They’ve been planning this for a while. These datacentres and organisations don’t spring up overnight, especially at this scale.

I know at least one major European bank made it a requirement upon AWS to provide essentially this service. I believe back around 2020 or maybe a bit earlier.

> Or better still, this torrent file, where the bots would briefly end up improving the shareability of the data.

Depends on if they wrote their own BitTorrent client or not. It’s possible to write a client that doesn’t share, and even reports false/inflated sharing stats back to the tracker.

A decade or more ago I modified my client to inflate my share stats so I wouldn’t get kicked out of a private tracker whose high share ratios conflicted with my crappy data plan.

Do you take into account the iPhone not holding the original images of every photo? It will offload originals and just keep thumbnails if the library is too large.

Mine is approaching 1.5TB, I’ve got no hope of keeping that all on an iPhone, and also no guarantee that any given photo is fully available locally.

Aren't there hooks on the filesystem layer that downloads them when you access them? E.g I can browse via terminal to my iCloud Drive somehow and cat etc works on files which aren't local (after locking to download them first).

> Do you take into account the iPhone not holding the original images of every photo?

If you have enough storage space on your iPhone, you can select "Download and Keep Originals" in the photo app settings.

I think the originals and edits are both there.

I don't know about space-optimized storage on-phone. I know one setting for transfer to mac or pc - I have it set to "keep originals" instead of "automatic". There might be other settings I'm not aware of.

EDIT: actually, there are other directories (under /mnt but outside DCIM in my example) that seem to have other photo stuff, maybe edits? ymmv

Or could just release the tool that issues new keys/serials/licenses.

It could have been action against any number of countries or people.

Russia, Iran, Syria, Yemen, North Korea, etc.

> burns out because he doesn't want to put up with a bunch of annoying work

It’s more than annoying work, it’s pointless work needlessly created by people other than him.

It’s like migrating from Java 8 to newer versions, the decision makers placed backwards compatibility at the back of their priority list. Literally a decade later it’s still griefing migrating users, all because “Jakarta not javax” nonsense. I’m greatly simplifying but that’s the essence of it.

Now we have some genius decision to I guess protect against untrusted code doing unexpected things. And at the same time Applets are gone and Security Manager is gone. And the reality is that Java applications aren’t run with untrusted code. The run scripts define all the jars/classes used. If there was some malicious code that wanted to run, I’m fairly confident it would also just modify the run scripts to include this new flag.

So all we’ve gained is support headache and pain, and no real net gain in practice.

From my own experience managing large numbers of routers, and troubleshooting issues, I will never use pool.ntp.org again. I’ve seen unresponsive servers as well as incorrect time by hours or days. It’s pure luck to get a good result.

Instead I’ll stick to a major operator like Google/Microsoft/Apple, which have NTP systems designed to handle the scale of all the devices they sell, and are well maintained.

The article wasn’t great at laying out the concepts at the start. As I understand it, the big idea is essentially a bloom filter as the first phase of a retrieval.

Thanks for the feedback.

You've nailed the core idea. I'll tweak the structure a bit to make the concepts clearer up front.

I run a Synology NAS with a docker container that periodically downloads new iCloud Photos to a local directory.

this? https://github.com/boredazfcuk/docker-icloudpd

seems pretty high touch. A lot of hoop-jumping if you don't have a mac in the middle

Thanks. I had no idea something like that existed.

How do we know using such a tool won’t trigger an account lockout? How ironic would that be.

No idea if it’ll trigger a lockout, but if it does at least I have a copy of my photos already.

Been running it for a couple years without issue. But yes your milage may vary.

Yeah that’s the one.

I do have a Mac so it didn’t seem difficult to me, but I accept it will be for those that don’t.

I’ve got hundreds of emails from the early 2010s between a couple of coworkers and myself that I can no longer read because they were S/MIME encrypted and I’ve got no idea what happened to my keys or even if my current client supports it anymore.

I wish the client stored it decrypted once received.

> I wish the client stored it decrypted once received.

Me too. I already have my systems with fulldisk encryption, I need the communication to be end encrypted.

Email clients (like Thunderbird) keeping emails stored encrypted, just makes it harder for these tools to search, label and automate stuff around content.

I'm sorry for your loss, but this sounds like an antipattern. Hundreds of emails between co-workers and it was all contemporaneously related to work in progress or cat pictures of your own cats, didn't contain PII or proprietary information of your employer or unaware third parties? And you want it back? From far enough away (that I might as well be in orbit) this seems preferable to an unencrypted drive ending up in somebody's hands for "refurbishment" (cough printers with hard drives).

No one is innocent. I refuse to use LE and operate my own CA instead, and as a consequence of scareware browser warnings I publish http: links instead of https: (if anyone cares, you know to add the "s" don't you?). I run my own mailserver which opportunistically encrypts, and at least when it gets to me it's on hardware which I own and somebody needs a search warrant to access.. as opposed to y'all and your gmail accounts. I do have a PGP key, but I don't include it on the first email with every new correspondent because too many times it's been flagged as a "virus" or "malicious".

Clearly we live in a world only barely removed from crystals and ouija boards.

> Hundreds of emails between co-workers and it was all contemporaneously related to work in progress or cat pictures of your own cats, didn't contain PII or proprietary information of your employer or unaware third parties?

You're merely defining away the problem. You have no idea what was in those emails.

Whatever was in those emails wasn't important enough for them to unencrypt them in a durable fashion, or put the keys in a safe with the gold bars.

We call this the "scream test" in BOFH land.

Who knew I’d need to do this? I’d never needed to do this either my emails in the decades prior.

You’ve also got no idea what was in those emails. Could be some valuable knowledge or logs about some crazy rare bug or scenario, and would be useful to review today.

We just turned on S/MIME by default, to “be secure”, whatever that means. There was no warning in the email client about losing access to the email if you lost your keys.

Citing BOFH is all well and good inside certain circles. In the real world, people don’t like spending time or effort on poorly thought out and implemented solutions.

The keys aren't in the backups you still have?

IOW: who owns the backups owns the data... until proven otherwise. My default presumption from space is that 1) there are document management policies and 2) document management policies apply.

It wasn't important enough at the time to the BOFH.