Note that this isn't "Mac's sandbox system", it's TCC. That's an important distinction to make, because apps that have opted into the proper App Sandbox can't do this... they don't even have the ability to display a…
> Assuming your carrier bothers to run RCS, the protocol works just like MMS and SMS do. If your operator doesn't peer with other operators then you'll have the same issues getting any kind of multimedia delivered from…
As an aside, the IMS stack used to implement SMS/MMS/RCS on Android is super cursed. A lot of the heavy lifting is handed off to the OEM, for example, Pixel devices hand it off to the Qualcomm modem. (Meaning Android…
Unfortunately, I think what a lot of people don't know is that RCS actually has "client authenticity verification"[1]... the RCS server has to actively approve any attempts for a client to connect, if it's…
All of these errors have now been stealth-corrected. New strategy discovered: Ask LLM to write article, nerdsnipe HN into correcting it, feed corrections back into LLM until people stop complaining
I'm pretty sure this is just incorrect. According to the linked report[1], they tested it for compatibility with OpenDrop, so I think they simply implemented AWDL. That might also explain the limited Pixel 10 rollout,…
Jibe actually will ask iOS for App Attest attestation (this is actually spec, unfortunately: see section 2.11 Client Authenticity in RCC.14) So it is entirely plausible that they banned the device, I guess. (Or they…
This is sort of what Mach does with "out-of-line" messages: https://web.mit.edu/darwin/src/modules/xnu/osfmk/man/mach_ms... https://dmcyk.xyz/post/xnu_ipc_iii_ool_data/ (this is used under-the-hood on macOS:…
I know some projects like Koreader[1] use Lua as their primary application language. If you could convince one of them to switch, it would provide some assurances about the maturity and popularity of the idea. [1]:…
Yeah, uh... you might do well to assume that they can. The Find My Friends API is really really simple, I have a script somewhere that can pull the locations of everyone who has shared their locations with me and record…
To clarify some points, though I'm sure all will become clear when this releases: + This is NOT hardware attestation. It's simply using a combination of things such as serial number and other device identifiers to prove…
…I wonder if this could be used to implement AWDL (Apple Wireless Direct Link) for use with AirDrop… if I recall correctly, the blocker on normal WiFi chipsets is being unable to send the ACK frames, which this should…
Unfortunately, there are many typos in my code :P On the other hand, I'm not sure if this is a typo on Apple's part, but it certainly is weird: you must use "WindowSerial" here[1], not "WindowsSerial" with the extra s…
I was thinking of finding a way to extract it directly from old Mac OS X updates downloaded directly from Apple... anyway, Beeper's app doesn't use it, that's purely a hack I came up with to make the proof-of-concept…
While I will definitely agree that Signal is more secure: There is a newer version of the iMessage encryption (sometimes called "pair-ec") which uses ECIES. Beeper implements it, I never got around to backporting it to…
Note that this isn't "Mac's sandbox system", it's TCC. That's an important distinction to make, because apps that have opted into the proper App Sandbox can't do this... they don't even have the ability to display a…
> Assuming your carrier bothers to run RCS, the protocol works just like MMS and SMS do. If your operator doesn't peer with other operators then you'll have the same issues getting any kind of multimedia delivered from…
As an aside, the IMS stack used to implement SMS/MMS/RCS on Android is super cursed. A lot of the heavy lifting is handed off to the OEM, for example, Pixel devices hand it off to the Qualcomm modem. (Meaning Android…
Unfortunately, I think what a lot of people don't know is that RCS actually has "client authenticity verification"[1]... the RCS server has to actively approve any attempts for a client to connect, if it's…
All of these errors have now been stealth-corrected. New strategy discovered: Ask LLM to write article, nerdsnipe HN into correcting it, feed corrections back into LLM until people stop complaining
I'm pretty sure this is just incorrect. According to the linked report[1], they tested it for compatibility with OpenDrop, so I think they simply implemented AWDL. That might also explain the limited Pixel 10 rollout,…
Jibe actually will ask iOS for App Attest attestation (this is actually spec, unfortunately: see section 2.11 Client Authenticity in RCC.14) So it is entirely plausible that they banned the device, I guess. (Or they…
This is sort of what Mach does with "out-of-line" messages: https://web.mit.edu/darwin/src/modules/xnu/osfmk/man/mach_ms... https://dmcyk.xyz/post/xnu_ipc_iii_ool_data/ (this is used under-the-hood on macOS:…
I know some projects like Koreader[1] use Lua as their primary application language. If you could convince one of them to switch, it would provide some assurances about the maturity and popularity of the idea. [1]:…
Yeah, uh... you might do well to assume that they can. The Find My Friends API is really really simple, I have a script somewhere that can pull the locations of everyone who has shared their locations with me and record…
To clarify some points, though I'm sure all will become clear when this releases: + This is NOT hardware attestation. It's simply using a combination of things such as serial number and other device identifiers to prove…
…I wonder if this could be used to implement AWDL (Apple Wireless Direct Link) for use with AirDrop… if I recall correctly, the blocker on normal WiFi chipsets is being unable to send the ACK frames, which this should…
Unfortunately, there are many typos in my code :P On the other hand, I'm not sure if this is a typo on Apple's part, but it certainly is weird: you must use "WindowSerial" here[1], not "WindowsSerial" with the extra s…
I was thinking of finding a way to extract it directly from old Mac OS X updates downloaded directly from Apple... anyway, Beeper's app doesn't use it, that's purely a hack I came up with to make the proof-of-concept…
While I will definitely agree that Signal is more secure: There is a newer version of the iMessage encryption (sometimes called "pair-ec") which uses ECIES. Beeper implements it, I never got around to backporting it to…