Readit News logoReadit News
cremp commented on Apple cuts off Beeper Mini's access   techcrunch.com/2023/12/08... · Posted by u/coloneltcb
georgespencer · 2 years ago
> It's not a super serious comment, it's more about how ridiculous the tone of "We are doing this for YOUR protection" would be.

Right now I can presume a basic level of device security across all iMessage threads I have. Beeper deranges that: E2EE is still there, but Beeper exposes my correspondence to device security weaknesses from other OEMs, malware, keyloggers, screen scrapers, etc. as a result of lax app marketplace security & privacy.

It seems to me to be entirely disingenuous to suggest that Beeper increases security: in fact, the opposite is true.

> in the end Apple absolutely has the power of increasing everyone's capability and security by doing something like setting up a playbook of how iMessage could just use Signal protocol and how other actors could join in, or really anything else but doing this.

I don't see why any company should be denigrated for not helping the users of another competing platform, particularly when doing so likely comes at the cost of increasing the risk to its own users.

cremp · 2 years ago
> a basic level of device security across all iMessage threads I have

Is that really true though? Jailbroken phones, iMessage may still work. Any device security gets thrown out the window.

You also can't expect everyone to have an Apple device for security, which we've seen time and time again SS7 being weak - So is the requirement to remove SS7, for everyone to jump on the Apple train?

I see Beeper as doing Apple a service, not so much a competing platform, but a gateway to the iMessage ecosystem - 'Hey, this would be pretty cool to use without this app and have it native' vs the 'Only Apple devices can use this.'

cremp commented on Flowtrackd: DDoS Protection with Unidirectional TCP Flow Tracking   blog.cloudflare.com/annou... · Posted by u/jgrahamc
njsubedi · 5 years ago
More and more of the internet is now moving behind Cloudflare, one feature at a time. I saved some serious amount of money by just by using free service they offer. I am astonished every time Cloudflare comes up with a solution for the problems of the internet.
cremp · 5 years ago
> More and more of the internet is now moving behind Cloudflare

This is a big double-standard here on HN. Everyone hates Google for making decisions on behalf of the internet as a whole; yet Cloudflare has done the exact same thing with a different OSI layer.

I'm not very trusting of Google, but I certainly dont trust Cloudflare any more-so, because they keep things much closer to the chest.

cremp commented on Reverse Engineering Snapchat: Obfuscation Techniques   hot3eed.github.io/snap_pa... · Posted by u/3eed
3eed · 6 years ago
OP here. About half are off the shelf. Joint functions, the breakpoint infinite loop, in-house memmove, the overflowing thing, those I haven’t read about anywhere before.
cremp · 6 years ago
For the overflow, Jagex with RuneScape did it in Java. They also did stupid Object arrays 7 or so levels deep, doing casts on casts in between. The bytecode itself made the actual runtime slow to a crawl (anywhere from 5 to 10x slowdown.) This was circa 2014.
cremp commented on GE Fridge DRM Workaround   gefiltergate.com/... · Posted by u/crmrc114
iforgotpassword · 6 years ago
But it's factored into the price. TV prices fell a lot during the last two years or so. They earn from the ads, they sell your usage stats. You get a subsidized TV. Don't connect it to the net.
cremp · 6 years ago
Spit-balling; when will they put GSM chips in them? The cost of a data-plan could easily be reached with estimated figures for ads and selling usage data.
cremp commented on AWS CodeArtifact: A fully managed software artifact repository service   aws.amazon.com/about-aws/... · Posted by u/rawrenstein
StreamBright · 6 years ago
We have used S3 successfully several times. You can create a Maven repository, use it as RPM repo and many other use cases to host artifacts. I am not sure what functionality is missing that cannot be implemented on the top of S3 and requires CodeArtifact.
cremp · 6 years ago
For maven, to push artifacts via the correct mvn deploy:deploy-file requires a S3 wagon (transport layer) software to actually make the S3 calls. For bigger orgs, having everyone use a wagon is a non-starter.

