People also tend underestimate how much compute these dedicated servers got, compared to cloud offerings, and what that feels like without 100 layers of management abstraction in-between. You are likely not going to ever choke a plenty-cored, funny-RAMed root server at a fraction of your cloud costs. This overkill resource estate can be the answer to a lot of scalability worries. It's always there, no sharing shit all.
I feel like 95% of the web falls into this category. Like, have you ever said "That's it, I am never gonna visit this page again!", because of temporary downtime? Unless you are Amazon and every minute costs you bazillions, you are likely gonna get the better deal not worrying about availability and scalability. That 250€/m root server is a behemoth. Complete overkill for most anything. As a bonus, you are gonna be half the internet, when someone at AWS or Cloudflare touches DNS.
Exactly. I've never not bought something because the website was temporarily down. I've even bought from b&h photo!
Even if Amazon was down, if I was planning to buy, I'd wait. heck, I got a bunch of crap in my cart right now I haven't finished out.
Intentional downtime lets everyone plan around it, reduces costs by not needing N layers of marginal utility which are all fragile and prone to weird failures at times you don't intend.
For me at least, the only thing where availability really matters is main personal communication services. If Signal was down for an hour, I'd be a little stressed. Maybe utilities like public transportation, too, but that's because I now have to do that online.
> Intentional downtime lets everyone plan around it, reduces costs by not needing N layers of marginal utility which are all fragile and prone to weird failures at times you don't intend.
Quite frankly, I would manage if things were run "on-supply" with solar and would just go dark at night.
> Like, have you ever said "That's it, I am never gonna visit this page again!", because of temporary downtime?
That's a strawman version of what happens.
There have been times when I've tried to visit a webshop to buy something but the site was broken or down, so I gave up and went to Amazon and bought an alternative.
I've also experienced multiple business situations where one of our services went down at an inconvenient time, a VP or CEO got upset, and they mandated that we migrate away from that service even if alternatives cost more.
If you think of your customers or visitors as perfectly loyal with infinite patience then downtime is not a problem.
> Unless you are Amazon and every minute costs you bazillions, you are likely gonna get the better deal not worrying about availability and scalability. That 250€/m root server is a behemoth. Complete overkill for most anything.
You don't need every minute of downtime to cost "bazillions" to justify a little redundancy. If you're spending 250 euros/month on a server, spending a little more to get a load balancer and a pair of servers isn't going to change your spend materially. Having two medium size servers behind a load balancer isn't usually much more expensive than having one oversized server handling it all.
There are additional benefits to having the load balancer set up for future migrations, or to scale up if you get an unexpected traffic spike. If you get a big traffic spike on a single server and it goes over capacity you're stuck. If you have a load balancer and a pair of servers you can easily start a 3rd or 4th to take the extra traffic.
> There have been times when I've tried to visit a webshop to buy something but the site was broken or down, so I gave up and went to Amazon and bought an alternative.
Great. So how much did the webshop lose in that hour of maintenance (which realistically would be in the middle of the night for their main audience) and how much would they have paid for redundancy? Also a bit hard to believe you repeatedly ran into the situation of an item sold at a self-hosted webshop and Amazon alike. Are you sure they haven't just messed up the web dev biz? You could totally do that with AWS too...
> If you're spending 250 euros/month on a server, spending a little more to get a load balancer and a pair of servers isn't going to change your spend materially.
Of course, but that's not the argument. It's implied you can just double the 250€/m server for redundancy, as you would still get an offer at the fraction of cloud prices. But really that server needs no more optimization in terms of hardware diversification. As I said, it's complete overkill. Blogs and forums could easily be run on a 30€/m recycled machine.
Not even AI. My 5 years old APU is completely neglected by AMD ROCm efforts. So I also can't use it in Blender! I feel quite betrayed to be honest. How is such a basic thing not possible, not to mention years later?
Look where Apple Silicon managed going in the same time frame...
Because of this, I would never consider another AMD GPU for a long time. Gaming isn't everything I want my GPU doing. How do they keep screwing this up? Why isn't it their top priority?
> If the secret is protected in the secure element against something only you can provide (physical presence of RFID, password, biometric etc) then it is ok.
But we already established unlocking is not possible, so going with the argument it's implied there is a side-channel. Nothing, but a secret in your brain is something only you can (willingly) provide. Especially not biometric data, which you distribute freely at any moment. RFID can be relayed, see carjacking.
