There's a video [1] from the "hacker" sending the message. The hacker allegedly [2] stole the VPN credentials (of an employee and two colleagues, because they were doing credentials sharing apparently) from a personal computer ("RGB gaming PC") running Windows 7 (EOL), w/o antivirus and reportedly having search for Windows activators for Windows 10 and Office 2019. Cherry on top: the malware seems to have dropped via a malicious game install. Lol
Ironically he recorded the video with CapCut, showing his ID, which also revealed their profile picture and identity [2]...
If all of this is true, we're lucky they "only" paged the whole country instead of doing something even more harmful. This is some crazy level of incompetence / lack of security.
The 4G/5G Public Warning System is fundamentally designed for instantaneous earthquake and tsunami response.
It's a bit like modern day equivalent of air raid sirens, or incoming nuke alerts, even. And as such, it's just unfit for things that don't require immediate and full alert. AMBER alerts are just not good use of it.
It's another instance of: give a politician a fish and watch him smear it on the walls to stink up the place, throw it in the garbage and then complain he's still hungry.
While I understand how we arrived at this point I find these centralized systems with special privileges frustrating. That they have repeatedly exhibited severe vulnerabilities and mismanagement is just the cherry on top.
There ought to be a specification of an open protocol that includes certificate based authentication. I should be able to have my pick of which app to use and then subscribe to whatever feeds I'm interested in from anywhere in the world. In addition the local network operator should advertise various local feeds.
What I'm describing is about as technically complicated as RSS plus public keys but as usual even moderate technical competency is a bridge too far for the government.
It’s not a technical problem. And the problem is that it’s not centralized.
Everyone and their mom has their own system, managed by different people with different standards.
It’s like USB cables — yes there are strict technical standards but when you have a million different manufacturers, they all do it differently and some cut corners and bend the rules how they want to.
Look at how two different cities handle their water supply or their police — different management, different priorities.
I agree. It's a lack of technical proficiency on the part of the world's government's problem, which is another way of saying it's a political problem.
> And the problem is that it’s not centralized.
It is, though. The implementation might not be uniform but the architecture is inherently centralized. Subscribers do not get to pick and choose sources, that is decided by the network operator (AFAIK).
Consider, if BigCo wanted the ability to push alerts to people on their campus (who consent to receive them ofc) how would they go about it? If you have family who live elsewhere in the world and wanted to be apprised of natural disasters how would you subscribe to receive those alerts?
Active shooter, chemical spill, any kind of building emergency like water stoppages.
And then if it wasn’t tightly controlled and carefully managed, probably things like social events with free snacks, company all hands announcements, and single cars blocking someone into a parking spot.
I see the usefulness of more fine-grained subscription, but also see the abuse potential from giving more people access.
> but also see the abuse potential from giving more people access.
If the end user has full control over subscriptions then spam will simply result in silencing or unsubscribing. As opposed to right now where it's all or nothing and it isn't even authenticated. So for example either I get spammed with amber alerts from 100 miles away or I opt out of wildfire warnings. Not a great trade off.
Well yes, there are many things that you must consent to as a condition of employment. Nothing new there.
I have no idea what they would push, the point is that certain large institutions may have a legitimate interest in reaching users on the premise from time to time. Airports, stadiums, and theme parks immediately come to mind. Anywhere there's a large gathering of people over a wide area which complicates any emergency response.
Why can't the local PD push out an alert to a particular neighborhood if they deem it useful for whatever reason? As long as they didn't spam me I'd voluntarily subscribe to that. As it currently stands I believe (at least in my state) they would have to escalate to a statewide institution and even then I don't understand the targeting to be particularly fine grained.
On top of all that alerts aren't currently authenticated.
They wouldn't need to. By default the tower would send along the signatures for the proper local channel(s) and by default the OS would ship with an app that blindly subscribed to those. The difference out of the box would be that the sources were properly authenticated.
For users that wish to configure such things the difference would be that they could select the app of their choice (fixes the terrible UX), select the sources of their choice (not limited to those advertised by the tower), and filter as they pleased (fixes all the false alarms).
I think this is more useful that it might appear at first glance. Consider for example airports where the flexibility could be quite useful during an emergency response. Many venues would benefit from being able to send announcements of varying levels of importance. Nearly all of us walk around with network connected computers on our person yet our systems lack robust support for such basic functionality.
We, tourists, were driving in one helluva rainstorm in Texas back in 2017. It was all I could do to focus on the road. (And yes, we found a spot and pulled over. A Denny's, IIRC.)
Anyway, midway through this hellish journey, the car was filled with terror. What the hell? Just pure raw audio chaos. Neither of us knew what was going on.
It was my phone, of course. Helpfully telling me that it was raining, via some absurd bust-through-my-DND 'alert'.
> Disabling alerts is the second thing I do to a new handset
Except you can't in Canada. The Canadian government has made the alerts mandatory. The option to disable alerts in not present in settings menu (at least on iPhones).
You can disable alerts in Brazil. So in one sense, Brazil is more free than Canada.
> The Canadian government has made the alerts mandatory. The option to disable alerts in not present in settings menu (at least on iPhones).
