EsquireCats
About
- Username
- EsquireCats
- Joined
- Visits
- 128
- Last Active
- Roles
- member
- Points
- 5,578
- Badges
- 2
- Posts
- 1,268
Reactions
-
Spotify blows through 2021 HiFi streaming deadline, with no release in sight
-
EU carriers want Apple's Private Relay blocked
While that's a nice attempt at hiding their objective (selling visitation data) with the commission's favourite kind of language, the commission isn't f'kn stupid for this transparent attempt at trying to block the privacy feature.
It's an opt-in VPN, and it's sufficiently localised to not interfere with local content bans.
-
Lower-priced Apple external display rumored to be on the way
I eagerly await Apple to return to making a display that includes a camera and speakers. The LG UltraFine 5K screen that Apple no longer sell was an absolute disaster - after buying it I quickly remembered why I swore away from pricy 3rd party displays. This screen was reputation damaging:- It would receive interference from nearby wifi devices, which would crash the system
- It was slow to wake, or often didn't wake at all - sometimes waking with subtle visual distortions, or again crashing the system
- It has a sub-par viewing angle and excessive light bleed from the edges
- It was freaking expensive for being a dud product and LG made it near-impossible to return it
-
Roku update that broke AirPlay & HomeKit has yet to be fixed weeks later
As for the AppleTV being a "hobby" - seems Apple treat their "hobby" more seriously than Roku treats their main revenue stream.
I always keep these sorts of things in mind when people faff on about home vendor-bias and antitrust. I'm keenly aware of these things, but if the competition behaves like garbage their failures aren't the result of anticompetitive behaviour.
Take Spotify for example, how long did it take them to get an Apple Watch app? While other music vendors were in there early. I pop them and Roku right into that basket of vendors that don't take their main business seriously and frequently disregard their customers for unexplainable reasons.
-
NSO Group's exploits rival those of nation states, security researchers say
h4y3s said:Anyone have more details?
Here is the first part of the deep dive: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
to over-simplify it (because it truly is a nation-state level hack.)
1. Overflow in a seldom used dependency that is actioned prior to blastdoor.
2. That overflow is carefully manipulated to utilise certain features of an image decompressor to establish a basic set of operators (AND/OR/XOR etc.) These are the fundamental building blocks of electronics circuits, aka processing on a computer.
3. Those building blocks are then used to build (I'm not joking) a full computer architecture including registers, a full 64-bit adder and comparator which then runs the relevant scripts to boot strap the next stage of the hack.
4. The article stops here, but the next part will detail how this is used to break through the relevant sandboxing to the installation of the spyware.
The fragility of it is exceptional, but the time and cost to develop such an exploit is what's more remarkable. It also forms a good argument about removing seldom used features and retiring old standards. The JBIG2 format provided the necessary tools for this exploit to run, but also is largely irrelevant and seldom used. It may just be better to remove that functionality altogether. (JBIG2 decoding is included as part of support for PDFs.)
Edit: Just as follow-up, Apple made a number of changes to address this entry method. Moving more areas to inside Blastdoor as well as greatly restricting the number of available formats available for Messages (i.e. just the ones it's meant to support.)