The issue is only an issue if your phone is physically taken, then unlocked and the message notifications extracted from a iOS cache database. Todays update by Apple fixes issue for every app, not just Signal.
Oh please, Telegram being mentioned positively during a discussion of security, privacy or state surveillance? Telegram is a security nightmare, it’s not e2ee no mater what BS their very very untrustworthy founder keeps spouting, it’s not default and what they do offer is probably not secure. Servers owned by Russian oligarchs loyal to Putin. Durovs rebel persona, where he’s persona non grata in Russia is also BS. He was shown to be freely traveling in and out of Russia and having negotiations with the Russian government around censorship of Telegram all while Durov was telling us he couldn’t return. And the Russian FSB won’t use it because it’s known in their circles as being compromised.
> "That largely depends on what an officer does outside of work. If someone is involved in corrupt dealings, and in fact, I know very few who aren't, then they reason like this. Can this messenger be monitored by internal security officers? Previously, many used WhatsApp. Almost no one used telegram because there's a wellfounded belief that this messenger is to some extent controlled by the Russian authorities. People used signal. Some use three months, but all that has now been shut down again. Why is it monitored? I think they're worried about a possible coup and trying to limit the ability to coordinate mass actions via communication channels from abroad. Hence the Max messenger. So now most security officers have switched to Chatty. That's a Dubai based messenger, but it's definitely not a universal remedy. Some have moved to Zangi, which is [clears throat] an Armenian app that markets itself as American. When it comes to targeting the opposition, the state will always find the resources. It's one of the main priorities, more important than any financial or commercial issue, even more than counterterrorism."
This comment is based on one of my commits. The round-trip through Int is exactly what makes it safe.Int(value) will return nil (and be rejected) for anything that isn't a valid integer. no ; rm -rf /, no shell. String(seconds) on a Swift Int can only ever produce a decimal number. (which is probably overkill and not needed in this context.)
> Please don't use slop machines to write READMEs.
Trust me, they do a better job than I ever will.
Having said all that, it's probably something that could be dropped from the readme. I'll edit now.
edit: updated the readme. Thanks for taking the time to proof read it.
Correct. This is a classic security vs convenience tradeoff. I mention that trade off on the landing page, PanicLock vs Shutdown
> Use shutdown when you can, PanicLock when you can't. Shutting down is the most secure option—but when you need your Mac locked now and you'll be back in five minutes, PanicLock is your answer.
*PanicLock*
- Fast "oh shit" button
- Lid closed when in transit.
- Instant lock (1 second). Disables Touch ID immediately
- Preserves your session
- Back to work in minutes
*Full Shutdown*
- Maximum security
- Purges encryption keys
- Fully locks FileVault
- Takes time to shutdown & restart
- Kills your session
That's good feedback. I just added it to the readme:
> "PanicLock fills a gap macOS leaves open: there is no built-in way to instantly disable Touch ID when it matters. Biometrics are convenient day-to-day, and sometimes preferable when you need speed or want to avoid your password being observed. But in sensitive situations, law enforcement and border agents in many countries can compel a biometric unlock in ways they cannot with a password. PanicLock gives you a one-click menu bar button, a customizable hotkey, or an automatic lock-on-lid-close option that immediately disables Touch ID and locks your screen, restoring password-only protection without killing your session or shutting down."
I've more details on the apps landing page - paniclock.github.io
I wrote this after the case of a Washington Post reporter, Hannah Natanson, was compelled to unlock her computer with her fingerprint. This resulted in access to her Desktop Signal on her computer, revealing sources and their conversations.
(I've put a copy of this text at the top of the thread, since it's standard for Show HNs to have some intro/background up there. I hope that's ok with you!)
Hypothesis: If you can assign different fingers to different accounts, you could use (for example) your middle finger to switch to a "panic account" whose automatic login procedure includes disabling Touch ID.
Or, to avoid arousing suspicion, link the most common "login finger" (pointer finger?) to the account that locks down, and use your middle finger for your normal account day in and day out.