I'm Canadian too, and I'm able to toggle all the options off on my Android phone, it just does absolutely nothing and all the alerts still come through.
Shortly before COVID there was a string of amber alerts arriving in the wee hours of the morning in Ontario regarding missing children. Didn't matter where in the province (larger than many European countries) it happened the alerts would to out regardless. A mix of people complaining about it and social media about why you're a bad person if you don't welcome these alerts. But inevitably they went away by and large. Not aware of any stated policy change I just suspect that they have become more conservative about sending them out because it was frankly ridiculous. Rousing millions of people from bed with any regularity over things they absolutely do nothing about would have only snowballed into a demand that it stop, even with the social media engine shaming people
There was a scheduled test last weekend, and I disabled the single “emergency alert” option in my iPhone’s settings. But it didn’t work, I still received the alert, complete with the heart attack inducing sound.
>> Disabling alerts is the second thing I do to a new handset
> Except you can't in Canada. The Canadian government has made the alerts mandatory.
Same for USG and Presidential alerts. I disable them anyway - which I can do after rooting. For one phone I deleted the PotUS alerts file. On another one I edited a config file. On my current handset, I disabled the wireless alert system.
The problem is that Canada ignores all of the different categories, and just sends everything out as a presidential alert.
> I disable them anyway - which I can do after rooting
Yeah, I used to root my phone and do the same thing, but I don't any more since rooting is too easy to detect with hardware-backed Play integrity these days :(
This is the way! One jurisdiction where I resided for a while loved these alerts. A rain cloud, warm weather, too cold, too warm, the phone was beeping at least 1 or 2 times a month. Fortunately my trusty chinese produced Nokia allowed me to turn all of it off to get some peace.
Here in Spain the alerts completely ignore my settings. They sound even when I turn them off on my Samsung. And they send them way too frequently, since the floods in Valencia last year they are constantly bothering us with minor weather issues, afraid they'll get blamed.
We don't have presidents here but they mark everything at the highest alert level.
The biggest issue is that Amber alerts are abused for both kidnappings and abductions. In a lot of jurisdictions, the term "abduction" is used for cases of domestic disputes e.g the divorced mom left the state with the kid when she wasn't supposed to etc.
I really disagree with Amber alerts being issued in cases where there's no immediate risk of harm to the child, and especially if the child is a teenager. They can damn well decide who they want to be with themselves. The type of stuff that's better off being handled in family courts with contempt of court orders shouldn't be aired out like dirty laundry and domestic disputes should not wake up the entire city. It sucks for the parties involved but there are much bigger fish to fry and actual kidnappings and human trafficking to worry about than to cry wolf across the mobile network every time kids get caught in the crosshairs of a bad relationship.
Next time when you get an Amber alert actually read and check up on the background story.
A) How is it related? B) I cannot just in my phone select caller ID I want, "phones in Poland allow to call you 'from'" is not true. It's just spoofing as in anywhere else and requires non-trivial technical knowledge.
This works in many countries, since the signalling protocols historically assumed a trusted small set of participants, not unlike email – with similar consequences once those assumptions became less and less true.
I constantly get scam calls from numbers that are very similar to my own in Canada. I assume this is an attempt to look like a normal trustworthy number.
I've worked a bit on the app which calls major telco provider directly. It was a basic web service call, and sender could be entered as anything. This is basic property of cellular networks, no more safety than say standard email.
Not a message, but a date. There's this huge national exam called ENEM that is like SAT that every Brazilian in age to enter a college takes. Millions of students are taking it every year at the same date and time, as its result is what determines who enters in the best universities. Obviously, security against cheating is a huge concern and so everyone must have their phones turned off and sealed in a bag that stays in front of the class until they finish the exam. Now I can only imagine the chaos that would be if an alert was sent in that day.
I read this as the implication being that at least some people’s phones would still be on them, and it would suddenly be very obvious.
Which incidentally, how do you enforce a rule like this without serious security like pat downs or metal detectors? Because otherwise you could easily sneak a phone in through the sophisticated hack of owning two phones…
Wouldn't. There isn't a single Brazilian who doesn't know Brazil's current world cup status. The entire country stops when there's a game. Nobody would fall for that.
"This is Army Commander Tomás Miguel Ribeiro Paiva. We have chosen to take command of the country to protect you against serious crimes against the people that we have become aware of. Remain calm and continue with your daily duties."
When I was around 8 years old I was browsing random channels on cable tv - and similar message was on an "infornation channel" (which consisted mostly of various scrolling texts). Hope the poor person stuck there was freed.
"Due to deteriorating economic conditions, we have decided to abolish currency altogether. The Real is now worth nothing. All trade will henceforth be performed exclusively in gold."
This is not a test. This is your emergency broadcast system announcing the commencement of the Annual Purge. Any and all crime, including murder, will be legal for 12 continuous hours.
There was a Larry Niven story where if you tried to call a certain guy, every phone in South America would ring instead. Anyone remember which story it was? The phone thing was just a throwaway line, not a significant plot point.
