It reminds me of the standard counter to the Chinese Room thought experiment: the person inside doesn’t understand Chinese, but the system _does_. The person, the rules, and the lookup tables together form the thing doing the understanding.
Presence of one or more: unexpected outbound traffic observed via Ethernet, increased battery consumption, interactive response glitching, display anomalies ... and their absence after hard reset key sequence to evict non-persistent malware. Then log review.
What are examples of logs that you're considering IOCs? The picture you are painting is basically that most everyone is already compromised most of the time, which is ... hard to swallow.
By minimizing apps on device, blocking all traffic to Apple 17.x, using Charles Proxy (and NetGuard on Android) to allowlist IP/port for the remaining apps at the router level, and then manually inspecting all other network activity from the device. Also the disappearance of said traffic after hard-reset.
Sometimes there were anomalies in app logs (iOS Settings - Analytics) or sysdiagnose logs. Sadly iOS 26 started deleting logs that have been used in the past to look for IOCs.
How did you determine that a connection was malicious? Modern apps are noisy with all of the telemetry and ad traffic, and that includes a fair amount of background activity. If all you’re seeing are connections to AWS, GCP, etc. it’s highly unlikely that it’s a compromise.
Similarly, when you talk about it going away after a reset that seems more like normal app activity stopping until you restart the app.
That doesn’t have any details supporting the belief that this traffic was malicious or a sign of compromise. I’d easily believe that it’s picking up developer telemetry or ad networks but without some hard evidence this sounds like misinterpretation rather than a compromise.
Traffic was monitored on a physical ethernet cable via USB ethernet adapter to iOS device.
Charles Proxy was only used to time-associate manual application launch with attempts to reach destination hostnames and ports, to allowlist those on the separate physical router. If there was an open question about an app being a potential source of unexpected packets, the app was offloaded (data stayed on device, but app cannot be started).
MDM was not used to redirect DNS, only toggling features off in Apple Configurator.
Surely you used several USB Ethernet adapters to rule them out as being the source as well right? Those types of dongles are well known for calling home.
Good observation :) Multiple ethernet adapters: Apple original (ancient USB2 10/100), Tier 1 PC OEM, plus a few random ones. Some USB adapters emit more RF than others.
It excluded the published hostnames for services and CDNs (some of which resolved to GCP, Akamai, etc) published by Apple for sysadmins of enterprise networks, https://news.ycombinator.com/item?id=46994394. It's indeed possible that one of the unknown destination IPs could have been an undocumented Apple service, but some (e.g. OVH) seem unlikely.
So how did you identify this as a breach? I'm struggling to find this credible, and you've yet to provide specifics.
Right now it comes across as "just enough knowledge to be dangerous"-levels, meaning: you've seen things, don't understand those things, and draw an unfounded conclusion.
Feel free to provide specifics, like log entry lines, that show this breach.
Please feel free to ignore this sub-thread. I'm merely happy that Apple finally shipped an iPad that would last (for me! no claims about anyone else!) more than a few weeks without falling over.
To learn iOS forensics, try Corellium iPhone emulated VMs that are available to security researchers, the open-source QEMU emulation of iPhone 11 [1] where iOS behavior can be observed directly, paid training [2] on iOS forensics, or enter keywords from that course outline into web search/LLM for a crash course.
I worked at Corellium tracking sophisticated threats. Nothing you’ve posted is indicative of a compromise. If you’re convinced I’d be happy to go through your IOCs and try to explain them to you.
Thanks. In this thread, I was trying to share a positive story about the recent iPad Pro _NOT_ exhibiting the many issues I observed over 5 years and multiple generations of iPhones and iPad Pros. If any new issues surface, I'll archive immutable logs for others to review.
With the link I provided, a hacker can use iOS emulated in QEMU for:
• Restore / Boot
• Software rendering
• Kernel and userspace debugging
• Pairing with the host
• Serial / SSH access
• Multitouch
• Network
• Install and run any arbitrary IPA
Unlike a locked-down physical Apple device. It's a good starting point.
