The way they've reported on this seems a bit misleading. Isn't it just that the third-party repairers haven't reset the security mechanism after replacing the home button?
This doesn't follow. Apple refuses to reset the security mechanism because it can't verify the integrity of the repair.
Call it revenge like behavior is just you attacking Apple. It's certainly incompetent or unanticipated and poorly handled, but it's an attempt to maintain their security promises.
It's totally dumb that a functioning phone is bricked by an update because of repairs done in the past. Imagine the same thing happening to your car. "Sorry sir, the software update done to your car has now disabled the vehicle because in the past someone not related to x (insert name of car company here) has repaired it, your car is now junk (you can't even resell it) and you'll have to buy a new one".
It's just petty revenge because you had to temerity to go to another party other than apple to get your phone repaired and maybe even saved some money in the process. So now, in retaliation we'll destroy your phone in software. I'm sure this will go down well with the various EU courts.
It may even be against the law in Europe because the phone was working perfectly after the repair and only the later update locked the phone without the ability to unlock it.
To keep with the care maker example, in Germany, the car makers used to void the 10 years guarantee on the painting of the car if the regular checks were done by an independent car shop. This was then declared as illegal.
I suppose Apple will soon release an update and declare that this was "a bug".
How will affected users get the "new update" if their phone is already broken by the previous? I mean, I hope that, in the case of already broken phone caused by their own update, apple _at_least_ give them a new iphone for free, else they are gonna get rape-sued here in EU
I don't think you can excuse something as "a security measure" when it is clear that it is not a reasonable security measure and the reason for disabling device is something else.
Anyway, this confirms that I'll stay away from Apple stuff.
No, the phone did not work perfectly after the repair. The fact that the user didn't realise it didn't work perfectly doesn't change that. The repair compromised the security of the device.
Image if you have your tires changed by an independent car shop and a month later one of your wheels falls off on the highway. Do you start complaining about it to the car's manufacturer because 'it worked perfectly before'. No you don't.
The repair shop didn't repair it properly, if it was repaired properly the new TouchID sensor would be securely paired with the Secure Enclave and this issue would not occur.
Except that the wheels didn't fall off the phone. This lockup happens due to code proactively added by Apple. You are confusing three different issues: the design of the system, the legality, and how security should work. In this case, none of those three items align. This is Apple's problem - they chose the easiest option for themselves, not what would benefit customers legally, functionally, or by securing the device properly.
You are fundamentally misunderstanding the threat model. What is the exact threat that Apple is guarding against? Is it an evil maid attack planting new sensors, switched devices, someone's fingers being cut off? All of these require different mitigations - none of which for a general purpose consumer phone are to brick the device when upgrading.
This is more like your Tesla car's keyfob misfunctioning and you get it repaired by a non-Tesla dealer. The dealer could've put in a backdoor to get into the vehicle.
Tesla releases a big new update for their car software and now your Tesla is completely bricked and Tesla refuses to repair it, saying you have to buy a new car.
and how can I be sure that in the Apple store they are fixing the phone with a thrustworthy component?
and so on...
Apple excuses make no sense this time.
Hunh. My bad, I was under the impression (based off some other comments) that replacing the home button/finger scanner with a legit one and updating the security pair would make the issue go away, but looks like I was wrong.
In regards to warranty repairs automakers can (and often do) deny coverage due to the presence of non-OEM parts. Outside of warranty / safety repairs they are certainly not obligated to perform service.
I could maybe see as a good thing from a security point of view, although I'm not sure if bricking is the right solution here. If my self-driving car gets hacked (whether physically or its software), I'd rather it stopped working than let it drive hacked.
Seems more like short sightedness than "petty revenge."
The new home button hardware can't be securely validated, and a future OS update fails on the unexpected condition of invalid Touch ID hardware. I can imagine that this wasn't a prioritised testing scenario, likely not even considered by Apple when developing iOS.
It's a lousy way to fail — the phone should just disable Touch ID and Apple Pay, and anything that relies on the secure co-processor.
But it feels far more like there's an `else` branch sitting in the iOS codebase somewhere where a programmer has written:
The scenario they're protecting against appears (to me) to be a bad actor changing the hardware. If the Touch ID sensor is bad, and you propose falling back to a PIN, who's to say the digitizer isn't compromised too and is recording touches?
Sounds a bit like a downgrade attack if they didn't fail fast and hard at the earliest opportunity.
If I understand this correctly (not an iphone person), the touch ID sensor is just a fingerprint scanner?
As a standalone measure, biometrics make a shitty password substitute because you can't change a finger print if it's compromised, so shouldn't the iphone be secured on the premise that the finger print scanner is already compromised, hence losing it should not qualify as a downgrade attack?
Touch ID is a fingerprint scanner, but the Touch ID system is paired with the "Secure Enclave" in Apple's AX chips.
Secure Enclave is a separate coprocessor running its own L4-based microkernel. This hardware is directly paired with security-sensitive hardware (Touch ID, Apple Pay NFC chip, etc). It provides all cryptographic operations for data protection key management and maintains the integrity of data protection even if the kernel has been compromised.
So when you stick a third-party Touch ID sensor in an iPhone it's obviously not going to be paired with the secure coprocessor. It doesn't really matter whether biometrics are shitty passwords, the iOS update process realises there is compromised hardware touching the Secure Enclave and fails in the worst possible way for the user.
Yes. The OS can only tell if the fingerprint matched or not. The checking is done solely in the secure enclave. Presumably the OS also gets told which fingerprint matched too?
"The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but _cannot_ read it".
Basically, yes. The Secure Enclave is hardware isolated from the rest of the chip.
Apple's own security guide explains it best [1]:
> The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered ngerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but cannot read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.
Regarding the actual fingerprint storage, it looks like the encryption key is kept in the Secure Enclave and the entire decryption and verification process occurs within the Secure Enclave. However the encrypted data itself may be stored outside the Secure Enclave:
> The raster scan is temporarily stored in encrypted memory within the Secure Enclave while being vectorized for analysis, and then it’s discarded. The analysis utilizes sub-dermal ridge flow angle mapping, which is a lossy process that discards minutia data that would be required to reconstruct the user’s actual fingerprint. The resulting map of nodes is stored without any identity information in an encrypted format that can only be read by the Secure Enclave, and is never sent to Apple or backed up to iCloud or iTunes.
Yeah, there's the source of that quote, 'sub dermal ridge flow angle mapping', which at the time was described as 'how we know it's really your finger', along with supposedly measuring 'micro RF fields' to ensure it was a live finger.
Except it could be defeated by a laser printed fingerprint on a piece of paper (initially).
I'm pretty sure there was no direct malice here (except for the usual Apple disregard for 3rd party components), but the security reasoning behind this move is still questionable. The only danger of a compromised Touch ID sensor, is that it could record your fingerprint and let the attackers replay that fingerprint to access all your encryption keys on Secret Enclave.
That would be a huge vulnerability, if there hadn't been thousands of other ways to record your fingerprint, and while most of them are less accurate than a trojan Touch ID, they're also much easier to pull off.
And at the very worst, if a sophisticated malicious actor got the chance to meddle with your phone, they could just skip the Touch ID sensor altogether and install a stealthy fingerprint digitizer in the touch screen or on the back of the phone.
So in short, Apple's security measure, if my understanding is correct, does absolutely nothing to protect the user.
THE critical security system of your phone has been tampered with. PIN data, TouchID data, crypto data and everything else related to security is on that same bus. You do not detail secure info over that channel.
I don't think they are protecting against that scenario so much as not accounting for it. I expect Apple's assumption is that they provide all components for their devices. People who install unauthorised third party components can no longer have those devices serviced by Apple — so it no longer matters to Apple whether those devices are compromised, because they aren't really "Apple" devices at that point anyway.
This botched handling of replaced hardware that hasn't been paired with the Secure Enclave ties into the above. Apple doesn't expect people to replace such hardware through a third-party, so they don't think to engineer their software to fail gracefully when it happens.
If you have a secure enclave within the device, then any hardware which has a direct connection to that secure enclave must be authenticated. It doesn't matter about aftermarket replacements.
The entire purpose of the secure enclave is defeated if it trusts any hardware connected to it.
I'm not saying they didn't test what happens when it fails. I'm saying they didn't do user testing on what happens when it fails. I'm sure the engineers tried out the hardware authentication system. They just didn't test the whole scenario once iOS was sitting on the end product.
So yes, it was put in place to stop any hardware that could not be trusted from accessing users' secure data. But no, it was not done to prevent aftermarket replacements.
The only reason I can see Apple caring about aftermarket replacements is because they are often low quality, and cause customers to go back to Apple with unauthorised repairs. (I've witnessed this more than once in an Apple store, someone coming in who had their screen replaced outside Apple and the touch digitiser was failing. Apple just sends them away.)
> If you have a secure enclave within the device, then any hardware which has a direct connection to that secure enclave must be authenticated.
Consider reading the description of iOS security features linked somewhere in this thread.
Because what you are describing is a disaster, not security. If some off-chip sensor had access to fingerprint data or crypto keys, anybody capable of installing such chip would also be able to simply dump all the data himself in the comfort of his lab.
There's a lot of stuff that depends on the secure element - in fact the phone would be quite useless without it.
In fact, when you first reboot your phone, even contacts cannot be accessed until you authenticate with your passcode to unlock the secure element. Incoming text messages only show the phone number.
You're right, however - a Touch ID sensor that cannot be verified should not brick the phone. Apple should just disable Touch ID and sever any link between the sensor and the secure element.
The issue is Apple cannot verify a secure touch ID replacement over a compromised touch ID replacement. Without knowing if your replacement is secure the change potentially compromises the security of the whole device.
IMO bricking on touch ID issues is extreme, but maximises the security of the device.
How? TouchID is the less secure authentication than password/PIN anyway (which is shown by the fact that you need to enter PIN/Pass right after boot). How would just disabling TouchID auth be a worse option?
You can do anything you want on the phone without using Touch ID at all. The fingerprint sensor is not a necessary factor in their implementation, while the passcode is.
I can't try because Apple Pay isn't available here yet. According to this support document it works without Touch ID (emphasis mine):
> To help ensure the security of Apple Pay, you must have a passcode set on your device and, optionally, Touch ID. [...] To send your payment information, you must authenticate using Touch ID or your passcode.
A fingerprint, like any piece of data, is handled at the lowest levels as a number. A number with some constraints, but a number.
By feeding numbers into the scanner instead of fingers, you can accomplish the same effect as feeding random strings into a password box. Further, it's also possible to take fingerprints through social engineering, or by getting at the database of a company that uses fingerprints as security. Five bucks says someone's already storing a bunch of fingerprint data as plaintext.
>By feeding numbers into the scanner instead of fingers, you can accomplish the same effect as feeding random strings into a password box.
Isn't this exactly why they DON'T allow you to use the iPhone with a potentially tampered with HW/TouchID -- e.g. the very feature/issue we're discussing?
> The issue is Apple cannot verify a secure touch ID replacement over a compromised touch ID replacement. Without knowing if your replacement is secure the change potentially compromises the security of the whole device.
The correct solution there would be to pop up a warning saying the TouchID hardware has been tampered with, and giving the user an option to validate it.
