2026-04-10 06:14:13
Jason Snell, writing at Six Colors:
Software developer Photon, whose product requires running a bunch of Macs to connect to iMessage, discovered a pretty major bug:
Every Mac has a hidden expiration date. After exactly 49 days, 17 hours, 2 minutes, and 47 seconds of continuous uptime, a 32-bit unsigned integer overflow in Apple’s XNU kernel freezes the internal TCP timestamp clock… ICMP (ping) keeps working. Everything else dies. The only fix most people know is a reboot.
The whole story is wild (albeit technical). Photon says they’re working on a fix, but really, this is something Apple should be working on.
If you keep track of time using milliseconds, and store that in an unsigned 32-bit integer, it overflows after 49 days, 17 hours, 2 minutes, and 47 seconds. That’s the bug.
I think this bug is new to Tahoe. If you look at Apple’s open-source XNU kernel code — e.g. lines 3,732 to 3,745 in tcp_subr.c — you can see that the lines assigning the time in milliseconds to a uint32_t variable were checked in just six months ago, whereas most of the file is five years old. Also, I personally ran my MacBook Pro — at the time, running MacOS 15.7.2 Sequoia — up to 91 days of uptime in January. I even mentioned that remarkable uptime in my annual report card, in praise of Apple’s software reliability. Apple’s pre-Tahoe reliability, that is.
I was hesitant to link to this at all because the original (unbylined) report from Photon is so hard to follow. It’s downright manic — over 3,500 words with 33 section headings (<h2> and <h3> tags), with no cohesive narrative. The bug, seemingly, is not that complicated. The whole write-up from Photon just screams “AI-generated slop” to me, and I thus hesitate even to link to Snell’s piece linking to it. But I think the bug is real, and my sympathy for everyone afflicted with MacOS 26 Tahoe is sincere. (And if I’m wrong about the post being AI slop and a human at Photon actually wrote this, I would suggest taking it easy with the cocaine.)
2026-04-10 04:35:30
“thenickdude”, on Reddit:
They’re using this to detect if you have Creative Cloud already installed when you visit on their website.
When you visit https://www.adobe.com/home, they load this image using JavaScript:
https://detect-ccd.creativecloud.adobe.com/cc.png
If the DNS entry in your hosts file is present, your browser will therefore connect to their server, so they know you have Creative Cloud installed, otherwise the load fails, which they detect.
They used to just hit http://localhost:\
/cc.png which connected to your Creative Cloud app directly, but then Chrome started blocking Local Network Access, so they had to do this hosts file hack instead.
(Via Thom Holwerda at OSNews.)
They didn’t have to do this, of course. In fact, quite obviously, they definitely should not be doing this. Adobe is just a third-party developer, no better, no more trusted, no more important than any other. Imagine if every piece of software on your computer added entries to your /etc/hosts file. Madness. Adobe should be ashamed of themselves. Adobe used to be a bastion of best practices for developers to follow. Now their installer/updater is indistinguishable from malware.
See also: Marc Edwards on Mastodon, and Michael Tsai.
2026-04-10 01:10:48
Acting Attorney General Todd Blanche, speaking of the president of the United States in a totally normal way:
I love working for President Trump. It’s the greatest honor of a lifetime. And if President Trump chooses to nominate somebody else and asks me to go do something else, I’ll say, “Thank you very much, I love you, sir.”
The phrase Blanche was looking for is “Thank you sir, may I have another.”
2026-04-08 23:49:15
Anthropic’s Frontier Red Team:
Earlier today we announced Claude Mythos Preview, a new general-purpose language model. This model performs strongly across the board, but it is strikingly capable at computer security tasks. In response, we have launched Project Glasswing, an effort to use Mythos Preview to help secure the world’s most critical software, and to prepare the industry for the practices we all will need to adopt to keep ahead of cyberattackers.
This blog post provides technical details for researchers and practitioners who want to understand exactly how we have been testing this model, and what we have found over the past month. We hope this will show why we view this as a watershed moment for security, and why we have chosen to begin a coordinated effort to reinforce the world’s cyber defenses.
“Our new model is so good, it’s too dangerous to release to the public” is a message that sounds like it could be marketing hype. But it seems like it’s probably true. Examples cited by Anthropic include finding and exploiting a 27-year-old OpenBSD bug (that can crash any device running OpenBSD) and a 16-year-old bug in the widely used FFmpeg media processing library.
See also: Techmeme’s extensive roundup.
2026-04-08 06:23:27
Kottke:
This shot from Artemis II of the Moon eclipsing the Sun is one of the most breathtaking astronomical photos I’ve ever seen. Holy shit.
Follow NASA on Flickr for more.
Update: In a follow-up post, Kottke has assembled a slew of great iPhone wallpapers from Artemis II photos, along with links to other collections, like Basic Apple Guy’s. Also, The Iconfactory has added a bunch of these images to their wonderful Wallaroo app (which is how I’ve switched to one on my own iPhone).
2026-04-08 06:23:07
Not sure why they think this comparison is reassuring rather than terrifying.
I also have to say that Altman’s claims, today, that OpenAI employees were obsessed with COVID weeks ahead of the rest of the world feels more than a little like Donald Trump’s repeated false claim that he predicted, pre-9/11, that Osama bin Laden would attack the U.S.
