Jay Freeman (saurik)

All Photos Twitter.com
Amazingly, the bugs continue: after I gave up and went to sleep, the two transfers I then had "PENDING" were both "CANCELLED" at the same time with the reason "The transaction fee has expired."... but these failed transfers are still counting against my daily withdrawal limit :/.
(Before I decided to tweet, one of my transactions ended up failing after *10 hours*, with an extremely low-level looking e-mail that had the error message "Pro/Prime send money failed!". google.com/search?q=%22pr… Attempting to retry the transaction put it in the same state again.)
FWIW, this apparently has happened to many other users on the @coinbase subreddit and most of them report the same SNAFU of your customer support providing incorrect responses in a loop, so this seems to be a systemic issue. google.com/search?q=site%… Maybe a postmortem is in order?
Does anyone else find it strange that both Apple and Google not only allow but in fact require privacy policies for apps to be hosted on external websites, meaning that to view an app's privacy policy you must connect to their server and already subject yourself to their logging?
In 2016, I ran for 3rd District County Supervisor in Santa Barbara (and lost). I've been told (after) that, had I run for California State Assembly District 37, I might've had institutional support! Some days, I dream about the bills I could've floated ;P. theverge.com/2021/3/3/22309…
For more detail, I'll highly recommend reading our complaint: "This lawsuit seeks to open the markets for iOS app distribution and iOS app payment processing to those who wish to compete fairly with Apple, and to recover the enormous damages Apple caused." cache.saurik.com/lawsuit/compla…
Cydia just joined the legal battle against Apple: "A new lawsuit brought by one of Apple's oldest foes seeks to force the iPhone maker to allow alternatives to the App Store, the latest in a growing number of cases that aim to curb the tech giant's power." washingtonpost.com/technology/202…
Regardless, in early September of 2020, I was able to get Facebook to reinstate the Cydia app... though they made it sound tenuous enough that I waited until now--when I'm finally feeling confident-ish--to reactivate the button, in case anyone still has reason to log in to Cydia.
In June of 2019, Facebook suspended my Cydia app, removing its access to Facebook login and locking users out of their Cydia accounts, which required a slow (on both sides: Facebook and I each were taking months to respond to the other ;P) back and forth of interrogations to fix.
So yeah: I don't know if anyone else will agree with me that security events should not allow companies using USC Section 1201--or similar laws around the world: the US got this included in a WIPO treaty--to speak at their events, but if so: poke a conference organizer for me? ;P
Companies which wish to speak at security events should be required to sign a non-action pledge on USC Section 1201--which isn't even about infringement: it is a potentially-unconstitutional law about "circumventing" controls and "trafficking" in tools--in order to submit a talk.
All the while, Apple and its employees show up at conferences like @BlackHatEvents and are welcomed with a speaking platform... even as they out-spend companies like Corellium on lawsuits to push judgements that limit the ability to *do* security research. 9to5mac.com/2019/06/27/app…
The reality is that Apple has been so hostile to independent security research that they've lost their edge: exploits for Android now cost more than exploits for iOS, a reversal experts generally credit to Google correctly allowing researchers open access. wired.com/story/android-…
Apple has gone so far in their attempts to downplay security issues that, in a public argument with Google's Project Zero, they attempted to spin an exploit actively being used as part of the oppression of Uyghur Muslims in China as somehow not important?! arstechnica.com/information-te…
When @i0n1c built a tool to detect malware installed on iOS devices, his application was pulled from the App Store; in a post, he noted Apple's notice "basically says: we do not want our users to have the impression iOS could have security holes. go away". fortune.com/2016/05/17/app…
Apple claims to "recognize the critical role that members of the security research community play in Apple’s efforts to ensure its devices contain the most secure software and systems available", and yet they routinely ignore advice and downplay issues :(. threatpost.com/google-bug-hun…
What Apple does is cultivate a "chilling effect" on certain kinds of research: when @0xcharlie showed how easy it was to slip exploit code through iOS App Store review, he was banned from the Apple Developer program, so others would be too scared to probe. forbes.com/sites/andygree…
Apple continues to insist they have "never pursued legal action against a security researcher"... but they *have* used the DMCA to take down research and even mere discussion of their platforms; the EFF once had to *file a lawsuit* to get them to back off! eff.org/deeplinks/2009…
(This is a place where I take particular issue: I know many people who believe in "responsible disclosure" and I work with many *more* people who believe in "full/simultaneous disclosure"; but I don't actually know any security researchers who consider Apple's model to be moral.)
