Show more
sneak boosted

yet another new apple phone-home process you can block all network for: ndoagent, the new device outreach agent, which as far as i can tell only exists to upsell spam you. it phones home to fetch cdsassets.apple.com/library/AP which doesn't have much in it.

more info at

/System/Library/PrivateFrameworks/NewDeviceOutreach.framework/ndoagent

I just observed a regression on CVE-2022-32857 (plaintext TSS signing during OS update, leaking unique identifiers to the network via http/80 connections to gs.apple.com) on 13.1 (M1) when updating to 13.2. My system's ECID was transmitted in plaintext.

apparent apple software update (13.1 -> 13.2 on M1) phoning home (xp.apple.com is telemetry AFAIK) admittedly via private relay (to obscure client ip) but this is happening with analytics OFF.

apple is using their private relay service (which presumably obscures client ip from apple APIs, but let's take them at their word on this) for a lot of macos-to-apple connections these days.

...including the connections to xp.apple.com from the T2/M1/M2 updater process during macOS updates. however, i have analytics off, and no telemetry from my machine should be going to xp.apple.com regardless, IP address obscured or not. :/

sneak boosted

behold, a penguin

(too tired to figure out the colors now, good night)

it used to be that a macos would continue to work right if you blocked configuration.apple.com (apple's remote feature flags api, as far as i can tell). now if you block that, you won't even see the current software updates available on m1.

sneak boosted

@gordonmb @gruber @kbarker @briankrebs @mmasnick @Edent

Let's suppose you're right. It's inexcusable to upload hashes of my pictures to a third party without my explicit opt-in. No?

all consumer electronics should support zigbee for pushing any/all buttons/selectors on them. all monitors should expose each input selector as a zigbee button, brightness up/down, etc.

sneak boosted

so despite home assistant suggesting that you can install it using a docker container, one of the main value-adds, "addons", does not work unless you install their custom distro on bare metal or in a VM. cool. ugh.

now macOS is asking me for an apple id login to "Update Apple ID Settings", because "Some account services will not be available until you sign in again."

I never signed in. I don't use an Apple ID. What account services does it think I want?

sneak boosted

the home assistant web interface phones home for all sorts of crap back to the mothership

shoutout to traefik which defaults phone-home to false and requires opt-in consent to enable its bundled surveillance.

police murder a hundred people a month in the USA.

in 44 hours in california, 19 people were killed in mass shootings.

in those same 44 hours in california, 90 people died of covid.

i'm actually proud of the fact that i don't own an rj45-db9 serial console cable any longer.

Show more
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!