Maybe we should examine as an industry why so many mediocre men get elevated to positions of incredible power and run great businesses into the ground.
Luck (primarily) and connections. We feel psychologically safe believing there is some determinism _in the world_. But there's none. Studies show that you can have 140 IQ and still end up homeless if circumstances are poor.
This is an extraordinary claim. What is your extraordinary evidence?
Why didn’t it rain today? Good luck! Why was Michael Jordan so skillful at basketball? Just good luck. Why is Linux better than Windows? Good luck! Why did VMS fall off? Bad luck. Why does 2 + 2 = 4? I guess just good luck.
These are all laughably incurious, superstitious answers. Other factors must be at play. Yes, identifying them may require hard thinking and concentration.
Otherwise, what is democracy other than selecting the luckiest? We already had strange women lying in ponds distributing swords for that — and much cheaper and quicker to boot.
> Studies show that you can have 140 IQ and still end up homeless if circumstances are poor.
We’ve likely all known people who were book smart but didn’t have good walking-around sense. Everyone knows others who make poor or destructive choices. The interpersonal skills, soft skills, and emotional intelligence being dismissed in this thread as mere “luck and connections” may be severely lacking. The person may have poor mental health or addiction.
Are you using determinism in the automata theory sense or some other?
Luck here isn't referring to some invisible dice roll whose randomness can not be explained or is just a correlation (like no rain on your wedding day would be), it's refers to variables that the person can not influence. Being born into a rich family is lucky for that baby, and the baby can't have done anything about it.
Competition is for losers, is a way to say to go and compete in a super crowded market where it is impossible to differentiate yourself is not going to make you a winner.
But usually people are called idiots because they don’t swallow the progressive propaganda wholesale.
Google is a public company so in some way they have gone public.
I wish people would remember the stock markets were invented for companies to raise funds, not for the private investors to cash out. The public should be allowed to invest in new companies, not just the rich.
> The public should be allowed to invest in new companies, not just the rich.
Most funds lose money on early stage investing.
Allowing non-accredited investors to enter the privete capital is great for experienced investors like me because we can offload assets to less discerning and less experienced casual investors, but this is truly risky for the vast majority of individuals.
Hell, even in my own personal portfolio I stick with ETFs and call it a day because returns are good enough without active risk management.
> so in some way they have gone public
M&A is not an IPO. By that standard any acquisition by Crowdstrike or PANW is an "IPO".
The lack of competition is at this point choice American politicians and the voters. They should be breaking up mega corporations or at least taxing them at really high rates.
Instead, it looks like all the existing incumbents will just continue to rule over society. They have capital, monopolies, and the moats of distribution channels and contracts with their current customers. There is no fair competition - they’ll just replicate your clever product easily.
> It's a pity going public isn't worth it anymore.
Israeli VCs tend to be uninterested in IPOs in general - too much of an operational headache and it's difficult to exit a position quickly.
In most cases an IPO isn't worth it for founders because an IPO means you lose operational control. It's basically the "Rich versus Kings" dichotomy [0].
Edit: can't reply
> you can control the share allocations going into an IPO to give you solid voting power
Investors do not like that - they want some degree of operational control in order to right the ship if needed.
In the early 2010s, IPOs like Tesla and Facebook were on terms that gave outside investors little control on operations and that's why Musk and even Zuckerberg to a certain extent can choose to reorient to a new boondoggle with little-to-no investor pushback.
In 2026 if you want to IPO, it will be on the terms of JPMC, GS, etc who are underwriting the IPO.
In a private company, it's easier for an investor to offload or get bought out of their position if the founder wants to maintain operational control.
> While you’re accountable to a board of directors and theoretically accountable to stockholders, in reality management often runs the show
In publicly listed companies, it is magnitudes more difficult to build a board that is aligned with you at a personal level versus in a private company because both the board and strategic shareholders will act as checks against you.
