[1] https://docs.docker.com/desktop/settings-and-maintenance/set...

Obviously it can detect malware if there’s a connection to some weird site, but it’s more like a bonus than a reliable test.

If you need to block FS access, then per app containers or VMs are the way to go. The container/VM sandboxes your files, and Little Snitch can then manage externa connectivity (you might still want to allow connection to some legit domains—-but maybe not github.com as that can be use to upload your data. I meant something like updates.someapp.com)

Funny thing is that it was also my window to Turbo Pascal, because there was a PC emulator (8086 on an 68000!). It run very slowly, but fast enough to be usable.

The contrast between the magic of GEM and the crude text mode of DOS was another thing I remember - I think it made DOS much more exciting than it was in reality :)

[1] https://discussions.apple.com/thread/256030581

In Sonoma or Sequoia they started bundling all Safari updates with macOS, but right now Safari 26 appeared as a separate update in Sonoma/Sequoia—-and it will likely stay that way.

Each thing separately can be explained, but when put together it’s somewhat messy..

Pros:

- [for users] 15.8.5 patches one high-profile bug.

- [for Apple] minimal effort which translates to longer perceived support time

Cons:

- It leaves unpatched multiple bugs fixed in iOS 16-26, and so it might give users false sense of security

I'm on a fence here, especially without real numbers

It's very good they are doing it and we're all more secure thanks to that, but it’s not a caps-based system designed from scratch.

As for hooks, I guess I mentally treat them as magic that lives in its own lane, and so I've never really thought that I could do anything with them, other than what the manual prescribes.

Let’s use Apple as an example, as they tend to do major transitions on a regular basis.

So, let’s say that the top tier already approved the new security mode(l).

Now, how to do it?

My understanding is that most if not all APIs would have to be changed or replaced. So that's pretty much a new OS, that needs new apps (if the APIs change, you cannot simply recompile the apps).

Now, if you expose the existing APIs to the new OS/apps, then what's the gain?

And if you don't expose them, then you basically need a VM. I mean, I don’t know Darwin syscalls, but I suspect you might need new syscalls as well.

And so you end up with a brand new OS that lives in a VM and has no apps. So it's likely order(s?) of magnitude more profitable to just harden the existing platforms.

I mean, even if you have no idea what's the cause, you e.g. stuff counters everywhere and when they don't match you send the telemetry with the details. Privacy is preserved and over time you get an idea what to look for.

I admit I have no idea how mail client works, but clearly there must be some way they could pinpoint it, with such large userbase..

First I ask a bunch of questions in a chaotic manner. I explore the topic, check references, etc.

At some point the dots start to naturally connect. Then I start paraphrasing what I learned and the LLM either confirms it or clarifies where my understanding falls short.

At some point I feel naturally satisfied with the level of understanding that I have—it's likely because there's no „one more page of Google search results” trap there.

One thing to watch out is the „GOAT trap”—for instance, the default ChatGPT tends to reply with sth like: „You are the GOAT and your understanding and insight are unmatched. Let’s just clarify a few minor points”, followed by a destruction of my line of thinking, but worded in such a way that you're happy for the upcoming trip :). So you need a system prompt like „be very blunt”.

[1] https://mjtsai.com/blog/2019/10/11/mail-data-loss-in-macos-1...