If you have a modern iPhone and don’t want the crazy hacks, a very very simple but effective tip is to power off your iPhone when exiting the aircraft. When the device powers up it is in “before first unlock” mode and is severely restricted in what it can do. The attack surface area is significantly reduced. They’re not going to burn one of their $100,000 per install exploits on your BFU phone the same way they do with a full physical access unlocked paid exploit.
> If you have a modern iPhone and don’t want the crazy hacks, a very very simple but effective tip is to power off your iPhone when exiting the aircraft. When the device powers up it is in “before first unlock” mode and is severely restricted in what it can do. The attack surface area is significantly reduced.
From a comment in the article:
"Schneier’s border crossing opsec advice is characteristically thorough, but the recommendation to simply ‘turn off your phone’ undersells modern forensic capabilities. As a security consultant who’s testified in border device seizure cases, I’ve seen CBP’s Cellebrite tools extract data from ‘off’ iPhones up to 72 hours post-shutdown via remnant charge in memory chips (see 2024 DEFCON demo). The article’s Faraday bag suggestion works, but only if activated before entering the 100-mile border zone – we’ve documented RFID sniffers in airport limo services."
I shut down my macbook before coming back to Canada and the agent threatened to confiscate it for a year. I unlocked it because it was purely a principle thing and a new laptop would've been expensive.
> A CBSA officer will start with some questions before examining your personal digital device. To examine the device, the officer will first ask for the password. If the device is password-protected, they will write your password on a piece of paper. You are obligated to provide your password when asked.
> Note Failure to grant access to your personal digital device may result in the detention of that device under section 101 of the Customs Act, or seizure of the device under subsection 140 (1) of the Immigration and Refugee Protection Act or under section 110 of the Customs Act.
Well guess we’re not going to Canada again.
It also never mentions them destroying the written down password.
> Electronic devices held for forensic examination under section 186 of the Customs Act will be retained for no longer than 14 days, provided there is no content on any device retained which renders the device subject to seizure under Customs-related laws. If any device is subject to seizure, the examination of any associated retained devices may take longer than 14 days.
It's a border crossing, required unlocking of devices is common practice including especially by the US. National sovereignty is supreme and countries have the right to implement whatever procedures they deem necessary before permitting entry.
Unlocking of devices is distinctly different than “write your password on a slip of paper”. Even if they shred the paper, the room for sure has CCTV video recordings so they’ll have a copy there as well.
Good thing all of us here are following (and extolling) the advice to never reuse passwords, espcially when ones device is in an evidence locker and subject to controlled access by authorized personnel
Persistence in modern macOS is only really possible in userspace, as the OS partition is immutable. There are only a handful of places this is possible, which are fairly easy to detect.
Unless border agents are burning 0-days on random passersby, it’s fairly unlikely they installed anything persistent that can’t be removed.
I’ve always been mildly curious about this. When you say “looked through my files” what exactly do you mean? They opened finder and scrolled through the standard folders like downloads, documents, pictures, etc?
They can still hold you for a long time (days?) at the border without being formally charged with anything. That's what I've been told, not sure how true it is. A Canadian entering the U.S was held for 2 weeks with no charges - not just a entry denial.
Same. The president is repeatedly threatening to annex my country. I was already avoiding the US because TSA is creepy, but now I'm actively divesting from it.
Same for me as well. I've also gone as far as moving any paying business away from the US. I have completely moved off paid US services as of about a month ago to Canadian or EU equivalents.
Yes and it was one of the best years of my life. I made more money from submitting vulnerability assessments than my day job. I’m structuring my life to do this again.
You get a little lonely as you don’t get the social fix from hanging out with work folk.
Overall the health benefits are immense. Both mental and physical as you have more time to look after yourself.
The success comes in the form of creating a void for opportunities to present themselves. I ended up doing things I never thought I’d do. Some were fun nothing burgers, and others were financially successful. The important thing is I got all my daily chores done first and only coded if I was “bored”. Coding/hacking came last.
LUTs are commonly used in geodesy applications on or near the Earth's surface. The full multipole model is used for orbital applications to account for the way that local lumpiness in Earth's mass distribution is smoothed out with increasing distance from the surface. It might be reasonable to build a 3D LUT for use at Starlink scale or higher, but certainly not for individual satellites.
Ben from UncharteredX has a good video on these drill samples, but does not buy into the mainstream acceptance of how they were made. In fact the granite core samples show continuous grooves and you can calculator the pressure per turn the mechanism was under, and it’s not really able to be done easily.
A discontinuity being an exception from a great majority of surface consisting of spiralling and continuous lines is no proof, nor debunking.
A spiral form being an exception from a great majority of circular lines may be just that, an exception, and would point towards a non-spiraling cut.
The photo with the discontinuity shows one side only. Therefore there is no way of knowing if and how the lines are connected on the obscured side, and no conclusion can be made either way.
Important to distinguish a spiral cut from a spiral ream. It is entirely possible to chip/drill/chisel a hole, and then to ream it out with a spiral tool.
