Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "lock-out"
Devs: Hey, what should we do?
provide our SDKs for download as easily as possible so that any potential customer can try it out and see how much better we are compared to our competitors?
Should we lock our SDKs behind a login where the customer needs to create an account and enter the most amount of private information possible, just in case, then also require to create some security access tokens that he needs to configure in his app to have access to our service via the sdk and also hide all of the documentation behind a login which requires some permission based roles to access and also make the sdks closed source so that it’s a pain in the ass to debug and understand?
B! Definitely B! Make sure to piss off and annoy our customers as much as humanly possible!
If you can be locked out of it remotely, you don't own it.
On May 3rd, 2019, the Microsoft-resembling extension signature system of Mozilla malfunctioned, which locked out all Firefox users out of their browsing extensions for that day, without an override option. Obviously, it is claimed to be "for our own protection". Pretext-o-meter over 9000!
BMW has locked heated seats, a physical interior feature of their vehicles, behind a subscription wall. This both means one has to routinely spend time and effort renewing it, and it can be terminated remotely. Even if BMW promises never to do it, it is a technical possibility. You are in effect a tenant in a car you paid for. Now imagine your BMW refused to drive unless you install a software update. You are one rage-quitting employee at BMW headquarters away from getting stuck on a side of a road. Then you're stuck in an expensive BMW while watching others in their decade-old VW Golf's driving past you. Or perhaps not, since other stuck BMWs would cause traffic jams.
Perhaps this horror scenario needs to happen once so people finally realize what it means if they can be locked out of their product whenever the vendor feels like it.
Some software becomes inaccessible and forces the user to update, even though they could work perfectly well. An example is the pre-installed Samsung QuickConnect app. It's a system app like the Wi-Fi (WLAN) and Bluetooth settings. There is a pop-up that reads "Update Quick connect", "A new version is available. Update now?"; when declining, the app closes. Updating requires having a Samsung account to access the Galaxy app store, and creating such requires providing personally identifiable details.
Imagine the Bluetooth and WiFi configuration locking out the user because an update is available, then ask for personal details. Ugh.
The WhatsApp messenger also routinely locks out users until they update. Perhaps messaging would cease to work due to API changes made by the service provider (Meta, inc.), however, that still does not excuse locking users out of their existing offline messages. Telegram does it the right way: it still lets the user access the messages.
"A retailer cannot decide that you were licensing your clothes and come knocking at your door to collect them. So, why is it that when a product is digital there is such a double standard? The money you spend on these products is no less real than the money you spend on clothes." – Android Authority ( https://androidauthority.com/digita... ).
A really bad scenario would be if your "smart" home refused to heat up in winter due to "a firmware update is available!" or "unable to verify your subscription". Then all you can do is hope that any "dumb" device like an oven heats up without asking itself whether it should or not. And if that is not available, one might have to fall back on a portable space heater, a hair dryer or a toaster. Sounds fun, huh? Not.
Cloud services (Google, Adobe Creative Cloud, etc.) can, by design, lock out the user, since they run on the computers of the service provider. However, remotely taking away things one paid for or has installed on ones own computer/smartphone violates a sacred consumer right.
This is yet another benefit of open-source software: someone with programming and compiling experience can free the code from locks.
I don't care for which "good purpose" these kill switches exist. The fact that something you paid for or installed locally on your device can be remotely disabled is dystopian and inexcuseable.16
I know folks do their best, but come on Apple, this can't be that hard. Bought an IPhone at an estate sale (elderly individual died suddenly, so no one had knowledge of the apple id, passwords, etc) and I've been trying to convince apple to clear the activation lock. (AS = Apple Support)
<after explaining the situation>
AS: "Have you tried putting the phone in recovery mode? That should clear the lock"
Me: "I've already done that. It prompts for the apple id and password, which I don't have"
AS: "You need to talk to the owner and get the information"
Me: "As I explained, I purchased the phone at an estate sale of someone who died. I have the bill of sale, serial number, the box, obituary. What else do you need?"
AS: "Have you tried contacting a family member? They might have have that information."
Me: "The family members at the sale told us this is all they had. This kind of thing has to happen. I can't believe Apple can't clear the activation lock."
AS: "Yes, we can, but I'm very sorry we take security seriously."
Me: "I understand, what do I do now?"
AS: "Did you log out of the phone? Go to settings ..."
Me: "Yes, I tried all those steps before calling. It prompts for the AppleID and password."
AS: "Did you try entering the password?"
Me: "No, I don't have it. I already explained there is no way to know"
AS: "Yes..yes...sorry...I'm just reading the information in front of me. I found something, have you tried submitting a activation lock removal request?"
Me: "Yes, it was denied, didn't tell me why, which is why I'm calling. What about taking this phone to an Apple store? I have all the paperwork."
AS: "Sure, you can try. You might need the death certificate. The family or the coroner will have a copy."
Me: "What!? Apple requires a death certificate to unlock a phone!? I'm pretty sure not even the family is going to give a total stranger a death certificate"
AS: "Sorry sir, I'm just reading what is in front of me. Without that certificate, there is no way to prove the person died. You can try the Apple store, but they will likely require it."
Me: "That's a lot of drama for unlocking a phone. A *phone*"
AS: "Yes sir, I understand. If there anything else we can do let us know and thank you for being an a apple customer."
Next stop, the Apple Store.12
As somebody who works in the industry, 2FA is a great idea, we need to do it more.
As a user, fuck 2FA, I ain't have time for that shit, if you make me type my screen lock once again I will throw my computer out of the window.8
It's 2022 and mobile web browsers still lack basic export options.
Without root access, the bookmarks, session, history, and possibly saved pages are locked in. There is no way to create an external backup or search them using external tools such as grep.
Sure, it is possible to manually copy and paste individual bookmarks and tabs into a text file. However, obviously, that takes lots of annoying repetitive effort.
Exporting is a basic feature. One might want to clean up the bookmarks or start a new session, but have a snapshot of the previous state so anything needed in future can be retrieved from there.
Without the ability to export these things, it becomes difficult to find web resources one might need in future. Due to the abundance of new incoming Internet posts and videos, the existing ones tend to drown in the search results and become very difficult to find after some time. Or they might be taken down and one might end up spending time searching for something that does not exist anymore. It's better to find out immediately it is no longer available than a futile search.
Some mobile web browsers such as Chrome (to Google's credit) thankfully store saved pages as MHTML files into the common Download folder, where they can be backed up and moved elsewhere using a file manager or an external computer. However, other browsers like Kiwi browser and Samsung Internet incorrectly store saved pages into their respective locked directories inside "/data/". Without root access, those files are locked in there and can only be accessed through that one web browser for the lifespan of that one device.
For tabs, there are some services like Firefox Sync. However, in order to create a text file of the opened tabs, one needs an external computer and needs to create an account on the service. For something that is technically possible in one second directly on the phone. The service can also have outages or be discontinued. This is the danger of vendor lock-in: if something is no longer supported, it can lead to data loss.
For Chrome, there is a "remote debugging" feature on the developer tools of the desktop edition that is supposedly able to get a list of the tabs ( https://android.stackexchange.com/q... ). However, I tried it and it did not work. No connection could be established. And it should not be necessary in first place.7
Turned down again. And I thought I had this job opportunity on lock. I’m thinking of just getting out of this field and doing a trade. They make a fuck ton of money and are always in demand.2