It is ridiculous that Apple insists "good-faith security research" "requires" "responsible disclosure"--a specific model that involves release deadlines--when Apple actually disallows security researchers in their program from using responsible disclosure! twitter.com/benhawkes/stat…
In its most recent complaint, Apple continues to insist that @Pwn20wnd's usage of Corellium's product to help test and more rapidly develop the Unc0ver jailbreak for iOS 12 was an "unlawful end", entirely ignoring the USC Section 1201(f) interop exemption. twitter.com/Pwn20wnd/statu…
This lawsuit is frankly egregious: after discussions to purchase Corellium broke down, suddenly Apple decided to sue them instead; then, as part of the case, Apple has thrown subpoenas far and wide, including at the parent companies of Corellium customers. forbes.com/sites/thomasbr…
Which should remind all of us of another lawsuit currently ongoing with Apple: their attempt to crush @CorelliumHQ, the company which launched an iPhone virtualization service to enable security research without jailbreaks and automate testing of iOS apps. arstechnica.com/tech-policy/20…
What makes Epic Games--and its founder, @TimSweeneyEpic--as "our champion" vs. Apple so exciting is they have the cash and the will to see this through; fighting Apple is almost impossible for most of us, as you need money for lawyers and expert witnesses. wsj.com/articles/why-f…
(Meanwhile, Apple's insistence on getting "their cut" of all sales made on their hardware is fundamentally incompatible with a future of decentralized applications and anonymous money: the supposedly "pro-privacy" Apple has gone to war with these efforts.) twitter.com/brian_armstron…
(Oh, and before anyone tries to claim you can sideload applications using Apple's "free development" profiles, they have consistently worked to limit and cripple these mechanisms; in particular, you can't use this to sideload "network extensions", so Apple can entirely ban VPNs.)
(By setting themselves up as the centralized curation point of applications on all of their hardware, Apple has enabled countries like China to trivially ban the existence of any software they want, whether it be VPNs or applications to organize protests.) theverge.com/2019/10/9/2090…
(While I am on that subject, I'm going to note my own, personal grudge: that Apple's centralized curation makes them a centralized point of failure subject to being a tool of totalitarian governments; I really loved @gruber finally calling them out on it.) daringfireball.net/2017/07/apple_…
And to the "Apple is a great curator" idea: if you truly pay attention, it is a mixed and dangerous bag; *no entity* should have this much power; check out this talk I gave at Mozilla Privacy Lab for numerous examples of the dangers of centralized systems. youtube.com/watch?v=vsazo-…
On the "they should also be arguing with console manufacturers" front: we shouldn't forget that Epic has *also* fought back against ridiculous policies from Sony (which dominates the console market), and managed to force their hands on cross-platform play. onezero.medium.com/how-fortnite-b…
To anyone who responds "Apple isn't a monopoly": the actual test of "monopolization" is merely having a "significant and durable market power", not a 100% share; anti-competitive behaviors--such as "tying" and "refusal to deal"--can clearly apply to Apple. ftc.gov/tips-advice/co…
A few days ago, Epic Games filed a lawsuit against Apple, challenging the idea that the Apple App Store--with its high fees and limitation on promotion of anything that isn't an Apple product or payment mechanism--is the only way to distribute apps on iOS. cdn2.unrealengine.com/apple-complain…
At tomorrow's IVCSD meeting, we will be discussing climate change legislation, local compost service, public safety information, the 2020 census, and what is likely to be an awkward organizational process involving the establishment of multiple committees. islavistacsd.ca.gov/files/cbead89d…
The next meeting of the Isla Vista Community Services District will be streamed live 24 hours from now at 6pm US/Pacific January 28th of 2020, in case anyone here would take a perverse pleasure from watching me likely get voted down over and over again ;P. youtu.be/-CTsxibN1pM
Back in 2016, I was elected to the board of a small special district in California--a new government I helped create for Isla Vista, the college town next to UC Santa Barbara (where I studied Computer Science twenty years ago and never left)--we meet twice a month for ~2-3 hours.
