| Bose SoundTouch systems were introduced into the market in 2013. Technology has evolved since then and we’re no longer able to sustain the development and support of the cloud infrastructure that powers this older generation of products. We remain committed to creating new listening experiences for our customers built on modern technologies.
I used to live in France. We had no A/C, enough climate consciousness not install it, though our east-facing windows were bringing important heat at sunrise. We had awnings installed, with an HomeKit connection, so we could automatically have them closed before sunrise, and opened once the sun would leave this face of the building. We saved a few degrees in this way.
PyMiniRacer (original) author here. PyMiniRacer is definitely a way to run insecure code, but as pointed, the several CVEs in V8 require measures beyond "just" relying on PyMiniRacer to make it safe.
1. Total control over what APIs the user's code can call: you kinda got it... users can just do plain JS
2. Memory limits: you got it
3. Time limits: you got it, but the current model is unreliable when used at high levels of CPU and a high number of threads.
And thank you so much bpcreech for taking back the ownership of PyMiniRacer!
I built a tool to extract ROP gadgets from binaries [0], which got noticed by a guy at Apple, and I ended up spending 4 years there.
And this guy became Sqreen CEO and my (incredibly awesome) cofounder.
What if this isn’t a good news for 99% of Apple users?
That’s obviously an amazing measure for the 1% high targets out there.
But what about the other 99%? Does that create an incentive for Apple to strengthen Lockdown Mode security to the detriment of the regular mode (should we call it Unsafe Mode)?
I’m afraid that this architecture will make it harder to prioritize security features or fixes for the 99% users. Developers bandwidth is limited, they can’t fix all bugs. Hence if you have to choose between one bug impacting the 1% most important users (from a security standpoint) versus one bug impacting the 99% others, which would you choose?
Would such an architecture have led to the emergence of Blastdoor[1] - which attempts at mitigating iMessage attachement exploits, but is now useless in Lockdown mode?
My hope here is that by reducing attack surface, Lockdown mode will make exploits much easier to fix (as they’ll target a limited area), allowing to strengthen the system core while freeing bandwidth to implement longer term, Blastdoor like mitigations.
