They do, yes. It's certainly a requirement if channel binding is to work at all.
Additionally there is this proposal to also detect attempted downgrade of the channel binding and SASL mechanism lists themselves: https://xmpp.org/extensions/xep-0474.html - which we're currently looking for expert eyes on, if you know any... :)
I don't mind XML personally, but I understand why people dislike it. For XMPP specifically you have to use a streaming XML parser, which is quite a bit more complicated than the more common case of parsing XML into a tree and then traversing that tree. Not all XML libraries even have support for streaming parsers and if you start implementing XMPP with a non-streaming parser you'll end up with something really messy.
Streaming parsers give you a stream of events like "open tag 'message'", "attribute 'from'", "open tag 'body'", "close tag 'body'" and you need to gather those and translate them back into the top-level elements of the stream. This is pretty tedious, and if you do it wrong you may end up leaking memory (if you keep the entire tree around in memory) or even introduce vulnerabilities (similar to https://bugs.chromium.org/p/project-zero/issues/detail?id=22... ).
I think Apple doesn’t want third-party developers to compose their own sandboxing rules, because it’s pretty hard to do that in a way that can’t be escaped and that doesn’t break Apple’s frameworks. They provide the Mac Application Sandbox profile for third-party developers. That profile is quite flexible, and if you’re not targeting the Mac App Store there are some ways to add rule exceptions.
I’ve been playing around with a similar project and it surprised me how hard map matching actually is. I’ve also been using OSRM, but no matter how I tweak the settings, it never gets it 100% right.
Some examples: the GPS error is often more than the distance between a road and a cycling path next to the road, so it often confuses them.
The default cycling profile of OSRM actually takes into account the possibility of dismounting and walking with the bike. This is very useful when that is what you did, but it also creates a lot of extra possibilities. For example, a one way cycling path can then be used in the opposite direction by walking.
There’s also a limit to how many points it can process at once (and it becomes quite slow if you increase that). Should I slice up the trip in multiple segments and then somehow connect them, or is it better to drop some of the points? Still haven’t found out what the best option is.
It also helped me spot some subtle errors or missing data on OSM, but that's easy enough to fix.
Probably one current problem of the bike profile is that we do not yet allow to walk in the opposite direction, but this might be beneficial for map matching.
If I remember correctly, the last thing I was working on was actually trying to see if GraphHopper performs better! I think I was either still trying to compile it or load a local map, I’m not sure. It has been a while since I’ve worked on this.
Also, I don’t expect it to be 100% correct everywhere, sometimes the GPS data is just not good enough or I might have traveled in a way that the map wouldn’t allow, but there were some instances I found where I thought it should’ve been able to find a match and it didn’t.
And the new certificate and DNS records are to make the proxy look legit to the Zoom client, which would otherwise not accept TLS connections. Especially if there are DNS records which specify which CA is used for the certificate.
> Especially if there are DNS records which specify which CA is used for the certificate.
If you're thinking of CAA, those records are not for anybody except the CAs. They're an indication to the CA "You may/ may not issue for these names" and explicitly never an instruction to clients about what's trustworthy.
It's unusual but completely sound to have CAA set to forbid all CAs, switch it to allow just one CA, get a certificate issued, then put it back to blocking them all again for a week or months. I'm not recommending that procedure, but it's sound and if any software can't handle that the software is broken.
The idea here is that all the public CAs are trustworthy but their procedures may not be a good match to your particular way of doing things. For example if a CA does ACME http-01 proof-of-control (like Let's Encrypt) and you let customers run arbitrary stuff on port 80 on your machines that's a bad combination, probably you should get your certificates from a CA which doesn't use ACME http-01 and restrict CAA.
To add to this: there are two different types of Data Vaults. For locations such as ~/Pictures, ~/Documents, Calendars, Contacts, etc. a permission prompt is triggered if an app tries to access it. Other locations, such as where Mail and Safari keep their data, can not be allowed from a prompt. Those require "Full Disk Access" for third-party software to gain access, which you should give only to applications that really need it, such as a backup tool.
Anything not on those locations is not protected, so there's no Data Vault for Chrome's cookie file, for example.
Is there an API that allows apps to construct data vaults? I assumed that there would be, but I also generally don't write code at that level in the stack
Very interesting. I don't have any experience making .pkg installers nor with verifying code signing on macOS, but I agree in general, the `preinstall` script does a lot of work one would expect the installer itself to do. This is all supporting evidence for my personal preference to never run the Zoom installer, but rather to extract the application bundle by hand.[1]
Please consider writing up your findings in more detail.
In The Netherlands there are Veiligheidsregio's ("Safety regions", areas where the emergency services work together) which make changes to OSM to improve the routing for emergency services. For example, Veiligheidsregio Twente is quite active.
Last time I looked at it, none of the routers for OSM were good at routing over areas in OSM. For example, when planning a route on foot over a large square, the route often follows the outside edge. This becomes even harder when the area contains "holes" (i.e. a multipolygon). So for canals it could work, but if you need to cross a lake with an island you're in trouble.
