Web Excursions 2021-05-23

2021 iPad Pro review: All systems go, but where?

“If you want to cut yourself out of a shot, holding your arm in front of your face will do it. The moment I stretched out an arm during our family videoconference, Center Stage acted as if I had left the frame and automatically reframed on the people whose faces remained visible”

*(But Not In Colorado) : Denver

  • Companies are excluding Colorado from their remote employment opportunities in order to avoid sharing the salary range of their open positions.

  • In May of 2019 SB19-085, titled the Equal Pay For Equal Work Act, was signed into law in Colorado. It's a fairly short read if you're not familiar with it, but its main goal is enabling pay transparency to allow for people to know if they're being discriminated against with their wages and file a complaint with the CDLE.

  • The law went into effect January 1st, 2021.

  • The most visible part of the law has been the requirement for all job listings open to a CO resident to contain a salary range. If you've seen an increase in salary ranges on job postings recently you have this law to thank.

  • Some companies however have decided that excluding all Colorado residents for a remote job that can be filled by someone in any of the other 49 US states is better than sharing how much they're willing to pay.

  • Here's an example from DigitalOcean: https://www.digitalocean.com/careers/position/apply/?gh_jid=2343536

  • *This position may be done in NYC or Remote (but not in CO due to local CO job posting requirements)

M1 Secure Boot, morphine and self-destruction

  • It isn’t possible to downgrade to Permissive Security from the Startup Security Utility app.

  • Users can downgrade only by running command-line tools from Terminal in recoveryOS, such as csrutil (to disable SIP).

  • After the user has downgraded, the fact that it’s occurred is reflected in Startup Security Utility, and so a user can easily set the security to a more secure mode.

  • Apple does provide a command line tool for working with M1 boot policy: bputil

    • merely typing the characters bputil will instantly disable any support that your M1 Mac was signed up for

    • bputil‘s man page the command sudo bputil -d in Terminal will provide intimate details of all currently recognised boot disks for that authorised user.

​### Pereload Top Hit in Safari

  • When "Preload Top Hit in the background" is enabled, Safari invisibly loads web pages and allows them save site data on your Mac, without your knowledge or permission, when you enter text in the Safari address field.

  • [Opening links with external apps] happens with preloaded top hits too. preloading the top hit is actually disabled when the Safari Web Inspector is open, even when "Preload Top Hit in the background" is enabled in Safari Preferences. Thus, it's almost impossible for a Safari extension developer to debug this problem or work around it


  • On its website, the company went into more detail about why the Apple Store was such an important step:

  • Apple currently has around 5% market share in personal computers. This means that out of one hundred computer users, five of them use Macs. While that may not sound like a lot, it is actually higher than both BMW’s and Mercedes-Benz’s share of the automotive market. And it equals 25 million customers around the world using Macs

Try This One Weird Trick Russian Hackers Hate – Krebs on Security

  • In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country’s borders files an official complaint as a victim.

    • Ensuring that no affiliates can produce victims in their own countries is the easiest way for these criminals to stay off the radar of domestic law enforcement agencies.

  • DarkSide, like a great many other malware strains, has a hard-coded do-not-install list of countries

    • which are the principal members of the Commonwealth of Independent States (CIS)

  • The full exclusion list in DarkSide (published by Cybereason) is below:

  • Virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors:

    • They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian

  • Digital extortion gangs like DarkSide take great care to make their entire platforms geopolitical, because their malware is engineered to work only in certain parts of the world.

  • This prohibition is no longer quite so common,

    • particularly since so many organizations have transitioned to virtual environments for everyday use.

  • Another anti-malware approach suggested by Twitter followers who chimed in on last week’s discussion:

    • Adding entries to the Windows registry that specify the system is running as a virtual machine (VM).

    • In a bid to stymie analysis by antivirus and security firms, some malware authors have traditionally configured their malware to quit installing if it detects it is running in a virtual environment.

As China Pursues a Green Future, Bitcoin Miners Feel the Squeeze

  • last year, China’s central government admonished Inner Mongolia for missing its electricity consumption reduction targets. As a result, in March, the region decided to show certain energy-intensive industries the door, including cryptocurrency mines

  • The immense power needs of Bitcoin mining determine where profits can be made.

    • “Like nomads looking for places with water and grass, we miners seek places with cheap and stable power supply,”

    • Chinese cryptocurrency miners alternate between areas rich in hydropower during the rainy summer,

    • and return to northern areas like Xinjiang and Inner Mongolia that are rich in coal-fired electricity during the dry season.

  • An often proposed solution to Bitcoin’s energy footprint is replacing the current mining mechanism, called “proof of work,” with “proof of stake” —

    • a way to verify transactions that doesn’t require nearly as much computing power.

    • But its decentralized nature makes such fundamental changes difficult

    • Bitcoin miners are unlikely to agree to something that would render their expensive hardware useless.

    • Moreover, Bitcoin’s high valuation is a reflection of its mining costs, which include energy

  • Until February, Inner Mongolia used an “inverted price ladder” for energy-intensive industries.

  • Many miners have placed their hopes — and computers — in two southwestern provinces rich in hydroelectric dams: Sichuan and Yunnan.

    • Because of a lack of infrastructure to send electricity long distances, these dams often curtail their power

    • Many miners focus on Sichuan, owing to a provincial policy, in effect since 2020, to support the blockchain industry with over-capacity hydropower for three years.

  • Rising electricity costs and policy uncertainties are driving mining operations abroad

    • with investors setting their eyes on North America, Central Asia, and Eastern Europe.

    • But sentiments toward cryptocurrency mines are souring elsewhere too.