This directive was issued in January of this year, what is relevance of being posted today?
I love all the instances where it says, we will not do this or infringe in this way... unless it is a matter of national security, which we don't have to disclose to you. So basically, do what you want as long as you write it up properly.
And this part:
5.3 Review and Handling of Passcode-Protected or Encrypted Information
5.3.1 Travelers are obligated to present electronic devices and the information contained therein in a condition that allows inspection of the device and its contents. If presented with an electronic device that is protected by a passcode, encryption, or other security mechanism, an officer may request the individual's assistance in presenting the electronic device and the information contained therein in a condition that allows inspection of the device and its contents. Passcodes or other means of access may be requested and maintained for the duration of the search if needed to facilitate the examination of an electronic device or information contained on an electronic device, including information on the device that is accessible through software applications present on the device that is being inspected or has been detained, seized, or retained in accordance with this Directive.
I had thought (and Supreme Court ruled) you could not be compelled to unlock an encrypted device, which is why I always powered mined down before crossing. That goes against the obligated to present devices in a condition that allows inspection portion.
> I had thought (and Supreme Court ruled) you could not be compelled to unlock an encrypted device, which is why I always powered mined down before crossing.
Does that apply to non-citizens? If a CBP officer doesn't like you as a non-citizen, like your lack of cooperation during an interview, they could just deny your visa and your entry into the US. If you're a citizen, they can't deny your re-entry. They can delay you for however long and ruin your day and even keep your devices, but you get to go home.
It ONLY applies to citizens. The CBP cannot deny an American citizen entry into the country for any reason. They cannot compel a citizen to unlock their devices. All bets are off for non-citizens, sadly.
Actually, I'm not sure they can compel non-citizens. If you want in, you might have to give them the keys. But if you would rather not enter, would they compel on pain of imprisonment?
UK citizen here and I've never had any issue with flying in/out of UK with several electronic devices (phone, laptop, tablet, steamdeck etc). Never even been asked to power them on or demonstrate them working (i.e. to show that they're not a bomb disguised as a laptop) and don't know anyone else that's had any hassle getting back in the country. I've been selected for being swabbed for explosives a few times though, but even that only takes a minute and is hardly any inconvenience.
In my experience, Australia was the most difficult country to get into as they are (now) very careful about bringing in any plant seeds or fruit, but the security staff were very friendly and helpful. I had to spend a while explaining that I did have some bananas in my bag previously which was why the cute sniffer dog was interested in it.
Your personal experience is probably representative in that invasive searches happen to very few people, but that's not the issue at hand. The fact remains that the British will imprison you for refusing to decrypt your stuff (or for refusing to answer their questions):
Australia is annoying. Israel is by far the worst- UK is bad in theory since they can jail you to compel an unlock, but obviously is going to happen to a vanishingly small number of people…
In my experience going through the border in China is more pleasant than through the USA, never had a hiccup in China while I've been detained for hours without contact with the outside going through a transit in JFK.
The vast majority of people from the developed world have no problems going through any border in the developed world. Your experience is probably representative, but that's not what we're talking about. My understanding is that de facto you have no rights at all in China. The Americans take this sort of thing very seriously, which is why it's in the news and talked about. Some guy gets imprisoned for 37 days for a meme (and is subsequently paid $835k by gov't for his trouble) and it's all Greg Lukianoff can talk about. [0]
Yet Japan, a country the West fetishizes regularly, routinely jails people for 20 days with no contact or even any charges at all, often ruining their lives, while desperately trying to force a confession no matter how innocent you are, then (hopefully) turning them loose, and not many people seem to care about that.
They can't prevent you from entering the country. You do not have an unlimited right to bring items into the country with you, though. They can absolutely prevent you from bringing your phone across the border if you decline to unlock it
Customs law? You have an absolute right to return to the country as a citizen. You do not have an absolute right to bring whatever you want into the country, even as a citizen so they can search your belongings to see if you are carrying contraband. It's a different set of rules than if you're just on the street already in the country, crossing a border customs has a lot of leeway
I'm not saying that I agree with it, it's just the way it is
>> I had thought (and Supreme Court ruled) you could not be compelled to unlock an encrypted device
>Does that apply to non-citizens? If a CBP officer doesn't like you as a non-citizen, like your lack of cooperation during an interview, they could just deny your visa and your entry into the US.
That's exactly what "you could not be compelled to unlock an encrypted device" means? You won't get sent to the gulag for refusing to, but entry into the US was always conditional with very little room for recourse if the border agent doesn't like you.
