devices begin and end with the dominant technology companies and device makers, when we know that’s not the case. Additionally, many families share devices, especially in low-income households. These proposals do not account for situations where there is more than one user of a device.
read this paragraph, read that line https://www.eff.org/deeplinks/2026/03/ab-1043s-internet-age-gates-hurt-everyone
i had been about to say: "oh, i didn't realize the definition of account holder in the negative would cover multiple individuals"
that's what protects them from harm
the EFF is appealing to inclusiveness
for a surveillance law
A.B. 1043’s Internet Age Gates Hurt Everyone
EFF has long warned against age-gating the internet. Such mandates strike at the foundation of the free and open internet. They create unnecessary and unconstitutional barriers for adults and young people to access information and express themselves online. They hurt small and open-source...
and then there's the clearly false claims about "users"—one of the only defined terms
Users are then required to provide operating systems and apps their birth date or age
false. users do not provide their own age to the os. users are absolutely incapable of providing their own age to apps
A.B. 1043 treats the age-bracket signal sent by a user
the signal is not sent by a user in any sense. the user does not trigger the signal. at no point is the user the initiator of any action
users who say they are minors
the users cannot say anything
d@nny disc@ mc² (@[email protected])
[new eff board member](https://www.eff.org/press/releases/eff-welcomes-tarah-wheeler-its-board-directors) is a senior fellow at [multiple](https://cric-oxford.org/about/) [organizations](https://www.cfr.org/israeli-palestinian-conflict) which codify US foreign policy on israel-palestine i.e. palestine = hamas = terrorists, israel = the jewish people, no mention of genocide anywhere. but she's supposed to be protecting digital rights? what the fuck is this shit?
so:
- this is not intended to be actionable
- it is intended to support surveillance
- EFF the surveillance activism group is not an effective source
- how can we develop a trusted computing base