This thread is about Apple servers accessing the contents. Of course the OS has access to the contents of your messages, how else do you expect it to show a preview of the message? Do you want each notification to be a custom-rendered widget from the app?
If the contents are that sensitive you must disable the preview. Even then, the OS has access to the pixels in your app so it really is a moot point.
This doesn't help you if you want to save bandwidth, it worsens it.
It doesn't help you if you custom-crop images depending on the viewport size, because if you go that far to art direct, then you're not going to like the result of automated and unsupervised seam carving.
Just publish 3 sizes, maybe crop the smallest one if the focus area is too small. Done.
If you don't want to look at what people write you can't say that they haven't written about it.
> the supposed failure of design
I don’t think people complain about the internals of git itself as much as the complexity of all the operations.
If you want to read about complaints, you really don't have to look further than the myriad of git GUIs, TUIs and otherwise alternative/simplified interfaces.
> I don’t think people complain about the internals of git itself as much as the complexity of all the operations.
The complexity is only there when you want to avoid learning what you’re doing. Just like find(1) is complex if you don’t know stuff about the file system or sed(1) is complex if you don’t know regex and line based addresing of a text file.
A lot of people who are using git don’t want to know what a commit is and their relation to branches. And then they are saying rebasing is too complex.
> If you want to read about complaints, you really don't have to look further than the myriad of git GUIs, TUIs and otherwise alternative/simplified interfaces
Git is a cli. The goal is always for you to find your workflow then create aliases for common operations. It does assume that you want complete control and avoid doing magic (which is what jj is doing).
Wanting magic is great (I use magit which makes git magical ;) ) but it’s like wanting to fly a plane without learning the instruments.
How many years of experience with git do you have? How much of git do you use? I bet you use 5 commands and 10 flags at most. Take a look at git's docs
You can use emojis as passwords, do you think that's a good idea? They work now, there's a good chance that they won't be the same forever. See what happened to the family emojis
I think there's a distinction to be made between 'is it a good idea for someone informed enough to know how these things go in the real world?' i.e. the HN audience and 'should this be a real worry in a sane world?' to which I say no, it shouldn't be a worry that if I was allowed to enter a password today I may not be able to tomorrow.
That's just excuses for moronic decisions of trillion dollar companies.
Passwords are more secure if they are higher entropy, so it makes sense to support a larger variety of characters, Czech or emoji.
It seems paramount that the OS should not allow password input of any characters which it theater takes away. At the very minimum if this is absolutely necessary to make this breaking change, the user should be warned several times that a character in the password is no longer valid and maybe even prevent the OS from upgrading before the password is changed to a forward-compatible one.
In my password, I have the Collectivity of Saint Martin flag emoji and United States Minor Outlying Islands flag emoji next to the French flag emoji and US flag emoji. For good measure, also the flag of Chad next to the flag of Romania. I am sure it's not going to cause any issues.
While it's definitely surprising that the OS caches this data after the notifications have been swiped away, I always thought that notifications are an obvious hole in the whole E2E encryption setup.
AIUI, Signal push notifications just saying a message was received. Signal then fetches the E2E encrypted message from the server and decrypts it locally. So Apple/Google cannot read the messages, nor can Signal servers.
AIUI, Signal decrypts the E2EE message locally, but then sends the decrypted message to iOS in order to display the notification to the user. iOS then stores this data and it persists after the user dismisses the notification.
This makes sense and there's really no way around it without a change from Apple. If iOS is going to show the user a Signal notification with the decrypted message in the notification body, then iOS must be given the decrypted message. iOS could (and probably should) delete that data off the device as soon as the user dismisses/engages with the notification. But it sounds like they do not.
I agree. My point is that this isn't an "obvious hole in the whole E2E encryption setup", because no network actor (e.g. Google, Apple, Signal servers) can read the data.
This "hole" in E2E is the same as any malware on the device. If the device cannot be trusted, no form of E2E will work. The E2E encryption is functioning properly. The problem here is completely unrelated to E2E encryption. E.g. you could have a personal notes app that makes no network traffic, but generates notifications occasionally regarding your notes, and it could have this same problem, even though no messages are sent over the network, and in fact the phone could have all networking capabilities disabled and still have this problem.
>This makes sense and there's really no way around it without a change from Apple.
There is a bit of a workaround: Signal has a setting to not put message content in the notification. That fixes this AIUI.
> a European perspective on politics, culture and values
To be honest this does not sound much better. 40 years ago maybe I would have preferred EU values over the US' puritan values. Nowadays I'd just expect a different flavor of poison.
reply