"Well?"Nessus began to pace the floor. "Many disqualify themselves by obvious bad luck. Of the rest, none seem to be available. When we call, they are out. When we call back, the phone computer gives us a bad connection. When we ask for any member of the Brandt family, every phone in South America rings. There have been complaints. It is very frustrating."
I enjoy the Ringworld series but the was Teela Brown is talked about/portrayed (really women in general in the book) is pretty gross on a re-read (I originally read them very young and most of it went over my head or I just wasn’t paying enough attention).
That doesn’t mean you shouldn’t read it, I have similar (though it no where near as bad IMHO) thoughts on The Wheel of Time portrayal of women though Ringworld is worse. I still love WoT but I do give a disclaimer when recommending it.
“When we call, they are out. When we call back, the phone computer gives us a bad connection. When we ask for any member of the Brandt family, every phone in South America rings.”
"The message sent was of the ‘Extreme Alert’ type and contained the word ‘misanthropy’ – which means hatred towards humanity. It is probably a hacker attack,” the agency’s statement said."
As this happens whenever there is an intrusion reported in the press, the word "hacker" is often misused:
"There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.
The basic difference is this: hackers build things, crackers break them."
As programmers in programming culture, we have a distinction between hacker and, potentially, cracker that no ordinary person has. ESR’s prescriptivism is pretty much worthless in this respect: words mean what people think they mean and what people use them for, and programmers do not have a monopoly on how people use the term.
OED has the “computer intruder” sense first cited in 1963, and the “enthusiastic programmer” sense first in 1969 (“now much less common than sense 3a”). Cracker first appears in 1968.
Besides, it is easy to disambiguate which meaning people mean. “Hacker attack” can only refer to the common usage of the term, not programming-culture usage.
Thanks for highlighting the even earlier term from 1963. If that is the case, then why don't journalists use the word "computer intruder" instead of hacker, when it's less a catchall?
The funny thing about these comments is that most of the replies to my comment have been more defensive than my own. I wasn't suggesting a monopoly on the term, and I wasn't suggesting "hacker" shouldn't be ever be used. I just said it's not very accurate, and the average non-technical reader may not know the difference.
I think you misunderstood. The 1963 term is "hacker", and its 1963 meaning is "computer intruder". I.e. the journalists are using the earlier definition and the definition referred to by "Hacker News" came later.
Ah, I see now that journos were referring to the older definition of hacker. I suppose newer interpretations have a ways to go in gaining acceptance, though I am not sure why the phrase hacker/cracker is even used, when other words could be used too, like tamperer (for intrusion) and tinkerer (for non-builder/non-intruder (i.e. on their own equipment, or a lab's equipment, and learner). Kind of like the phrase "me and the gang," although that word might never gain a total conversion, nor should.
At this point, it’s just you misusing the word. You WERE correct; it did mean the builders rather than the breakers. But to greater society outside of the tech industry, hacking is hacking, they don’t need a word to describe builders, and crackers sounds dumb and no one outside the tech industry would know what you were talking about. A cracker is a snack and a dated slang word to refer to white people.
It was an intentional, near-archaic throwback even at the time HN was founded. Paul Graham has written about it, you can probably still find his blog written about it 20 years ago.
This is a blast from the past for sure. To me, someone who read 2600 magazine in the dial-up era, that argument seemed passé 15 years ago. The world at large agreed many years ago that the word ‘hacker’ commonly connotes system penetration, or at least security circumvention. Words can have multiple meanings.
It's not so much a fight as a reminder of the technical words that actually distinguish one type from another. Are hackers considered ethical in the press today? 40 years of movies and press articles hasn't exactly made the idea of "white hat" a known term. https://en.wikipedia.org/wiki/White_hat_(computer_security)
It's kind of like Australia or the UK saying kids are "hacking" their PCs to use VPNS. There can be a very legitimate use of tools, but the portrayal of users bypassing blocks could just as easily be painted in a negative light.
One time someone made a joke or observation, 20 years or so ago, that their Myspace page was "hacked" because someone "posted on their wall". It's obviously not that misused, but just labeled that way when misinformed.
And remember, kids,
knowing how to program or wanting really badly to figure out how
things work inside doesn't make you a hacker! Hacking boxes
makes you a "hacker" ! That's right! Write your local
representatives at Wikipedia/urbandictionary/OED and let them
know that hackers are people that gain unauthorized
access/privileges to computerized systems! Linus Torvalds
isn't a hacker! Richard Stallman isn't a hacker! Niels Provos
isn't a hacker! Fat/ugly, maybe! Hackers, no! And what is up with
the use of the term "cracker"? As far as I'm concerned, that term
applies to people that bypass copyright protection mechanisms.
Vladimir Levin? HACKER. phiber optik? HACKER. Kevin Mitnick? OK,
maybe a gay/bad one, but still WAS a "hacker." Hope that's clear.
This is like a new philosophy student objecting to someone saying, “This begs the question of whether…” It’s essentially a category error, an incorrect application of context.
You - and Eric Raymond, who believes he’s an incarnation of the god Pan - are both using a meaning of the word that has only ever been used in a relatively tiny subculture. That meaning has no bearing on its broader use.