If you can side-step the password, to potentially install malware/backdoor, that's inherently compromising security.
> Perhaps, but the barrier to making Apple do that is much higher than "give us the key you already have", and only works if it's a long planned thing, not a "we got this random phone, unlock it for us".
The attack situation would be e.g. at the airport security check, where you have to part with your device for a moment. That's a common way for law enforcement and intelligence to get a backdoor onto a device. Happens all the time. You wouldn't be able to attribute it to Apple collaborating with agencies or them using some zero-day exploit. For starters, you likely wouldn't be aware of the attack at all. If you came home to a shut-down phone, would you send your 1000$ device to some security researcher thinking it's conceivably compromised, or just connect it to a charger?
If you can manually install anything on a locked phone, that's increasing the attack surface, significantly. You wouldn't have to get around the individual key to unlock the device, but mess with the code verification process. The latter is an attractive target, since any exploit or leaked/stolen/shared key will be potentially usable on many devices.
Part of the reason e.g. Cellebrite is obsessive about not telling people many specifics about their product capabilities outside of NDA is that Apple is quite serious about trying to fix these things, and "we can crack every iPhone before the 14" probably tells them a fair bit about what might have a flaw.
Tools like that lose a lot of value if anyone paying enough attention can infer they exist, even indirectly, like if all the TSA agents you know suddenly switch to Android phones, or some of them tell you not to bring iPhones through security and won't tell you why, or a thousand other vectors for rumors to start.
All it takes is enough rumors for people to say it's enough to not trust any more, and suddenly you've lost a lot of the value of a secret information source.
So if you have a tool like that, where most people don't think it's readily available, the way you probably use it is very sparingly, to keep it that way.
There is a difference in targeted software supply attacks vs. weakening encryption for everyone by introducing a master key. Apple would be required to cooperate by US law, it may never become public either. But as I said, Apple doesn't have to know, or "know". This feature inherently compromises security. Contrary to device encryption, OS update security depends on a single key held by Apple (rather several devOps guys...), which could be stolen, leaked or shared.
Would you bet, the NSA can't sign iOS updates?
> So if you have a tool like that, where most people don't think it's readily available, the way you probably use it is very sparingly, to keep it that way.
Of course. This is reserved for targeted attacks against journalists and other enemies of the state.
> All it takes is enough rumors for people to say it's enough to not trust any more, and suddenly you've lost a lot of the value of a secret information source.
None of those articles are inconsistent with the claim that Apple cares about security, though?
"We can be legally compelled to give up data we have" and "we thought letting people have custom kernel modules was a bigger threat" are not particularly incompatible with "we design things so we don't have keys to your data we can be compelled to give up" and valuing people's security. (I am not a fan of the latter, to be clear, but there are reasonable reasons you could argue for it.)
But yes, I would probably, at the moment, bet that if the NSA can sign a custom iOS build on consumer hardware, Apple doesn't know about how, both because that's a very hard secret to keep, and because you'd see a massive uptick in people avoiding Apple devices in governments that might be of interest to US intelligence if even a rumor of that got out.
> None of those articles are inconsistent with the claim that Apple cares about security, though?
You are moving the goalpost.
> "We can be legally compelled to give up data we have" and "we thought letting people have custom kernel modules was a bigger threat" are not particularly incompatible with "we design things so we don't have keys to your data we can be compelled to give up" and valuing people's security. (I am not a fan of the latter, to be clear, but there are reasonable reasons you could argue for it.)
They do have the signing keys your iPhone will gladly accept to circumvent encryption, which is the argument.
I'm not the one moving the goalpost; my argument was that Apple's incentives are not in favor of them permitting even the appearance that they might allow that kind of compromise, your argument with that wall of articles appeared to be that Apple has a history of making decisions inconsistent with that, which I disputed. If that wasn't your intended argument, you might wish to be more explicit than a wall of links and "As if Apple users would care...".
> They do have the signing keys your iPhone will gladly accept to circumvent encryption, which is the argument.
Yes, and my argument is that the plumbing for either multiple release signing keys, one of which is never seen in the wild, or to avoid a second "iOS 13.1.5" or whatever with different build information showing up in various telemetry that would leak this existing, is very difficult to have built without far too many people who would spread rumors about it coming about, and even that rumor would be a problem.