You don't "have to", but they can deport you and refuse entry in the future in retaliation. It's a variant of the TSA not being able to "compel" you to a search, but they can refuse you from flying.
The premise (non-citizen) is in the question and doesn't need to be repeated. C'mon, this isn't grade school where you have to answer questions by first restating the question in its entirety.
No, but even in grade school, the teacher would get the student to actually answer the question when it is clearly being evaded. Or maybe put the student's name on the board for wasting everyone's time for being obstinate.
They still need to charge you with something. If they can't, they can't hold you.
Yes, I know, they can theoretically do whatever they want, but realistically it would take the most spiteful of spiteful agents to arrest you without cause (just because you refused to unlock your device). Just the act of doing this would create a lot of extra work and paperwork for the agent that most of them are not going to want to deal with. Plus, asserting your rights is a sign to them that you aren't a pushover and aren't going to get trampled on easily. The bullies prefer easier targets, usually.
I think assuming that the CBP will adhere to the law is based on a pretty outdated mindset. I'd say at least since the current management, but more likely since 9/11...
I'd even call it a delusional mindset. For context, CBP and ICE were both formed in 2003. Jenn Budd has several books on this topic if you want to understand why a growing number of people want to abolish CBP, ICE, and even the entire DHS, which itself was formed only a year prior in 2002. These are very recent organizations in our nation's history, and if we're fine putting things like the Dpt of Education on the chopping block, why not DHS?
I personally remember that people were calling the DHS a mistake since 2002. I also, as a DC native, was utterly shocked when I first heard "normies" taking DHS seriously as an entity. A friend mentioned DHS was hiring, and I thought to myself ... "wait, but isn't that place bullshit?" Among a certain set of people, it had a bad reputation from day one.
They can't compel you to decrypt anything, and powering down is a good idea.
There are consequences for not decrypting, though: for a U.S. citizen, they can seize your stuff for up to 5 days. For non-citizens, they can elect to not let you in.
Concerning "obligated", I would point out that regulations aren't laws. Governing bodies can say whatever they want, but that doesn't make it so. For instance, the TSA continues to publicly insist that ID (especially "Real" ID) is required to fly within the U.S., but it's not.
"For instance, the TSA continues to publicly insist that ID (especially "Real" ID) is required to fly within the U.S., but it's not."
Explain, please, because you seem to be implying that someone can board a plane from New York to LA without being legally required to show any identification.
I lost my ID once around 15 years ago and was able to board my return flight just fine. I had to get to the airport early because I -- correctly -- expected a longer, personalized security check, but I was on my flight on time, as expected.
Yes, things have changed in that time with regard to the zealousness of the TSA, but the laws and regulations behind them have not.
My friend drunk drove and crashed, the cop —correctly— gave him a long talk about how that’s a bad call, then let him off. Does that mean drunk driving is now legal?
You have the right to travel without ID in the U.S. The TSA may demand it, and may tell you it's legally required, but that doesn't make it true.
"In fact, the TSA does not require, and the law does not authorize the TSA to require, that would-be travelers show any identity documents. According to longstanding practice, people who do not show any identity documents travel by air every day – typically after being required to complete and sign the current version of TSA Form 415 and answer questions about what information is contained in the file about them obtained by the TSA from data broker Accurint…."
If you have any friends or contacts or family who have ever shared any private information with you of any kind (phone number, address, photo, private opinions, etc.) you damn well have something to hide.
That was a callback to "if you have nothing to hide, you have nothing to fear." Even if that didn’t land, I think it's clear from the rest of the context that I don't intend to provide my passcode.
Further down, paragraph 5.3.3 says they could detain your phone if they could not bypass the passcode. What are they checking. How many times I read memes making fun of El Leader?
You can reach a point where the phone number you used for 2FA has been "used too many times" and then you're stuck in the middle of registration. There doesn't seem to be any documented limit anywhere and the only solution people have been able to use is find someone else to help you verify with their phone number. What makes this more difficult is when you get logged out of one of your accounts, they ask for a phone number for 2FA to login, you provide the same phone number you used originally (even though it is not officially associated with your account, just to verify registration), but that fails because your number has apparently been used too often. So now you can't even log in to your valid account that already exists. Sure, should have added some other form of 2FA or a passkey to the account, but why can't I verify with the same number I used originally? And just to top things off, you can't use your Google Voice number for 2FA account verification when signing up for another Google service.
The number is not associated with your account, it is just used to verify legit account creations. Retroactively nuking an account due to using a "banned" phone for account creation verification would be wild and not in Google's best interests.
I'm constantly spinning up new accounts for clients and I've used my number on way more than 4 accounts, so maybe it is on a rolling basis over some time period?