I think the usage of the word in the CNN article is more like a news report saying there was a bear attack. Bears hunt salmon, eat berries and veggies, since they're omnivores. A report is only going to be typically referring to bears in reference to an attack on humans, but bears have other normal activities, like communing with other bears, taking a nap, raising cubs and going on walks. In that sense, hackers do partake in multiple, non attack activities.
It would be just as unusual to have a story about hackers doing acts of good will, like helping old ladies cross the street. But a news report isn't going to cover that. "Hacker altruist volunteers at soup kitchen" might make a headline, I suppose.
I'd just like to interject for a moment. What you're refering to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called Linux, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.
There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called Linux distributions are really distributions of GNU/Linux!
This implies that governments didn’t already have this ability, which appears to be largely untrue? To my understanding, many countries already had emergency messaging systems, and mobile integrations are just a way of modernizing them.
(It seems exceedingly good that the government can warn every civilian about natural disasters, etc.)
Governments had poorly thought out poorly secured barely functional systems involving the network operators and those were then integrated with default system apps that have terrible UX without fixing any of the problems AFAICT. Agreed that it's clearly necessary functionality but it's worse than useless when it's so far proven to be (at absolute best) a constant stream of irrelevant alarms.
This is not related to Google or Apple. And this extreme alert, it's sent even to cable TV automatically.
In a few countries, it's sent even on Fax lines.
I've yet to receive one of those that was useful. Meanwhile the 70+ year old storm sirens mounted on the nearby office buildings work perfectly in my experience, being audible even indoors from many miles away.
Even then. During a recent storm, they went off erroneously in Denver. (Looks like the other two erroneous alerts were via phone though.)
> Denver emergency officials say they are working to rebuild public trust after a mistaken tornado siren activation Monday became the third improper emergency alert issued in the city this year.
There's a video [1] from the "hacker" sending the message. The hacker allegedly [2] stole the VPN credentials (of an employee and two colleagues, because they were doing credentials sharing apparently) from a personal computer ("RGB gaming PC") running Windows 7 (EOL), w/o antivirus and reportedly having search for Windows activators for Windows 10 and Office 2019. Cherry on top: the malware seems to have dropped via a malicious game install. Lol
Ironically he recorded the video with CapCut, showing his ID, which also revealed their profile picture and identity [2]...
If all of this is true, we're lucky they "only" paged the whole country instead of doing something even more harmful. This is some crazy level of incompetence / lack of security.
[1]: https://x.com/i/status/2068482069643071749
[2]: https://x.com/i/status/2068633434591830290
[3]: https://x.com/i/status/2068488298998231117
It also looks like they've used leaked old credentials that weren't updated in years: https://x.com/i/status/2068635848786972863
USA has that new "Presidential Alert" right?
wonder how that will be abused by 2029, at least once
https://www.aau.edu/research-scholarship/featured-research-t...
Disabling alerts is the second thing I do to a new handset (after rooting) - including Presidential alerts.
The Amber alerts I got were often hundreds of miles away. But even if they were closer - say only 25 mi away, I'm still not going to be any help.
Weather alerts weren't much better. Having my device sound the klaxons over Red Flag warnings conditioned me to ignore all alerts.
The 4G/5G Public Warning System is fundamentally designed for instantaneous earthquake and tsunami response.
It's a bit like modern day equivalent of air raid sirens, or incoming nuke alerts, even. And as such, it's just unfit for things that don't require immediate and full alert. AMBER alerts are just not good use of it.
It's another instance of: give a politician a fish and watch him smear it on the walls to stink up the place, throw it in the garbage and then complain he's still hungry.
What happens when you teach him to fish :-(
You can't, they're incapable of learning.
While I understand how we arrived at this point I find these centralized systems with special privileges frustrating. That they have repeatedly exhibited severe vulnerabilities and mismanagement is just the cherry on top.
There ought to be a specification of an open protocol that includes certificate based authentication. I should be able to have my pick of which app to use and then subscribe to whatever feeds I'm interested in from anywhere in the world. In addition the local network operator should advertise various local feeds.
What I'm describing is about as technically complicated as RSS plus public keys but as usual even moderate technical competency is a bridge too far for the government.
It’s not a technical problem. And the problem is that it’s not centralized.
Everyone and their mom has their own system, managed by different people with different standards.
It’s like USB cables — yes there are strict technical standards but when you have a million different manufacturers, they all do it differently and some cut corners and bend the rules how they want to.
Look at how two different cities handle their water supply or their police — different management, different priorities.
> It’s not a technical problem.
I agree. It's a lack of technical proficiency on the part of the world's government's problem, which is another way of saying it's a political problem.
> And the problem is that it’s not centralized.
It is, though. The implementation might not be uniform but the architecture is inherently centralized. Subscribers do not get to pick and choose sources, that is decided by the network operator (AFAIK).
Consider, if BigCo wanted the ability to push alerts to people on their campus (who consent to receive them ofc) how would they go about it? If you have family who live elsewhere in the world and wanted to be apprised of natural disasters how would you subscribe to receive those alerts?
What emergency alerts would BigCo push to people on its campus?
There would be no consent btw, they'd just fire anyone who didn't enable the alerts.
Active shooter, chemical spill, any kind of building emergency like water stoppages.