I'm much more convinced that you're competent in the field of forensics. But I still don't think suspicious network traffic can be categorically defined as a 'device breach.'
For all you know, the traffic you've observed and deem malicious could just as well have been destined for Apple servers.
Apple traffic goes to 17.0.0.0/8 + CDNs aliased to .apple.com, which my egress router blocks except for Apple-documented endpoints for notifications and software update, https://support.apple.com/en-us/101555
They said upthread that they had blocked 17.0.0.0/8 ("Apple"), but maybe there are teams inside Apple that are somehow operating services outside of Apple's /8 in the name of Velocity? I kind of doubt it, though, because they don't seem like the kind of company that would allow for that kind of cowboying.
I don't doubt it in the slightest. Every corporate surveillance firm—I mean, third-party CDN in existence ostensibly operates in the name of 'velocity'.
There’s no hard evidence that you’ve put forward that you’ve been breached.
Not understanding every bit of traffic from your device with hundreds of services and dozens of apps running is not evidence of a breach.
Have you found unsigned/unauthorized software? Have you traced traffic to a known malware collection endpoint? Have you recovered artifacts from malware?
Strong claims require strong evidence imo and this isn’t it.
As mentioned elsewhere in this thread, traffic from each iOS app was traced via Charles Proxy, the endpoints allowlisted for normal behavior, and finally the app was offloaded so it could not generate any traffic from the device. Over time, this provided a baseline of known outbound traffic from the device, e.g. after provisioning a new device with a small number of trusted apps.
I agree with other posters that you seem to be capable of network level forensics, but you have said nothing to back up what you consider a device breach other than 'some cloud destined network traffic which disapears after a hard reset'.
In my experience of forensic reports, this link is tenuous at best and would not be considered evidence or even suspected breach based on that alone.
I think its the end-to-end, integrated nature of it.
API driven, have "elastic resources", etc, etc. Rather than bolting together various solutions you get to have a "Cloud-like" stack in your own datacenter.
So while most of the software is open source rather than proprietary, you still have a fair point that customers pay for support (as they do with most enterprise products). One could theoretically use the product without first-party software updates, managing the open source oneself... but that would have practical impediments (and runs counter to the all-in-one simplicity that customers value in the Oxide product).
Two points about your last point. First, software improvements benefit all customers; as the business grows, the effective cost per customer shrinks. Also, most customers grow their Oxide deployment or will replace hardware after a depreciation cycle. The sustainability of investments into the software (and the product generally) is on solid ground.
Back in the 90s and 00s, lots of companies churned out software products that were sold once, supported forever. It was a sort of Ponzi scheme, supporting old customers with money from new customers. Which was okay during a period of high growth. But sooner or later the market matures, growth plateaues, and the cost of ongoing maintenance becomes a much bigger problem.
Right now you're growing fast and swimming in VC money, so this is probably not an issue. At some point, though, you might find that even hardware depreciation cycles don't provide as much of a cushion as you hope they will. In an economic downturn, people might suddenly realize that Oxide hardware actually remains serviceable much longer than they expected. :)
Yes I've tried Parakeet v3 too. For its own purpose - running locally - it's amazing.
The thing that's particularly amazing about this Voxtral model is how incredibly rock solid the accuracy is.
For the longest time previous models have been 'mostly correct' or as people have commented elsewhere on this HN thread, have dropped sentences or lost or added utterances.
I have no affiliation with these folks, but I tried and struggled to get this model to break even speaking as adversariately as I could.
I agree that DeepSeek and others have been doing most of the published research for future frontier models.
But I’m not sure we can say they the big US companies aren’t doing foundational research anymore. I suspect a lot of it is just kept unpublished as a result of the intense competitive pressure, which is disappointing.
I converted my resume to LaTeX with Claude Code recently. Being able to iterate on this code-form of my document is so much nicer than fighting the formatting with in Word/Google Docs.
I dropped my .tex file into Prism and it makes it nice to instantly render it.
I think that’s more a critique of the modern caricature of stoicism than of Stoicism itself. Classical Stoicism isn’t about suppressing emotions. It’s about understanding your emotions, examining where they come from, and choosing how you respond rather than being ruled by them.