Could someone point to where in the article that is? Figure 5 is not a counterexample in my opinion, for the reasons mentioned in an one of my other comments, namely a single deviation from a spiralling line (if there are such lines) is not proof that all other lines are not spiralling. It is only a counterexample with regards to those particular lines.
They don't need to prove all the lines are not spiraling, only to find counterexamples where the lines (spiraling or not) are discontinuous. One counterexample is enough to disprove a theory. Their explanation of exactly how their theory resulted in the evidence we see is easy to understand. A rebuttal would ideally include a similarly detailed explanation and similar experimentation around how fixed cutting points would have produced the same discontinuities.
Thus, in the interest of scientific advancement, I encourage you to, like here, team up with someone who has no horse in the race, and publish an equal or better rebuttal. After all, science can't advance if we just accept what someone says or limit our disagreement to an internet comment.
It's a pretty old article, maybe an unbiased team already has done this!
What I haven’t seen discussed here much is optimising for developer maintenance. I think the author’s solution is great for this; it’s easy to understand and each move has a bit pattern. Easy to debug. Somebody taking over in the future will understand this compression.
If on the other hand you can squeeze another 10% storage from Huffman encoded inverse tree lookup tables that only neckbeards understand, you’re limiting your pool of people able to do maintenance on this system in the future when the author is long gone.
Easy - make mental health non-reportable to the aviation authorities. Instead, the shrink can report if they think there is an issue to public safety, as they would currently do for patients at risk of harming the public.
The problem is people think that any 'solution' to this problem needs to be perfect. "What if we never find out this guy was a problem" comes up. No. You just need to make the next system net _better_. Don't delay forward progress because the next step isn't "perfect".
Would that really solve much? If the concern is pilots are not being honest to save their jobs - it seems like they would still not be honest to a therapist if they were considering self harm. I'm sure it would just take one story of a therapist being overly cautious and reporting someone having benign issues for it to convince pilots not to talk to therapists.
It would solve the problem of "pilot needs someone to talk to about their issues with their wife", which is nice. But don't know if it solves the larger issue being discussed.
> make mental health non-reportable to the aviation authorities. Instead, the shrink can report if they think there is an issue to public safety, as they would currently do for patients at risk of harming the public.
Put yourself in a pilot's shoes. Would you attend sessions if there was ANY chance of you not being able to fly? Would others? It's optional and your entire career hinges on not being grounded once. That's you, your family, and anyone else who depends on your income.
The perception of this solution is still the same as the current one - I can be grounded.
Initially it might work, but once that first guy gets grounded via the program (or maybe a few), word gets out that's what this system ends up doing - you're right back here wondering what the solution was that was so easy.
I have a solution: pass a law that if any pilot gets grounded for mental health issues, then the airline industry (as a whole, in case his airline goes belly-up) has to continue to pay that pilot's salary until he retires.
Isn't this how it's handled in other countries when someone can't work due to medical issues? Surely they have some way of discouraging fraud, probably by making the doctor responsible or perhaps requiring multiple doctors to cross-check.
The famous Germanwings murder-suicide had some of this in play -- the pilot's doctor had given him a letter excusing him from work, due to a probable psychotic episode, but the pilot chose not to share the letter with the airline and the doctor was forbidden by law from sharing it.
Great article, but unfortunately the lying is entrenched culturally. The regulator is so distrusted it can never change.
For example in Australia I’ve heard multiple cases of somebody proactively seeking counselling for help dealing with temporarily stressful situations such as divorce, then being grounded at work, and the regulator (CASA) denying medical clearances. This increases the stress.
Every time some senior person proclaims “it’s okay this time - report your illnesses”, it never is, and we go around this circle again and again. I will personally never report my medical history accurately to the regulator.
This sounds like learned helplessness. Of course there is something they can do. There are a lot of things they can do to become better.
The medical profession is almost unrecognizable from what it was in the 1950s. My grandfather (MD) said as much 15 years ago before passing away. It has only changed more since then. The FAA’s policies are based on 1950s medical knowledge and opinions.
If you spend any significant time in online aviation circles, medical issues come up daily. People who had a diagnosis of ADHD as a kid (when getting diagnosed with it was all the rage) have to jump through insane hoops if they disclose that on their FAA medical. Meanwhile, existing pilots often avoid going to a doctor or seeking help when they need it because of the possibility of losing their source of income, temporarily or maybe even permanently.
So, in many situations, instead of having healthy pilots, we have unhealthy pilots. The policy sometimes has the complete opposite effect of its intended purpose.
> People who had a diagnosis of ADHD as a kid (when getting diagnosed with it was all the rage) have to jump through insane hoops if they disclose that on their FAA medical.
The FAA could change this instantly by simply abandoning their “have you ever” language and focusing on whether or not the pilot currently requires medication for a condition.
The government just loves those “have you ever” questions, though, as you know if you’ve ever applied for a clearance or gone through the immigration process. So they probably aren’t going away.
It can change. The regulator could start doing positive examples of temporary grounding and supporting the pilot. There are all kind of active actions the regulator could take that would change things over a few decades.
But first the regulator need to take action and keep doing it.
Also lockdown mode to reduce attack surface area.