Adam Donenfeld

Can’t stress this enough. High taxation incentives people to get more days off instead of more money. In NL it’s not unusual to have a 4 days work week. People call me out for working on Sundays because “it’s weird”

@levelsio Which luxury hotels are the exception in your experience?

And since luxury hotels all sucks nowadays with a few exceptions, you can't even spend your money, you just get a worse experience than you had in your $30/night functional hotel! And any material goods like cars you adapt to within weeks or months House is nice actually cause you can fully customize it to your own little fortress but then whatever you have in your house also exists outside your house in most first world places (except Portugal ofc :D) Flying business is nice though that's for sure the main thing Anyway point is money is boring and it's not the fun part of achieving stuff at all

So ummm for me it's about fun, I love creating things and that's how I started and that's where I still am now and then in the middle came the money But if you only did it for the money then when you have the money life gets boring! Because money is very boring! It's just a number and once you have it, it's even more boring, just an ego pursuit What's not boring for me is creativity, expression, difficult challenges, pursuit and joie de vivre (the joy of living) Like hacking on things and learning new things is the most fun for me and without having a money goal for it ironically often gets me to a new business just by following my curiosity And I think maybe that's a skill to develop too The good thing about having money already is that it's the perfect time for hacking, cause you have the time finally!

@POC_Crew Big balls should’ve won the context @m1_ju_

Thank you so much for being with us at POC2025 ✨ Your time and presence truly meant a lot 🙏 Hope to meet you all again next year! 💫 Wishing everyone a safe and restful flight home ✈️💙 #POC2025

@ace__pace I recall there was some public side channel attack a (long) while ago and Apple patched it (unlike on Linux/android)

@doadam I've never seen any side channel published on the apple cores period. Maybe I just forgot?

“We can easily bypas KASLR using prefetch attack these days. Entrybleed is the most famous prefetch attack variant.” iOS security is leaving dust to any other platform. It’s hard to believe KASLR is still not a standard mitigation nowadays ssd-disclosure.com/lpe-via-refcou…

@ace__pace Whenever there is/was anything, they would make an effort to mitigate such an attack or make it unusable in production. Have you ever seen a jailbreak/ITW chains using side channel attacks on iOS?

@doadam Why do you think iOS has effective KASLR and Android fails to make it work? Linux and Windows I know why. Also, why do you think there's no published side channels on iOS cpu cores?

Recently, there was a clash between the popular @FFmpeg project, a low-level multimedia library found everywhere… and Google. A Google AI agent found a bug in FFmpeg. FFmpeg is a far-ranging library, supporting niche multimedia files, often through reverse-engineering. It is entirely the result of volunteers and a marvellous piece of technology. For people who have never been on the receiving end of ‘security researchers’, it is difficult to understand why there is a pushback against them. Think about the commons. In Quebec, these are pieces of land where farmers send their cows during the summer. It is collectively owned, like FFmpeg. Everyone is responsible to care for the commons if they are using it. If you are not using it, you are supposed to stay away. Now, imagine a rich corporation comes in and sends its well-paid agents into the commons to find issues with it. Maybe a broken barrier or a dangerous hole. So far so good… But instead of fixing the issues, the corporation says “you have a month to fix the issue or else I will report you to the government”. How much love would the big corporation get in this context? Why do the security researchers insist on disclosing the issue without having contributed to fixing it? So that they can get credit for it. That's their entire scheme: find issues, irrespective of whether they affect the use case of their employer... after all, all issues no matter how small can be potentially significant at some point... and then brag about it without doing the hard work of trying to fix it. Let me be clear that no everyone working in security behaves this way. Many are good actors. But there are enough 'security researchers' behaving as parasites that it has become a recognizable pattern. « But Daniel, who should be fixing the bugs then? » If you are paying for commercial support, then get in touch with the folks you are paying. If you are not paying, then it is on you. It says so in the licenses. It is part of the moral code open source. It is part of the legal framework. Let me be clear. You do not get to bite back at Linus Torvalds if a bug in the linux kernel crashes your server. What you do is that you identify the issue, narrow it down and propose a fix. If you cannot do it, then you pay someone to do it. Or you just do not use Linux.

“Scan the codebase” ➡️ “Discover vulnerabilities” lol

The story gets stranger... Apparently I was never able to use the 🇪🇺 EU's GPUs in the first place Because I wasn't on their pre-approved organization list of "Horizon 2020" So how can you join the Horizon 2020 list as an organization? Well, you can't. It was made in 2014 and closed in 2020! ????

Serious bugs often occur in third-party components integrated by other software. @ifsecure and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click. project-zero.issues.chromium.org/issues/4280754…

That’s where we see things differently. An exploit that could potentially takes month to develop so that it just gets patched a month later won’t cut it. For kernel/launchd: it all depends on your goals. But like you mentioned before, we’re talking about real attacks. State actors would probably not stop at your data only for their future attacks, and you’re likely to need a launchd sandbox escape or kernel. Persistency is nice to have, but most ITWs nowadays don’t include one

> send crash dumps to Apple Hence why I’m saying it doesn’t protect against attackers who have a sufficiently narrow selection of victims. > kernel/launchd Don’t have to compromise either of those to install pwn a device. I don’t think you even need to compromise them to get persistence

It’s interesting that folks are still talking about capability HW. Here’s why it’s a dead end: any of these custom silicon things will run your C and C++ program *slower* than basically any x86 box will run your program compiled with Fil-C. And Fil-C is *more compatible* (requires fewer changes). So either Fil-C will succeed and the custom HW will fail, or both Fil-C and the custom HW will fail (honestly RIIR is a more credible threat). ednutting.com/2025/10/05/che…

@filpizlo @chrisrohlf Retrying would send crash dumps to Apple, and it would be just a matter of time until the bug gets fixed. And you can't retry these attacks against the kernel/launchd

MTE is insanely great but it's not a substitute for memory safety. MTE falls over anytime an attacker has the ability to try their attack multiple times and their set of victims is sufficiently narrow that they're not worried about burning their exploit in the process. So, to be clear, that means that MTE is a game changer ... but it's not so much of a game changer that it obviates the need for Fil-C or RIIR or any other memory safety initiative

Extreme views and narratives are over-represented on social media, per FT:

🤨

It hasn’t been announced properly, but The Apple Wiki admins & me grab firmware keys shortly after each major & minor release (e.g. 26.0 and 26.1) We also constantly fill the gaps in the old versions & platforms, e.g. M3 Max and A7 & S1P/S2/T1 & S3 SEP theapplewiki.com/wiki/Firmware_…

@z4ziggy One of the not so many things they’re still doing right

Whow. It was worth the wait ❤️ Thanks @doadam ❤️

@i0n1c If it makes you feel any better, public healthcare in 🇳🇱 is pretty much identical (perhaps slightly longer waiting times) and private healthcare does not exist. Disclaimer: I am the one who wanted those 1.5y waiting time appointments

I love how efficient German health care is. You want to get checked by a cardiologist because you suspect a problem and the cardiologist offers you an appointment in one year. #disclaimer I am not the one who wants the appointment

MTE in libPas 👀 github.com/WebKit/WebKit/…

That aged badly