>> I have wasted a significant chunk of my life counting out small numbers of parts into bags and posting them to people.
So, small parts like this are always counted by weight, and I'm wondering why you would spend so much time on a counting solution when "buy a scale" is right there.
He's counting out like 6 at a time. He needs a fast way to pick small quantities precisely, not a fast way to check large quantities. Once they're picked they're easily verified by eye.
In volume, small parts are dispensed by carefully designed machines, and then the result is counted by weight. You still need control of the dispensing, and as he's putting in small numbers of items the counting is the easy bit.
He needs 6 screws at a time, and the goal is to save time compared to counting manually. I'd guess that 7 would probably be fine occasionally -- maybe even 8 from time to time if the process is fast enough. I'd further guess that 9 screws is a non-starter (screws are inexpensive, but 9 represents 50% waste, which is quite a lot).
The lower limit is hard-set at 6 because the kits that he's producing and selling require exactly 6 of these screws for end-user assembly.
A small cup that would reliably scoop out at least 6 screws and no more than 7 or 8 screws sounds like a simple and elegant concept.
What does this cup look like? Is it faster to use this cup than counting by hand is? (Is it faster than the reproducible screw counter that he's already built?)
Up to roughly 100 bills it's pretty much bang on - even with a cheap $10 scale (American Weigh Scales Digital Pocket Scale has a bunch of different options). Each bill weights roughly 1 gram. So - accurate to within 1% - and presumably the banks have better scales.
I suspect at scale (moving either a lot of batches or large batches), you also need to take variance into account more. Some bills might be dirty or have stuff stuck to them, some bills might be damaged and have bits missing? And other things that occur in practice that I can't think of from the comfort of my armchair in 30s.
I’m building an app that facilitates discovery and eases payments for roadside stands that sell produce, honey, maple syrup, eggs, firewood, crafts, etc. The concept is that any roadside vendor can sign up for free (forever, no add-ons or upsells) and they have an online home for their home business. The vendor can list up to 3 stands and show off the products they sell in each stand. Users can discover stands near them by list, search, or map, view the vendor and stand details, ratings, payment methods accepted, etc. When arriving at a stand the user can scan a QR code which opens a web cart, allowing them to add products they are going to purchase and then “check out” using one of the vendor’s stated payment methods like Venmo, CashApp, PayPal, Apple Cash, Zelle, or good old hard currency. We make these payments easier by standardizing the check out experience but we do not facilitate payments at all - these stands have always been and will continue to be self-serve on the honor system. Once you’ve paid, you get a receipt and take your goods. The vendor gets an alert that a sale intent was started and by which method so they know where to look for their revenue. In the future we may help with some basic reporting and very light inventory management if vendors ask for it. We allow users to alert the vendor if a stand is out of stock, which is also reflected in search so other users are informed as well. Users can then ask to receive re-stock alerts as the vendor restocks.
Then of course users can favorite stands and products, share them, rate them, and create shareable collections of stands they curate (The Honey Trail or Summer Sweet Corn All-Stars, etc.). Eventually we will be adapted for events like farmer’s markets, craft fairs, and christmas markets.
I built this because I am a maple syrup producer (tapping starts in a few short weeks from now) and I’m starting to get into mass sales of my syrup. I felt like people who produce and sell these products put a lot of hard work into the process and deserve a legit discovery tool as well as a basic stand management system that does not make them change their process or get in their way. An app like this costs basically nothing to run and I will ensure it is free to use as long as I am in charge. I’m testing this week and likely soft-launching in the next couple weeks - the goal is to be online around March 1.
It was just going to be web-only (Supabase with a Svelte front end) but after Claude put me in timeout last week I tried Antigravity and now have 80% of an iOS app and will scaffold my Android app in the next month - so native apps will follow a web release pretty quickly.
It's easy to see the word Waymo and think clanker autonomous car, but there are very often people inside that car - they are a rideshare service after all. Calling endangering other humans "legitimate" because you dislike the taxi company is not a good look.
lol same. Hilarious when this shit goes down that we all rely on like running water. I'm assuming GitHub was hacked by the NSA because someone uploaded "the UFO files" or sth.
I'm just getting started in iOS development as a hobby, but what does this mean? Can I now build my app in Xcode with an Android target and use that binary in the Play Store? It surely can't be that easy now is it?
> Can I now build my app in Xcode with an Android target and use that binary in the Play Store?
No. The vision document[1] lays out the direction of travel. Currently the focus is on shared business logic and libraries, rather than full native applications (although that's certainly a goal, albeit a very long term one).
