Brother, I live in Oakland. To hear it from the media, statistically I’ve been dead for a decade now. This is always the narrative around cities, which is fine, because it keeps away the kinds of people who find my town scary instead of invigorating.
I got stuck at a table with a Fox News viewer who was absolutely angry about the "situation" in England and Europe. He was so focused on the Muslim immigration epidemic causing people to be unsafe and was greatly concerned about how they treat their women. Yes, I see the irony of a fox news viewer being concerned about how women are treated.
It was eye opening to me just how deeply brainwashed these people are. This wasn't just him parsing news events, it was his world view being shaped with the opinion that these are awful, dangerous, unsafe places, ridden with crime and poverty.
Eh, that same group of American folks also say that NYC is a violent crime ridden hell hole. I'm a rural guy who actively dislikes cities, but even still I've never actually felt unsafe in the time I've spent in either NYC or London.
I wouldn't say NYC is a hell hole but will say they(locals) don't seem to take crime that serious there, even violent crime.
I was visiting last fall with the family, left the car in the NJ side when taking the ferry to the Statue. They took the train to the hotel and I went to retrieve the car, got a front stage view of a guy using a chain to beat up a security guard at a shopping mall.
Guy had been peeing on the vehicles, guard told him to stop. He took offense at this, got a length of chain and started kicking the door so the guard would tell him to stop. As soon as he came out guy started hitting him over the head with the chain.
Police took a good 15 to 20 minutes to respond, didn't seem interested in looking for the guy. The guard wasn't interested in pressing charges.
Guy was probably homeless and definitely needed mental health but he had the capacity to plan out and execute a violent attack that could have been deadly.
Shhh, you should be egging them on with some outlandish tales of a close escape ... then there might be a seat or two in the pubs on a Saturday night ...
Regulate, not ban, not working knives (chef, ropemaker, tech, <reason>), but "zombie" knives and other "flash" used to swing in public and intimidate (subject, say to specific performance reasons, etc.)
Love it, hate it, it's a different mindset to the US approach and ultimatelty falls back on judges using "reasonable behaviour" of common citizens on ominbuses as a yardstick.
Also from the comment section:
"knife crime, knife crime, it's ain't about knives"
You're saving that banning/ demonizing locking folding knives when almost all crimes are committed with a common kitchen knife wasnt the solution?!? I'm shocked I tell you, shocked!
Heh, great track. I mean it's no Linton Kwesi Johnson dis but it is what it is and that's enough.
Look, no one's a fan of the village idiot juggling lit dynamite on a unicycle in the packed shopping mall, and it's no good for anyone if the bad apples* aren't given a route to better things to do so Roman Law countries tend to have any old excuse laws to give cause to have people questioned as to why they're doing whatever the heck it is that they're doing .. my grandmother pulled up kids all the time like that.
The upside of such things is actually problematic and questionable bahaviour can be shunted in one direction and chefs of any colour, langauge, borough address can walk on proud and free with their knife rolls.
The downside is the watchers and guardians can get a bit enthused and selective in their choices of collar, they can develop little clique's of weirdness and corruption, and the judgy types can get a bit overly judgy about all the wrong things.
The challenge for any community is dealing with all that and having better control over the system .. takes time and focus, 'taint easy.
Well, sure, you could certainly have a crack at it, you wouldn't be the first to try.
You did rather miss the point of why, and the devil's less in having reason to address potentially violent individuals and groups, far more in the implementations, the biases, the judgements, the feedback on appeals, community support, rehabilitations, restitutions, and that dull stuff.
You have yet to establish why the premise and effort itself isn't completely asinine at its core. All you've done is spout a stream of progressive gibberish that doesn't consist of a coherent thought as to why banning or limiting knives is a good idea at all. Banning tools won't stop tools from being misused for violent intent, people will only misuse other tools.
> the implementations, the biases, the judgements, the feedback on appeals, community support, rehabilitations, restitutions, and that dull stuff.
What the hell does that even mean? It sounds like an AI hallucination trying to justify giving everyone a participation trophy and straight top grades to go through school even if the individuals don't actually participate or grasp the material being tought.
Violent crimes in general in the UK (at least) are more localised to who you are. Random acts of violence on bystanders are very rare, the vast majority are attacks by someone known to the victim, often gang related.
There are many. It's an umbrella term for a range of circumstances that tend to be correlated with poverty and social issues.
Low trust in society, few opportunities to improve economic situation, higher prevalence of trauma and ptsd, higher probability of substance abuse, low opportunity cost for going to jail, fewer good role models, worse self esteem, worse education outcomes, worse physical health, higher likelihood of being involved in organized crime, higher likelihood of depending on parallel social structures for safety and protection, etc.
