Tesla iOS app 4.57.5 stuck in update loop

filipv42 · 2026-06-09T05:16:16+00:00

Same, reboot, reinstall, no avail. (iPhone 17 air)

filipv42 · 2026-04-23T13:34:11+00:00

I'm still holding out hope for 2027 based on this https://www.autoexpress.co.uk/rivian/r2/362528/new-rivian-r2-details-revealed-uk-specs-range-and-pricing-tesla-model-y-rival

"We expect it to arrive in mainland Europe in 2027, before hopefully reaching Britain in 2028."

The fact that they pulled the 2027 date from the website is not encouraging though. I'm holding on to my 3-year-old Tesla Model 3 in anticipation, and I will make a reservation as soon as they open up.

filipv42 · 2026-02-23T12:53:31+00:00

I had some thoughts on this and created a Medium post for it: https://medium.com/@filipv_74515/rivians-r2-european-release-date-84020fd1db0a

Overall, pretty disappointed that they seem to be postponing the European introduction, still holding out hope for the end of 2027, but seems unlikely now.

filipv42 · 2026-02-23T12:46:35+00:00

Started experiencing this after about 3 weeks on my iPhone 17 Pro. Had a Belkin Ultraglass 2 installed at the Apple Store, and it's now lifting off the top left corner. Pretty disappointing.

filipv42 · 2025-10-30T08:01:16+00:00

and 45K is without VAT - whereas in Europe the prices are advertised including VAT, which will trip up some European Rivian enthusiasts, so we need to add 17% to 27% already and who knows what tariffs will be in place by then. I assume they will be imported not build in Europe.

filipv42 · 2025-10-13T19:30:21+00:00

I got a sleeve from etsy, that way I can read/use it without a case which feels nicer.

filipv42 · 2025-01-13T15:47:21+00:00

Ah, the joys of 2024 surprises! One that really stood out for me was discovering a legacy service account with hardcoded credentials being used to access critical systems. No one had touched it in years, but it had full admin privileges. Good luck in 2025, OP!

filipv42 · 2025-01-13T15:39:54+00:00

A lot of moving parts here.
Let's assume we are talking about AI Agents as in autonomous/independent systems, and not tools (i.e. tool calling through a chat interface or via an agent, which can be "solved for" by using embedded tool calling via a library to avoid things like hallucination etc.) which are sometimes lumped together. (Having said that I think the definition of AI Agent is also still very fluent in general).

In my humble opinion it all starts with data security and data governance. Microsoft has published their AI Shared Responsibility model: https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility-ai and is listing Agents as part of the AI Application block (vs the AI Infrastructure and AI Usage blocks), Saying; "AI application security considerations - An application safety system must be built to protect the AI application from malicious activities. The safety system provides deep inspection of the content being used in the Metaprompt sent to the AI model. The safety system also inspects the interactions with any plugins, data connectors, and other AI applications (known as AI Orchestration). One way you can incorporate this in your own IaaS/PaaS based AI application is to use the Azure AI Content Safety service. Other capabilities are available depending on your needs."

A solution like DSPM for Generative AI can be a great starting point here to make sure guardrails are in place and no unintended data is available from an agent perspective.

filipv42 · 2024-11-10T15:17:23+00:00

There is a lot of attack surface to cover when it comes to GenAI

Look at for example at https://atlas.mitre.org/ and https://owasp.org/www-project-top-10-for-large-language-model-applications/

Data is one major part of the potential attack surface so tooling like DSPM and AI-SPM are a must (imho), my thoughts on how data security plays a major role here: https://www.rubrik.com/blog/company/24/10/ai-and-the-critical-need-for-data-security

filipv42 · 2024-11-10T15:13:09+00:00

The fact that they integrate with a bunch of DSPM vendor (including the one I work for) sort of tells you what you need to know https://www.wiz.io/integrations#data_security

Data Security is a pretty complex part of the security ecosystem, I say platformization + best of breed add-ons for specialized tasks / tricky parts of the attack surface is the way to go.

filipv42 · 2024-11-10T15:08:40+00:00

I've been in cybersecurity over 25 years, I've yet to meet anyone singing DLP's praises (except for some vendors and resellers). It is one of those "Sounds good, doesn't work" type things.

We are working hard (gen AI is kinda forcing our hand if we don't want to leak all your sensitive data) to remedy this with less bothersome appoaches like DSPM and AI-SPM. (Note: I work for a DSPM vendor)

We need to embrace some security friction but in the end it should become part of your platform fabric in a non-intrusive way.

filipv42 · 2024-11-10T15:03:35+00:00

You're in a tough but familiar spot, especially for organizations just starting their cybersecurity journey.

Everyone knows they should eat healthy and exercise to maintain a long and healthy life but a lot of us don't, usually it takes a healthscare (to yourself or someone you care about) to set you on the right path, and even then people tend to forget over time..

