mcc

mcc, 8 hours ago

@rotopenguin I think that they didn't ever kill it, they were just running it as a limited-audience experiment and they shut down the experiment and shortly after launched it for the general public.

mcc, 12 hours ago

One thing I'm scratching my head about. They say the device location data is "encrypted" with your "PIN" and are "not available to Google". I'm confused how this works given that the Bluetooth reporting is done by other devices. How do those other devices know which PIN to encrypt the device location with, without making some online query?

(The email I'm quoting here does not seem to be online, but they link to a support page containing some of the same information: https://support.google.com/android/answer/14796936?visit_id=638525094126856662-3948161146&p=find_offline_devices&rd=1#finding_offline_devices )

mcc, 11 hours ago

@prozacchiwawa I don't think I understand how this would be different from it storing its last self-reported location from the last time it had Internet, unless the device is somehow transmitting a bluetooth id while it's turned off, which sounds wrong.

mcc, 11 hours ago

A running problem with Google's approach to privacy is that they're often vague about which privacy guarantees are technical guarantees, and which google guarantees personally by a privacy policy under which certain data sent to servers is not retained.

I imagine a nation-state actor within Google's network observing all data coming in to the Find My Device bluetooth snitch network. If the data's encrypted with a key, could they determine which owner's key each report is encrypted with?

mcc, 11 hours ago

Maybe there's a conference paper somewhere that goes into the technical detail this support page elides. (Like, it's nice to see Google putting such emphasis on "end to end encryption" but that's less helpful than it could be when it's not clear what's being encrypted, how it gets the key, or in general what the two "ends" are exactly.)

mcc, 11 hours ago

@prozacchiwawa How does the "other phone" know what key to encrypt the report with? If the phone-being-tracked reports the key over bluetooth that makes sense, but then how does it work with headphones? Is the idea these are special headphones ("fast pair")?

mcc, 11 hours ago

@jvb Is my Android phone transmitting via BLE when it is powered off? How long has it been doing this? How can I prevent it from doing this (does turning off bluetooth prevent it? is it possible to turn on bluetooth while turning off BLE transmission)?

Alternately: If my phone has the ability to transmit BLE while turned off, is it possible for me to exploit this (for example from a Flipper Zero) without going through Apple/Google's central srevers?

mcc, 11 hours ago

@tojiro I think we've had a conversation like this about Google privacy policies before, but this is the kind of information that would be very important to disclose "and here's a list of devices that have this feature" when mentioning the feature in public comms!

Do you know, how clearly is this disclosed to a Pixel 8 owner when setting up their device, and to what degree can it be turned off (eg, could offline beacon be off while Bluetooth is on, or vice versa)?

mcc, 11 hours ago

@prozacchiwawa So is the idea the "compatible earbuds" have on-board CPUs with capacity to encrypt these reports?

mcc, 11 hours ago

@aadmaa Google has several options for the PIN including a long text password.

But even with a long password, consider Claire's question here: https://social.sitedethib.com/@Claire/112519638647135227

mcc, 11 hours ago

@tojiro I guess the question is, does changing your level of participation in the network change something on the server side or on the device side. Ie if you've chosen only to participate in certain areas is the BTLE-while-off still on, it's just the reports aren't forwarded?

mcc, 11 hours ago

@tojiro (Among my many questions here: It seems a potentially useful way to use this feature would be a mode where Find My Device is not participated in, but BTLE-while-off would still be on to the extent a device in the environment with an appropriate knock would still be able to find its position. But if Google isn't even clearly disclosing the existence of this BTLE-while-off feature in support documents, that implies not much user control either.)

mcc, 11 hours ago

@thomastc Yeah. "Not available to Google" clearly means something very specific and since they don't disclose what it's hard to say if it's reasonable or not

mcc, 11 hours ago

@tojiro Thank you, I will read this

mcc, 11 hours ago

@sjjh @Claire The HSM is a chip in Android phones, right? So it seems like this still doesn't explain Google's claims about "compatible earbuds"!

mcc, 10 hours ago

@sjjh @Claire No, that makes sense. Although among the things I'm wondering are "what are the battery and manufacturing costs associated with adding this feature to earbuds?". I don't know what I'd do with that information, but I'm curious.

mcc, 17 hours ago

@whitequark lsb_ian

mcc, 1 day ago

@onelson imo, the fact this is impossible is a sign there's something wrong with a utility program that randomly does something different every time you run it and for every person who runs it

mcc, 1 day ago

@chris Unreal and Unity have very different architectures and licensing models so this assumption is not correct

mcc, 1 day ago

@chris I mean I believe it had actually simply locked up, as evidenced by the fact that it went on for 20 minutes without finishing but when I canceled, deleted what it had downloaded, and tried again it finished in 7

mcc, 1 day ago

@chris 7 is kind of a large number but it is still less than infinity

mcc, 8 hours ago (edited 8 hours ago)

Since I was talking about this last week:

Say you have a C++ project, you want to build it with Visual Studio on Windows and CMake elsewhere (say the usual process of CMake generating vcxproj is not just then convenient) BUT you want to have the ability to share information between CMake and Vcxproj.

I found a solution where you can write a newline delineated file which both your CMakeLists and your msbuild script can import as list variables, and I posted sample code:

https://github.com/mcclure/vcxproj-cmake-sharing-example

mcc, 8 hours ago

In the sample code above I use this to make a shared list of filenames which both the CMakeLists and the vcxproj independently compile, but you could imagine also sharing things like preprocessor definitions this way.

There is a very specific platform which the ability in the above sample code is actually very useful for, due to on that platform it being seemingly impossible to generate working VCXProj's from CMake, but… because of an NDA I cannot elaborate lol

mcc, 9 hours ago

What I'm listening to today: "Desmorph", AcidTonic

Made on one of those wall-sized modular synth racks, the artist describes the video with "Loose ended live improv. First take."

A chill but determined groove undergirded by erratic drums, with a sense of low menace starting to creep in in the second half. Good zone-out music.

https://www.youtube.com/watch?v=pkh9xgNaplU