(If myacinfo were to be deactivated entirely, that would also affect the deployment tools used by larger companies such as Facebook and Google, something Apple might enjoy rather than shy away from; if I were @FastlaneTools, I would be paying close attention to what is going on.)
(Note: right now, Apple chose to only target people without paid Developer accounts; but they know as well as we that this is merely a speed bump; so, I wonder if they might intend to fully deprecate myacinfo due to security issues and are using free developers to derisk impact.)
Regardless, I'm simply not in a position to dedicate time to this until mid-December; and I also do not have much good advice for users, other than to annoyingly note that if you buy an Apple developer account, Cydia Impactor works and you can install apps on hundreds of devices.
If anyone else wants to do this work, I am *not* a gatekeeper: if there were a "walk-through" of GrandSlam, people like me can easily support it; the only existing references I've found are presentations by Vladimir Katalov (the CEO of @ElcomSoft...) and work by InflatableDonkey.
I actually am very interested in doing this work; but, as I have stated before, I also now have a day job where I'm in charge of technology for a company that absolutely must release its product within the next few weeks. I just can't take weeks off right now to work on Cydia :(.
(FWIW, I am actually impressed with the "creative workaround" (a plugin for Apple Mail) that @rileytestut came up with for @altstoreio's AltServer (which is largely based on the open source code for Cydia Impactor's core, ldid!) and am interested to see what he does for Windows.)
(On jailbroken iOS—or apparently on "a jailbroken Mac", where you disable SIP and patch amfid, similar to how we jailbreak iOS... I wonder how much longer it will be before we need exploits for that :/—one can directly use Apple's AuthKit to get the right authentication headers.)
(Alternatively, I could drop support for Linux—which honestly feels like "defeat" :(—to only support macOS and Windows, in which case I spend my time ripping apart iTunes to figure out where it is storing its keys on Windows; but this would be easy for Apple to repeatedly break.)
Cydia Impactor (unlike, say, ReProvision) is intended to run on stock desktop platforms (macOS, Windows, and Linux); to support this new authentication scheme will require spending some time—I'd guess well over a week?—reverse engineering Apple's code to achieve interoperability.
(I then told myself I shouldn't be working on this at the wedding unless I had a fast fix (which I didn't), was being swamped with an audit deadline at work I needed to hit, frankly hate having to wade into the "eta wen" posts, and honestly wanted to see what other people found.)
When Apple did this, I'd just arrived in Florida for a wedding (one of a dear friend and where I was a groomsman); even so, I stayed up ludicrously late the night before the ceremony rehearsal to understand the issue and try to triage how much it would hurt to fix Cydia Impactor.
About two weeks ago, Apple made a change to their provisioning service to require a different authentication scheme for "free" Apple accounts (they return an error that mentions upgrading to "Xcode 7.3"); this broke Cydia Impactor for users without a paid Apple Developer account.
I am the only commissioner at the #CALAFCo (California Association of Local Agency Formation Commissions) 2019 Annual Conference here representing the United Federation of Planets! I was a bit saddened to not see a regional round table for the Alpha Quadrant :(. #Halloween2019 🎃j
Today, Cloudflare made WARP, their VPN service with an unlimited free tier, available to everyone; it only has clients for iOS and Android, but the protocol they are using seems to be off-the-shelf Wireguard, so you can connect from macOS! Run this script: cache.saurik.com/twitter/wgcf.sh
(LOL: I just noticed the third tweet here said "iPhone 13 Pro Max". I meant "iPhone 11 Pro Max on iOS 13". While I am making corrections: the latency difference I got was more precisely 46-66ms, not 50-66, though the precision I can claim on any of this is pretty weak anyway ;P.)
Twiends™ uses the Twitter™ API, displays it's logo & trademarks, and is not endorsed or certified by them. These items remain the property of Twitter. We do not sell followers, we only provide display advertising. Bots & fake accounts are not permitted on twiends. © 2009
Grow Your Twitter Free
Want To Grow Your Twitter?
We help other people find and follow you on Twitter.
Key Info:
Started in 2009
Over 6 million signups
Country targeting provided
We never auto tweet to your timeline
We never auto follow others
We actively moderate our community
Please Share
Please upgrade your browser  chrome