Each can be cause or effect in a self reinforcing network. Picking one single root cause isn't really possible.
For instance, I was caught between a knife fight on a train, because in one hood some of the culture is it's unacceptable to play another culture's music too loud. A Hispanic guy was playing hispanic music quite loud on the train, as soon as it entered a black neighborhood a black guy informed him it was "his hood" and asked him to stop, which then escalated to both pulling out knives.
I have now learned there are certain socio-economic enclaves where culture has dictated that I must not play my music too loud or I will be stabbed to death.
I live in "one of those parts" of "one of those cities" specifically to get away from white (in spirit if not also complexion) people with no real problems (or more specifically, what they do to a local government).
As long as you don't make activities outside of the law a non-negligible source of your income or run with the crowd that does you're fine, and not just for murder or whatever, theft and all sorts of the boring "area under the curve" crime is concentrated around these people too.
For homicide this is very correct. You could live dead center in the statistically most violent block of Chicago and still cut your personal risk of being a homicide victim by 1) not being a criminal, and 2) not posting diss raps to your 11 followers on Soundcloud. There are not really dangerous neighborhoods but there are dangerous social networks.
And not having any vehicle problems, because you usually only are rolling through bad areas to get to better areas. Most people in violent cities have no occasion to stop in violent areas. On one occasion I was forced to work overnight for critical hospital operations in a bad part of town, on my way back my tire went flat and when I was distracted fixing it the locals noticed I was weak and they put a gun to my head.
Living in Indianapolis (higher homicide rate than Chicago, but not drastically so), I feel the same way.
And for non-homicide violent crime, you're probably more likely to get jumped on a side street near a bar district than you are in a "bad neighborhood" unless you do something yourself to incite violence.
Flight from London is happening. It's already happened in a large way as well.
You don't see cockney anything anywhere there anymore compared to (and as much as you see any transitional regional identify left in) other British cities.
Homicide is on the drop in London but that's not 100% because it's safer. A huge amount is focused on deaths rather than attacks so don't fool yourself that just because they didn't die that nothing happened.
> crime which is a non-issue in the UK.
Nope. Not even close to true. Yes we don't have school shooters. Yes we don't have people exacting "justice" with a loaded barrel. But we do have gun crime and guns are used a LOT as intimidation. I wish I didn't grow up in an area where I know that to be true.
Trying to pretend there's not a problem is wonderful. And in that case I can point you to some very reasonably priced areas which must be perfectly safe and have no social cohesion issues at all regardless of where you're from...
Hospital admissions are reliable indicators for violent crime and stabbings in particular - if you get injured you're going to need a doctor and they will record it - and these are going down [1]. There is little to suggest any kind of epidemic or increase in violent crime is going on and the stats on this seem to play out.
What is more of an issue is more antisocial crime such as street robbery or shoplifting. These crimes are much more likely to be snatch and grab, with no violence involved. They still have an impact on the victims but they're not making the city significantly more violent.
> Flight from London is happening. It's already happened in a large way as well
None of the people I've known who moved out of London did so because of crime or safety. They almost invariably moved because they could pay for a tiny place in the city and commute for over an hour each way or they could pay the same for a larger place outside the city and commute the same length of time on the train.
But you've not cited any sources either, so don't pretend that you're some paragon of statistical analysis. You've just said things like "I wish I didn't grow up in an area where I know that to be true," which is pure anecdote. Others in this comments thread have provided sources. Why haven't you?
This opinion is coming to you directly from the burned out debris formerly known as Seattle, so I think I’m pretty good at identifying imaginary disaster zones.
I use GCP, but it also has the idea of a metadata server. When you use a Google Cloud library in your server code like PubSub or Firestore or GCS or BigQuery, it is automatically authenticated as the service account you assigned to that VM (or K8S deployment).
This is because the metadata server provides an access token for the service account you assigned. Internally, those client libraries automatically retrieve the access token and therefore auth to those services.
Not game dev related, but I program in both Go and Python, and there really is no difference in my feedback loop / iteration because Go builds are so fast and cache unchanged parts.
I also have to run Defender on my MacBook at work.
If you have access to the Defender settings, I found it to be much better after setting an exclusion for the folder that you clone your git repositories to. You can also set exclusions for the git binary and your IDE.
There are two solutions GitHub Actions people will tell you about. Both are fundamentally flawed because GitHub Actions Has a Package Manager, and It Might Be the Worst [1].