And then if it wasn’t tightly controlled and carefully managed, probably things like social events with free snacks, company all hands announcements, and single cars blocking someone into a parking spot.
I see the usefulness of more fine-grained subscription, but also see the abuse potential from giving more people access.
> but also see the abuse potential from giving more people access.
If the end user has full control over subscriptions then spam will simply result in silencing or unsubscribing. As opposed to right now where it's all or nothing and it isn't even authenticated. So for example either I get spammed with amber alerts from 100 miles away or I opt out of wildfire warnings. Not a great trade off.
Well yes, there are many things that you must consent to as a condition of employment. Nothing new there.
I have no idea what they would push, the point is that certain large institutions may have a legitimate interest in reaching users on the premise from time to time. Airports, stadiums, and theme parks immediately come to mind. Anywhere there's a large gathering of people over a wide area which complicates any emergency response.
Why can't the local PD push out an alert to a particular neighborhood if they deem it useful for whatever reason? As long as they didn't spam me I'd voluntarily subscribe to that. As it currently stands I believe (at least in my state) they would have to escalate to a statewide institution and even then I don't understand the targeting to be particularly fine grained.
On top of all that alerts aren't currently authenticated.
Consent under threat of starvation isn't consent.
Users have no interest in sysadminning their phones in this manner.
They wouldn't need to. By default the tower would send along the signatures for the proper local channel(s) and by default the OS would ship with an app that blindly subscribed to those. The difference out of the box would be that the sources were properly authenticated.
For users that wish to configure such things the difference would be that they could select the app of their choice (fixes the terrible UX), select the sources of their choice (not limited to those advertised by the tower), and filter as they pleased (fixes all the false alarms).
I think this is more useful that it might appear at first glance. Consider for example airports where the flexibility could be quite useful during an emergency response. Many venues would benefit from being able to send announcements of varying levels of importance. Nearly all of us walk around with network connected computers on our person yet our systems lack robust support for such basic functionality.
I think it would increase their trust in the phone system if they could, even if they don't use it in practice.
We, tourists, were driving in one helluva rainstorm in Texas back in 2017. It was all I could do to focus on the road. (And yes, we found a spot and pulled over. A Denny's, IIRC.)
Anyway, midway through this hellish journey, the car was filled with terror. What the hell? Just pure raw audio chaos. Neither of us knew what was going on.
It was my phone, of course. Helpfully telling me that it was raining, via some absurd bust-through-my-DND 'alert'.
Not helpful.
> Disabling alerts is the second thing I do to a new handset
Except you can't in Canada. The Canadian government has made the alerts mandatory. The option to disable alerts in not present in settings menu (at least on iPhones).
You can disable alerts in Brazil. So in one sense, Brazil is more free than Canada.
> The Canadian government has made the alerts mandatory. The option to disable alerts in not present in settings menu (at least on iPhones).
I'm Canadian too, and I'm able to toggle all the options off on my Android phone, it just does absolutely nothing and all the alerts still come through.
so, the option to disable alerts is not present in the settings menu, despite appearances
Shortly before COVID there was a string of amber alerts arriving in the wee hours of the morning in Ontario regarding missing children. Didn't matter where in the province (larger than many European countries) it happened the alerts would to out regardless. A mix of people complaining about it and social media about why you're a bad person if you don't welcome these alerts. But inevitably they went away by and large. Not aware of any stated policy change I just suspect that they have become more conservative about sending them out because it was frankly ridiculous. Rousing millions of people from bed with any regularity over things they absolutely do nothing about would have only snowballed into a demand that it stop, even with the social media engine shaming people
Apparently can’t in NZ either.
There was a scheduled test last weekend, and I disabled the single “emergency alert” option in my iPhone’s settings. But it didn’t work, I still received the alert, complete with the heart attack inducing sound.
>> Disabling alerts is the second thing I do to a new handset
> Except you can't in Canada. The Canadian government has made the alerts mandatory.
Same for USG and Presidential alerts. I disable them anyway - which I can do after rooting. For one phone I deleted the PotUS alerts file. On another one I edited a config file. On my current handset, I disabled the wireless alert system.
> Same for USG and Presidential alerts.
The problem is that Canada ignores all of the different categories, and just sends everything out as a presidential alert.
> I disable them anyway - which I can do after rooting
Yeah, I used to root my phone and do the same thing, but I don't any more since rooting is too easy to detect with hardware-backed Play integrity these days :(
Parent commenter is saying that they do this _after rooting their phone_
You can disable the right background service on Android phones through ADB.
This is the way! One jurisdiction where I resided for a while loved these alerts. A rain cloud, warm weather, too cold, too warm, the phone was beeping at least 1 or 2 times a month. Fortunately my trusty chinese produced Nokia allowed me to turn all of it off to get some peace.
Here in Spain the alerts completely ignore my settings. They sound even when I turn them off on my Samsung. And they send them way too frequently, since the floods in Valencia last year they are constantly bothering us with minor weather issues, afraid they'll get blamed.
We don't have presidents here but they mark everything at the highest alert level.