That wouldn't really be a good idea. Someone could steal your phone and replace the TouchID hardware. Then this popup comes up and they say, oh yeah this hardware is totally legit! Then they get your data, impersonate you, charge stuff etc.
> The issue is Apple cannot verify a secure touch ID replacement over a compromised touch ID replacement. Without knowing if your replacement is secure the change potentially compromises the security of the whole device.
What are you even talking about?
If the fingerprint scanner is suspicious, just disable it and leave the rest running. And this is in fact what happens, until a software update is installed and then the phone suddenly decides to brick itself completely.
>IMO bricking on touch ID issues is extreme, but maximises the security of the device.
We are all smart people here and there are several ways to have security without bricking expensive hardware.
First, the update can wipe the device instead of bricking it.
Second, Apple can provide an option to replace the fingerprint chip and charge, $150-$200 or whatever it costs for it.
There would be several better solutions that the most profitable company in the world could figure out if they wanted to. It's funny how their particular solution happens to make them even more money through shutting down third party repairs and making people buy new phones.
This is like your home alarm software(made by the home builder) remotely burning down your house and telling you to build a new one because someone may have tampered with home access and could possibly enter your home.
Second, Apple can provide an option to replace the fingerprint chip and charge, $150-$200 or whatever it costs for it.
At the end of the article, it said that affected customers should contact Apple Support. Are you sure they are not offering a hardware fix at that point? It doesn't sound to me like they're just letting people hang.
>When Olmos, who says he has spent thousands of pounds on Apple products over the years, took it to an Apple store in London, staff told him there was nothing they could do, and that his phone was now junk. He had to pay £270 for a replacement and is furious.
There is a failure in the apple stores vs phone support. I went to two Apple stores to try to get my watch band replaced or fixed under warranty and was told by both of them "no way no how" - but phone support had no problem replacing the band.
I find the stores are somewhat inconsistent in their application of policy. (Particular if the policy isn't well defined ahead of time, as in this case)
(As an aside, the practice of requiring an appointment to talk to a support person or even just drop off a broken computer is maddening.)
Alternative interpretation -- "A custom voided his warranty by installing some rando third-party aftermarket parts, and is furious that it didn't work out."
Does the 911 feature still works on these phones? 911 should work even without a SIM card and without any other authentication, to purposefully disable a phone in this way may have bigger repercussions than just 'security'.
Fingerprint scanners are useless for security. My fingerprints are everywhete, especially all over my phone. Touch id merely buys time, which can increase security but if they get my fingerprints, make a dummy finger then they need very little time to open my phone. If they are determined they'll do it. If they are not, probably they won't care about the data in my phone.
They have at most 48 hours (or perhaps 24?) and 5 tries to find your fingerprint and unlock the device. TouchID will discard the keys and require a passphrase if it is not used for a while or after the fifth invalid fingerprint attempt. The window of opportunity is not that big. I would not characterize it as useless at all.
That's true. I meant to say it should disable any hardware that was directly tied to the secure element, such as Touch ID and Apple Pay's NFC chip. I didn't mean to imply all encryption services in iOS should be disabled.
> There's a lot of stuff that depends on the secure element - in fact the phone would be quite useless without it.
Disclaimer: I don't own an iPhone with Touch ID.
However, it seems to me that the phone should still work if you logged on with your PIN instead of with TouchID. It should therefore be as useful as most phones that didn't have TouchID in the first place (which happens to be all my Android and iOS smartphones).
Correct. In fact, a passcode is always required the first time after you reboot your phone. The passcode secures the Secure Element, which contains the fingerprint data used by Touch ID.
In fact, when you first reboot your phone, even contacts cannot be accessed until you authenticate with your passcode to unlock the secure element.
I don't have a password on my iPhone. I don't need one, because I don't store any critical data on the phone, or spend any significant time in environments where it's likely to be stolen. And I guess I'm naive enough to assume that no one from the NSA Tailored Operations department is going to sneak into my bedroom at night and install a malicious fingerprint sensor.
So, no, there is absolutely no reason for Apple to brick my entire iPhone if the sensor fails validation. They should act to maintain the level of security chosen by the user... no more, no less.
Remember the woman who proved that Apple consistently slows down sold iPhones with "updates" right before the launch date of a new model? [0]
Apple is in the business of selling (overpriced/overengineered) hardware. Their tactics make that very clear.
The only problem with that is that there is no real competition in mobile phones anymore, it's just a giant duopoly. Sure, you can switch to Google/Android, which as the giant ad company (in other words: personal data hover/mass surveillance company) is just as bad.
My only hope is for Ubuntu to make the right moves soon.
From the link: "The important distinction is of intent. In the benign explanation, a slowdown of old phones is not a specific goal, but merely a side effect of optimizing the operating system for newer hardware"
When we try to judge intent we do judge the context. So let's look at the context: people do know that iPhone updates will probably slow their device(even though Apple doesn't tell them that). And there's no way to stop the nagging update notification (aside from jailbreaking).
So let's not be naive. Maybe it's hard to prove at the legal level, but there's a pretty decent chance that this is intentional by Apple.
EDIT: if you upvote, please explain why you think this is wrong.
Software getting slower with updates is a fact of life. It's been an obvious and expected thing since I started being aware of computers and updates in the late 1980s and I'm sure it was a thing even before that. The odds that Apple is doing this on purpose, rather than as a standard side effect of cramming ever more features into their stuff, are so low it doesn't bear more than a moment's consideration.
What's next, people say Apple deliberately destroys batteries after a few years, rather than being a natural consequence of battery chemistry? Apple deliberately makes their screens shatter when dropped?
I'm not arguing against the update making the device slower. But the fact it's built so people would upgrade(via irremovable nagging), even when it's clearly not what's best for them.
Huh? Of course you're not arguing against the update making the device slower. You're arguing that the update not only makes the device slower, but that this is a deliberate action by Apple to make older devices slower. And I'm saying that's ridiculous since it happens to pretty much all software anyway and all Apple would have to do to make this happen is just develop updates the same way everyone else does.
Remember the woman who proved that Apple consistently slows down sold iPhones with "updates" right before the launch date of a new model?
No, because that never was a fucking thing.
Seriously, this is supposed to be a community of reasonably well-informed tech-oriented people. Step back for a second, take a deep breath, and think before you spread nonsense like this. Jesus.
But please don't comment like this and https://news.ycombinator.com/item?id=11047606 on HN. That just makes the threads worse. Instead, please stay civil even when some people are being silly.
>> Sure, you can switch to Google/Android, which as the giant ad company (in other words: personal data hover/mass surveillance company)
While on the iPhone: Do you use Google search ? Do you use Google maps ?
Well, if you do , there's not much sense in hiding from Google. And if you use Android, you could use tools like cyanogen's "privacy guard" to hide your data from all/most app authors , which i don't think you can do in iOS.
Also , unless they target you specifically, so long that you use an alternative keyboard - i don't think Google on Android collects your key press data - so you can use anonymity apps for special circumstances, But i could be wrong about that. Same goes for encryption keys, unless your targeted.
No, it doesn't -- It just shows that people google "iPhone slow" more when new models come out / Apple releases major versions.
> No matter how suggestive, he says, the data alone doesn't allow anyone to determine conclusively whether their phone is any slower.
> There are other explanations for why an older model iPhone may slow down, he claims.
> For instance, the latest version of the Apple operating system, iOS, is always tailored to the newest device and may therefore not work as efficiently on older models.
That was frankly horribly researched. They started off with a supposition, and ignored any data that didn't help prove it.
They completely ignored that a new handset release tends to come in lockstep with a new OS release. This is relevant because it means many, many people are changing the operating characteristics of their existing handsets at the same time - leaving their phone not only not a "known constant", but potentially creating the same results even if a new generation of phone hadn't just appeared at the same time.
Seriously, if you take their graph and replace the labels for each 3g, 3gs, 4, 4s etc, with ios2, 3, 4, 5 .. the data is still accurate, but the take-away assumptions change entirely.
They ignored that geekbench scores show that scores for any given generation stay roughly constant over the phone's lifetime. That's a fantastic set of data that isn't coloured by changing expectations over time.
And they were quite happy to brush off that the samsung numbers showed exactly the same changes over time, as they didn't spike around releases. Completely ignoring that Android has entirely different update strategies (having to wait until your telco 'blesses' the update, etc).
If you look at their graphs, and think of each label as an OS release rather than coinciding with a new handset (which is still accurate), the story it now tells is that ios updates receive much larger adoption in hurry, when compared to adoption of android updates.
Which we already knew. Apple's update strategy is that every compatible handset is able to update "today", whereas android updates are staggered by various levels of support from different mffrs and different providers.
With Microsoft shutting down Windows Phone, Blackberry giving up on making it's own OS, Palm's WebOS now just a TV interface and Firefox OS rightfully shut down, the market has very clearly proven that there is no room for a third mobile OS.
Almost certainly so. Decap the chip, pull the flash contents out to get the key, etc, flash a new backdoored chip, you're done. Hobbyists have been decapping chips and pulling flash for a while, so this is certainly not beyond the abilities of the NSA/CIA/etc. You wouldn't need the exact same make of chip, just one that presents itself as the same.
Looking at teardowns, like the one at ifixit [1], the touch id sensor seems to be a pretty standard imaging sensor that heads to an NXP chip. I'd be willing to bet that the encryption of the print happens on the nxp chip instead of the imager, so if the NSA/whoever were doing a "repair", they'd probably just put an MiTM chip on that insecure path for later playback. Against a state actor, Touch ID is a triviality.
That sort of exists now. There are parts, like the throttle control on Volvo's, ABS units on BMW's, etc, where the unit is coded to your vehicle.
You can't, for example, swap an otherwise identical throttle from a junkyard into a Volvo. It puts the ECU into limp mode, and the car is essentially useless.
Now, that's not the result of an over-the-wire firmware update, but that's really the only piece missing. When/If vehicles start regularly updating firmware over the wire, you'll start seeing stuff like this.
We can see that it is clearly nothing to do with 'revenge' or 'retaliation'. The evidence clearly contradicts that.
Apple makes strong promises around security and Touch ID in particular. This is clearly designed to maintain the integrity of that system.
It's certainly a terrible failure mode - the error message should explain what the problem is.
But imputing these bizarre motives just reveals bias on the part of the commenters.
The alternative would be at some point a headline like "compromised Touch ID sends fingerprints to bad actor".
[this was obviously going to be downvoted, but for the record nobody has either made an argument for, or provided evidence for the 'revenge' motivation, while the 'poorly implemented security policy' explanation is clearly supported by the evidence.]
> The alternative would be at some point a headline like "compromised Touch ID sends fingerprints to bad actor".
There would be no such headline. Before update to iOS 9, the affected phones functioned normally, but with disabled Touch ID.
And if you have to know why people come up with theories like that - either Apple didn't think what happens to users who already had this hardware replaced or they thought about that. Maybe those who accuse them of malice simply overestimated their competence - after all, they make big claims about high quality, attention to detail and whatnot.
Not to mention that the first part of this comment makes sense and probably expresses well how people feel about this screwup.
> This is irrelevant. The problem is that those affected phones could still have had compromised fingerprint sensors.