One thing people will say is to pin the commit SHA, so don't do "uses: randomAuthor/some-normal-action@v1", instead do "uses: randomAuthor/some-normal-action@e20fd1d81c3f403df57f5f06e2aa9653a6a60763". Alternatively, just fork the action into your own GitHub account and import that instead.
However, neither of these "solutions" work, because they do not pin the transitive dependencies.
Suppose I pin the action at a SHA or fork it, but that action still imports "tj-actions/changed-files". In that case, you would have still been pwned in the "tj-actions/changed-files" incident [2].
The only way to be sure is to manually traverse the dependency hierarchy, forking each action as you go down the "tree" and updating every action to only depend on code you control.
In other package managers, this is solved with a lockfile - go.sum, yarn.lock, ...
I prefer “—really-do”, so the default behaviour of the tool is to do nothing. That’s more fault tolerant for the scenario you forget to add “—dry-run”.
There's a trend of online banks forcing the use of an app. I can't login to one of my banks' website since last year without using a QR code from their app.
Of course they slathered the app with tracking, 'security', and analytics SDKs, so rooted devices are rejected. I had no way to log into this bank account after they made that change, which is simply wonderful.
Anyways, they're not yet at the point where they've learned to do the checks server-side. For now it's a one line patch to skip the root screen. But the Play Integrity API is designed correctly, if they learn to use it, there will be no workaround without someone finding a hardware vulnerability somewhere.
Depends on what country you're in. In the UK, the banks are often held liable for various scams that involve the transfer of money, so they up the security over and over again. A bank will rightly argue why it's responsible for an old granny sending her life savings to her new lover in Namibia, so it seeks to block that transaction in the first place.
Some of that liability is fair but most of it is the government telling the banks to account for the loss when someone is scammed. They are obviously going to mitigate that as much as they can.
Yep, hardware attestation is becomming more common, even with websites.
This is why LineageOS is actually dead in the water, even though they're "in talks with hardware vendors". It doesn't matter when people can't use the apps and services they need.
Normiefication. Normies do everything on their phones; it’s the companies meeting the masses where they are. I’ve seen people fight for their lives to do a spreadsheet on their phones when there’s a laptop they own gathering dust less than 50 feet away.
Possibly, but companies seem strangely set on getting people to install apps, even when the feedback is negative.
Offering a monetary reward for installing apps seems fairly common. Chevron had someone at my gas station offering something like $5 of free gas, plus $1 a gallon off of the next three purchases. If it was something the customers wanted, they wouldn't need to pay people to do it.
This term needs to catch on, this is the first I've seen it, bit it explains why so many prodict decisions are made and those who know better/different are just too small a minority to get any say.
We're dragged into this kicking and screaming and yet normies think we're the crazy ones.
What app developers find most valuable is what other apps you use and what competitors apps you have so they can target you more effectively. If you have Peloton or Tonal, they want to know if you have the Strava app on your phone for example.
Only on older versions of Android. Apps are very locked down on what you can get. I would have loved to be able to fingerprint a device when i was at the challenger bank and application list is very good for fingerprinting.. We would fingerprint on the web to detect bots.
This is a very condescending toward Vietnamese tech people. According to Twitter/X, Vietnam’s GDP just surpassed Thailand and it’s on its way to joining the Great East Asian prosperity zone by becoming the last country to become fully industrialized and very rich. Many tech jobs in the US will move to Vietnam in the coming few years. You will be surprised where your future Tech conferences will be located.
This trend makes me want to find a small town credit union.
I chose my current bank because it was one of the few that had proper token based access for 3rd party integration. An overwhelming majority of banks were relying on a 3rd party holding your actual username/password and saying "trust me bro". I wasn't comfortable with that.
Eventually though I suspect that web access to banks will be rescinded too, much like HMRC in the UK no longer permits companies to submit their taxes through the websites.
Don't like that. I'm of the "if you're going to do something important, do it on your PC" generation. I do not want a future where I lose my phone and I can no longer access my bank.
They won't find a solution to your problem, when one is obvious: buy a phone.
They'll find a solution to their problem, which is you: apologize for losing you as a customer, and express a hope that you'll consider them again after you've bought a phone.
There can be laws like the right to have a bank account, that might say your bank can't require you to have anything they don't provide you with for free. In some places.
We need to act now, while there are still service providers that don't require a phone. If my bank said they wouldn't do business with me unless I used a phone and an app, I would immediately take my business and all my accounts to a different bank. Banks have no moat. You can pretty easily move accounts to a different one or to a credit union who won't abuse you.
With HMRC, the reasoning is that this forces the company to have an accounting package. They don't care which, they just define the API. Not unreasonable. There are more issues with MTD IT (making tax digital, income tax) due to some detailed requirement decisions such as the need to report different income streams separately.