All I'm seeing this does is give the proper http endpoints so you dont need the wagon. Is it worth ~2x the price, no, but it's better than the other enterprise-y solutions.

cremp commented on Resuming SameSite Cookie Changes in July   blog.chromium.org/2020/05... · Posted by u/feross
anderspitman · 6 years ago
Can you recommend a good article that gives an overview of the issue? I'm not really familiar with how SSO is implemented and why SameSite breaks it.
cremp · 6 years ago
Samesite won't break it if you set it none. Eg samesite=none Google failed to set it before the official rollout.

Reason is that sso effectively uses an iframe or popup to a 3rd party auth provider (Google, Microsoft, Auth0...) Provider saves a cookie with that state (from something like accounts.google.com) and usually reads it back from first party context.

If samesite is not set to none, supporting browsers are not allowed to write cookies on the auth domain from the firstparty context, and so the firstparty scripts don't think it ever happened, even though it did. First party scripts can't read it and so sso failed.

cremp commented on Resuming SameSite Cookie Changes in July   blog.chromium.org/2020/05... · Posted by u/feross
cremp · 6 years ago
It should be noted that SameSite was broken with Google Sign-in because Google themselves never set the None attribute before they reverted the rollout in April. [0]

This is a killer for all federated login systems.

[0] https://github.com/google/google-api-javascript-client/issue...

cremp commented on The FBI tracking your browsing history without a warrant might be the beginning   cybernews.com/news/the-fb... · Posted by u/nicedicerice
gvjddbnvdrbv · 6 years ago
Her husband did NOT have diplomatic status.
cremp · 6 years ago
Corrected; Thanks.

Didn't realize the US was that bad.

cremp commented on The FBI tracking your browsing history without a warrant might be the beginning   cybernews.com/news/the-fb... · Posted by u/nicedicerice
RobRivera · 6 years ago
>you're fucked

I'm sorry but any anecdotal spinning of history and current events supporting a bold claim about the downfall of western society is just outright non scientific, immeasurable, and quite frankly below educated discourse.

Now if you have a thesis about the sunset of western hegemony backed by reduced gdp numbers, geopolitical influence, and crime stats, thats a more worthwhile discussion.

Call me old fashioned, but passionate cries of wolf really Re just that until you show me the data

cremp · 6 years ago
Going full tinfoil hat...

We've seen the GDP number manipulated during this crisis, Gov propping the economy up with lots of self-debt that we cant pay back.

We've seen that other developed counties in the world bawk at us. Example being the American woman who killed a guy in the UK by driving on the wrong side; and the US said she had diplomatic immunity, when she did not. [0]

Crime stats... Crime isnt crime if it isnt punished or even taken to the courts proper. A sitting president was impeached, but not removed from office. He was charged with high-crimes. If you need a statistic, just look at how stacked the government is from a 2-party system.

I'd completely agree that America is fucked.

[0] https://en.wikipedia.org/wiki/Death_of_Harry_Dunn

cremp commented on iOS 13 app tracking alert has dramatically cut location data flow to ad industry   appleinsider.com/articles... · Posted by u/clairity
lalos · 6 years ago
Next step is to download Lockdown, open source and on device firewall. It also offers a VPN with an in-app purchase (kinda confusing when you are setting it up), but for free you get the firewall only. Easy to enable and block known ad-trackers (including FB sdk and Google Ads). Highly recommend. It's also made by ex Apple engineers, in case that helps for building trustworthiness.

https://apps.apple.com/us/app/lockdown-apps/id1469783711

https://github.com/confirmedcode/lockdown-ios

cremp · 6 years ago
Maybe I'm just skeptical and a cynic, but...

> VPN with an in-app purchase

Lets pay for a product, and they have the ability to sell that data.

I get, acting like a pi-hole and what-not but, a VPN for that task seems overkill.

c

u/cremp

KarmaCake day423March 28, 2017View Original