... which wouldn't be used after the phone determines it's an aftermarket part. Equally well the attacker may have installed a malicious piece of brick inside.
> Apple did the right thing in protecting people from this
Sure, they protected users from using phone with replaced home button and disabled fingerprint scanner by bricking the phone completely.
Hard to tell in what proportions malice and/or stupidity were involved in this case, but either way it wasn't "doing the right thing".
Maybe something has changed after this article, I'm not going to make such claims anymore without verification.
However, you have to understand that when I posted this, I knew about cases (including TFA) when the problem had indeed been "rectified" by visiting a store (sorry, couldn't resist ;)) but no case when the device had actually been fixed and data recovered, whether this is technically possible or not.
This whole fiasco makes me wonder if the link between the TouchID sensor and the rest of the phone is so fragile and easily spoofed that they are concerned a fraudulent sensor could be trusted implicitly by the phone, and therefore used to inject malicious data ("here, I am sending you [USERS] thumbprint").
I'm sorry, I did not mean to offend anybody but my reading of the word is that it has two meanings, one of which is 'stupid or dumb'. I'll update the comment.
It's less about HN vs. reddit and more about society at large. What sorts of rude and derogatory words do you feel the need to say where you can't pick a synonym?
I speak quite a few languages, and most of them badly, good enough for communications needs but not precise enough to win me any literary prizes. If we were having this discussion in Dutch I would definitely not pick on you for using words that may not be precise enough or that might be offensive to you simply because I'd assume that you must have learned your Dutch from other people speaking it and using it in your vicinity, coupled with media such as movies, books and so on.
I've seen the word 'retarded' used in the exact way I used it above in many places and I've checked the dictionary and it has a simply secondary definition ('Dumb, foolish') which is roughly what I intended to convey.
Since giving offense is not one of my pet hobbies I edited my comment but had the situation been reversed I would have definitely afforded you more leeway.
To me 'retarded' did not seem rude or derogatory until you pointed it out, judging by the number of other people that are actually native speakers that use it in that exact same way it seems to me that you have your work cut out for you.
I can appreciate the language barrier and I thank you for changing it when I pointed it out.
As for having my work cut out for me, I definitely expected this to happen (maybe not to this scale). HN tends to attract the kind of person who thinks that anything is fair to say any time, regardless of who it might hurt, because HN tends to attract people of massive privilege, many of whom have never been the victim of societal discrimination.
This could go two ways. One way would be where people appreciate your efforts and change their tone. Another way this could go is that people will stop participating. Either way you will likely get what you want.
I think it's worse than that, it's sliding towards Metafilter, where half the conversation is derailed by meta comments and whether it's appropriate to talk a certain way.
At the same time I see HN slide towards reddit just one little bit more with all the 'you insensitive clod' comments lately and that is sad too.
If you don't want HN to slide that way, then I suggest you not give in and change it back. After all, I think offense is entirely in the mind of the beholder.
It's certainly isn't as bad as an ethnic slur, but I feel strongly that it shouldn't be used in polite conversation. It's a matter of being considerate to your audience.
> A survey by Mencap of people with a learning disability has found that nearly nine out of ten respondents have experienced bullying in the last year. Two-thirds are bullied on a regular basis and almost one-third are suffering from bullying on a daily or weekly basis. People with a learning disability face prejudice and widespread discrimination that often makes them feel like outcasts and prevents them from taking a full part in society. Public attitudes in the United Kingdom towards people with a learning disability remain discriminatory. The Mencap survey suggests that the bullying of people with a learning disability is institutionalised throughout society.
How they described bullying:
> The following behaviours were most frequently cited: kicking, biting, name-calling, teasing, stealing, pushing, threatening, having things thrown at you, being told to leave a building, hitting, being shouted at, swearing, demanding money, hair-pulling, throwing stones, spitting, poking, being punched, being beaten up, having one’s head banged against the wall.
I did not contest the facts. But not using the word retard won't help any way. They face prejudice and discrimination because of their condition, not of the way said condition is called. And if we change the word with other - the other word will still be used as an insult. Because the condition itself is highly undesirable. No one wants to have it.
But simply not wanting to be inflicted with a condition is no excuse to dehumanize people who are. Perhaps part of the problem is simply people mocking eachother for being different, but another part of the problem is the cultural normalcy of abuse promulgated by linking diagnostic terms with definitions of global inferiority. Language is the very matrix from which thought arises, so real-world usage of words can alter people's perceptions.
By the way, "dumb" means unable to speak, or mute. Using "dumb" as a synonym for stupid is as offensive as using "retarded" as a synonym for idiotic. Which, in my opinion, is not at all.
<irony>
Because wearing glasses makes me feel insecure.
</irony>
Yes, a person with disabilities can be ridiculed and feel like crap. A fat one can too. Also one with glasses, long hair, or long nose (or very short, let's include them too, it's the PC thing to do).
Where do you draw the "disadvantage" line?
As much as you are being offended when people are using a series of letters that forms certain words, so do I when people act like irresponsible children putting blame on random words.
It's not about ridicule. It's not about offence. Why do people always make this same point about offence?
"My freedom of speech allows me to say what I like; FUCK YOU if you want to use your freedom of speech to tell me how much harm my words cause"
People with LD have been subjected to genocidal actions; they've been forcibly sterilised (without their (or their family's) knowledge or permission; they've been used as the subjects of harmful medical experimentation (again, without knowledge or permission); they often find themselves under DNR (without knowledge or permission); they face levels of bullying higher than other other group; they face levels of discrimination higher than any other group; this bullying and discrimination is bad enough when it comes from people in society, but it's often coming from care professionals; they are deliberately excluded from most of society who know nothing about LD.
> researchers found that participants showed less tolerance toward people who were referred to as "the mentally ill" when compared to those referred to as "people with mental illness."
> For example, participants were more likely to agree with the statement "the mentally ill should be isolated from the community" than the almost identical statement "people with mental illnesses should be isolated from the community."
> These results were found among [...] and even professional counselors who took part in the study.
> "My freedom of speech allows me to say what I like; FUCK YOU if you want to use your freedom of speech to tell me how much harm my words cause"
But they can say FUCK YOU to people who say things they don't like because that's freedom of speech too. Then those people can say FUCK YOU back and have a whole steaming flame war. It's all speech. It may not be productive, and you may not want to participate in it, but there is no law preventing anybody from doing it.
It's only when somebody passes a law against it that it becomes an affront to free speech.
Absolutely. There are jobs that discriminate against people with eyesight disabilities (some aircraft pilot jobs, for
example) and there are many products that don't account for people wearing glasses.
People with glasses are widely stereotyped as nerds or geeks and often experience bullying.
People wearing glasses were also reportedly targeted in mass killings by the Khmer Rouge due to that same stereotype.
Physical ability and job qualifications are a central issue in the debate about discrimination in hiring. It's not just limited to disabilities, since the same debate has repeatedly taken place around the issue of whether women are physically qualified for certain jobs, as can be seen in the current debate over whether women are physically qualified for special operations roles in the US military.
Would you consider it discrimination if, for example, consumers are more likely to be influenced by a white athlete spokesman than a black one? And so, the white ones gets paid more?
People with learning disabilities face significant levels of violence and discrimination.
People with short sightedness, not so much.
No one kills a person who is short sighted just because they are short sighted, but this routinely happens to people with learning disability. Not just random fuckheads in public, but doctors will put people with LD under DNR orders without the knowledge or permission of the person or their relatives just because that person has LD and the doctor can't imagine any quality of life.
But that's not the same definition as the word he used. Fire/flame retardant basically means "fire delayer" Run that through the original sentence and it becomes nonsensical: "It's totally 'delayed' that a functioning phone is bricked by an update".
In my dictionary it coild also be It's toally backwards that.... Does it make sense now?
Fire retardant example was to show you that the same word can be used in many context and not all of them have anything to do with offendong handicapped people. oh wait that word is now also politically incorrect.
> Call it what it actually is: short sighted, greedy, foolish, etc. Don't use a word that puts down people with disabilities.
No. Language is a liging thing and the meaning of a word can change overtime.
"Greedy" is not the word that applies in this case. Nor is "short sighted". This is a retarted and dangerous behavior, and you should not be afraid to call it for what it is.
See above example with the car and try to imaging is the following happened: you have to drive immediately to a hospital and your car doesn't start because your tire was changed by a non-authorized service.
"Greedy" and "short sighted" are not the words that come in mind. It's a trully retarted and dangerous decision, initially driven by greed (because let's make computers like black boxes, no-one can open it, no-one can mess with it).
What makes you think it's driven by greed?There is absolutely zero evidence for this assumption, and the alternative explanation - that it is a poorly implemented attempt to keep their promises about the security of Touch ID makes perfect sense.
Wow. It's 2016, and you're still saying bigoted words like "fool." My great grandfather was a court jester, and he was a very intelligent man. Why don't you read up on the history of tyrants and entertainment before you go throwing around such hateful speech.
Using the word retard victimises a group that is already significantly marginalised while simultaneously not doing much to the intended victim. The word has a greater affect on unintended, innocent, victims than the intended target.
If you're talking about IQ less than 70 use whatever is relevant in the country you're in. In the US this is usually intellectual disability (which is a subset of learning disability, which in US also includes eg dyslexia which doesn't have IQ requirement), but for some small groups it might be retard (although other groups see that as hate speech.)
If you're talking about a difficult to understand action call it dumb or stupid or idiotic or almost anything but retarded.
In the UK the word retard is pretty much equivalent to kikes or nigger or faggot. I'm not sure people in the US recognise that when they say retard people outside the US see a word like nigger. If that's the level of offence you want to create then sure, go ahead.
> If that's the level of offence you want to create then sure, go ahead.
WTF? Did you make that all up just to be able to put me down? Really, what a disgusting comment. I used a word that has a dual definition according to my goddamn dictionary and asked politely for an alternative and reason and edited my comment long before you posted this and yet you feel that you should use this to pretend that I like to create a certain level of offense when I clearly went out of my way not to.
Almost very proposed alternative means somethig exactly equivalent to "retarded", a medical word for a disability. It's a euphemism treadmill.
Dumb = mute
Idiot, moron = low IQ
Lame = non-functioning limb
The problem is not choice of words, the problem is insulting someone by calling them "low intelligence" instead of short-sighted (oops! That's a visual disability) or careless or selfish or unimaginative or impatient.
> Using the word retard victimises a group that is already significantly marginalised while simultaneously not doing much to the intended victim. The word has a greater affect on unintended, innocent, victims than the intended target.
That clearly isn't what the word means today.
"Our son was having trouble in school and his counsellor suspected he might be retarded. We brought him to a retard house with a reputation for taking good care of the retards and the doctor said that he was, indeed, retarded."
That's the sort of thing you might have heard in 1905 but not today. It means something different now. Which is why it's now inappropriate when applied to a person with a learning disability. But the target isn't a person with a learning disability, it's a multinational corporation. The point isn't that Apple has a learning disability, it's that they're being retarded. There isn't another word that means quite exactly that.
It's essentially the same argument as the people who say not to use the word hysterical because of its history. That's not what it means anymore.
