iOS stores the previously displayed notifications in an internal database, which was used to access the data. It’s outside of Signal’s control, they recommend disabling showing notification content in their settings to prevent this attack vector
They do control the content on the notification. It's a bit odd to put the sensitive text in the notification only to recommend disabling it at the system level.
Sorry, the “recommended” was a bad wording on my part. The recommendation comes from the 404 Media article who did the expose on this incident, not Signal itself.
You can choose what to show in the notification and there is an option to include the message, so I'm guessing that allowed some unencrypted incoming messages to be read.
Sibling comment explains. The notification does arrive encrypted and is decrypted by an app extension (by Signal), however, if the message preview is shown, it is stored unencrypted by iOS. It is that storage that is accessed.
“Messages were recovered from Sharp’s phone through Apple’s internal notification storage—Signal had been removed, but incoming notifications were preserved in internal memory. Only incoming messages were captured (no outgoing).”
ie the messages recovered were 1. incoming 2. stored by the OS after decryption
Little by little, Xcode is making progress. Probably a lot of the improvements come from the open-source and actual work on its build system… It’s still far from perfect, but at least it’s getting better.
Ahh good question. I had to think a while before I understood what you meant. Let me check when I can.
Nice catch.
edit: you are right. The binary version will result in a different argv[0]. Not sure what'd the best solution would be. Hardcoding doesn't make sense, as symlinks also change argv[0], so overriding is not the way to go.
"Better specified" doesn't mean better. A bunch of features doesn't mean better.
Markdown is popular because it is simple. I have never had to teach anyone Markdown. They look at the file and immediately see what's going on and can copy the style.
Occasionally someone may have to look up something like table syntax, but no one in my career or personal life has ever asked me to explain Markdown to them, which is rare for a technology that is so widely used.
This has not been my experience with other markup languages.
Have you tried Asciidoc though? It is, IMHO, much clearer than markdown (YMMV, obviously), and exactly the same pros you gave of markdown can be said of Asciidoc.
Bonus: It starts simple but can be used to do whole books if needed.
My experience is that Asciidoc very quickly gets into advanced syntax.
If you introduce something with advanced functionality onto a team, soon enough someone's going to use pieces that others don't fully understand later.
Now everyone touching the document has to understand includes and document metadata and whatever else someone added. Suddenly you have includes and cross-references and what used to be a document where you could read the raw non-rendered form linearly top to bottom is a confusing mess unless you render it. Markdown is almost always just as legible raw as rendered.
Interestingly I think things that should not be deterministic should actually forced not to be.
Swift for instance will explicitly make iterating on a dictionary not deterministic (by randomizing the iteration), in order to catch weird bugs early if a client relies (knowingly or not) on the specific order the elements of the dictionary are ordered.
This claim sounds vaguely familiar to me (though the documentation on Dictionary does not state any reason for why the iteration order is unpredictable), though the more common reason for languages to have unstable hash table iteration orders is as a consequence of protection against hash flooding, malicious input causing all keys to hash to the same bucket (because iteration order is dependent on bucket order).
Oh yeah you’re right, apparently the main reason was to avoid hash-flooding attacks[1].
I do seem to remember there was a claim regarding the fact that it also prevented a certain class of errors (that I mentioned earlier), but I cannot find the source again, so it might just be my memory playing tricks on me.
reply