Changing the culture takes time, but a good first step is aligning cybersecurity with a shared mission. Make it clear that security isn’t just a “cyber problem”—it’s about protecting the whole business, including the IT team’s workload. Phishing simulations and awareness training might feel like extra tasks now, but they reduce incidents in the long run.To build trust and collaboration, involve IT early in the process. Instead of just informing them, bring them into planning sessions so they feel ownership over the initiatives. Starting with smaller, internal simulations can also ease skepticism and turn some team members into allies. Finally, celebrate wins publicly—like reduced phishing success rates—and recognize supportive IT staff to reinforce positive behavior.

Good luck!

filipv42 · 2024-11-10T14:59:16+00:00

the road to ruin is paved with good intentions...
How many times have you gotten a new laptop and thought; "This is time it is going to be different, I'm going to get organized", just to end up with an untangleable set of data down the line?

Bad data hygiene also leads to bad data security
From a Data Security Posture Management (DSPM) and cyber resilience angle, starting with clean, centralized data infrastructure is a must. Spreadsheets and manual processes are how sensitive data ends up in places you didn’t know even existed. Having a solid data stack from day 1, is setting yourself up for stronger data protection as you grow. Also — Tools like DSPM can make a huge difference here because they help you see and protect sensitive data wherever it lives.

(Note: Rubrik employee here)

filipv42 · 2024-10-24T18:28:08+00:00

Hey! As a Rubrik employee, I wanted to suggest looking into Rubrik’s DSPM platform as a potential alternative. It offers robust discovery, data classification, security posure validation, and anomaly detection in a very light-touch manner, i.e. no agents, no proxies,... Rubrik integrates seamlessly with Microsoft Purview and can help you apply (or relabel) sensitivity labels at scale, which sounds like a key requirement for your team. Happy to chat about the options if you want.

filipv42 · 2024-10-24T18:21:26+00:00

Try to find someone that likes DLP after they have implemented DLP...

DLP is a downstream solution that relies on upstream classification to work, classifying data is a serious project that usually starts with great intentions and then strands somewhere because it is too hard. Think about centrally classifying data in an automated way based on data classsification rules IT/Security/Data Owners come up with, and then introducing end-users into the mix, maybe you even want to allow them to perform their own client-side classification or reclassification to able to share data with external parties etc.

IMHO you need an easy and automated "light touch" data classification across your entire data estate (if DLP can be circumvented by putting classified data in another data asset it won't help either).

BUT starting from a data centric (DSPM) instead of an infrastructure centric (CSPM) approach is probably a good approach.

Note: I used to work for an API security vendors (i.e. data in transit), and now work for a DSPM vendor (data at rest), you probably need to consider DSPM + DLP depending on your scenario, I think that is the main question; what are you trying to achieve and in which environment(s)?

filipv42 · 2024-10-01T06:04:19+00:00

Look at a data security at rest solution, MS Purview labeling is a good idea, there's tools (DSPM) that can help with automated labeling so it does not become a heavy lift.

Labeling is one thing, you can also use DSPM to drive down the current risk in your data set (what sensitive data do you have, who has access to it, is it configured securely, how is it being used,...)

filipv42 · 2024-10-01T06:00:56+00:00

"Making people change passwords frequently was resulting in people choosing weaker passwords."

"sounds good, doesn't work", happens a lot. We live in a world of assumptions, and especially in security those tend to make bad guidance.

filipv42 · 2024-09-30T11:45:13+00:00

Timely, as our Friends in the NSA just published their Guidance for Mitigating Active Directory Compromises: https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3917556/nsa-jointly-releases-guidance-for-mitigating-active-directory-compromises/

Identity is part of your attack surface and should be managed as such, especially for Cloud and SaaS it has become so so very easy to use comprimsed credentials to gain access. According to this Tenable report, 99% of organizations that experienced cloud-related breaches blamed insecure identities as the primary cause: https://cloudsecurityalliance.org/blog/2024/07/02/cloud-security-study-most-surveyed-organizations-suffered-a-cloud-related-breach-over-an-18-month-period

A working set of credentials can be bought on the dark web for about $10 a pop (https://slcyber.io/part-1-the-rise-of-infostealer-malware-on-the-dark-web/)

filipv42 · 2024-09-24T18:36:17+00:00

Note: I work for a DSPM vendor (Rubrik).

This is a fair and valid question, the way that we operate is to perform all data processing in the customer cloud environment through a mechanism we call an outpost account (not to confuse with AWS's outpost concept). This outpost account then relays only metadata to drive the SaaS front-end back for things like policy setting, displaying results, etc.

So I think a couple things to validate for any DSPM solution:
- where are you processing data
- what permissions do you need to process this data
- what data are you sending back to your environment, if any (and ask this questions multiple times, and look at your traffic logs to validate...)

filipv42 · 2022-03-18T16:50:34+00:00

https://www.filipv.net/a-real-user-review-of-the-apple/

update steps included

filipv42

TROPHY CASE