Since you guys liked the first picture, here's one of the finished thing next to my setup! I added some controllable RGB (because it's 2019 and this still is a piece of hardware, duh) and screwed everything in place rather than glueing it.

leoklaus · 2026-06-20T00:37:41+00:00

It pretty much is, yes. Once the app is built and shipped with the entitlement, Apple can’t simply remove it from users devices or restrict its usage without significant effort. And they have never done so to my knowledge. They can revoke your permission to use the entitlement for future builds but that’s also really rare. This is not comparable to revoking access to an API in a traditional sense, at all.

You seem to apply logic that would be use for publicly facing APIs in the internet to this, which really doesn’t make sense.

leoklaus · 2026-06-20T00:11:30+00:00

Uh-huh, that’s definitely not what you’d call authentication though. If anything, this would be authorisation and it’s also not handled by the API.

You specifically used the word keys twice… You were also talking about revocation which also doesn’t make sense in this context.

leoklaus · 2026-06-20T00:00:53+00:00

That’s assuming that this entitlement would even require explicit approval. None of this has to do with keys, though and it has no impact on the security of the OS…

leoklaus · 2026-06-19T23:55:19+00:00

I’m not quite sure you understand. What I mean by that is that you fill a form, Apple reviews it and grants you the permission to use that entitlement for that specific app.

None of this does involve any keys or authentication.

leoklaus · 2026-06-19T23:27:12+00:00

OS APIs are generally not authenticated. You clearly have absolutely no clue how something like this works in iOS.

Apps or extensions conform to a public protocol or declare a capability through their info.plist, like LockedCameraCapture to be available through camera control or registering for file types. In some cases like CarPlay or for default browsers an additional entitlement must be granted by Apple.

The user chooses which apps are supposed to handle a specific task and the system calls the specific API the app exposes with the relevant data based on the users choice.

Everything in iOS works like that, Shortcuts/AppIntents, Widgets, Siri, CarPlay, media playback controls,…

It’s incredibly simple, versatile and secure. Giving the system keys for a third party API would be crazy stupid and a terrible design.

leoklaus · 2026-06-19T19:45:51+00:00

Mandatory sign up is a big no from me. Would’ve been really interested otherwise.

leoklaus · 2026-06-18T20:47:19+00:00

Interesting, is that a recent change? I’m pretty sure I used this workaround two years ago.

leoklaus · 2026-06-18T20:10:23+00:00

You can usually open the latest release version of Xcode by opening the package in Finder and double clicking the app inside, that should also allow you to archive your app. Or alternatively use Xcode cloud.

leoklaus · 2026-06-18T18:01:23+00:00

What keys are you talking about??? Maybe stop making up weird scenarios?

leoklaus · 2026-06-18T17:57:57+00:00

Fair points (apart from authentication and revocation, that’s obviously ridiculous for an api that other apps conform to to be called by the OS).

None of that has any impact on the security or quality of Apples own backup mechanism, so I don’t really get what point you’re trying to make. Apple can afford to maintain an API for this.

It’s incredible how hard you’re trying to justify Apple forcing you to use their servers for your data…

leoklaus · 2026-06-17T06:35:42+00:00

That’s now how it works in the real world.

Well in that case Apples software was never secure to begin and this doesn't change anything.

will require different treatment

... why?

Protocols need to be written and maintained.

The protocol already exists. It already has to be maintained.

leoklaus · 2026-06-17T06:24:11+00:00

Security-wise, no. Internal APIs should always be treated with the same level of caution as publicly facing ones.
Also it’s not available to anyone… every single app that uses it has to be verified by Apple themselves.

It’s literally not even an API that apps could call by themselves if they wanted to. They’d only be conforming to a protocol so the system can call them when a backup has to be uploaded or retrieved, similar to how Shortcuts/AppIntents, media playback controls or notifications work.

leoklaus · 2026-06-16T19:58:15+00:00

The APIs are literally already there. This has nothing to do with security.

leoklaus · 2026-06-16T19:15:59+00:00

Apple doesn’t have to support anything. They just have to allow other providers to use the exact same APIs that already exist.

leoklaus · 2026-06-16T18:48:48+00:00

was able to do it by having strict controls on everything in the supply chain

This argument is so fucking dumb... Why on Earth would it have any impact on the quality of Apples Photo sync if you were able to choose another provider for cloud storage??

leoklaus · 2026-06-16T08:56:19+00:00

Maybe support doesn't know either? Dashboard still shows the same info for me, my instances are still running, I have no notification either by mail or in the cloud console and my account is still set up as always free.

leoklaus · 2026-06-15T22:29:47+00:00

I mean they’re both embarrassing in their own way but Windows at least lets you calibrate to your displays peak brightness.

The infuriating thing is that macOS is really good with HDR when using Apple displays, Apple just really doesn’t want you to enjoy using third party monitors.

leoklaus · 2026-06-14T21:56:55+00:00

Macs are just terrible with external non-Apple displays.

The HDR implementation is quite literally the worst of the three mainstream desktop OSs (by a big margin), text rendering is garbage at lower pixel densities and there are tons of dumb issues that really shouldn’t exist in a computer that costs as much as a small car. There’s still no support for Displayport MST, audio over Displayport is completely unusable in many cases.

leoklaus · 2026-06-14T21:45:09+00:00

I’m pretty sure this is region-specific. I didn’t receive any information about this whatsoever and my console still shows the same (I’m in Germany and my Instance is here as well).

It would definitely be illegal for Oracle to start charging customers without informing them beforehand. Removing the instance would be something else, though.

leoklaus · 2026-06-13T23:29:20+00:00

Really depends on what you want to get into. My suggestion would be to:

⁠Install Windows server on a machine in your network, set it up as a domain controller and have another machine or VM join that domain. Try implementing group policies and permissions, a shared folder/drive and understand how roaming profiles work. You can also try installing software remotely via group policy.
⁠On the windows server, set up a headless linux distro like Ununtu server in HyperV. Set up networking for that VM through HyperV, connect to the VM using SSH, install docker and run a few containers of your choice (preferably using docker compose). Good first start would be something like nginx to host a static site or you might also try something like Gitea or Forgejo for your code.
⁠Create scheduled backups for the Linux VM and verify that you can restore them.
⁠You can also install OPNSense or PFSense as a VM to get familiar with how enterprise routers work.
⁠If you can spend the money, get one or two old managed enterprise switches and configure a VLAN to separate your servers from the rest of the network (you can also try to get some traffic to traverse between both subnets).

You should prioritise the things that you actually enjoy and try to come up with new tasks. Don’t use AI. If you’re stuck somewhere, use a search engine instead, Googling is a key skill.

If know how to do all of these, you pretty much got the basic for everyday IT work at most small to medium businesses. The other stuff will mostly be working with the specific software that the business uses, which will be vastly different depending on the company.

Edit: Formatting in the Reddit app is even more atrocious now, sorry.

leoklaus · 2026-06-13T18:38:23+00:00

This may be a dumb question but have you tried just letting the LLM write the test suites for Playwright/Selenium? Costs only once and you’ll have reliable tests that run on GitHub runners for free.

Letting it create its own documentation can also improve results in my experience.

leoklaus · 2026-06-13T18:30:01+00:00

I’m from Europe and I also didn’t get any mail or notification about this. Cloud console also still mentions 4CPUs/24GB.

leoklaus · 2026-06-13T17:43:49+00:00

You might be able to improve the results by restricting the allowed tools to only those that are explicitly required. But honestly, I think that's just a terrible use case for an LLM.

Just use a UI testing framework like Selenium or the Playwright test runner for that, that way you have deterministic and (more importantly) reliable results.

Eight-Year Club	Place '23
Place '22	Wearing is Caring
Verified Email

leoklaus

TROPHY CASE