Also it's about learning to distinguish between stuff we can influence vs stuff we cannot. Like I cannot influence if the sun rises tomorrow or not, so there's not point in worrying about it
understanding, examining and choosing are all thinking based. and that's why stoicism isn't really working well for humans. emotions are neuropsychologically lower level than thoughts/logic/ratio. having said that, lectures about stoicism might well be excellent instructions for language models on how to handle communication with humans.
Part of practicing Stoicism is to bring emotions up to the understanding, examining, and choosing level. You still have emotions, but you don't let them control you.
I love JiuJitsu because many parts of it are like microcosms of life. The first time someone lays on you and you feel like you can't breath, you panic. That's an emotion. After a few times you realize you can breath and eventually you will feel the panic and instead of succumbing, it'll wash past you. By practicing feeling emotions, especially negative ones like being uncomfortable over and over, eventually they move into your higher level thinking and no longer control you. You absolutely still have them, but your reaction to them has changed.
I would actually argue that the sensation from experiencing asphyxiation is not really an emotion but instead one of the most fundamental sensations any life form will experience. Just saying as I already argued that ratio is a layer above emotions. Having said that, Jujutsu (as well as all forms of martial arts and sports) are intertwined with emotional experience and needs. Jujutsu for example is probably one of the best physical therapies for adults to overcome fear of non-sexual physical contact. Also the whole idea around fighting other people in your spare time draws its inspiration from a desire to externalize negative emotions which are either too abstract or too challenging to address in a mental reflection process.
Keep in mind, you’re not actually asphyxiating in this case. It’s just uncomfortable to have someone in your space, feeling closed in, etc… it’s all emotion.
Thats different from actually being choked and tapping to end the fight.
Also, BJJ has been one of the biggest unlocks in my personal growth and stoicism journey. Things that used to make me uncomfortable or annoy me in daily simply don’t. I’m not externalizing my negative emotions, I’ve just become better at dealing with them through repeated challenges. Early on my teacher told me that everyone loses, but the difference between white and black belts is the black will be calm thinking how to escape until the very end. Contrast the white belt who loses control and flails around accomplishing nothing.
It's more to separate the feeling from the reaction to the feeling by a layer of understanding & examination. Feel first, understand the feeling, examine whether the feeling is appropriate for the situation that caused it, determine how to react, react. It's an OODA loop applied to one's own emotions: Observe the feeling, Orient on the situation, Decide on a response, Act as decided. If you pre-decide to always suppress any reaction you're missing the point. Stoicism is quite similar to modern Cognitive Behavior Therapy. If you just react without thinking you'll often react to your learned habits rather than the actual situation at hand.
The realization of emerging emotions by cultivating mindfulness. I mean this is basically also what various practices/exercises in (Zen) Buddhism aim at. But I'd argue that the practical methodology advertised by Stoicism is too ratio based to be effective beyond a basic . I would rather put my money on more indirect approaches like classic mindfulness exercises and meditation. They are less goal oriented by design, but the axiom (which I accept from experience and observation) is that a healthy mind will be expressing stoic virtues naturally without knowing how to call it.
And now that I've read that the second time, this is very close to various kinds of therapy.
For example, anxiety exists and sometimes occurs, and it means parts of me are trying to be very careful and precise about something. This can be a problem at times if it overcomes you, but it can also be leveraged into a strength once you figure why it's flaring up at the moment.
Another example, travel used to be a nuisance, but now I've setup and continue refining some packing and preparation checklists for trips of varying length. Now it's a big no-brainer to be well-prepared for a short work-trip and I'm usually very calm about it.
The durability guarantees are similar--each workflow step is checkpointed, so if a workflow fails, it can recover from the last completed step.
The big difference, like that blog post (https://www.dbos.dev/blog/durable-execution-coding-compariso...) describes, is the operational model. DBOS is a library you can install into your app, whereas Temporal et al. require you to rearchitect your app to run on their workers and external orchestrator.
reply