I haven't heard the word "retarded" used in earnest to refer to intellectual disability (the replacement term) for at least a decade, and probably closer to 15 years. Note that this is a textbook case of the euphemism treadmill, where whatever term is used to intellectual disability eventually starts getting used as an insult and thus the term is changed. Eventually the old retired terms become fairly acceptable as insults, like "idiot" and "moron."
You can't use pejoratives against people's ethnicity or mental/physical disability in polite society. That's not the same as being actually oppressed, sorry.
I find the way racism become THE WORST THING in the world wildly amusing. There are 7 000 000 000 people on the planet and all of them are racist. We people are wired to dislike people not like us.
Not sure what you are asking exactly (is that rethorical? Or do you expect a real answer?).
If you really care :-) :
I had the chance to be raised and still live in a very mixed part of Paris. There is racism, of course, and for example I can remember how kids of Portuguese descent were the object of mockery back when I was young. (That's significant because today it's put under the carpet as if it never occurred. It seems nobody even remember!).
That makes you think about bias, how bias turn into systematic racism, etc. That makes you discover how people of course cluster around commonalities but also like to share and connect with others when given a safe context.
Racism is quite pervasive in France, and for example younger generations make it a central part of their dialogue and jokes. But many people are working toward inclusiveness too.
Just like women equality and wealth sharing, non-discrimination is not solved thing in any given society: it's a constant challenge to tackle, probably without an end in sight.
It's probably the same for individuals: how can I be more inclusive? Less biased toward others?
I know a couple of Dutch people that moved to Portugal. Surprise, even after living there for 30 years they are still openly discriminated against. My guess would be that such discrimination is so much a part of human nature that (sadly) if you put two people from one group and one from another in a room you'll instantly set off a whole slew of innate responses resulting in the two siding against the one.
It's sad but that seems to be the state of affairs and I don't expect this to get any better in the next couple of centuries. Barring an alien invasion that gives us a reason to play 'us' against 'them' on a bigger stage I doubt humanity will be able to really overcome this particular hurdle. Which is sad because it is a large driver behind all the violence and misery in the world.
I think in practice it takes a certain level of sophistication and intelligence to understand, and be self-aware to the impacts of, racism. I have observed that it is very easy (if not entirely unnecessary) to convert higher IQ members of society to think in ways that are more equitable than race. Do you believe much progress has been made with those who are (to this day) perpetuating the racism? I think there is more awareness, but is there less racism? I also feel that certain "races" are being discriminated against (ie. Asians entrance average to Universities must be much higher than other races, due to competition). This seems to elicit less attention from those who are social justice inclined. I apologize for original message, came off colder than intended.
Given that he is engaging you intellectually and not engaging you with the lizard half of his brain (with it's large stick), I'd say quite successfully.
A) Any historybook ever. There was never a point in history in which purple didn't try to slaughter green for green being green.
B) Everything. Me against my brother, me and my brother against my cousin. Me and my cousin against the world. Likeness could be anything that a person deems important. Race, religion, football teams, harry potter vs lotr, dota vs lol.
>There are 7 000 000 000 people on the planet and all of them are racist.
Even if that was true, which it isn't, why do you think that means we should give up and speak or write carelessly? Why do you object to improvement/progress?
you can't say anything anymore without qualifying it to the nth degree and sugarcoating it and making it as bland as possible, just in case someone somewhere feels that some thing you said was some how offending
Shut the fuck up. You are perfectly welcome to say whatever the fuck you want. If you stay something fucking offensive, then you can fucking expect to be told to shut the fuck up.
To counter the explosion of "fuck you" kind of comments, and as the father of a child with a developmental disability, thank you for pointing out this impolite and linguistically lazy behavior.
People who use "retarded", "gay", "autistic", "ghetto" (and so on) in a derogatory form are showing a lack of imagination, aren't introspective enough to consider how their choice of words makes others perceive them, and trivialize an entire group of people by subordinating them in their effort to demean someone else.
And that's the problem. It's condescending (and meant to be, don't tell me it's not) to call someone or something "retarded" when one is actually expressing an opinion that the person or thing is not worthy of merit, and history is rife with abuses that result from trivializing a group of people by distilling that group to a pejorative. "Fuck those short sighted motherfuckers," may shock because of the direct use of the glorious and multitalented root word "fuck", but it certainly isn't trivializing a group of people with a minor vision impairment, because short sighted is not the term used to refer to someone who is near sighted. It's borderline lazy, sure. It may offend someone's sensibilities, yeah. But choosing a word that one knows damn well trivializes a group of disadvantaged human beings ... that's profoundly different from dropping the occasional F-bomb.
It's not about political correctness, it's about recognizing that one's choice of words can carry a great deal of meaning that diminishes the intended effect of those words. In some cases, by literally dehumanizing a group of people.
It's not "colorful language", it's lazy and careless prose.
And to any current reader of this comment who thinks such pejorative language is okay in civilized company: either this post changes your mind, dear reader, or it doesn't. Using what you think to be clever analogies, closed-minded logical fallacies, or meritless affirmative defenses ("but, freedom of speech!") is encouraged, if it makes you feel better about yourself to put me in my place for feeling the way I do about this kind of language. Your right to free speech is no different from mine, I won't stop you. But I also won't waste the expression of my free speech rights by trying to argue with someone who doesn't acknowledge that maybe ... maybe ... they're wrong, so please feel free to satisfy that desire to get in the last word.
I personally am aware of zero instances where anyone associated with a developmental disability is comfortable with the use of the word 'retarded', in any context. (Please note: this is not to say such a thing does not exist!) Empathy is a worthy reason for voluntarily restricting my personal speech, and I appreciate others willing to take people like you into consideration here on this forum!
I'll take you at your word that you're not trying to be clever, and that you're genuinely curious, and thus not interested in an argument that must be won. And, so, I'll do my best to elucidate in an attempt to satisfy that curiosity.
I suspect that the poster is referring to the whole of his experience as the pool of contexts in question, and thus can state that he knows of no one who is comfortable with the word choice - given that most people don't use the word "retarded" as the past tense of the verb "retard", which means to hold back or slow down, I'm inclined to agree.
Retardant is not in question. The use of retard as a verb as it's intended to be used is not in question. The vast majority of utterances of "retarded" are used as a pejorative adjective, so while I see your point, I think you're missing his: The reality is that the adjective form of retarded is, in nearly all common-use cases, a careless diminution of those with developmental or learning disabilities, as it serves to suggest the idea/thing/person could only have come from someone with such a developmental or learning disability.
>when one is actually expressing an opinion that the person or thing is not worthy of merit, and history is rife with abuses that result from trivializing a group of people by distilling that group to a pejorative.
What I don't quite understand is why it trivializes people to use a disability as a pejorative, but it apparently doesn't trivialize people to use a disease as a pejorative.
Since you don't seem to be arguing, I would like to understand what you mean? Did I use such a pejorative? I'd sincerely like to know - if, that is, your query is sincere as well.
I'm just musing, and hoping someone might have an explanation. Language is complicated, and emotionally-loaded words are especially so.
Let me put it this way. If I call someone cancerous, I'm not trivializing the group of people that have cancer and distilling them to a pejorative. In general, if I use a disease as an insult it's fine, but if I use a disability as an insult it's usually offensive. They're both afflictions, but they're treated differently in uncountable ways.
I could list some reasons, but none of them really feel like they get at the root cause of the difference. Do you have any insight?
Perhaps it's related to self-identification? People don't self-identify as cancerous, the cancer (or disease?) is an external actor invading the body. Whereas a disability is a feature or aspect of one's body.
(I don't have first hand experience with either, so I'm just musing too..)
Albeit necessary to check the authenticity of components such as the TouchID sensor for security reasons, bricking the phones seems extreme. Why not simply disable Touch ID? This is them asking for a lawsuit.
I wonder if it's really bricked -- could a downgrade to the previous OS version help? (Admittedly, it's not that straightforward for normal consumers.)
I don't see why people are upset or surprised about this. Apple is a pioneer in making electronics difficult to open up and play with.
It has always been their approach to control every interaction that every customer has with every part of their business and every product produced by it.
Yeah, Apple are evil geniuses. They are prodigies at making money and expanding their business, at the expense of their users. It also seems like a majority of people on this site have some kind of Stockholm syndrome with regard to Apple. I guess making people reliant and locked in to their system is part of their genius. Of course people in that situation will find ingenious logical contortions to go through to justify their continued faith.
Also, mass downvoting of this comment in 3. 2. 1 ...
Please don't bait other users by inviting them to downvote you or announce that you expect to get downvoted.
You will, of course, be down voted – because of your childish insistence that anybody who thinks differently from you is suffering from some kind of illness.
I accept your correction. In fact, now I think about it, essentially 0% of apple customers would likely be aware of this possibility at the time they make their purchase. I should have considered that most consumers won't follow stories like this as closely as the tech crowd.
I do stand by my assertion that it is legitimate for apple to behave in this way though. They get to present their business as they choose to just like any other company and the customer get to choose whether to accept their terms. Personally I don't but, empirically, most other people seem to.
I would however support requirements (as legislation) that consumers should be made aware of such practices at the point of purchase such that they can factor it into their buying decision.
Wouldn't a better idea be to simply display an error message to the effect of "your phone has undergone untrusted changes, please bring to your nearest Apple store" rather than bricking the whole thing?
Isn't this piece core to the virtual wallet/payment tech installed on the phone? Should apple's engineers have to put in friendly error messages if you exchange components in what's supposed to be a closed system?
High prices and resale values have spawned a substantial and apparently growing 3rd party repair and refurbishment market for Apple mobile devices. Beyond the dodgy corner unlock shops, multiple national chains have sprung up over the last 2 years where I live that advertise heavily on broadcast TV.
Apple clearly sees this as money left on the table and they're concerned about the emergence of a comprehensive parallel supply chain for repair parts. Bricking end-user devices is one of the few levers they've got to try and shut down this industry, since there's no way to effectively identify and pursue the upstream suppliers in mainland China.
Sucks for the users, though. I wonder if Apple will still be selling devices at all in 5 years, or if they'll only rent them out for €25/$25/£25 per month. Ultimately that'll probably be the only way to get the control they want.
People buy a high-end watch, like a Rolex. They can repair it if they have then knowledge. The problem is Rolex, and 99 percent of watch manufactures won't sell your, or your Watch Repair person the parts.
You need to send the watch to the factory for service, at factory prices.
So, when you buy a Rolex, your are actually leasing it? You don't truely own it, if you can't get the parts to fix it?
It's just another way to make money.
I didn't think Apple would irritate their customers at this particular point in time?
And yes, I too believe, "This is just the beginning."
Actually a majority of the watches, besides Rolex, in the <$5000 range use standard unmodified Swiss ETA movements, which can be repaired by any competent watchmaker. Very few watches in this price range use in-house movements.
I think IPhone owners intend their device to last longer than the typical Android. Making it harder to repair could undermine that. Apple need to make users believe that an IPhone is not just a disposable thing that lasts for 1 year in order to justify the high price.
Broken 5s screen - took it to a local repair shop in town. He indicated that they just replace the whole screen unit - takes about 8-10 minutes. He shared some numbers too.