That's all well and good when you dont live in an earthquake or tsunami area I guess
(which is California, the world's 3rd largest economy)
You cannot disable maximum severity cell broadcast alerts on the iPhone.
You also can’t root an iPhone so I think they’re not talking about that
>even if they were closer - say only 25 mi away, I'm still not going to be any help.
Even if you help the cops locate the kidnapping victim, they might just murder her.
https://en.wikipedia.org/wiki/Killing_of_Savannah_Graziano
The biggest issue is that Amber alerts are abused for both kidnappings and abductions. In a lot of jurisdictions, the term "abduction" is used for cases of domestic disputes e.g the divorced mom left the state with the kid when she wasn't supposed to etc.
I really disagree with Amber alerts being issued in cases where there's no immediate risk of harm to the child, and especially if the child is a teenager. They can damn well decide who they want to be with themselves. The type of stuff that's better off being handled in family courts with contempt of court orders shouldn't be aired out like dirty laundry and domestic disputes should not wake up the entire city. It sucks for the parties involved but there are much bigger fish to fry and actual kidnappings and human trafficking to worry about than to cry wolf across the mobile network every time kids get caught in the crosshairs of a bad relationship.
Next time when you get an Amber alert actually read and check up on the background story.
[dead]
TBH phones in Poland allow to call you "from" an arbitrary number (i.e. display it on your phone). Also send SMS with arbitrary source.
This is being used by scammers who call you and tell they are from police bank etc
A) How is it related? B) I cannot just in my phone select caller ID I want, "phones in Poland allow to call you 'from'" is not true. It's just spoofing as in anywhere else and requires non-trivial technical knowledge.
This works in many countries, since the signalling protocols historically assumed a trusted small set of participants, not unlike email – with similar consequences once those assumptions became less and less true.
I constantly get scam calls from numbers that are very similar to my own in Canada. I assume this is an attempt to look like a normal trustworthy number.
it’s common for cheap esim providers to route data etc through cheaper data exits, i imagine this is partly why.
(I recently purchased an esim and was surprised to see it exiting poland instead of the country the mobile provider (Bell) resides in)
I've worked a bit on the app which calls major telco provider directly. It was a basic web service call, and sender could be entered as anything. This is basic property of cellular networks, no more safety than say standard email.
Not “unauthorized”, but previous cellular alert false alarms:
https://www.ctvnews.ca/toronto/article/mistaken-pickering-on...
https://en.wikipedia.org/wiki/2018_Hawaii_false_missile_aler...
Ok, hackers got blamed for this one: https://www.theguardian.com/us-news/2017/apr/09/dallas-hacke...
Of all the messages they could have sent they chose the most boring.
lets play a game HN, what would be the best alert to send?
mine would be something scifi, like "ALIENS HAVE LANDED" or "PLUTO DECLARES WAR"
The world needs more confusing positivity.
"You are beautiful and wonderful - keep going! (unlike this systems security)"
Keep on keeping on.
WHOSYOURDADDY[0]
0: https://classic.battle.net/war3/cheatcodes.shtml
Not a message, but a date. There's this huge national exam called ENEM that is like SAT that every Brazilian in age to enter a college takes. Millions of students are taking it every year at the same date and time, as its result is what determines who enters in the best universities. Obviously, security against cheating is a huge concern and so everyone must have their phones turned off and sealed in a bag that stays in front of the class until they finish the exam. Now I can only imagine the chaos that would be if an alert was sent in that day.
If they’re turned off presumably the alarm wouldn’t go off
I read this as the implication being that at least some people’s phones would still be on them, and it would suddenly be very obvious.
Which incidentally, how do you enforce a rule like this without serious security like pat downs or metal detectors? Because otherwise you could easily sneak a phone in through the sophisticated hack of owning two phones…
ALL YOUR BASE ARE BELONG TO US
METEOR STRIKE IN 8 MINUTES
DONT BELIEVE THEM
Any of the Sims 1 prank phone calls would be amazing
Tom has added you as a friend!
“BRAZIL ELIMINATED FROM WORLD CUP”
This would create more chaos than any other suggestion so far. Well done.
Wouldn't. There isn't a single Brazilian who doesn't know Brazil's current world cup status. The entire country stops when there's a game. Nobody would fall for that.
Add “For cheating” (spying/drugs/whatever)
BRAZIL DISQUALIFIED FRKM WORLD CUP
Most dangerous one:
"This is Army Commander Tomás Miguel Ribeiro Paiva. We have chosen to take command of the country to protect you against serious crimes against the people that we have become aware of. Remain calm and continue with your daily duties."
(Except in Brazilian Portuguese.)
Scary stuff.
I guess so scary that there isn't a single person willing to try it. But yeah, that is the most dangerous one possible.
"THERE IS ABSOLUTELY NO CAUSE FOR ALARM"
“DO NOT LOOK AT THE MOON”
The truth is out there!
"Help I'm trapped in a broadcast center"
When I was around 8 years old I was browsing random channels on cable tv - and similar message was on an "infornation channel" (which consisted mostly of various scrolling texts). Hope the poor person stuck there was freed.
Wake up, Neo...
