Ric Ford:
MIST – macOS Installer Super Tool – is a remarkable Mac app from Nindi Gill that greatly simplifies the processes of downloading macOS and firmware versions that Apple itself complicates and makes difficult (especially with older releases).
See also: SUS Inspector.
Previously:
Update (2024-12-06): ednl:
There is also still the Python download script “installinstallmacos.py”.
And I saw this page that catalogues a bunch of options, including that script and MIST.
Installer Mac Mac App macOS 12 Monterey macOS 15 Sequoia MIST Open Source Software Update
Kevin Collier:
The hacking campaign, nicknamed Salt Typhoon by Microsoft, is one of the largest intelligence compromises in U.S. history, and it has not yet been fully remediated. Officials on a news call Tuesday refused to set a timetable for declaring the country’s telecommunications systems free of interlopers.
[…]
In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China’s intercepting their communications.
Via John Gruber:
It seems kind of new for the FBI to call encryption “our friend”, but now that I think about it, their beef over the years has primarily been about gaining access to locked devices, not eavesdropping on communication protocols. Their advocacy stance on device encryption has not changed — they still want a “back door for good guys” there. Their thinking, I think, is that E2EE communications are a good thing because they protect against remote eavesdropping from foreign adversaries — exactly like this campaign waged by China. The FBI doesn’t need to intercept communications over the wire. When the FBI wants to see someone’s communications, they get a warrant to seize their devices. That’s why the FBI wants device back doors, but are now encouraging the use of protocols that are truly E2EE. But that’s not to say that law enforcement agencies worldwide don’t still fantasize about mandatory “back doors for good guys”.
Pieter Arntz:
Sophisticated state-sponsored campaigns from China are constantly targeting network appliances and devices. Among the culprits are four major APT groups: Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant. Volt Typhoon made headlines earlier this year when the FBI removed their malware from hundreds of routers across the US.
The infrastructure that the US government relies to communicate on is made up of the same private sector systems that everybody else uses. By abusing their components that make up part of the infrastructure, the Chinese are said to have been able to eavesdrop on political and industrial leaders in multiple countries.
John Gruber:
While writing the previous item regarding the FBI encouraging the use of E2EE text and call protocols, I wound up at the Play Store page for Google Messages. It’s shamefully misleading regarding Google Messages’s support for end-to-end encryption. As I wrote in the previous post, Google Messages does support E2EE, but only over RCS and only if all participants in the chat are using a recent version of Google Messages. But the second screenshot in the Play Store listing flatly declares “Conversations are end-to-end encrypted”, full stop. That is some serious bullshit.
I don’t see what the big deal is when the third sentence of the description says: “End-to-end encryption is on by default when you message other Google Messages users who have RCS enabled.”
Apple marketed iMessage as end-to-end encrypted for years, even though it really wasn’t if you had iCloud backup enabled. And it still isn’t, by default—you have to opt into Advanced Data Protection. Neither the App Store nor the Messages & Privacy page mentions this.
Tim Cushing (Hacker News):
The Government executed a search warrant at Defendant’s residence and seized fifty-two devices, including an iPhone and an iPad. Law enforcement identified contraband on several devices, but could not examine the iPad, which was passcode-protected, or the iPhone, which would not power on.
The Government retained the iPad and iPhone for over a year.
Eventually, with the assistance of a digital forensics expert who had not previously been involved in the investigation, the Government was able to repair the iPhone and power it on. The Government then applied for, and received, a new search warrant. Pursuant to this authority, agents searched the iPhone and—thanks to intervening developments in digital forensics tools—the iPad.
The most logical assumption would be that a non-working device would be of limited evidentiary value. But the DHS (whose Homeland Security Investigations unit took point in this case) apparently felt otherwise.
What’s almost hidden here is that reviving the phone led to the government being able to crack it, despite the presence of a passcode. And, in case you’re still wondering about the value of walled gardens, cracking the iPhone immediately led to cracking the iPad, which suggests if the government has one Apple device owned by a suspect it can get into, it can probably get into the rest of their Apple devices.
[…]
This is another government party extensively modifying seized property to make it more receptive to phone-cracking efforts. One would think a court would need to be apprised of this opportunity before it became a reality, if for no other reason than the original warrant only authorized a search, not the literal cracking of a cell phone (or its casing, at least) to replace a circuit board and install new firmware.
This was apparently an iPhone 6, however.
Previously:
AT&T Carrier China Cybersecurity and Infrastructure Security Agency (CISA) Federal Bureau of Investigation (FBI) Google Messages iMessage Privacy Rich Communication Services (RCS) Signal Verizon WhatsApp
SE-0443:
This proposal suggests adding new options that will allow the behavior of warnings to be controlled based on their diagnostic group.
-Werror <group> - upgrades warnings in the specified group to errors-Wwarning <group> - indicates that warnings in the specified group should remain warnings, even if they were previously suppressed or upgraded to errors
[…]
Thus, for example, you can use the combination -warnings-as-errors -Wwarning deprecated, which will upgrade all warnings to errors except for those in the deprecated group. However, if these flags are specified in the reverse order(-Wwarning deprecated -warnings-as-errors) it will be interpreted as upgrading all warnings to errors, as the -warnings-as-errors flag is the last one.
[…]
We are also introducing a new compiler flag, -print-diagnostic-groups, to display the names of diagnostic groups along with the textual representation of the warnings.
I’ve linked to this before, but I wanted to give it a full post because I think it’s important. I’d still like to see even more control over warnings, e.g. a way to suppress a particular warning or deprecation only within a certain region of code, as was possible with Clang.
Previously:
Language Design Programming Swift Programming Language
Ryan Christoffel:
Back in January, when Apple first shared its new App Store guidelines that allowed cloud streaming apps, it was expected that these would pave the way for services like Xbox Cloud Gaming to debut.
Over half a year later, there’s been no news on Microsoft’s front about an upcoming release.
A new report by Tom Warren at The Verge helps explain why. It points to a late July submission Microsoft made to the UK’s Competition and Markets Authority (CMA).
As the public but redacted submission outlines, Microsoft believes that, despite January’s changes, Apple still makes it impossible for cloud gaming services to exist on the App Store.
Juli Clover:
Microsoft’s chief complaint is that the App Store rules require subscriptions and features to be made available on iOS devices with in-app purchase, which is “not feasible.” A consumption-only situation where content is purchased on another platform and played on iOS is not allowed for cloud gaming apps.
Apple’s 30 percent commission fee “makes it impossible” for Microsoft to monetize its cloud gaming service, and it is neither “economically sustainable nor justifiable.”
Microsoft also complains about Apple’s lack of support for alternative app stores and the limitations of web apps, such as an inability to access device hardware features.
Damien Petrilli:
I obviously agree with this.
However coming from Microsoft who charges 30% for all games on Xbox without any alternative allowed. And charging a monthly fee just to access your own internet just undermine their arguments.
[…]
However, like for the printers-cartridges business model, the only way to make [selling hardware at a loss] work is to forbid competition which is illegal.
Previously:
Antitrust App Store Business Game In-App Purchase iOS iOS 18 Legal Microsoft United Kingdom Xbox
