Where are you? In France it is 109€ on <apple.com> (w/o Apple Care).

Finland.

> The regulation states that batteries must be removable using ‘commercially available’ tools

I’m pretty sure that’s more or less already the case, so…

Yes. I used to like Cloudflare.

My website has some points. At least now I know what to do to be even more AI-unfriendly.

Now 400%!

The tooling is getting better and better, thankfully. Just recently they published their official VSCode extension on open-vsx for instance. It’s getting usable now!

Aren’t notifications supposed to be encrypted for Signal?

iOS stores the previously displayed notifications in an internal database, which was used to access the data. It’s outside of Signal’s control, they recommend disabling showing notification content in their settings to prevent this attack vector

They do control the content on the notification. It's a bit odd to put the sensitive text in the notification only to recommend disabling it at the system level.

No. They recommended disabling it at the app level. Only the Signal app can control whether the message contents are included in the notifications.

They do not. They send encrypted notifications. It’s the OS that stores them unencrypted. It’s the OS at fault here IMHO.

Signal does NOT send encrypted notification, they send a blank notification that act like a ping, the actual encrypted data is then fetched by the app itself.

i think they're replying to the "recommendation" part -- if it was recommended, why isn't it the safe default?

i haven't actually seen signal or anyone adjacent recommend that previously though, idk where that claim came from

Sorry, the “recommended” was a bad wording on my part. The recommendation comes from the 404 Media article who did the expose on this incident, not Signal itself.

I’ve checked the Signal documentation page, and there’s no mention of the privacy implications of the setting: https://support.signal.org/hc/en-us/articles/360043273491-In...

You can choose what to show in the notification and there is an option to include the message, so I'm guessing that allowed some unencrypted incoming messages to be read.

Sibling comment explains. The notification does arrive encrypted and is decrypted by an app extension (by Signal), however, if the message preview is shown, it is stored unencrypted by iOS. It is that storage that is accessed.

it seems iOS will drop previews into an unencrypted section. which, Is how I expected iOS notification previews to work without unlocking the phone

This kind of vulnerability is not tied to Signal but all apps which send notification.

They are;

“Messages were recovered from Sharp’s phone through Apple’s internal notification storage—Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).”

ie the messages recovered were 1. incoming 2. stored by the OS after decryption

i also was spooked by the headline :p

That seems to be the expected and normal behavior. The title is a bit misleading.

yeah. Security and privacy are guaranteened by regulations, human management, and small part of the tech.

Little by little, Xcode is making progress. Probably a lot of the improvements come from the open-source and actual work on its build system… It’s still far from perfect, but at least it’s getting better.

Is “$0” (`argv[0]`) correct when the pre-compiled binary is launched instead of the script?

Ahh good question. I had to think a while before I understood what you meant. Let me check when I can.

Nice catch.

edit: you are right. The binary version will result in a different argv[0]. Not sure what'd the best solution would be. Hardcoding doesn't make sense, as symlinks also change argv[0], so overriding is not the way to go.

bash, zsh, and ksh93 support `exec -a` especially for this case.