That seems to be the way the wind is blowing. Most new 'challengers' I've tried in the US either have no web access at all, or limited access that lets you view balance but not do things like transfers.
In the US, in my experience, young people don't want to deal with cash at all. Older people do, but it's not always convenient to meet up.
Most banks charge a fee for sending a wire. Sending an ACH is free, but most restrict that to your own account. Revolut is the only one I've seen that lets you just spam ACH to anyone. In both cases, it isn't instant.
Zelle largely fixes those issues, but has its own issues, like a lot of banks not supporting it and/or arbitrarily low send limits.
I don't understand either. My contact surface with my bank is so small. I log in once a month to download transactions. What is everyone doing that they need constant immediate access on their phones? I'd probably debank before buying a special iPhone to access a bank account.
Let me give you a preview of a world coming to you, and present day reality in Ireland:
1. Your employer pays your salary by bank transfer, which requires you to have a conventional bank account.
2. You then want to spend that money, how do you do that?
Debit card? You need the phone app to retrieve the PIN when the bank first sends you the card.
Cash withdrawals in the branch? For amounts less than €10,000, the staff will direct you to the ATMs in the branch. These require an activated debit card to withdraw money, and activating that card requires the phone app.
Manual money transfers in the branch? Once again, for amounts less than €10,000, the staff won't do it - they'll instead direct you to the PCs in the branch. These are just loading the same website you can access on yours, which will ask you to the confirm with a 2FA push notification to log in.
Try another bank? The legacy banks all got the same auditor who advised them that app based 2FA is the easiest way to implement PSD2, and reduce the likelihood they get held liable when customers get scammed, so they all implemented that as the only option. The neobanks of course, are accessed solely by apps.
I long ago decided never again to use anything but a credit union, and this makes me glad that credit unions tend not to ride the forefront of tech trends.
Would make a lot of sense for banks just to shut off online/mobile access and switch to in person only. That seems to be the way things are moving with KYC/AML and ensuring there is a material presence of the person in the banking jurisdiction in which they operate. Knowing the password / keys and providing a video 'proof of life' is no longer sufficient to presume you're dealing with the person you think you are and not just sold 'darks'.
I've heard 3rd hand of some banks already doing this in i.e. Armenia where a foreigner can come in and open account easily but they block any online access to lock the control of funds in country to make it harder for the FATF psychopaths to find fodder to clamp down on them.
It's already reality in my country, where you cannot access online banking for any banks except via their mobile applications, which (of course) refuse to work on anything rooted or running non-stock firmware.
Let me clarify my statement: one government agency’s election to use an app for a single purpose isn’t an indicator of much.
It’s not like the UK sent out a mandate to private banks or any other private industry on this issue. It’s also only one small country of hundreds.
I’d have to question this idea that this is how things “already look.” I can think of very few businesses that I interact with that force me to use an app.
This type of election to use an app by a government agency sets the tone, and more importantly tends to redefine "best practices." Would you want to be the one private entity known to not be using best practices? Would your risk officers or lawyers be OK with that decision?
Thai banks are required by regulation to have facial recognition when transferring over 50k THB in one transaction or cumulative in a day. I believe most banks have shutdown their internet banking as it's not worth it for the low number of users to implement web-based secure facial recognition that don't allow you to feed spoofed video input. One of the bank that I use will send a push notification to their mobile app for you to confirm the transaction.
I believe that previously internet banking, even before mobile banking, will limit the number of transfer recipients you can add per day/month. With the rise of QR payment I could see this limit being regularly hit if you scrape the web-based banking.
Since the Bank of Thailand claims that they technically don't block many things (mobile banking technical requirements seems to also require blocking root, but they never banned internet banking), I wish there's a new bank that try to disrupt the existing players. But the latest "branchless" banking license were only acquired by existing banking groups, so API-first personal banking remain impossible.
Maybe a tiny difference though is that a phone is moved all day long, with a lot of people around to mess with or pick it. Your laptop is a bit larger and your desktop .. well is behind your door. But yeah ultimately a bank should not rely on phone OS to have security.
TD Canada is forcing me to use their app. Every time I make an online transaction which to them is too large or fishy in some way, they make me login into the app on my phone to approve the transaction. That's the only way.
In Hungary, where the central bank created the same rule about not allowing banking apps on "unoffical" devices, they do, but you need either the app or SMS for 2FA. Apparently they consider SMS secure...
Many people also use their bank's app for mobile NFC payments though (more of a thing in EU than US), which you can't easily do with a device that doesn't fit in your pocket.
