I run an IPv6 only VPS as a side project to keep an eye on what doesn't work. My most recent discovery: I tried moving from `lego` to the new native ACME `nginx` support. `nginx` refuses to talk to letsencrypt on IPv6; it's not a letsencrypt flaw because it works perfectly on the same server with `lego`.

Great so when something like the recent LastPass leak happens and I go in and cycle my password, 2fa and backup codes out of simple precaution Google is going to perhaps mark that all as suspicious and undo it for anyone who might come along and pretend to have lost access to my account?

Its a surprisingly risky to update your login credentials. Users do it so rarely its perceived as suspicious even when it comes from known IPs and everything else looks healthy. Given its Google if it goes wrong you loose the account completely. Its insane you have to weigh up the potential consequences of doing the right thing for security but that is how Google has set the system up.

This happened to me on Instagram. I changed my password then logged out to test it. When I tried to log in, I received a generic error. I Googled the message and it appeared to be a “temporary” IP block and people claimed it should work in 24 hours. So I tried the next day, same error. I left it a bit more and came back 3 days later - same error. I then turned on my VPN and was immediately able to log in. So the IP I’ve been using for 2+ years, the one that changed the password, on a known browser, is blocked. But a random IP Instagram has never seen before? No worries!

it took all of 30s to write a bash script to delete them

Drats, not available on edge lambdas yet.

Prior to Okta and Twilio revoking their accounts you needed to provide SMS authorization to create an account (you give them a number, they send you a code, etc.). It seems likely after their API access to Okta/Twilio was revoked their services weren't written to catch and handle the new exception these API calls were probably raising...

Based on this twitter thread from Nov 2020 they may not have been hiring the best developers: https://twitter.com/davetroy/status/1327253991936454663

Maybe he is like me, I put money into TSLA that I was happy to lose simply because I want to invest in things that make the world better. That hasn't changed just because on paper I'm rich. The mission isn't over.

Might be. I do the same in biotech.

If the motive was to actually stop the behaviour then you'd be correct, however if the motive is simply to collect as many fines as possible then what they're implementing is the best solution.

Why is that your threshold for believing that Apple cares about user privacy? The ecosystem they've built so far has had significant time and effort invested into it to make it privacy friendly.

Because it highlights their real motives. Why not give everyone the ability to securely communicate? profits > privacy.

> Why not give everyone the ability to securely communicate?

Because their message isn’t “we offer privacy to everyone in the world” but “we offer privacy to our customers”.

But they don't because when their own customers communicate with others customers the conversation is no longer private and if they aren't sufficiently technically knowledgeable then their own customers might not even know it's not secure.

It would be if they were on iPhones :) Apple's not a non-profit. There's money to be made selling privacy to those who care, and Tim's on the job.

Funny thing is Apple's competitors don't make money. Apple has ~50% of all smartphone revenue and 87% of the world's total smartphone profit share - iPhone X alone was 35% of global profit share with, to your point, only 22% of the market. Less, even, my data shows 19% of shipments most recently. Samsung is next in line off the back of approximately equal shipment volumes. Everyone else effectively breaks even or loses money. [1]

I'd say Apple's got this one figured out.

[1] https://www.forbes.com/sites/chuckjones/2018/03/02/apple-con...

Money doesn't matter, you don't get it. When only 1 in 5 phones is an iphone then keeping imessage.. you know what, I'm not wasting the effort.

I do get it, my argument was that money is the only thing that matters. Their goal isn't to secure everyone's communication, it's to maximize profits. They're doing that by saying if you both care about privacy, we have a one-stop-shop that'll get you taken care of, but it's gonna cost ya - and your friends. It creates an implicit pressure for others to get on the bandwagon driving up sales.

There are cross-platform messaging apps with end-to-end encryption. It’s not Apple’s job to save everyone: if you want to be saved, buy an iPhone.

If you think buying an iphone saves you then you've already lost.

Funny, I think nearly every article coming out about the location tracking, reading your contacts, reading your messages, and even malware on mobile has come out saying roughly "it's on android, but a much lesser version is on iOS" or even better "only on android."

So... what exactly did we lose with buying an iPhone in the context of this conversation? The ability to change the launcher?

Maybe you're ok with apple's limitations, I'm not. That's ok because I'm not you and I'm not asking/forcing you to change anything. So what exactly is your point? Choice is a wonderful thing.

Who owes you a private and secure communication platform for free?

Not saying I agree with this line of thinking but I personally think cross platform iMessage would benefit iMessage users privacy significantly. You can't control what OS your friends use.

I think the real reason why might be something along the lines of anti SPAM or botting; iMessage seems to require an authentic, unleaked serial number to connect, as I found out a while ago when connecting my Hackintosh. (I succeeded but I have a feeling many real Mac serial numbers get banned from iCloud by Hackintosh users sniping them out of pictures in eBay listings and whatnot.

Given how leaky Android security is, I wouldn’t assume that just because it arrived encrypted that the message was secure after that point.

I think this jab is unwarranted. Android with security updates is not significantly less secure. Talking historically, Android started with more security measures than iOS, with app sandboxing from the get go. Nowadays modern devices contain dm-verity for verified boot, layered security at various levels including SELinux, etc.

Not suggesting there hasn't been more security issues with Android overall, but there's also more devices and more available source code with Android, and iOS is far from having a clean track record for exploits either. If it did, you wouldn't be so limited in which versions of iOS you could restore in iTunes...

Looks to me like where Apple is heading is offering some kind of "Apple Plus" subscription that bundles all their services, including iMessage. I predict that over time this will evolve to encompass more platforms. So iMessage will be available for Android but not for free.

That's fine with me, I'm not suggesting privacy should be free but they can't pay me enough to use their OS or hardware. I would however entertain the idea of using their services if they are available on my hardware choice.

You’re likely to get your wish. I think Apple has realized that they need to offer their services on non Apple platforms if they want to continue to grow. We’re seeing some early signs of this already.

5 minutes once forever is even less of a big deal.

It will if it can't get a lock on the lane markers. For example mine does this when navigating through large unmarked intersections which in my home town has many where the far side lanes don't align with the lanes before entering the intersection (due to added left and right turn lanes). My Tesla will follow a car in front as they slightly adjust position to the offset lanes on the far side (which is very cool) but if there is no car to follow I just take over knowing it'll not handle it well.