Show more
sneak boosted

Not naming names, but there are some utter cowboys in the #webdev game. An entirely 'random' example for you: a major website launch where a) the mobile version of the website is unreadable and b) they update the A records but leave the AAAA ones pointing to the old site. Drives me nuts.

If anyone ever needs any technically competent web development where things are checked properly before release do let me know 🙂

#rant #webdevelopment #dns #webdesign

so macOS automatically scans local files on your mac for malware, based on remote signatures downloaded from apple.

tidbits.com/2022/09/02/macoss-

anyone wanna bet it can detect anything on your mac that apple wants to detect?

sneak boosted

The perfectly normal thing of checking a buttplug's FCC ID to figure out whether it's plausible to interface it with Home Assistant

sneak boosted
I want the time back when one could make anonymous calls from payphones

exec 1> >(logger -s -t $(basename $0)) 2>&1

sneak boosted

ubuntu including rspamd packages (which are so out of date as to be an active hazard) in ubuntu is really sad and caused me a lot of wasted time today. i literally would have been better off if they didn't have the package in the repo, i would not have to redo this work today.

sneak boosted
sneak boosted

mediaanalysisd seems to not phone home on image preview in 13.2, with live text on or off. then again, who knows if it only does so if its database is a certain age or something?

ok, we've had siri suggestions turned off for ages. now live text is turned off too. let's see what other bullshit this computer does now.

sneak boosted

yet another new apple phone-home process you can block all network for: ndoagent, the new device outreach agent, which as far as i can tell only exists to upsell spam you. it phones home to fetch cdsassets.apple.com/library/AP which doesn't have much in it.

more info at

/System/Library/PrivateFrameworks/NewDeviceOutreach.framework/ndoagent

I just observed a regression on CVE-2022-32857 (plaintext TSS signing during OS update, leaking unique identifiers to the network via http/80 connections to gs.apple.com) on 13.1 (M1) when updating to 13.2. My system's ECID was transmitted in plaintext.

apparent apple software update (13.1 -> 13.2 on M1) phoning home (xp.apple.com is telemetry AFAIK) admittedly via private relay (to obscure client ip) but this is happening with analytics OFF.

apple is using their private relay service (which presumably obscures client ip from apple APIs, but let's take them at their word on this) for a lot of macos-to-apple connections these days.

...including the connections to xp.apple.com from the T2/M1/M2 updater process during macOS updates. however, i have analytics off, and no telemetry from my machine should be going to xp.apple.com regardless, IP address obscured or not. :/

sneak boosted

behold, a penguin

(too tired to figure out the colors now, good night)

it used to be that a macos would continue to work right if you blocked configuration.apple.com (apple's remote feature flags api, as far as i can tell). now if you block that, you won't even see the current software updates available on m1.

Show more
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!