HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jjtech

no profile record

comments

jjtech
·3 miesiące temu·discuss
Note that this isn't "Mac's sandbox system", it's TCC. That's an important distinction to make, because apps that have opted into the proper App Sandbox can't do this... they don't even have the ability to display a prompt for direct access to Documents/.

With the App Sandbox, sandbox extensions are issues whenever you open a file using the file picker. They only last until the app is restarted.

A caveat is that you can save "Security Scoped bookmarks" (basically a signed base64 blob [1]) and pass that around to preserve access, but that isn't very common.

[1] https://www.mothersruin.com/software/Archaeology/reverse/boo...
jjtech
·6 miesięcy temu·discuss
> Assuming your carrier bothers to run RCS, the protocol works just like MMS and SMS do. If your operator doesn't peer with other operators then you'll have the same issues getting any kind of multimedia delivered from phone to phone.

Except, SMS/MMS can be implemented by any standard IMS stack and it will function on any carrier (in theory, ignoring implementation bugs/incompatibility);

RCS has an explicit provision in the standard for "client authenticity" checks which in practice means App Attest/Play Integrity signatures.

(see also: my comment above)
jjtech
·6 miesięcy temu·discuss
As an aside, the IMS stack used to implement SMS/MMS/RCS on Android is super cursed. A lot of the heavy lifting is handed off to the OEM, for example, Pixel devices hand it off to the Qualcomm modem. (Meaning Android the OS doesn't even have any control over how the raw SIP messages are sent: they're inside an IPSec tunnel set up by the modem that it can't see inside)

iirc Samsung devices do it differently and they implement it in userspace using StrongSwan?

That's why it's super annoying to handle SMS/MMS using the standard/legacy APIs, because depending on what device the user has, the implementation may behave radically differently with regards to PDU parsing and such.

RCS makes the whole situation worse because it sets up an entire secondary IMS stack inside the Google Messages app, and then uses weird APIs to try to tie it back into the main stack, even though obviously the modem implementation doesn't understand RCS... it's a mess.
jjtech
·6 miesięcy temu·discuss
Unfortunately, I think what a lot of people don't know is that RCS actually has "client authenticity verification"[1]... the RCS server has to actively approve any attempts for a client to connect, if it's Android/iOS/etc.

There are no standards for how this should be implemented, Google uses Play Integrity and Apple uses App Attest at the current moment, with explicit proprietary support by the Jibe servers.

It's basically impossible for any solution that Google doesn't approve to function, because it's never going to be able to get App Attest/Play Integrity verification without relying on a jailbreak/vulnerability.

1. https://www.gsma.com/solutions-and-impact/technologies/netwo...
jjtech
·8 miesięcy temu·discuss
All of these errors have now been stealth-corrected.

New strategy discovered: Ask LLM to write article, nerdsnipe HN into correcting it, feed corrections back into LLM until people stop complaining
jjtech
·8 miesięcy temu·discuss
I'm pretty sure this is just incorrect. According to the linked report[1], they tested it for compatibility with OpenDrop, so I think they simply implemented AWDL.

That might also explain the limited Pixel 10 rollout, if it required a specific WiFi chipset/firmware.

[1] https://www.netspi.com/wp-content/uploads/2025/11/google-fea...
jjtech
·8 miesięcy temu·discuss
Jibe actually will ask iOS for App Attest attestation (this is actually spec, unfortunately: see section 2.11 Client Authenticity in RCC.14)

So it is entirely plausible that they banned the device, I guess. (Or they could have banned the IMEI, as mentioned)
jjtech
·9 miesięcy temu·discuss
This is sort of what Mach does with "out-of-line" messages: https://web.mit.edu/darwin/src/modules/xnu/osfmk/man/mach_ms... https://dmcyk.xyz/post/xnu_ipc_iii_ool_data/

(this is used under-the-hood on macOS: NSXPCConnection -> libxpc -> MIG -> mach messages)