So the most plausible thing, to me, would be that if such a capability exists, it's a "nuclear option" for whoever holds it to only use in a circumstance where it's so important they don't mind potentially never being able to use it again, whether that's because it's an exploit chain that will be fixed or because it's been coerced out of the target company and they will probably be compelled to fix it if it gets out.
You would have to break E2E encryption, no? I think, at the very least you still would have to manage new TLS certificates per device to MITM yourself. I mean, doable, but also kinda nasty.
No one wants support for toasters and washing machines. We're talking general purpose compute hardware. TCP is also supported on all these devices. Quite frankly, it's probably easier to implement, if you are not fighting a locked-down OS like iOS.
How to do you factor in the military demand for Starlink?
If you follow the war in Ukraine, there is absolutely no denying that Starlink is a total gamechanger. Mostly because it's inherently hard to jam, but also got acceptable latency allowing for unrestricted FPV strikes. Because of this, Ukraine seems to have achieved Russian air-defense degradation to the point of limited "free hunting" in the deep.
In that use case, even "AI in space" kinda make sense to me, for future drone developments. One-way drones don't have to waste expensive compute for autonomy, when the compute can be in space above. This would save one RTT for drone control, too. For cheap, jamming resistant swarm (semi-)autonomy, to overwhelm AD, it seems like the perfect solution.
The cat is out of the bag, there is no way the military will ever let go of this capability. Cheap drones are the future, LEO sats provide the comms. There will be long running service contracts.
I see the civilian use rather as a "peace time" subsidiary, now, but the main customer will be the military. And due to SpaceX's launch platform and commercial offering, it's giving the US a hard technological edge in warfare, since it's difficult to afford a LEO sat network without cheap launches and civilian co-pay.
I am too stupid to make a proper economic argument, but it seems like a clever and sustainable business model :D Would love to hear your thoughts!
Famous last words. https://t.me/kcpn2014/3890
The [Russian] Analytical Center of KCPN has conducted a large-scale study of the [Ukrainian] hidden military infrastructure, which provides Ukrainian forces with stable communications along the entire line of contact. The focus is on the “BakhmutTelecom” project — a military mobile network operator (3G and 4G) that was deployed practically under our noses back in 2023. We often attribute many of the enemy’s successes to Starlink, although in reality these are the result of organizational, not technological, advantages.
The civilian cover for “BakhmutTelecom” is J&Y LLC, which in fact serves as infrastructure for purely military tasks. The network comprises around 2,500 towers, 36 or 50 meters tall, arranged in three tiers. They are interconnected via underground fiber-optic cables and microwave relay links.
It's true, it was a bit hyperbole. No civilian really knows what's up. Should have stated it accordingly. It's the apparent observer's consensus.
Yet, the Russian cut-off from Starlink was incredibly notable, organizationally and the recovered FP-1/FP-2 drones featured Starlink terminals, so no use denying that.
Ukraine certainly didn't build 3G/4G in occupied territory. Consider the radio horizon for a 50m tower. In proximity to targets, it absolutely can be jammed, and Russia is very capable of doing so. We see none of that in those deep strikes. Those drones seem to be completely resistant to EW, which implies a connection from above (can only be effectively jammed from above AFAIK). The latency seems notable, but stable.
Now, of course, Starlink alone wouldn't have defeated AD by itself, magically. That's mostly good strategy and intel. However, Starlink made those FP-1/FP-2 deep strikes way more effective and simple (compared to using relays and mesh networking, hoping EW hasn't caught up). Starlink allows to have stable video feeds until impact. No need for autonomy, radio tracking, terrain mapping... just a reusable pilot and a cheap drone. That's huge and a significant tech advantage. If Russia had this (and the intel) for their overwhelming numbers of Geran drones, Ukraine would be in a very bad situation, I think.
Apart from that, Starlink was also instrumental in exfiltrating information about the Iranian protests. It's just a jamming/censorship resistant technology evidently effective against most competent adversaries.
That said, due to the importance of Starlink, I think escalation to/focus on orbit denial attacks seems likely, for any nation which can't afford their own LEO sat network, or existentially utilizes censorship/information control. Especially since (low) LEO debris will deorbit rather timely, it's not exactly a permanent damage to human space flight. Therefore Starlink's military success may be self-limiting and temporal, since the satellites themself are not at all immune to asymmetric attacks.
reply