> speed dial options. That doesn’t happen if you don’t click on them directly.
It also seems to happen if you type the domain name in the address bar but hit enter when the suggested URL autofills. For me, typing out aliexpress.com fully will send me directly to AE, but typing aliexpress.c and hitting enter (with the autofill completing "om") redirects through vivaldi.com/bk/aliexpresscom-us
Frankly, it's not really more insecure than any other installation method. Apt packages and the like generally have the ability to specify pre/post-install scripts, so `sudo dpkg -i ./random.deb` is equivalent to `sudo bash ./random.sh`. Even if they didn't have pre/post-install scripts, they're still writing arbitrary files to arbitrary locations on your disk, so they can trigger execution the next time you boot or log in or whatever.
And at the end of the day, no matter the installation method (even just unpacking a tarball and executing the program directly from that directory), you're going to run their program on your computer, and then the program can do whatever it wants. Maybe you don't run it with sudo, but https://xkcd.com/1200/ seems relevant.
A package (like a .deb) is a static artifact. It can be hashed, mirrored, and GPG-signed. Package managers usually verify that signature before any pre/post-install scripts. A "curl <some_url> | bash" pipe is a dynamic stream; the server can perform targeted attacks: sending a clean script to 99% of users and a malicious payload only to a specific IP address or User-Agent. This allows for targeted attacks that are invisible to the rest of the community.
Yes, running third-party code is always a leap of faith, but why choose a delivery method that removes the possibility of verification and opens the door to targeted injections? Convenience shouldn't be an excuse to ignore basic security hygiene.
The problem is that npm, cargo, etc. set the standard in people's minds for how package managers work, when the Linux community has been working on securing the supply chain issues for decades.
Like requiring a WoT (usually with physical meetups) vetting people creating packages, FTP-masters, dedicated clean buildbots, etc. in addition to the packages themselves being signed and so on.
Freemium is a potentially interesting model for app developers. If you're small enough to be in the free tier, you can avoid the risk of someone turning your app into the next backend for Chipotlai Max and running up your AI bill.
Once you get enough downloads to where Apple starts wanting to charge you money, you can consider switching to OpenAI or Anthropic or Google or Deepseek or whatever. Sounds like they've even made that relatively easy to do in the Foundation Models framework -- just implement the LanguageModel protocol. I expect open-source or provider-written adapters to pop up that would let you use your vendor of choice.
I'm guessing they'll integrate with the double-tap-the-bottom-of-the-screen feature that pulls up siri in front of a screenshot. Currently it doesn't seem to hook into "visual intelligence", and needs to call out to ChatGPT to do anything with the screen contents.
> double-tap-the-bottom-of-the-screen feature that pulls up siri
It’s disabled if not using Apple Intelligence, and can’t tap screen while talking to Siri (it dismisses instead).
Now they’re gating features to the M3 I’m not convinced wouldn’t work on expensive Apple Silicon predecessors… am more convinced the double tap disable is intentional.
At least that somewhat aligns incentives between players and the game studio. If an old game has a long-lasting player base, then a modest subscription makes it more likely that the studio would keep the servers up and running, if not actively patching the game. With a game that you pay for up-front, a long-lived player base can be a liability for the company (ongoing costs without many new purchases.)
It seems similar to operating an arcade or a movie theater and saying that you can have thousands of people enter but then only having space for a couple while still taking everyone's money.
After about 2010 companies stopped providing the server binary. Games like Modern Warfare 2, Battlefield 2, etc could be played by communities in perpetuity on private servers. If the next game (MW3, BF3) were terrible, you didn't have to buy the sequel, what you had was "good enough" and you could wait for the next version to be released in 2-3 years.
With the current "closed server" model, you can't get a copy of the server code, can't host truly private servers, and when the sequel MW4, BF4 comes out, those private servers won't survive and it forces everyone to move to the sequel regardless of the quality of the game. You can technically still hire a private server for games like BF3 (circa 2012) but very few people are going to pay the $70/month to host an official one via whatever terms EA has come up with, and you absolutely can't run it with plugins, mods, and especially custom maps or game modes, you have to play it "vanilla".
Quake 3 the server is included with the game, anyone can run it, modify it and it's very plugin friendly, which is largely why it is still around today. Closed servers you can't directly access is a deliberate decision to kill the game when the sequel is released, by not allowing users to extend what they "bought". Otherwise we would still all be playing Battlefield 3 on custom maps with CTF and 128 v 128 player servers and everything else. You can modify a handful of things on the paid private servers but it's extremely limited and there's no community feedback on any of this.
> After about 2010 companies stopped providing the server binary. Games like Modern Warfare 2, Battlefield 2, etc could be played by communities in perpetuity on private servers. If the next game (MW3, BF3) were terrible, you didn't have to buy the sequel, what you had was "good enough" and you could wait for the next version to be released in 2-3 years.
That's not true about Modern Warfare 2. Modern Warfare 2 was the first Call of Duty game where you could no longer host your own servers. In its predecessor, Call of Duty 4: Modern Warfare, however, that was still possible. For MW2, unofficial servers created by players only became available later on. However, Activision has taken legal action against many of these projects.
reply