Hacker Newsnew | past | comments | ask | show | jobs | submit | mrsaint's commentslogin

I had the same feeling when I read the interview along with the attached screenshots. A nice way to start a Sunday morning.


My recipe: "Windows 95 System Programming Secrets" by Matt Pietrek and "Unauthorized Windows 95" by Andrew Schulman, years of fooling around with NuMega SoftICE, lots of IRC, lost youth, yet lots of fun.


i miss softice so much (but not fixing my clock)


When challenged why we'd scrum since we were doing better as a whole before (better products, happier devs), mgt replies that they'd need scrum to detail the work we did so that they could write longer bills to the clients.


Wow, that's remarkable honest of them! I actually respect and appreciate that a lot more than I would some BS about it being for your own good or whatever.


Fortunately it can be disabled: Share error and usage reports - off; Digital Wellbeing Initiative - off; App Categorization - off


Another one, close to Frankfurt, Germany: https://www.digitalretropark.net/blog/


How could Apple properly review something like this? Isn't it one of Apple's selling pitches that they'd review each app for malicious activity before it makes it to the app store?


So, a tricky piece here is that this appears to be behavior of the TikTok web site. Obviously Apple makes no attempt (nor claim) to review the behavior of every web site accessible in Safari from an iPhone. And other native apps can embed WebKit-based web views into their apps.

The good news is that the scope of "malicious activity" is (at least in theory) much smaller when you constrain it to what web sites can do, as opposed to the scope of what can be done by executing ARM instructions and making syscalls.

The bad news is that the scope of "things web sites can do" keeps growing and is fingerprintable.


Apple has previously banned Apps for their backend content if they didn't like it. It's just that TikTok is too big and Apple is full of shit.


Apple only cares "really deeply" about ethics where there is no financial penalty attached. China would be an obvious exception to this.

https://www.theinformation.com/articles/facing-hostile-chine...

Note: This is the same as having no ethics.


> the code that is deployed on TikTok's _website_

This isn't regarding the app at all, which is likely not as heavily obfuscated as this (mostly because you can't just "view source" on an app).


> How could Apple properly review something like this? Isn't it one of Apple's selling pitches that they'd review each app for malicious activity before it makes it to the app store?

They couldn't. Apple does not perform any meaningful review of apps for malicious activity, do they do it for rent seeking.


I used to develop Apache Cordova application that had strong obfuscation using javascript-obfuscator. Apple didn't care.


They can't and most likely would kick the app out of the store, hence why this is the Website code.


Ditto. As an Android user, I am glad Pushbullet exists, and my whole daily workflow depends on it. Kudos.


How I wish there was a native version of ZTree for Linux.


Using borg here:

- configured through Borgmatic

- encrypted

- long retention (daily, weekly, monthly)

- stored on a relatively fast and large external backup disk (right now a Sandisk Extreme Pro SSD)

The backup plan is automatically triggered when I connect my notebook to the docking station. Never failed me and already saved me from the embarressment of accidently modifying or deleting important files that are not part of a git repo.


"By default" means it's just a switch in the Bios to fix this issue? If yes, not a big deal, is it?


For now. And BIOS can be updated.


But does the option in question enable third party certificates, or disable UEFI entirely?


There's a separate option for each.


It may come with many secrets baked into the security processor already, like your Windows license, or you may have used your computer for some time, and stored some secrets with keys stored in the processor.

You'll lose these secrets and keys, forever. They may be private keys, decryption tokens and more.

You may not be able to regenerate them and get everything back.

Edit: Windows (license) keys are not in the TPM apparently, my bad, sorry. Keeping the above text for context correctness.


You've posted this claim repeatedly but I don't think it's true. The Windows keys are not in the TPM.


According to this: https://superuser.com/a/1398914/38072

BitLocker uses TPM to store HDD encryption keys.

I suppose you need it to resize the partition without deleting your encrypted Windows data, at least.


Thanks for the info!

I have said may because I'm not using Windows on my systems for the last 20 years. IF they're not doing that, it's great, honestly.

I don't claim to be 100% correct, and kindly pointing that I'm wrong is enough to update my wrinkly muscle.


Nope, Windows keys are not in the TPM. Only BitLocker uses it in any common scenario and that you can disable before changing UEFI settings (or enter a recovery key), you can also use BL without a TPM.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: