It was discussed here when it was announced. I believe it was determined the hardware is an ultra-low-budget Aliexpress design that normally retails for ~$100 that they had custom built with a mic cutoff switch added to it (probably the cause of a large portion of the hardware price increase). I dont remember the specifics, but even thr most optimistic were pretty sure it won't get hardware vendor support for even a full year based on the specific processor it contains.
Replying to myself:
Apparently I was mixing up the new Furilabs FLX1s and new Jolla phone. The FLX1s that's a major downgrade from the prior FLX1 and some people were reporting are based on a design that's really cheap on Aliexpress and using very old hardware but with a custom spin to add some physical switches to it.
The new Jolla actually does look really good compared to all the other avaiaobale Linix phone hardware options.
WARNING: This is a Kickstarter device still, and needed funding to even create a proof of concept device last time it was discussed (extensively). It's a Flagship phone device and price, but with only the oldest of pans on how it's actually going to deliver some on of the promises.
It's because YouTube is now requiring a full JavaScript runtime in order to download and play videos. There are open issues regarding this in the relevant GitHub projects, but the fix has not yet been released.
I agree. But regarding this specific game, it seems to work through Crossover (emulation) and Parallels (virtualization). You can also try Whisky and VMware Fusion as free alternatives.
For now, I think existing exclaves such as the one that displays the camera indicator do not really apply to macOS (since MacBooks have dedicated hardware for that), but in the future there might be exclaves that do.
> since SPTM is not used according to Apple documentation:
Try reading that footnote again:
> Note 2: Page Protection Layer (PPL) and Secure Page Table Monitor (SPTM) enforce the execution of signed and trusted code on all platforms with the exception of macOS (because macOS is designed to run any code). All of the other security properties, including the protection of page tables, are present across all supported platforms.
It doesn't say macOS doesn't use SPTM. It says macOS doesn't use SPTM to prevent running unsigned code, since macOS is supposed to allow unsigned code (after the user jumps through some hoops).
I believe Chrome is also the only software that enables certain mitigations such as ProcessSystemCallDisablePolicy on Windows and NO_SMT and TECS on macOS [1]. I wonder if some of these OS features have been implemented at Google's request.
However, in the case of Spectre, I think the OS should try to prevent exploitation rather than end programs, with a user-facing toggle to disable mitigations per-program for compatibility reasons.
On the note of OS mitigations, I've been thinking that a heavy-handed but possibly necessary (at least for highly untrusted programs) approach is to trample all over a process' cache and other relevant microarchitectural affordances whenever the process is entered. Then it should prevent a wide range of attacks, including those unknown until now. A more targeted method is messing up, say, branch predictor state when a process is being exited (i.e. preempted). I find that less intuitively reassuring, but it would reduce performance impact. In any case, I don't find techniques like retpolines or Intel IBRS plausible in the general case, so I'm inclined to go scorched earth. Not that it would likely be popular with the performance cost.
WebKit definitely uses those, search the codebase for "TCSM". I would assume that the Chrome people either worked with Apple on it, or they reversed it from what WebKit was doing.
https://www.intego.com/mac-security-blog/apples-poor-patchin...
reply