HackerLangs
TopNewTrendsCommentsPastAskShowJobs

mnls

no profile record

Submissions

Tell HN: iCloud with Advanced Data Protection doesn't delete your files

20 points·by mnls·il y a 6 mois·6 comments

Ask HN: Why most developers write docs for other developers and not for users?

1 points·by mnls·il y a 8 mois·2 comments

comments

mnls
·il y a 15 jours·discuss
I’ll take it even further: I've stopped reading ANY kind of news. Yep, tech news too. And I've realized that I'm not missing anything important or anything that some colleague or friend won't tell me if it’s THAT important indeed. Occasionally I skim read HN and that’s it.
mnls
·il y a 16 jours·discuss
> be left behind

Left behind on what exactly?
mnls
·il y a 16 jours·discuss
The personal computer is getting more and more expensive. Here we are, where it's getting harder and harder to get a computer to create your art but you can get a subscription to any AI company for a fraction of the computer's cost and get your "prompt" art. And that's ridiculous.

Also, leave the multi-trillion company alone
mnls
·il y a 17 jours·discuss
First world problems
mnls
·il y a 25 jours·discuss
Oh I've missed that, thanks!
mnls
·il y a 25 jours·discuss
$120 max and I’m feeling generous. If it had an option to install a messenger of choice (Signal, Telegram, WhatsApp etc) then maybe $140-150.

The whole "people want their data and privacy and all" is becoming the next premium service and/or product and I don’t like that at all.
mnls
·le mois dernier·discuss
Extremely funny. First the fact that Techcrunch asks for adblock disabling and secondly that Meta from all companies has the nerve to ask for subscriptions. All the data harvesting isn't enough? All the terrible "studies"?

The fact that Meta still exists as a company is a valid proof of a failed civilization.

Did I mention that their products are mediocre at best?
mnls
·il y a 3 mois·discuss
Damn!!! And I keep hardening my RSS app which was partly vibe coded and not exposed to the WAN while "professionals" give data away.
mnls
·il y a 3 mois·discuss
People who NEED to hide their notifications from iOS have this already disabled.

They rest who "evaluate their threat models" can practice Spy-life-gymnastics by disabling it from Signal.
mnls
·il y a 3 mois·discuss
[flagged]
mnls
·il y a 4 mois·discuss
Every article that I’ve read in the last 5 years about the RSS revival has a big section explaining what is RSS.

And that’s the answer about RSS renaissance. If you have to explain it, there is zero chance of massive adoption.
mnls
·il y a 6 mois·discuss
UPDATE: Block-level deduplication reveals metadata leakage. I did another test that reveals something more concerning than just data retention. I took the original 100MB random file and modified a single byte in the middle: printf '\x01' | dd of=randomfile.dat bs=1 seek=52428800 count=1 conv=notrunc. This changes 1 byte out of 104,857,600 bytes (0.0000009% of the file). I then re-uploaded it to iCloud. It uploaded instantly again!

Apple isn't hashing complete files—they're doing block-level deduplication on encrypted data. They likely split files into chunks (probably 4MB or 16MB blocks, similar to Dropbox) and hash each block independently. When I changed 1 byte in the middle of the file, only the block containing that byte needed to be uploaded. The other 95+ blocks were already on Apple's servers and were deduplicated.

This means Apple's servers maintain an index of which specific encrypted blocks each user possesses, even though they can't decrypt the content. Even with end-to-end encryption, the server knows the "fingerprint" of every 4-16MB chunk of your data. Research has shown that block-level deduplication enables "deduplication attacks" where you can determine if a user has a specific file without breaking encryption by uploading a known file and see if it deduplicates → user has that file and this works even with E2EE because block patterns are observable server-side.

Well-known files (popular software, movies, documents) have predictable block signatures. Even encrypted, these patterns could potentially be identified. "Does user X have file Y?" becomes answerable through deduplication probing without actually decrypting anything.

I'm not claiming Apple is actively exploiting this or that the encryption is broken. The crypto is probably solid. But users aren't informed that block-level metadata is retained and that this metadata can leak information about content despite E2EE. "Permanent deletion" doesn't remove these block fingerprints.

I still plan to complete the 30-day retention test to see if Apple ever purges deleted blocks, but the block-level deduplication revelation suggests they keep this metadata indefinitely for system efficiency. For truly private storage, encryption alone isn't enough—you need encryption that prevents deduplication metadata from forming in the first place.
mnls
·il y a 6 mois·discuss
If Apple truly kept files "a little longer" for customer service, you'd expect clear documentation of the retention period and working recovery tools
mnls
·il y a 6 mois·discuss
Never liked it. Terrible font rendering.
mnls
·il y a 6 mois·discuss
> Most big plugin makers have VSTs for all platforms though and your license works on all.

Most??? I can’t find Arturia, Korg, Reason Rack Plugin, FabFilter, Native Instruments, Softube and those are just from the top of my head.
mnls
·il y a 6 mois·discuss
Every now and then a new article "Why you should go Linux". I get it, I like Linux too but every case is different. I want to use Linux but I have to use Digital Audio Workstation. So in my case, I shouldn't dump Windows (and thousand of $$ I've spent on audio software).

I know people desperately want to believe that Linux is "there", but it really isn't. And will probably never be. It’s still too confusing for the average user (many distros, many desktop environments, Wayland vs X, systemd vs init, snap vs flatpak).
mnls
·il y a 7 mois·discuss
Bluesky? Fediverse? Really?
mnls
·il y a 7 mois·discuss
It's unacceptable that Meta did something like this.

But this doesn’t change the fact that she shouldn’t share anything personal on social media. Consider social media the new "streets". A street with dim lights or an alley that you go at 3am and shout something or showing your images/videos to strangers there. This is exactly what you should keep in mind before you share anything personal on social media.

And either way, who wants to be an unpaid Meta employee that provides any kind of content for free?
mnls
·il y a 7 mois·discuss
According to article, the whole authorization system is flawed. But we haven’t invent a new one and the one we’ve got never meant to be private, it is just a way to separate users from each other. We need something unique, a "primary key" for our DB, and that’s email or phone or username that has to be stored somewhere. A server, someone else’s computer, call it what you want. It has good privacy between users, but the admin can see everything, because otherwise management of the service would be impossible.

There is no anonymity, there is always someone you have to trust in the chain of WAN networking (DNS,ISP,VPN). If you want anonymity and privacy, you selfhost (examining the code is also a prerequisite). There is no other way to do it.
mnls
·il y a 7 mois·discuss
The enshittification of Bluesky is just around the corner.