The conversation was from last... sep I think, and he was referring to a change a few months back. They had been able to buy the whole screen units for around $25-$30/piece, and his shop (owned a few) bought a lot of them - always kept a lot in stock. Earlier in 2015, he said, Apple started putting the screws on their parts suppliers, requiring them to destroy any overages or extras that didn't pass QA. This overage supply was where he and others would get their replacement parts.
He said that almost overnight, the prices on those screens went to $40 or more. They had a several month supply, but were already having to replenish at the higher price point.
So... Apple knowing about "third party repair" stuff, isn't all that new, but they seem to be taking more steps to actively prevent competition here. :/
re: "renting" - they'll probably still sell them, but all but force an icloud-style service for storage (probably still be selling 16g models when they provide 16mp cameras, and use up 6g for the OS). That or perhaps they'll just buy a carrier and you can be paying them $100/month for voice/data service directly, on top of $700 for a device.
You DO have the right to repair your iPhone; it just has to be done by an official Apple repair centre.
I completely understand the downsides of Apple's particular approach here, and totally get why people want the right to use 3rd party repair services. I've used them myself in the past to save (a lot of) money.
But considering just how much of my life, financial and otherwise, is on my phone, I'm actually very glad that Apple has erred on the side of obsessive security!
Apparently, YOU don't have the right to repair your own iPhone then, only an official Apple repair centre does. You mean: You have the right to pay an official Apple repair center, and nobody else, to repair your iPhone.
> and totally get why people want the right to use 3rd party repair services. I've used them myself in the past to save (a lot of) money.
The BBC article talks about someone who was in Macedonia. Apple doesn't have repair centres there. What they did - try to repair their device in a non-Apple-served country - was about all they could reasonably do.
As Apple wants more of our life to be phone-oriented (payment details, wallet, physical data, etc) expecting 100% of people to be within X minutes of official repair centers 100% of the time is not workable, nor reasonable.
I get it - the home button is secure and might have been compromised. This was just horrible design - they failed to account for a failure mode, and default to a brick instead.
A warning bar or message on boot indicating "the touch id may have been compromised - all touch id features are disabled - please contact Apple" - while annoying - would have been reasonable.
That's a very disingenuous definition of "the right to repair." In fact, requiring that all repairs be done by the OEM is exactly the opposite of the right to repair.
The stated rationale is that it's reasonable for a security-critical device to self-destruct if it thinks it may have been tampered with. Unfortunately this is a phone which costs a lot of money and has much of the user's life stored on it. I wouldn't be surprised to see Apple sued over this; I don't know what the interaction of the Sale of Goods Act and remote-bricking is.
I was thinking along similar lines recently when someone sent me an email to an old PGP key - I was able to dig up the key, but had long since forgotten the password. Do you want your computer security system to fail-open (leaking your stuff and potentially exposing you to fraud) or fail-closed (losing data which may be irreplaceable and of emotional significance)?. It's not obvious. But if you store your photos on your phone, you should probably back them up to the cloud - and to a different system that is not under the same account, either locally or another cloud.
User-friendly crypto may be possible, but user-friendly key management is a total nightmare.
We techy people have let them down, in that case. It should be safe to crush any of my terminals under a tyre and lose nothing.
I learned 15+ years ago that the OS should have that as standard, with no privacy issue either. It is crazy that it is not baked in already. It's not even difficult.
Correct me if I'm wrong, but from what I understand this is done to protect the customers from tampered with Touch ID sensors.
It may be overly paranoid but I can at least understand the motivation behind this. Changing the display also involves disconnecting the Touch ID sensor so technically a malicious person might have done something that exposes the user of the device in some way.
Statement from an Apple spokeswoman:
“We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.”
Just like all other similar decisions made by other companies under the guise of 'protect[ing] the customers', it should be clear that this is no more than a guise. If protection is what they had in mind they'd simply disable any functionality which could be impacted by a dodgy part. Disabling the whole device has the single, self-serving purpose of channelling the cash flow from the repair businesses into Apple's coffers.
It sounds plausible, but none of us can know for sure as we don't have the source code and internal access at Apple. (maybe they can't just deactivate TouchID on its own, maybe they can but they want to protect the already existing fingerprint data on the device)
I don't see how killing the entire 3rd party repair network worldwide can create a positive outcome for Apple, because they are unlikely to even have the resources for repairing every device in a timely manner and with acceptable costs.
It's easy to say that they'll just earn more from repairs and sell more devices, but customer satisfaction is also important and I believe Apple takes issues that essentially brick devices very seriously.
It is also well known that they take privacy very seriously (although implementations might not be perfect), so I am inclined to believe that in this case privacy concerns have won against customer satisfaction concerns.
Edit: Apple Pay is also a _very_ important product for Apple, I imagine they simply cannot afford any issues that might make this seem unsafe to customers.
> I don't see how killing the entire 3rd party repair network worldwide can create a positive outcome for Apple, because they are unlikely to even have the resources for repairing every device in a timely manner and with acceptable costs.
Limiting the availability of repair services to the captive audience of apple-users probably increases sales. Those who have bought into the apple world are (for now) unlikely to step outside of the garden, so they'll replace their broken iThingy with a new one instead of 'just getting an Android this time'. Just look at this comment for an example of that attitude: https://news.ycombinator.com/item?id=11061800
> "... I've got better things to do with my time. I'd rather walk into the Apple store and replace my MBA or my iPhone when I've got a problem. That saves me time for my wife or my hobbies. Trade money for things that save you time, to spend that time on what's important to you (if you've got the money). ..."
This is the attitude apple would like to cultivate: solve problems by throwing more money at them.
People in the US should be complaining to the FTC. In the very least, for phone's under warranty, Magnuson-Moss should apply if Apple isn't fixing these problems for free.
It doesn't have to be either or. Apple could provide a better fail over behavior for the home key, including a way for a consumer to validate the changed hardware.
For instance: "IOS has detected a change in your Secure Home Key. Please contact apple secure support to confirm that your device is still secure!" add a 1-800 number and some security questions. Or automate it by requiring a login to your Apple account, email validation, and email notification of the change.
Bottom line, when one authentication method fails, you need a fail over to something more difficult.
> Please contact apple secure support to confirm that your device is still secure
There's no way the customer or Apple can do that with third party hardware installed. The only solution I can see is to disable all of the features relying on Touch ID.
If they can issue an auth code for apple hardware then presumably it's possible to issue one for non apple hardware. They just have to make some effort to confirm the owner of the phone has it rather than a thief.
Only to the extent I protect my own data. If I don't use the fingerprint scanner (or even a simple password), don't brick my phone because the fingerprint scanner failed validation.
Really, this seems pretty straightforward. "Security," while always a noble cause, is not an excuse to add gratuitous points of failure to a system.
If a motherboard displayed an error when a piece of hardware from a different manufacturer was inserted and failed to operate, we'd cry bloody fucking murder. Instead, we expect users to take responsibility and if they compromise their own machine / want to take a risk then that's their business.
Just because it's an Apple phone shouldn't reallign our morals concerning user control and responsibility.
Something suspiciously like this happened to me on a second-hand iPhone 6 I bought a few weeks ago. Talk about crappy timing.
Everything pointed to a software issue, but every repair person I took it to (both apple and non-apple) kept saying it was a hardware fault.
Touch ID stopped working and the phone drains super quickly despite not being in use. Hoping Apple can provide a "fix", not gonna hold my breath though.
I got a second-hand 5S last year with faulty Touch ID, the seller admitted that it didn't work and didn't even notice because he never used it (at the time also many Touch IDs stopped working after iOS 8 updates). I got a lower price and a friend took it to Apple Store in Germany (had couple months warranty left), where they tried to change the display first, then swapped it for a new unit without issues.
362 comments
[ 3.2 ms ] story [ 305 ms ] threadErgo, Apple is bricking phones as some sort of misplaced revenge-like behavior.
Call it revenge like behavior is just you attacking Apple. It's certainly incompetent or unanticipated and poorly handled, but it's an attempt to maintain their security promises.
I don't know anyone who uses the fingerprint reader or the purchasing functionality.
It's just petty revenge because you had to temerity to go to another party other than apple to get your phone repaired and maybe even saved some money in the process. So now, in retaliation we'll destroy your phone in software. I'm sure this will go down well with the various EU courts.
Given that apple is working on an iCar, it's just a matter of time I presume.
To keep with the care maker example, in Germany, the car makers used to void the 10 years guarantee on the painting of the car if the regular checks were done by an independent car shop. This was then declared as illegal.
I suppose Apple will soon release an update and declare that this was "a bug".
Anyway, this confirms that I'll stay away from Apple stuff.
Image if you have your tires changed by an independent car shop and a month later one of your wheels falls off on the highway. Do you start complaining about it to the car's manufacturer because 'it worked perfectly before'. No you don't.
The repair shop didn't repair it properly, if it was repaired properly the new TouchID sensor would be securely paired with the Secure Enclave and this issue would not occur.
You are fundamentally misunderstanding the threat model. What is the exact threat that Apple is guarding against? Is it an evil maid attack planting new sensors, switched devices, someone's fingers being cut off? All of these require different mitigations - none of which for a general purpose consumer phone are to brick the device when upgrading.
This is more like your Tesla car's keyfob misfunctioning and you get it repaired by a non-Tesla dealer. The dealer could've put in a backdoor to get into the vehicle.
Tesla releases a big new update for their car software and now your Tesla is completely bricked and Tesla refuses to repair it, saying you have to buy a new car.
Is that acceptable?
Apple or other authorized repair shops can still fix phones that have been disabled due to security chain errors.
https://news.ycombinator.com/item?id=11048311
The new home button hardware can't be securely validated, and a future OS update fails on the unexpected condition of invalid Touch ID hardware. I can imagine that this wasn't a prioritised testing scenario, likely not even considered by Apple when developing iOS.
It's a lousy way to fail — the phone should just disable Touch ID and Apple Pay, and anything that relies on the secure co-processor.
But it feels far more like there's an `else` branch sitting in the iOS codebase somewhere where a programmer has written:
//NOTE: This should never, ever happen
//.. code that triggers error 53
Sounds a bit like a downgrade attack if they didn't fail fast and hard at the earliest opportunity.
As a standalone measure, biometrics make a shitty password substitute because you can't change a finger print if it's compromised, so shouldn't the iphone be secured on the premise that the finger print scanner is already compromised, hence losing it should not qualify as a downgrade attack?
Secure Enclave is a separate coprocessor running its own L4-based microkernel. This hardware is directly paired with security-sensitive hardware (Touch ID, Apple Pay NFC chip, etc). It provides all cryptographic operations for data protection key management and maintains the integrity of data protection even if the kernel has been compromised.
So when you stick a third-party Touch ID sensor in an iPhone it's obviously not going to be paired with the secure coprocessor. It doesn't really matter whether biometrics are shitty passwords, the iOS update process realises there is compromised hardware touching the Secure Enclave and fails in the worst possible way for the user.
"The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but _cannot_ read it".
Apple's own security guide explains it best [1]:
> The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered ngerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but cannot read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.