I got a new job! from seank
THE DISPLAY IS A LIE
"PIX will be discontinued today"
ARGENTINA IS BETTER THAN BRAZIL
"ALL DEBTS HAVE BEEN ERASED. JUBILEE."
US/Trump nuclear attack would make people freak here in Brazil.
FOLLOW THE WHITE RABBIT
"Due to deteriorating economic conditions, we have decided to abolish currency altogether. The Real is now worth nothing. All trade will henceforth be performed exclusively in gold."
surely you mean dogecoin
This is not a test. This is your emergency broadcast system announcing the commencement of the Annual Purge. Any and all crime, including murder, will be legal for 12 continuous hours.
[dead]
At least it wasn't a crypto scam.
...as far as you know...so far ;-)
There was a Larry Niven story where if you tried to call a certain guy, every phone in South America would ring instead. Anyone remember which story it was? The phone thing was just a throwaway line, not a significant plot point.
It might have been the Ringworld
"Well?"Nessus began to pace the floor. "Many disqualify themselves by obvious bad luck. Of the rest, none seem to be available. When we call, they are out. When we call back, the phone computer gives us a bad connection. When we ask for any member of the Brandt family, every phone in South America rings. There have been complaints. It is very frustrating."
https://www.naneahoffman.com/the-blog/shelf-care-alien-archi...
“ When we ask for any member of the Brandt family, every phone in South America rings.”
That sounds like the computer had a bad solution to “find a Brandt.”
The comment with the request to find this reference had me thinking it would be a single phone number misconfigured to call a large population.
It actually had nothing to do with a computer!
It was the luck of either Teela Brown, or Mr. Brandt depending on how you read the genetic trait of luck.
If you haven't read ringworld, you should. It's really quite good.
But stop before you get to ringworld's children or whatever it's called. Niven's furry fetish is in full force later in the series.
Yeah, he was less focused on the specifics earlier. 51 mentions of "rishathra" in the Ringworld Engineers.
I enjoy the Ringworld series but the was Teela Brown is talked about/portrayed (really women in general in the book) is pretty gross on a re-read (I originally read them very young and most of it went over my head or I just wasn’t paying enough attention).
That doesn’t mean you shouldn’t read it, I have similar (though it no where near as bad IMHO) thoughts on The Wheel of Time portrayal of women though Ringworld is worse. I still love WoT but I do give a disclaimer when recommending it.
Furry fetish you say? Stop you say? Hmm…
Ringworld. https://sciencemeetsfiction.com/2021/06/20/ringworld-theory-...
"The message sent was of the ‘Extreme Alert’ type and contained the word ‘misanthropy’ – which means hatred towards humanity. It is probably a hacker attack,” the agency’s statement said."
As this happens whenever there is an intrusion reported in the press, the word "hacker" is often misused:
"There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.
The basic difference is this: hackers build things, crackers break them."
http://catb.org/~esr/faqs/hacker-howto.html
As programmers in programming culture, we have a distinction between hacker and, potentially, cracker that no ordinary person has. ESR’s prescriptivism is pretty much worthless in this respect: words mean what people think they mean and what people use them for, and programmers do not have a monopoly on how people use the term.
OED has the “computer intruder” sense first cited in 1963, and the “enthusiastic programmer” sense first in 1969 (“now much less common than sense 3a”). Cracker first appears in 1968.
Besides, it is easy to disambiguate which meaning people mean. “Hacker attack” can only refer to the common usage of the term, not programming-culture usage.
Thanks for highlighting the even earlier term from 1963. If that is the case, then why don't journalists use the word "computer intruder" instead of hacker, when it's less a catchall?
The funny thing about these comments is that most of the replies to my comment have been more defensive than my own. I wasn't suggesting a monopoly on the term, and I wasn't suggesting "hacker" shouldn't be ever be used. I just said it's not very accurate, and the average non-technical reader may not know the difference.
I think you misunderstood. The 1963 term is "hacker", and its 1963 meaning is "computer intruder". I.e. the journalists are using the earlier definition and the definition referred to by "Hacker News" came later.
Ah, I see now that journos were referring to the older definition of hacker. I suppose newer interpretations have a ways to go in gaining acceptance, though I am not sure why the phrase hacker/cracker is even used, when other words could be used too, like tamperer (for intrusion) and tinkerer (for non-builder/non-intruder (i.e. on their own equipment, or a lab's equipment, and learner). Kind of like the phrase "me and the gang," although that word might never gain a total conversion, nor should.
At this point, it’s just you misusing the word. You WERE correct; it did mean the builders rather than the breakers. But to greater society outside of the tech industry, hacking is hacking, they don’t need a word to describe builders, and crackers sounds dumb and no one outside the tech industry would know what you were talking about. A cracker is a snack and a dated slang word to refer to white people.
No one has used the word “hacker” with this esoteric / old school context in over 30 years.
the internet would disagree with you. For example the following search term finds hundreds of results from the last few months alone.
https://www.google.com/search?hl=en&q=%22i%20hacked%20togeth...
The name of the site you are writing this on is a usage of this "esoteric" meaning.
It was an intentional, near-archaic throwback even at the time HN was founded. Paul Graham has written about it, you can probably still find his blog written about it 20 years ago.
