More

woadwarrior01 · 2026-04-23T13:54:14 1776952454

One of the first bits of infosec advice I give to my non-technical friends and family, when they ask for it, is to turn off background location access for all apps on their phones.

Needless to say, I know plenty of technical people who don't care about it.

forlorn_mammoth · 2026-04-23T14:40:10 1776955210

because someone made background location access a "necessary" part of the the bluetooth stack?

The cost of opting out is very high.

"Mark of the beast"-- you want to participate in society, you need it.

everdrive · 2026-04-23T16:13:51 1776960831

Modern people seem to be incredibly weak and dependent. "I can't protect my freedom if it means giving up bluetooth!" It almost reads as satire.

woadwarrior01 · 2026-04-23T13:51:05 1776952265

I've seen people getting fired in BigTech for using the platform to stalk their ex-es. It's usually an alert that goes off when employees access internal dashboards for a certain profile, too many times.

throwawaysleep · 2026-04-23T13:54:43 1776952483

BigTech is far more competent than a Telco though.

red-iron-pine · 2026-04-23T19:19:15 1776971955

having worked and consulted at both... debatable.

level competency is higher at BigTech but laziness, vanity, selfishness, ego, and learned-helplessness happens plenty too.

e.g. for all of the BigTech brilliance plenty of them fall for mildly complex phishing efforts or bribes, etc.

woadwarrior01 · 2026-04-21T23:15:26 1776813326

Yeah, OpenAI has been attaching C2PA manifests to all their generated images from the very beginning. Also, based on a small evaluation that I ran, modern ML based AI generated image detectors like OmniAID[1] seem to do quite well at detecting GPT-Image-2 generated images. I use both in an on-device AI generated image detector that I built.

[1]: https://arxiv.org/abs/2511.08423

woadwarrior01 · 2026-04-20T11:39:26 1776685166

Exactly, I grew up playing with BC547 and BC337s (my father was an electronics engineer) and only later found 2N2222 and 2N3904. Those were almost entirely unheard of in India.

woadwarrior01 · 2026-04-17T09:46:40 1776419200

Merely implies a very good fitness function.

littlestymaar · 2026-04-17T10:27:52 1776421672

Yes. Though according this fitness function we're not necessarily more successful than a jellyfish or a tapeworm.

somewhatgoated · 2026-04-17T11:08:51 1776424131

Arguably much less successful since jellyfish have been around 700+ million years ands it’s not clear if humans will make it even the next couple thousand. But the jury is still out on that one

woadwarrior01 · 2026-04-17T07:35:54 1776411354

aka A Metacircular Interpreter

mapontosevenths · 2026-04-17T11:55:38 1776426938

Do you think God stays in heaven because he too lives in fear of what he's created?

woadwarrior01 · 2026-04-16T15:24:48 1776353088

It cuts both ways. What I usually do these days is to let codex write code, then use claude code /simplify, have both codex and claude code review the PR, then finally manually review and fixup things myself. It's still ~2x faster than doing everything by myself.

cmrdporcupine · 2026-04-16T15:30:37 1776353437

I often work this way too, but I'll say this:

This flow is exhausting. A day of working this way leaves me much more drained than traditional old school coding.

woadwarrior01 · 2026-04-16T15:34:35 1776353675

100%. On days when I'm sleep deprived (once or twice a week), I fallback to this flow. On regular days, I tend to write more code the old school way and use things things for review.

woadwarrior01 · 2026-04-16T14:43:02 1776350582

> iOS has DCAppAttest which does everything needed. Unfortunately, it's never been brought to macOS, as far as I know.

Apple's docs claim it's been available on macOS since macOS 11. Am I missing something here?

https://developer.apple.com/documentation/devicecheck/dcappa...

mike_hearn · 2026-04-16T15:01:25 1776351685

All lies. They mean the symbols exist and can be linked against, but

https://developer.apple.com/documentation/devicecheck/dcappa...

> If you read isSupported from an app running on a Mac device, the value is false. This includes Mac Catalyst apps, and iOS or iPadOS apps running on Apple silicon.

woadwarrior01 · 2026-04-16T15:07:07 1776352027

That really sucks! TIL. So app attestation is iOS 14.0+, iPadOS 14.0+, tvOS 15.0+ and watchOS 9 only.

woadwarrior01 · 2026-04-16T07:33:07 1776324787

I won't install some random untrusted binary off of some website. I downloaded it and did some cursory analysis instead.

Got the latest v0.3.8 version from the list here: https://api.darkbloom.dev/v1/releases/latest

Three binaries and a Python file: darkbloom (Rust)

eigeninference-enclave (Swift)

ffmpeg (from Homebrew, lol)

stt_server.py (a simple FastAPI speech-to-text server using mlx_audio).

The good parts: All three binaries are signed with a valid Apple Developer ID and have Hardened runtime enabled.

Bad parts: Binaries aren't notarized. Enrolls the device for remote MDM using micromdm. Downloads and installs a complete Python runtime from Cloudflare R2 (Supply chain risk). PT_DENY_ATTACH to make debugging harder. Collects device serial numbers.

TL;DR: No, not touching that.

woadwarrior01 · 2026-04-14T09:08:14 1776157694

Seems like a front-end bug. Click on the tab brings up the right example.

https://nyigoro.abrdns.com/#lumina