Regarding the actual fingerprint storage, it looks like the encryption key is kept in the Secure Enclave and the entire decryption and verification process occurs within the Secure Enclave. However the encrypted data itself may be stored outside the Secure Enclave:
> The raster scan is temporarily stored in encrypted memory within the Secure Enclave while being vectorized for analysis, and then it’s discarded. The analysis utilizes sub-dermal ridge flow angle mapping, which is a lossy process that discards minutia data that would be required to reconstruct the user’s actual fingerprint. The resulting map of nodes is stored without any identity information in an encrypted format that can only be read by the Secure Enclave, and is never sent to Apple or backed up to iCloud or iTunes.
[1] https://www.apple.com/business/docs/iOS_Security_Guide.pdf
Except it could be defeated by a laser printed fingerprint on a piece of paper (initially).
That would be a huge vulnerability, if there hadn't been thousands of other ways to record your fingerprint, and while most of them are less accurate than a trojan Touch ID, they're also much easier to pull off.
And at the very worst, if a sophisticated malicious actor got the chance to meddle with your phone, they could just skip the Touch ID sensor altogether and install a stealthy fingerprint digitizer in the touch screen or on the back of the phone.
So in short, Apple's security measure, if my understanding is correct, does absolutely nothing to protect the user.
This botched handling of replaced hardware that hasn't been paired with the Secure Enclave ties into the above. Apple doesn't expect people to replace such hardware through a third-party, so they don't think to engineer their software to fail gracefully when it happens.
Apple is a fairly security conscious company now so security tradeoffs should not be a surprise.
No matter what the motives behind this mechanism were, it was put in place exactly to prevent 3rd party scanners from working.
And if they implemented authentication and didn't even test what happens if it fails, then well... how do they know it works at all?
The entire purpose of the secure enclave is defeated if it trusts any hardware connected to it.
I'm not saying they didn't test what happens when it fails. I'm saying they didn't do user testing on what happens when it fails. I'm sure the engineers tried out the hardware authentication system. They just didn't test the whole scenario once iOS was sitting on the end product.
So yes, it was put in place to stop any hardware that could not be trusted from accessing users' secure data. But no, it was not done to prevent aftermarket replacements.
The only reason I can see Apple caring about aftermarket replacements is because they are often low quality, and cause customers to go back to Apple with unauthorised repairs. (I've witnessed this more than once in an Apple store, someone coming in who had their screen replaced outside Apple and the touch digitiser was failing. Apple just sends them away.)
Consider reading the description of iOS security features linked somewhere in this thread.
Because what you are describing is a disaster, not security. If some off-chip sensor had access to fingerprint data or crypto keys, anybody capable of installing such chip would also be able to simply dump all the data himself in the comfort of his lab.
So why not brick the phone out of the box? Even if the finger scanner is original, somebody may have compromised the digitizer anyway.
In fact, when you first reboot your phone, even contacts cannot be accessed until you authenticate with your passcode to unlock the secure element. Incoming text messages only show the phone number.
You're right, however - a Touch ID sensor that cannot be verified should not brick the phone. Apple should just disable Touch ID and sever any link between the sensor and the secure element.
IMO bricking on touch ID issues is extreme, but maximises the security of the device.
The fact that you need to enter PIN right after boot, just shows that they use "two factor authentication" to make it even more secure.
It doesn't IN ANY WAY show that TouchID is "the less secure authentication" method of the two.
I believe ApplePay requires TouchID.
> To help ensure the security of Apple Pay, you must have a passcode set on your device and, optionally, Touch ID. [...] To send your payment information, you must authenticate using Touch ID or your passcode.
https://support.apple.com/en-us/HT203027
By feeding numbers into the scanner instead of fingers, you can accomplish the same effect as feeding random strings into a password box. Further, it's also possible to take fingerprints through social engineering, or by getting at the database of a company that uses fingerprints as security. Five bucks says someone's already storing a bunch of fingerprint data as plaintext.
Isn't this exactly why they DON'T allow you to use the iPhone with a potentially tampered with HW/TouchID -- e.g. the very feature/issue we're discussing?
I'd argue that fingerprints for security are just silly to begin with.
The phone would still work perfectly fine and safe if Touch ID would be disabled and input from the sensor wouldn't be trusted.
The correct solution there would be to pop up a warning saying the TouchID hardware has been tampered with, and giving the user an option to validate it.
I think it's totally OK not to accept authentication from an unvalidated device, but a legitimate user should be able to do the validation.
What are you even talking about?
If the fingerprint scanner is suspicious, just disable it and leave the rest running. And this is in fact what happens, until a software update is installed and then the phone suddenly decides to brick itself completely.
We are all smart people here and there are several ways to have security without bricking expensive hardware.
First, the update can wipe the device instead of bricking it.
Second, Apple can provide an option to replace the fingerprint chip and charge, $150-$200 or whatever it costs for it.
There would be several better solutions that the most profitable company in the world could figure out if they wanted to. It's funny how their particular solution happens to make them even more money through shutting down third party repairs and making people buy new phones.
This is like your home alarm software(made by the home builder) remotely burning down your house and telling you to build a new one because someone may have tampered with home access and could possibly enter your home.
>When Olmos, who says he has spent thousands of pounds on Apple products over the years, took it to an Apple store in London, staff told him there was nothing they could do, and that his phone was now junk. He had to pay £270 for a replacement and is furious.
I find the stores are somewhat inconsistent in their application of policy. (Particular if the policy isn't well defined ahead of time, as in this case)
(As an aside, the practice of requiring an appointment to talk to a support person or even just drop off a broken computer is maddening.)
Couldn't they just ask the user? Use the backup password to authenticate.
If it's my device, I want to be the one who chooses what I trust.
Disclaimer: I don't own an iPhone with Touch ID.
However, it seems to me that the phone should still work if you logged on with your PIN instead of with TouchID. It should therefore be as useful as most phones that didn't have TouchID in the first place (which happens to be all my Android and iOS smartphones).
If you can't, there's no need to brick the phone...
I don't have a password on my iPhone. I don't need one, because I don't store any critical data on the phone, or spend any significant time in environments where it's likely to be stolen. And I guess I'm naive enough to assume that no one from the NSA Tailored Operations department is going to sneak into my bedroom at night and install a malicious fingerprint sensor.
So, no, there is absolutely no reason for Apple to brick my entire iPhone if the sensor fails validation. They should act to maintain the level of security chosen by the user... no more, no less.
Apple is in the business of selling (overpriced/overengineered) hardware. Their tactics make that very clear.
The only problem with that is that there is no real competition in mobile phones anymore, it's just a giant duopoly. Sure, you can switch to Google/Android, which as the giant ad company (in other words: personal data hover/mass surveillance company) is just as bad.
My only hope is for Ubuntu to make the right moves soon.
[0] A source: http://www.dailymail.co.uk/sciencetech/article-2709502/Does-...
No, I don't, but I'd like to read more about it. Got a source?
And it is really hard to argue that Google intentionally slows down old Android phones.
The source is available for everyone to study and you can root most devices and install Android versions that don't even use any Google software.
No. Story linked from daily mail (that's not a "source") is more nuanced.
http://www.nytimes.com/2014/07/27/upshot/hold-the-phone-a-bi...
When we try to judge intent we do judge the context. So let's look at the context: people do know that iPhone updates will probably slow their device(even though Apple doesn't tell them that). And there's no way to stop the nagging update notification (aside from jailbreaking).
So let's not be naive. Maybe it's hard to prove at the legal level, but there's a pretty decent chance that this is intentional by Apple.
EDIT: if you upvote, please explain why you think this is wrong.
What's next, people say Apple deliberately destroys batteries after a few years, rather than being a natural consequence of battery chemistry? Apple deliberately makes their screens shatter when dropped?
No, because that never was a fucking thing.
Seriously, this is supposed to be a community of reasonably well-informed tech-oriented people. Step back for a second, take a deep breath, and think before you spread nonsense like this. Jesus.
But please don't comment like this and https://news.ycombinator.com/item?id=11047606 on HN. That just makes the threads worse. Instead, please stay civil even when some people are being silly.
Good lord no. But thank you for the polite response and intention to change. It really is a collective effort.
While on the iPhone: Do you use Google search ? Do you use Google maps ?
Well, if you do , there's not much sense in hiding from Google. And if you use Android, you could use tools like cyanogen's "privacy guard" to hide your data from all/most app authors , which i don't think you can do in iOS.
Also , unless they target you specifically, so long that you use an alternative keyboard - i don't think Google on Android collects your key press data - so you can use anonymity apps for special circumstances, But i could be wrong about that. Same goes for encryption keys, unless your targeted.
> No matter how suggestive, he says, the data alone doesn't allow anyone to determine conclusively whether their phone is any slower.
> There are other explanations for why an older model iPhone may slow down, he claims.
> For instance, the latest version of the Apple operating system, iOS, is always tailored to the newest device and may therefore not work as efficiently on older models.
They completely ignored that a new handset release tends to come in lockstep with a new OS release. This is relevant because it means many, many people are changing the operating characteristics of their existing handsets at the same time - leaving their phone not only not a "known constant", but potentially creating the same results even if a new generation of phone hadn't just appeared at the same time.
Seriously, if you take their graph and replace the labels for each 3g, 3gs, 4, 4s etc, with ios2, 3, 4, 5 .. the data is still accurate, but the take-away assumptions change entirely.
They ignored that geekbench scores show that scores for any given generation stay roughly constant over the phone's lifetime. That's a fantastic set of data that isn't coloured by changing expectations over time.
And they were quite happy to brush off that the samsung numbers showed exactly the same changes over time, as they didn't spike around releases. Completely ignoring that Android has entirely different update strategies (having to wait until your telco 'blesses' the update, etc).
If you look at their graphs, and think of each label as an OS release rather than coinciding with a new handset (which is still accurate), the story it now tells is that ios updates receive much larger adoption in hurry, when compared to adoption of android updates.
Which we already knew. Apple's update strategy is that every compatible handset is able to update "today", whereas android updates are staggered by various levels of support from different mffrs and different providers.
Hell, there's barely any room for a third manufacturer, let along operating systems http://www.theverge.com/2016/2/3/10894200/android-smartphone...
Then the question is, could the NSA/CIA/etc trick the phone into thinking the repair was valid?
So then, what, if not on boot, show it all the time, with no option to suppress? If you offer a way to suppress it, that will be used by the bad guys.
I'm sure they already did that assuming they don't have better ways.
[1] https://www.ifixit.com/Teardown/iPhone+5s+Teardown/17383
But to be honest, it's not like fingerprints are such a hard to obtain secret in the first place.
That sort of exists now. There are parts, like the throttle control on Volvo's, ABS units on BMW's, etc, where the unit is coded to your vehicle.
You can't, for example, swap an otherwise identical throttle from a junkyard into a Volvo. It puts the ECU into limp mode, and the car is essentially useless.
Now, that's not the result of an over-the-wire firmware update, but that's really the only piece missing. When/If vehicles start regularly updating firmware over the wire, you'll start seeing stuff like this.
We can see that it is clearly nothing to do with 'revenge' or 'retaliation'. The evidence clearly contradicts that.
Apple makes strong promises around security and Touch ID in particular. This is clearly designed to maintain the integrity of that system.
It's certainly a terrible failure mode - the error message should explain what the problem is.
But imputing these bizarre motives just reveals bias on the part of the commenters.