But that is serves as a valid counterargument to your claim is something you agree with?
Cracker News was taken
This is so lame. It's not up to you to define what's a "real hacker". Building and breaking are not exclusive to each other.
https://en.wikipedia.org/wiki/No_true_Scotsman
Surely you're not quoting Eric Raymond with a straight face?
I didn’t realise that people still fought this fight. it’s time to drop it, dude. It’s truly blatant language prescriptivism at this point.
This is a blast from the past for sure. To me, someone who read 2600 magazine in the dial-up era, that argument seemed passé 15 years ago. The world at large agreed many years ago that the word ‘hacker’ commonly connotes system penetration, or at least security circumvention. Words can have multiple meanings.
It's not so much a fight as a reminder of the technical words that actually distinguish one type from another. Are hackers considered ethical in the press today? 40 years of movies and press articles hasn't exactly made the idea of "white hat" a known term. https://en.wikipedia.org/wiki/White_hat_(computer_security)
It's kind of like Australia or the UK saying kids are "hacking" their PCs to use VPNS. There can be a very legitimate use of tools, but the portrayal of users bypassing blocks could just as easily be painted in a negative light.
One time someone made a joke or observation, 20 years or so ago, that their Myspace page was "hacked" because someone "posted on their wall". It's obviously not that misused, but just labeled that way when misinformed.
And remember, kids, knowing how to program or wanting really badly to figure out how things work inside doesn't make you a hacker! Hacking boxes makes you a "hacker" ! That's right! Write your local representatives at Wikipedia/urbandictionary/OED and let them know that hackers are people that gain unauthorized access/privileges to computerized systems! Linus Torvalds isn't a hacker! Richard Stallman isn't a hacker! Niels Provos isn't a hacker! Fat/ugly, maybe! Hackers, no! And what is up with the use of the term "cracker"? As far as I'm concerned, that term applies to people that bypass copyright protection mechanisms. Vladimir Levin? HACKER. phiber optik? HACKER. Kevin Mitnick? OK, maybe a gay/bad one, but still WAS a "hacker." Hope that's clear.
-- The UNIX Terrorist
This is like a new philosophy student objecting to someone saying, “This begs the question of whether…” It’s essentially a category error, an incorrect application of context.
You - and Eric Raymond, who believes he’s an incarnation of the god Pan - are both using a meaning of the word that has only ever been used in a relatively tiny subculture. That meaning has no bearing on its broader use.
I think the usage of the word in the CNN article is more like a news report saying there was a bear attack. Bears hunt salmon, eat berries and veggies, since they're omnivores. A report is only going to be typically referring to bears in reference to an attack on humans, but bears have other normal activities, like communing with other bears, taking a nap, raising cubs and going on walks. In that sense, hackers do partake in multiple, non attack activities.
It would be just as unusual to have a story about hackers doing acts of good will, like helping old ladies cross the street. But a news report isn't going to cover that. "Hacker altruist volunteers at soup kitchen" might make a headline, I suppose.
I'd just like to interject for a moment. What you're refering to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called Linux, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.
There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called Linux distributions are really distributions of GNU/Linux!
That, too, is an actual distinction that actually matters.
- Sent from my Android/Linux phone, because the GNU ones aren't practical yet.
You are both correct, although I'd like to point out that Linux Foundation draws the line at GPLv2, whereas GNU believes their kernel ought to be GPLv3, and that opens another can of worms. See BSD0: https://spdx.org/licenses/preview/0BSD.html https://landley.net/toybox/license.html
misantropia é um perigo rapaziada
Suddenly "caralho"!
doideira
porra
[dead]
The power to send mass messages to a whole country is the worst thing google/apple have given to governments across the world.
This implies that governments didn’t already have this ability, which appears to be largely untrue? To my understanding, many countries already had emergency messaging systems, and mobile integrations are just a way of modernizing them.
(It seems exceedingly good that the government can warn every civilian about natural disasters, etc.)
Governments had poorly thought out poorly secured barely functional systems involving the network operators and those were then integrated with default system apps that have terrible UX without fixing any of the problems AFAICT. Agreed that it's clearly necessary functionality but it's worse than useless when it's so far proven to be (at absolute best) a constant stream of irrelevant alarms.
These aren't from Google or Apple, they're from the wireless providers: https://en.wikipedia.org/wiki/Cell_Broadcast
This is not related to Google or Apple. And this extreme alert, it's sent even to cable TV automatically. In a few countries, it's sent even on Fax lines.
If you say so. In the meantime I’ll continue to appreciate the occasional tornado warning.
I've yet to receive one of those that was useful. Meanwhile the 70+ year old storm sirens mounted on the nearby office buildings work perfectly in my experience, being audible even indoors from many miles away.
Even then. During a recent storm, they went off erroneously in Denver. (Looks like the other two erroneous alerts were via phone though.)
> Denver emergency officials say they are working to rebuild public trust after a mistaken tornado siren activation Monday became the third improper emergency alert issued in the city this year.
https://www.cbsnews.com/colorado/news/denver-tornado-alarms-...
Where do AI-based military target selection systems fit in your ranking?