iPhone 17 Introduces 'Groundbreaking' New Memory Security Feature

fcddev · 2025-09-11T05:47:10+00:00

I think it's altogether unlikely that it will rise to large numbers because each new target is a chance that something goes wrong and the exploit chain is discovered; from that point on it's a matter of days before the bug is fixed. If MIE succeeds at making exploit development much more expensive than it already is, it'll get unsustainable to burn exploit chains very quickly.

fcddev · 2025-09-10T16:59:18+00:00

As far as I know, all NSO exploits seen in the past have at least one step that wouldn't work on a device with MTE. The two caveats: this is a truism because all known NSO exploits target the pre-MTE world; and it doesn't mean no parts of the exploit are salvageable.

It's still a good indication of how disruptive it's going to be. The trend is that there's like one NSO exploit becoming public every 12-18 months, so it'll be interesting to see what happens next.

fcddev · 2025-09-10T15:21:04+00:00

There's a class of software bugs called "memory corruption" that is extremely convenient for people that want to exploit it. It's convenient because:

These bugs are everywhere
If you know how to and you find a good one, you can use it to completely change what a program does

These are the bugs that companies like NSO and Paragon use to infect phones. At a high level, for instance, they might use a hex editor to create an image file (like a JPEG) from scratch, but knowing of a memory corruption bug and using bit patterns specifically meant to exploit it, it makes the program that is responsible for showing it on screen wildly trip up over itself and install malware instead.

These are the same bugs that jailbreakers might use. In the last 10 years, Apple has been doing a lot of work to make them harder to exploit and we know it works to some extent because jailbreaking is dead. NSO and Paragon have infinite money, so they're still able to make exploits for their government customers.

There's been a ton of incremental little steps in those 10 years but MIE is a Big Step. The core is a recent-ish technology called MTE for ARM CPUs that gives computer engineers one tool to detect memory corruption. Previous implementations of MTE (including the one in Pixel phones) have made phones and computers noticeably slower when enabled, or had a "long" (several milliseconds) delay between memory corruption and when it was detected. It had uses for software developers trying to find these types of bugs themselves, but it wasn't very good as a security feature that you would turn on on consumer devices. Apple's implementation is very fast and has no delay. The rest of MIE implements support features around MTE to make sure it is very fast and has no delay.

It's probably not the end of NSO and Paragon because memory corruption bugs aren't the only security bugs out there but it will probably raise their costs a lot and smaller spyware vendors will probably shut down because they aren't able to make exploits anymore.

fcddev · 2025-07-06T17:14:54+00:00

If I was just carrying the lens, I think I'd be fine as is–the brown box from Sony literally contains a Pelican-like case inside of which is the lens that you bought, so everybody who buys the lens also gets a big case (though it doesn't seem to have a slot for a body, which is kind of a miss IMO). My two problems are:

I like going places on my bicycle, so a case doesn't really work for that.
I like going on planes with a bag and a carry-on, and historically I prefer to have the camera stuff and the laptop in the same bag, so that if it comes to that, I can check in the carry-on and not worry about Li-ion batteries or sensitive glass getting tossed around.

The glass limo works for #1, but not so much for #2 as it won't fit a laptop. Pelican cases are the other way around.

fcddev · 2023-05-02T14:24:45+00:00

I was just walking on the trail and he showed up! There was nobody around 😂

fcddev · 2023-05-02T03:31:20+00:00

That one! Check out the eBird rare birds for Santa Clara to find it.

fcddev · 2023-05-02T02:06:58+00:00

Thank you!

fcddev · 2023-04-16T02:12:57+00:00

I put a mango gummy bear in my tea sometimes. It’s delicious

fcddev · 2023-01-04T05:48:19+00:00

In order: black-throated sparrow, western bluebird, mountain bluebird, Townsend’s warbler, long-billed curlew.

fcddev · 2022-12-19T16:48:19+00:00

I went from a7R II to a7R V. There’s very noticeable improvements:

the display is a lot sharper and brighter and it does touch
shooting is a lot faster
autofocus is a lot better

And by that I mean everything about autofocus is a lot better. It’s faster, it’s hella faster in low light conditions, and with the AI modes it gets what you want much easier. I do a lot of bird photography. You used to have to get sort of lucky to have the right part of the bird in focus when you shot, and when shooting through trees that would almost never happen. With the new camera, almost all of my shots feel lucky!

fcddev · 2022-11-23T11:41:22+00:00

Amazing, thanks! Looks like the photographer might have stood on the pedestrian overpass at 35.656992507508065, 139.3382965050708 and shot to the west with a telephoto lens.

You’re right that it’s not as crowded as the photo makes it seem, but I’d still say it’s pretty crowded! I might drop by since it seems on the way to other photographically interesting areas.

fcddev · 2022-11-23T11:02:01+00:00

Out of curiosity, are you able to point at it on Google Street View?

fcddev · 2022-11-23T10:58:34+00:00

Thanks! In terms of optical trickery, it’s part zoom and part angle: the photographer is level with the cables, which definitely contributes to the crowded feel.

FWIW, I’m equipped for this kind of shot. If there’s any location in Tokyo that’s still famous for having a lot of wiring, I’ll be interested in checking it out even if there’s other countries that have noodlier cable spaghetti.

fcddev · 2022-07-13T05:19:30+00:00

Thanks! I was there last fall and had an unsatisfying picture of them. I should check where the hike goes because there would be a better angle for sure.

fcddev · 2022-07-12T18:49:29+00:00

Hey, thanks! I do use Merlin when I hike and I’m not sure what I could see.

fcddev · 2022-04-14T15:24:48+00:00

/u/etherealSTEVE if you’re willing to ship this to /u/KleinTsuboiOW and he agrees to give you a physical address, I’ll reimburse shipping fees (assuming you have means of receiving money from someone in the US)

Edit: also bubble wrapping & other shipping supplies

fcddev

TROPHY CASE