The alternative would be at some point a headline like "compromised Touch ID sends fingerprints to bad actor".
[this was obviously going to be downvoted, but for the record nobody has either made an argument for, or provided evidence for the 'revenge' motivation, while the 'poorly implemented security policy' explanation is clearly supported by the evidence.]
There would be no such headline. Before update to iOS 9, the affected phones functioned normally, but with disabled Touch ID.
And if you have to know why people come up with theories like that - either Apple didn't think what happens to users who already had this hardware replaced or they thought about that. Maybe those who accuse them of malice simply overestimated their competence - after all, they make big claims about high quality, attention to detail and whatnot.
Not to mention that the first part of this comment makes sense and probably expresses well how people feel about this screwup.
This is irrelevant. The problem is that those affected phones could still have had compromised fingerprint sensors.
Apple did the right thing in protecting people from this, but did communicate about it poorly.
The only malice in this situation is on the part of the people accusing apple of being motivated by 'revenge'.
... which wouldn't be used after the phone determines it's an aftermarket part. Equally well the attacker may have installed a malicious piece of brick inside.
> Apple did the right thing in protecting people from this
Sure, they protected users from using phone with replaced home button and disabled fingerprint scanner by bricking the phone completely.
Hard to tell in what proportions malice and/or stupidity were involved in this case, but either way it wasn't "doing the right thing".
However, you have to understand that when I posted this, I knew about cases (including TFA) when the problem had indeed been "rectified" by visiting a store (sorry, couldn't resist ;)) but no case when the device had actually been fixed and data recovered, whether this is technically possible or not.
Don't say this.
At the same time I see HN slide towards reddit just one little bit more with all the 'you insensitive clod' comments lately and that is sad too.
I've seen the word 'retarded' used in the exact way I used it above in many places and I've checked the dictionary and it has a simply secondary definition ('Dumb, foolish') which is roughly what I intended to convey.
Since giving offense is not one of my pet hobbies I edited my comment but had the situation been reversed I would have definitely afforded you more leeway.
To me 'retarded' did not seem rude or derogatory until you pointed it out, judging by the number of other people that are actually native speakers that use it in that exact same way it seems to me that you have your work cut out for you.
As for having my work cut out for me, I definitely expected this to happen (maybe not to this scale). HN tends to attract the kind of person who thinks that anything is fair to say any time, regardless of who it might hurt, because HN tends to attract people of massive privilege, many of whom have never been the victim of societal discrimination.
Screw that.
If you don't want HN to slide that way, then I suggest you not give in and change it back. After all, I think offense is entirely in the mind of the beholder.
Especially when the beholder is not himself or herself part of the group.
The word retard is hate speech, linked to actual real world violence. And that violences is very common.
https://www.mencap.org.uk/sites/default/files/documents/2009...
> A survey by Mencap of people with a learning disability has found that nearly nine out of ten respondents have experienced bullying in the last year. Two-thirds are bullied on a regular basis and almost one-third are suffering from bullying on a daily or weekly basis. People with a learning disability face prejudice and widespread discrimination that often makes them feel like outcasts and prevents them from taking a full part in society. Public attitudes in the United Kingdom towards people with a learning disability remain discriminatory. The Mencap survey suggests that the bullying of people with a learning disability is institutionalised throughout society.
How they described bullying:
> The following behaviours were most frequently cited: kicking, biting, name-calling, teasing, stealing, pushing, threatening, having things thrown at you, being told to leave a building, hitting, being shouted at, swearing, demanding money, hair-pulling, throwing stones, spitting, poking, being punched, being beaten up, having one’s head banged against the wall.
Yes. I am offended by the small letters in ads.
Yes, a person with disabilities can be ridiculed and feel like crap. A fat one can too. Also one with glasses, long hair, or long nose (or very short, let's include them too, it's the PC thing to do).
Where do you draw the "disadvantage" line?
As much as you are being offended when people are using a series of letters that forms certain words, so do I when people act like irresponsible children putting blame on random words.
It's not about ridicule. It's not about offence. Why do people always make this same point about offence?
"My freedom of speech allows me to say what I like; FUCK YOU if you want to use your freedom of speech to tell me how much harm my words cause"
People with LD have been subjected to genocidal actions; they've been forcibly sterilised (without their (or their family's) knowledge or permission; they've been used as the subjects of harmful medical experimentation (again, without knowledge or permission); they often find themselves under DNR (without knowledge or permission); they face levels of bullying higher than other other group; they face levels of discrimination higher than any other group; this bullying and discrimination is bad enough when it comes from people in society, but it's often coming from care professionals; they are deliberately excluded from most of society who know nothing about LD.
About "it's just a string of letters" (there are a few strings I'd like to use about you but on HN it'd probably get me a ban): http://www.eurekalert.org/pub_releases/2016-01/osu-wys012616...
> researchers found that participants showed less tolerance toward people who were referred to as "the mentally ill" when compared to those referred to as "people with mental illness."
> For example, participants were more likely to agree with the statement "the mentally ill should be isolated from the community" than the almost identical statement "people with mental illnesses should be isolated from the community."
> These results were found among [...] and even professional counselors who took part in the study.
But they can say FUCK YOU to people who say things they don't like because that's freedom of speech too. Then those people can say FUCK YOU back and have a whole steaming flame war. It's all speech. It may not be productive, and you may not want to participate in it, but there is no law preventing anybody from doing it.
It's only when somebody passes a law against it that it becomes an affront to free speech.
People with glasses are widely stereotyped as nerds or geeks and often experience bullying.
People wearing glasses were also reportedly targeted in mass killings by the Khmer Rouge due to that same stereotype.
People with short sightedness, not so much.
No one kills a person who is short sighted just because they are short sighted, but this routinely happens to people with learning disability. Not just random fuckheads in public, but doctors will put people with LD under DNR orders without the knowledge or permission of the person or their relatives just because that person has LD and the doctor can't imagine any quality of life.
No. Language is a liging thing and the meaning of a word can change overtime.
"Greedy" is not the word that applies in this case. Nor is "short sighted". This is a retarted and dangerous behavior, and you should not be afraid to call it for what it is.
See above example with the car and try to imaging is the following happened: you have to drive immediately to a hospital and your car doesn't start because your tire was changed by a non-authorized service.
"Greedy" and "short sighted" are not the words that come in mind. It's a trully retarted and dangerous decision, initially driven by greed (because let's make computers like black boxes, no-one can open it, no-one can mess with it).
If you're talking about IQ less than 70 use whatever is relevant in the country you're in. In the US this is usually intellectual disability (which is a subset of learning disability, which in US also includes eg dyslexia which doesn't have IQ requirement), but for some small groups it might be retard (although other groups see that as hate speech.)
If you're talking about a difficult to understand action call it dumb or stupid or idiotic or almost anything but retarded.
In the UK the word retard is pretty much equivalent to kikes or nigger or faggot. I'm not sure people in the US recognise that when they say retard people outside the US see a word like nigger. If that's the level of offence you want to create then sure, go ahead.
WTF? Did you make that all up just to be able to put me down? Really, what a disgusting comment. I used a word that has a dual definition according to my goddamn dictionary and asked politely for an alternative and reason and edited my comment long before you posted this and yet you feel that you should use this to pretend that I like to create a certain level of offense when I clearly went out of my way not to.
Dumb = mute
Idiot, moron = low IQ
Lame = non-functioning limb
The problem is not choice of words, the problem is insulting someone by calling them "low intelligence" instead of short-sighted (oops! That's a visual disability) or careless or selfish or unimaginative or impatient.
That clearly isn't what the word means today.
"Our son was having trouble in school and his counsellor suspected he might be retarded. We brought him to a retard house with a reputation for taking good care of the retards and the doctor said that he was, indeed, retarded."
That's the sort of thing you might have heard in 1905 but not today. It means something different now. Which is why it's now inappropriate when applied to a person with a learning disability. But the target isn't a person with a learning disability, it's a multinational corporation. The point isn't that Apple has a learning disability, it's that they're being retarded. There isn't another word that means quite exactly that.
It's essentially the same argument as the people who say not to use the word hysterical because of its history. That's not what it means anymore.
https://www.youtube.com/watch?v=vuEQixrBKCc https://www.youtube.com/watch?v=NXWBvB4U-cA
I'm afraid you'll have to express yourself in some more detail and avoid hollow cliches. This is a complex and nuanced debate.
and guess what? even then, people are going to get offended
there is a limit to how much you can sugarcoat everything you say in public, and i think the us has passed that limit into oversensitive territory
you are right, it is nuanced
my strategy is to say "sorry" when it's due, rather than overthink every minute iota. of course, i'm not running for office and i don't live in the us
Countering natural behavior with culture is what humans do, for better or worse.
If you really care :-) :
I had the chance to be raised and still live in a very mixed part of Paris. There is racism, of course, and for example I can remember how kids of Portuguese descent were the object of mockery back when I was young. (That's significant because today it's put under the carpet as if it never occurred. It seems nobody even remember!).
That makes you think about bias, how bias turn into systematic racism, etc. That makes you discover how people of course cluster around commonalities but also like to share and connect with others when given a safe context.
Racism is quite pervasive in France, and for example younger generations make it a central part of their dialogue and jokes. But many people are working toward inclusiveness too.
Just like women equality and wealth sharing, non-discrimination is not solved thing in any given society: it's a constant challenge to tackle, probably without an end in sight.
It's probably the same for individuals: how can I be more inclusive? Less biased toward others?
It's sad but that seems to be the state of affairs and I don't expect this to get any better in the next couple of centuries. Barring an alien invasion that gives us a reason to play 'us' against 'them' on a bigger stage I doubt humanity will be able to really overcome this particular hurdle. Which is sad because it is a large driver behind all the violence and misery in the world.
a) source?
b) what do you mean by "not like us"? in some ways, no human being on the planet is "like" me, in others, everyone is.
B) Everything. Me against my brother, me and my brother against my cousin. Me and my cousin against the world. Likeness could be anything that a person deems important. Race, religion, football teams, harry potter vs lotr, dota vs lol.
Even if that was true, which it isn't, why do you think that means we should give up and speak or write carelessly? Why do you object to improvement/progress?
Because it is neither progress nor improvement. Thought policing is harmful and stupid.
you can't say anything anymore without qualifying it to the nth degree and sugarcoating it and making it as bland as possible, just in case someone somewhere feels that some thing you said was some how offending
People who use "retarded", "gay", "autistic", "ghetto" (and so on) in a derogatory form are showing a lack of imagination, aren't introspective enough to consider how their choice of words makes others perceive them, and trivialize an entire group of people by subordinating them in their effort to demean someone else.
And that's the problem. It's condescending (and meant to be, don't tell me it's not) to call someone or something "retarded" when one is actually expressing an opinion that the person or thing is not worthy of merit, and history is rife with abuses that result from trivializing a group of people by distilling that group to a pejorative. "Fuck those short sighted motherfuckers," may shock because of the direct use of the glorious and multitalented root word "fuck", but it certainly isn't trivializing a group of people with a minor vision impairment, because short sighted is not the term used to refer to someone who is near sighted. It's borderline lazy, sure. It may offend someone's sensibilities, yeah. But choosing a word that one knows damn well trivializes a group of disadvantaged human beings ... that's profoundly different from dropping the occasional F-bomb.
