A missed opportunity though. If it’s USB-C powered, it could be even smaller and Apple could simplify its BOM by including a MacBook Pro charger with it.

If it was USB-C powered people would be complaining about the size of the external power supply.

Docker on Mac works fine on external drive. I moved the storage volume on a rotating USB 3 drive.

Fwiw, Eyoyo offers 4K 15” monitors, which qualify as _retina displays_. Those are usually around $150, depending on reseller and exact model.

Except that Android apps tend to ask for just about all entitlements available. Translation: effectively back to square 1.

Yes, this is a huge problem. I wish Google would enforce zero-tolerance policy against apps misusing this mechanism and asking for permissions they don't really need for fulfilling their actual function.

... caveat to Google's track record of rapid launch and subsequent deprecation of platforms...

Or Mechanical Turked.

Say that you're an official with the Chinese Communist Party (CCP). You have huge stacks of brochures of anti-CCP materials. You've got them scanned and hashed. Next you call Apple and say, "Please alert us if similar imageries appears in your customers' devices. My assistants will send you weekly updates of the required hashes." Apple would say, "Sure, we're just following your law..."

Hence when a Chinese photographs such brochure "in the wild" using an iPhone, someone from "the government" will knock the next day and "strongly enquire" about yesterday's photo. Likewise when a Chinese minor receives an iMessage containing such brochure.

This is just _one_ example case of "extension" of the CSAM database as seen fit by some regulatory body.

Yep, and now Apple can no longer say "Sorry, we can't put a backdoor into our devices" - one already publicly exists

Technically it's "front door" since it _publicly exists_.

... Technically for us at least the _gas_ company is different. In fact there are a number of companies providing gas.

... by manipulating the Finder to:

(1) Create a snapshot of the entire file system; (2) or find a recent Time Machine local snapshot; then (3) mount the snapshot obtained in [1] or [2] without owners enabled, effectively granting Alice read-only access to other people's files without having administrative privileges.

The Finder doesn’t create or mount APFS snapshots. And while I haven’t tested it, I fully expect Time Machine to still enforce Unix file permissions. You really need to be using the command line to do what you’re describing.

I haven’t tested the Finder case though. Nevertheless there is the `tell ‘Finder’ ... do shell script ... end tell` construct that _may_ be able to get the Finder to launch an arbitrary subprocess (and may inherit full disk access) just like how Terminal would.

However I’ve tested mounting a local snapshot using the Terminal having full disk access and found out that it is possible to mount a local snapshot and make the mounted copy ignore Unix file permissions.

... in this case it _does_, albeit in a roundabout way via Time Machine local snapshots. In short, the attacker can bypass Unix file permissions by mounting a local backup with owners disabled.