The SDK doesn't quite work that way, your iOS-specific dependencies like SwiftUI and UIKit aren't available. For SwiftUI development, [Skip](https://skip.tools/) has a transpiler that translates your SwiftUI code into Jetpack Compose.
Without Skip, you can still share other code through JNI - similar to Kotlin Multiplatform.
Not yet, and possibly not ever quite from Xcode. But using Swift CLI tools, yes.
The example Activty I saw is pretty rough ergonomically, but I have no doubt an ergonomic, SwiftUI-like library could be built on top of what’s currently there and/or on the roadmap.
I built https://invoicepad.app which is a free, completely in-browser tool for creating invoices, estimates, and quotes. Yes, similar apps have been posted here before, but none were built the way I envisioned, so I made my own. The key difference: all invoice data is stored in the URL hash, not the querystring. This is important because querystrings are sent to the server with every request, while hashes stay local to your browser. This means I can never see your invoice data, unlike other similar apps. The workflow is simple: use your browser's bookmark manager as your invoice filing system. Or if you want to keep it offline, just copy and paste invoice URLs into a text document for storage. I’ve also included helpful features like saved profiles to save on repeated data input. The next step is to finish working on a browser extension (v1 is being tested) to make bookmarking, editing, and saving changes even easier, that is if I ever stop being distracted by other side projects.
I recently moved two sites from GoDaddy's predatory WordPress offering (they were charging $1k a year just for some security add-on) to use Hugo + DecapCMS + AWS Amplify. Decap is a fantastic "good enough" CMS to do anything clients of this size need, the only downside is it takes about 1 minute to deploy any changes. Amplify let's you lock a version of Hugo to use, or bring your own, and it will build and deploy your site on any new commit if your repo is in Github or Gitlab. Both clients are currently billed $0.51 per month, and the only reason it is that high is because Route53 costs $0.50 per month per hosted zone. So both these clients went from paying nearly $3k each year for a WordPress site to paying just over $6 a year for a site with nearly the same functionality and none of the maintenance or security concerns. And once everything is all set up, which honestly is not that hard, the only "tech" they need to know is how to sign into Gitlab, which are the credentials they use to log into their Decap admin.
I mean, yes, that sort of setup is less fragile than someone's clobbered-together homebrewed site, but it still requires a dev to maintain. What happens to your client's site if you or they can't maintain the dev-client relationship anymore, for any reason? They'd have to find another dev willing to take over that setup from you.
That sort of thing sounds great for an agency managing multiple sites running off the same template and framework, but for freelancers, it's still too bespoke to be easily portable between clients, hosts, and other freelancers. If someone came to me with a stack like that (and they have), I'd offer to help them migrate it to a more standard setup like Wordpress or Wix for a one-time cost, after which they would pay the vendor directly. But otherwise I wouldn't want to be responsible for maintaining it, especially for just one or two clients.
It's just way too much setup and maintenance. The AWS setup time would itself cost (in dev hours) a month or two's worth of hosting, and Hugo updates or DecapCMS changes would take even more time. Even if the costs to me were $6 a year, the dev hours required to keep a site like that going would far surpass what it would cost them to just pay $20 a month for a vendor-hosted + managed system.
It also introduces multiple points of failure, and if I were hit by a bus or something went wrong while I was on vacation, they'd have no idea if they need to talk to their web host, their CDN, AWS, DecapCMS, Github, or me... they probably don't need to talk to me at all (nothing I can do about any of those services if they have an outage), but they will have no support outside of me.
I don't have anything against self-hosted setups like that for the right audience — I have many such ones myself — but I think they're way more trouble than they're worth for clients who aren't already web-savvy.
I work for another headless CMS (not Decap) and I frequently have to try to help customers who inherited an old site from another agency who didn't properly explain what a headless system is, and they get really frustrated because they end up having to pay a few hundred dollars to a third-party dev just to add a new article category or whatever. It's the kind of thing that would take them ten minutes on Wix/Squarespace/Wordpress, but requires a dev for a stack like you're recommending, and it'd take anywhere from a few minutes (if it's a common stack, like Next/Astro + Vercel) to several hours/days (anything more than 2-3 years old, especially). That will far, far exceed the time and money it takes to host for several years on any of the standard consumer platforms.
For some of these sites, even the original developer who first made them for the first owner didn't want to take them on again — they knew how much work it would be to update them to a usable state again (but that's usually more Gatsby than Hugo).
I'd be very, very wary of recommending such a stack to anyone who is not working with an agency or is already themselves a developer.
reply