It's not about political correctness, it's about recognizing that one's choice of words can carry a great deal of meaning that diminishes the intended effect of those words. In some cases, by literally dehumanizing a group of people.
It's not "colorful language", it's lazy and careless prose.
And to any current reader of this comment who thinks such pejorative language is okay in civilized company: either this post changes your mind, dear reader, or it doesn't. Using what you think to be clever analogies, closed-minded logical fallacies, or meritless affirmative defenses ("but, freedom of speech!") is encouraged, if it makes you feel better about yourself to put me in my place for feeling the way I do about this kind of language. Your right to free speech is no different from mine, I won't stop you. But I also won't waste the expression of my free speech rights by trying to argue with someone who doesn't acknowledge that maybe ... maybe ... they're wrong, so please feel free to satisfy that desire to get in the last word.
I personally am aware of zero instances where anyone associated with a developmental disability is comfortable with the use of the word 'retarded', in any context. (Please note: this is not to say such a thing does not exist!) Empathy is a worthy reason for voluntarily restricting my personal speech, and I appreciate others willing to take people like you into consideration here on this forum!
You are suggesting that they would be uncomfortable with:
"we applied the fire retardant at the base of the flames..."
"the growth process was retarded by the application of too much nitrogen fertilizer..."
"his social development was retarded by the lack of same age peers in his neighborhood..."
Again, genuinely curious - are we expected to contort our language around these concepts now ?
I suspect that the poster is referring to the whole of his experience as the pool of contexts in question, and thus can state that he knows of no one who is comfortable with the word choice - given that most people don't use the word "retarded" as the past tense of the verb "retard", which means to hold back or slow down, I'm inclined to agree.
Retardant is not in question. The use of retard as a verb as it's intended to be used is not in question. The vast majority of utterances of "retarded" are used as a pejorative adjective, so while I see your point, I think you're missing his: The reality is that the adjective form of retarded is, in nearly all common-use cases, a careless diminution of those with developmental or learning disabilities, as it serves to suggest the idea/thing/person could only have come from someone with such a developmental or learning disability.
What I don't quite understand is why it trivializes people to use a disability as a pejorative, but it apparently doesn't trivialize people to use a disease as a pejorative.
Let me put it this way. If I call someone cancerous, I'm not trivializing the group of people that have cancer and distilling them to a pejorative. In general, if I use a disease as an insult it's fine, but if I use a disability as an insult it's usually offensive. They're both afflictions, but they're treated differently in uncountable ways.
I could list some reasons, but none of them really feel like they get at the root cause of the difference. Do you have any insight?
(I don't have first hand experience with either, so I'm just musing too..)
It has always been their approach to control every interaction that every customer has with every part of their business and every product produced by it.
Accept it or use something else.
Also, mass downvoting of this comment in 3. 2. 1 ...
Please don't bait other users by inviting them to downvote you or announce that you expect to get downvoted.
You will, of course, be down voted – because of your childish insistence that anybody who thinks differently from you is suffering from some kind of illness.
suprised maybe not so much, but it seems pretty obvious one would get upset if his/hers go-to device is suddenly rendered practically useless?
I do stand by my assertion that it is legitimate for apple to behave in this way though. They get to present their business as they choose to just like any other company and the customer get to choose whether to accept their terms. Personally I don't but, empirically, most other people seem to.
I would however support requirements (as legislation) that consumers should be made aware of such practices at the point of purchase such that they can factor it into their buying decision.
Looks like Apple is, yet again, going to be investigated by the ACCC.
High prices and resale values have spawned a substantial and apparently growing 3rd party repair and refurbishment market for Apple mobile devices. Beyond the dodgy corner unlock shops, multiple national chains have sprung up over the last 2 years where I live that advertise heavily on broadcast TV.
Apple clearly sees this as money left on the table and they're concerned about the emergence of a comprehensive parallel supply chain for repair parts. Bricking end-user devices is one of the few levers they've got to try and shut down this industry, since there's no way to effectively identify and pursue the upstream suppliers in mainland China.
Sucks for the users, though. I wonder if Apple will still be selling devices at all in 5 years, or if they'll only rent them out for €25/$25/£25 per month. Ultimately that'll probably be the only way to get the control they want.
You need to send the watch to the factory for service, at factory prices.
So, when you buy a Rolex, your are actually leasing it? You don't truely own it, if you can't get the parts to fix it?
It's just another way to make money.
I didn't think Apple would irritate their customers at this particular point in time?
And yes, I too believe, "This is just the beginning."
The conversation was from last... sep I think, and he was referring to a change a few months back. They had been able to buy the whole screen units for around $25-$30/piece, and his shop (owned a few) bought a lot of them - always kept a lot in stock. Earlier in 2015, he said, Apple started putting the screws on their parts suppliers, requiring them to destroy any overages or extras that didn't pass QA. This overage supply was where he and others would get their replacement parts.
He said that almost overnight, the prices on those screens went to $40 or more. They had a several month supply, but were already having to replenish at the higher price point.
So... Apple knowing about "third party repair" stuff, isn't all that new, but they seem to be taking more steps to actively prevent competition here. :/
re: "renting" - they'll probably still sell them, but all but force an icloud-style service for storage (probably still be selling 16g models when they provide 16mp cameras, and use up 6g for the OS). That or perhaps they'll just buy a carrier and you can be paying them $100/month for voice/data service directly, on top of $700 for a device.
I completely understand the downsides of Apple's particular approach here, and totally get why people want the right to use 3rd party repair services. I've used them myself in the past to save (a lot of) money.
But considering just how much of my life, financial and otherwise, is on my phone, I'm actually very glad that Apple has erred on the side of obsessive security!
The BBC article talks about someone who was in Macedonia. Apple doesn't have repair centres there. What they did - try to repair their device in a non-Apple-served country - was about all they could reasonably do.
As Apple wants more of our life to be phone-oriented (payment details, wallet, physical data, etc) expecting 100% of people to be within X minutes of official repair centers 100% of the time is not workable, nor reasonable.
I get it - the home button is secure and might have been compromised. This was just horrible design - they failed to account for a failure mode, and default to a brick instead.
A warning bar or message on boot indicating "the touch id may have been compromised - all touch id features are disabled - please contact Apple" - while annoying - would have been reasonable.
I was thinking along similar lines recently when someone sent me an email to an old PGP key - I was able to dig up the key, but had long since forgotten the password. Do you want your computer security system to fail-open (leaking your stuff and potentially exposing you to fraud) or fail-closed (losing data which may be irreplaceable and of emotional significance)?. It's not obvious. But if you store your photos on your phone, you should probably back them up to the cloud - and to a different system that is not under the same account, either locally or another cloud. User-friendly crypto may be possible, but user-friendly key management is a total nightmare.
Stores life in fragile device
Fragile device breaks
Dies
I learned 15+ years ago that the OS should have that as standard, with no privacy issue either. It is crazy that it is not baked in already. It's not even difficult.
Apple only really need a death certificate and certificates of probate; but Apple insist on different court orders.
So I'm not sure if SOGA etc will affect Apple here.
> Apple only really need a death certificate and certificates of probate; but Apple insist on different court orders.
Huh? Why should next of kin automatically be entitled to all someone's personal information?
It may be overly paranoid but I can at least understand the motivation behind this. Changing the display also involves disconnecting the Touch ID sensor so technically a malicious person might have done something that exposes the user of the device in some way.
Statement from an Apple spokeswoman:
“We protect fingerprint data using a secure enclave, which is uniquely paired to the touch ID sensor. When iPhone is serviced by an authorised Apple service provider or Apple retail store for changes that affect the touch ID sensor, the pairing is re-validated. This check ensures the device and the iOS features related to touch ID remain secure. Without this unique pairing, a malicious touch ID sensor could be substituted, thereby gaining access to the secure enclave. When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.”
http://www.macrumors.com/2016/02/05/error-53-home-button-iph...
Which is a good thing.
This is like complaining that forgetting your encryption password "bricks" your hard drive.
Yeah, apple deserves some flack for not making this known to 3rd party repair shops, but it's not a problem itself.
A non functioning bricked device is more secure than a functioning device. Yes.
Just like all other similar decisions made by other companies under the guise of 'protect[ing] the customers', it should be clear that this is no more than a guise. If protection is what they had in mind they'd simply disable any functionality which could be impacted by a dodgy part. Disabling the whole device has the single, self-serving purpose of channelling the cash flow from the repair businesses into Apple's coffers.
I don't see how killing the entire 3rd party repair network worldwide can create a positive outcome for Apple, because they are unlikely to even have the resources for repairing every device in a timely manner and with acceptable costs.
It's easy to say that they'll just earn more from repairs and sell more devices, but customer satisfaction is also important and I believe Apple takes issues that essentially brick devices very seriously.
It is also well known that they take privacy very seriously (although implementations might not be perfect), so I am inclined to believe that in this case privacy concerns have won against customer satisfaction concerns.
Edit: Apple Pay is also a _very_ important product for Apple, I imagine they simply cannot afford any issues that might make this seem unsafe to customers.
Limiting the availability of repair services to the captive audience of apple-users probably increases sales. Those who have bought into the apple world are (for now) unlikely to step outside of the garden, so they'll replace their broken iThingy with a new one instead of 'just getting an Android this time'. Just look at this comment for an example of that attitude: https://news.ycombinator.com/item?id=11061800
> "... I've got better things to do with my time. I'd rather walk into the Apple store and replace my MBA or my iPhone when I've got a problem. That saves me time for my wife or my hobbies. Trade money for things that save you time, to spend that time on what's important to you (if you've got the money). ..."
This is the attitude apple would like to cultivate: solve problems by throwing more money at them.
https://twitter.com/charlesarthur/status/695709113964195840
https://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty...
"Anyone can access your private photos and emails! Just replace the home button with one programmed with your own fingerprints!"
Can you imagine the comments if that were a story?
The problem here is that Apple didn't find a way to tell repair shops and users that this could be an issue.
For instance: "IOS has detected a change in your Secure Home Key. Please contact apple secure support to confirm that your device is still secure!" add a 1-800 number and some security questions. Or automate it by requiring a login to your Apple account, email validation, and email notification of the change.
Bottom line, when one authentication method fails, you need a fail over to something more difficult.
There's no way the customer or Apple can do that with third party hardware installed. The only solution I can see is to disable all of the features relying on Touch ID.
Really, this seems pretty straightforward. "Security," while always a noble cause, is not an excuse to add gratuitous points of failure to a system.
If a motherboard displayed an error when a piece of hardware from a different manufacturer was inserted and failed to operate, we'd cry bloody fucking murder. Instead, we expect users to take responsibility and if they compromise their own machine / want to take a risk then that's their business.
Just because it's an Apple phone shouldn't reallign our morals concerning user control and responsibility.
This attack you suppose Apple is defending against is not possible.
The only attack Apple is really defending against is the attack of non-Apple phone repair companies.
Everything pointed to a software issue, but every repair person I took it to (both apple and non-apple) kept saying it was a hardware fault.
Touch ID stopped working and the phone drains super quickly despite not being in use. Hoping Apple can provide a "fix", not gonna hold my breath though.