In some countries, it's already impossible to make online payments without the bank's phone app. Only a matter of time until all banking is restricted to phones.
yes. and the websites require you to verify transactions with (unrooted?) phone.
on the other hand phone does not require you to verify with your pc, so there's no second factor unless there is some unacessible secure island within the phone itself.
funny enough, you can probably use that website directly on the phone that you use as 2F, which probably circumvents the 2F idea (at least as long as you use SMS 2F instead of app that checks for root)
I assume the bank apps have functionality that their websites lack. Like being able to tap to pay for things, etc. Where a rooted phone might make fraud easier. If not, then this really makes no sense.
That's what a malware can do on a rooted phone, _once it gets root access_, but that doesn't mean a rooted phone is easier for malware to attack.
There's not even that many people using rooted phones, and many are tech savvy people that are generally a bit more careful, so even if a rooted phone gets infected by some malware chances are the malware won't even be written in such a way to try to obtain root permissions through the standard procedure and exploit it.
True. All internet packets are REST API packets - there's no other type of packet. And all cell radio traffic is internet packets (which are REST API packets).
While they (mostly) have websites, a computer with root access is not sufficient by itself to access them. You also need to perform 2FA via push notification to a proprietary app on an Apple or Google approved device.
This isn't about the bank's security - it is about the users'.
Users are losing billions worldwide due to fraudulent apps. If a user has root and runs a malicious app, it can intercept what a legitimate banking app does. A scam app with root can draw over the screen and tell users to transfer money, or it can run a series of actions when the banking app is running, or do any of a hundred things to steal money.
Sure. But the people who are actually rooting their phones are advanced users and aren't going to install a malicious custom OS. Are naive users getting tricked into rooting their own phones? I'm dubious what the security benefit is of this decision.
These types of discussions on HN get confused because people aren't always clear what they mean by the word "rooting".
There are two ways to root a phone:
1. Unlock the bootloader, install a well designed and highly secure aftermarket OS, relock the bootloader. The device is still just as secure against malware as it was before. Remote attestation shows the vendor that you're running Graphene or Lineage or whatever.
2. Exploit a local vulnerability to drop a sudo binary somewhere. RA shows you're running an exploitable version of Pixel Android, etc.
(2) is absolutely exploitable by fraudsters. They convince the user to run an app or visit a website that exploits their browser or whatever, and the vulns are used to escalate to root and keep it. Now when the user logs into their banking app the HTTP requests are rewritten to command the bank to send money to the adversary. This is why devices that allow escalation to root are excluded via remote attestation.
(1) isn't but it requires more coordination than the industry has proven capable of so far. Binary images of a custom OS could in theory be whitelisted by banks if it was known to be as secure as other operating systems. But there's no forum in which that information can be exchanged. Like, RandOS turns up and the maintainer "xyzkid", identity: anime avatar, claims his OS is super secure. How does random overworked bank developer John Smith know if this is true or not? RandOS doesn't come with any audits, it doesn't have a well paid security team. The brand is a big question mark. And if John makes the wrong call, maybe the bank is now on the hook for millions in losses because someone installed RandOS to get the shiny icon theme or whatever, and then got hacked.
So it's a hard problem. It's not actually a technical problem. Remote attestation is very general. The hard part isn't the tech. It's a social problem. How do you create and rapidly communicate trust in a new binary OS image if you don't have the security resources of an Apple or a Google or a Samsung? Google runs a whole accreditation programme for Android where you can turn up as a phone OEM and get your custom OS builds considered to be secure by passing a huge test suite. So the only issue is OS hackers who fall below the threshold where they can do that.
There's an alternative of course: go full libertarian. Means, just use a "bank" that doesn't care if its users get hacked. This is what the Bitcoin community enabled. It's there if you want it.
I doubt banks or the government would ever white list something like Lineage that's not made by some megacorporation. Also IIRC most phones don't allow you to relock the bootloader after flashing a custom ROM.
>These types of discussions on HN get confused because people aren't always clear what they mean by the word "rooting".
Well it’s more the Dunning Krugerites who see the word “rooting” written by someone in a cyber context, lack that context entirely, and proceed to enter the discussion anyway based on their experience rooting their Android phone 3 years ago after clicking through a few UI buttons.
A rooted android device doesn't run apps as root either, not does it generally allow them to get root access without the user accepting a system prompt.
The situation is even improving, UK homicide rates are at the lowest level in 50 years [1].
Not to mention that the USA has an entire category of gun crime which is a non-issue in the UK.
I swear to you, London is not an unsafe city.
[1] https://www.bbc.co.uk/news/articles/cgk86rr0vxyo
reply