> If you’re acquired, you’re giving up ownership and you tend to lose operational control unless you have agreements in place that say otherwise
An acquisition happens when both the founders and investors want to exit, and has less operational overhead and due dilligence versus going thru the process of an IPO in the US.
> This is counterintuitive to me
Well, that's the reality. This is why Stripe, Databricks, and others have remained private for so long despite having hit IPO-level metrics years ago. If you're already generating high 9 to low 10 figures a year in revenue, you can remain private indefinetly and as a founder you would be able to give yourself a compensation package comparable to a public company, but with much less oversight and stress.
> Interesting, why is this more true of Israeli VC's as opposed to VC's in other markets
Significantly less capital.
"Big" funds like YL Ventures, Cyberstarts, and JVP only have an AUM of $800M, $1.4B, and $1.9B respectively.
And if you were going to IPO in the US anyhow, why would you even invest in an Israeli fund, which wouldn't have enough people with experience for an IPO.
And the handful of Israeli IPOs that happened like SentinelOne or CyberArk weren't that successful.
> In most cases an IPO isn't worth it for founders because an IPO means you lose operational control.
This is counterintuitive to me.
If you’re acquired, you’re giving up ownership and you tend to lose operational control unless you have agreements in place that say otherwise.
With an IPO it seems like you have a better chance to retain control: you can control the share allocations going into an IPO to give you solid voting power. While you’re accountable to a board of directors and theoretically accountable to stockholders, in reality management often runs the show, at least until the board runs out of patience with bad earnings.
The problem is if you go public as a small company, it can be hard to survive. You need to meet expectations every time you do an earnings call or watch your stock get crushed, and it’ll never be given another chance. The burdens are also a lot higher in terms of the cost.
You don’t really see companies under $10 billion going public anymore. That may continue to be the case, but it’s terrible for entrepreneurs.
Yes, but a founder deciding to be acquired means they wish to stop having operational control and intend to cash out and exit.
An IPO isn't an easy exit strategy - it takes years to become S1 ready and it takes years to sell off your equity stake if you were using an IPO only to exit.
That's why if you want operational control you fight hard to remain private as long as possible, and if you want to exit you M&A yourself. This makes IPOs only useful if you need to raise more capital than is available in the private market.
Partially. The issue is capital - even Wiz largely raised thanks to Sequoia, Insight Partners, and Index Ventures. American funds are much larger and are able to finance later stage rounds. Most Israeli VC funds end up financing earlier rounds and can't neccesarily participate in later rounds and thus have an incentive to exit earlier.
At first I thought that it must have been dictated as "caught on" and simply mistranscribed. TIL!
I like the first sense:
> (Ireland, informal, idiomatic) To stop behaving immaturely; behave, grow up.
> You'll get in trouble with the boss if you don't cop on.
Irish is on my list of languages to learn, and I wonder if by chance this expression has roots in the Irish language.
---
Later edit: OED does not give the phrase "cop on" under cop (although perhaps it's in one of the supplements, which I don't have yet). But one of the general senses is "to catch", so I guess it's just a variation of the phrase.
> "Even if there were explanatory text, Erika, like most users, doesn’t typically read through every dialog box, and they certainly can’t be expected to remember this technical detail a year from now."
Passkeys are a step in the right direction, ironically for the exact reason the author advises caution. We've been telling people to "store your backup key somewhere safe" for the best part of a decade now, and your average Erika hasn't got on well with that at all. Locking themselves out and losing data left, right and centre.
If you've worked at any kind of scale you'll know well that a certain percentage of users will lose their data with E2EE, full stop. It's just different from everything else they've ever used. These are the same people who'd be lost without the "forgot password" link, and there's no shame in that. That's just the reality of it. And passkeys can help people like this to not lose their keys.
If the product is truly E2EE, the best options right now are the passkey implementations baked into Chrome or Apple. Windows, as ever, needs a bit of work, but the password managers seem to be picking up the slack well enough. We also need to educate people that with true E2EE there is no "forgot password" email. Passkeys and the tooling around them still have a ways to go, but we're getting there.
reply