René Fouquet

@renef
92 Followers
157 Following
1,016 Posts

iOS Developer at Techniker Krankenkasse in Hamburg, Germany by day, #iOS and #Android developer by night. Recently started to use #Linux on the desktop, too. I enjoy all things digital, but I also dabble in #Photography, #3DPrinting and #Woodworking. I’m one Podcast short of being a stereotypical nerd.

Proud #Antifascist. Fuck Nazis.

I usually write in English, but may occasionally write in German if the post is only relevant to German-speaking audiences.

Websitehttps://fouquet.me
GitHubhttps://github.com/fouquet
Codeberghttps://codeberg.org/fouquet
René Fouquet1d ago

WAIT ONE DAY?!

This whole thing is a ridiculous collection of dark patterns reminiscent of Apple.
https://chaos.social/@grote/116257002625921666

Torsten Grote (@[email protected])

Attached: 1 image Google has news on what you will need to do for still being able to sideload apps: * enable developer options * confirm that you are not tricked * restart phone and re-authenticate * wait one day * confirm with biometrics that you know what you are doing * decide if you only want unrestricted installs for 1 week or forever * confirm that you accept the risks * enjoy the few apps that still have developers motivated to develop for a user-base willing to put up with this https://goo.gle/advance-flow

chaos.social
René Fouquet4d ago
Caria Giovanni - Harpocrates4d ago

Static + dynamic analysis of Signal's APK. The good news first: Signal is genuinely exceptional.

Rust core (libsignal_jni.so), post-quantum hybrid Double Ratchet (Kyber-1024 + X25519), Direct ByteBuffers with immediate zeroing after PIN/username hashing, Intel SGX attestation for SVR — MREnclave verification means even a compromised Signal server can't extract your PIN hash.

But two things stood out:

1. Firebase is always there. Google receives IP + notification timestamps regardless of message content. If you need metadata privacy, Signal still leaks presence data to Google's infrastructure.

2. Certificate revocation endpoints hit http://g.symcd.com in plaintext. An ISP or state-level observer can fingerprint Signal usage from DNS queries and HTTP traffic to those CAs — without touching message content.

Conclusion: strongest crypto engineering in consumer messaging. The attack surface isn't the cryptography. It's the operational dependencies.

Soon the full analysis

#infosec #AndroidSecurity #Signal #privacy #ReverseEngineering #postquantum #mobileforensics

Show threadRené Fouquet4d ago
We will keep the Apple TV as a YouTube/Netflix/Emby player device for the TV for now, since I couldn't find a good alternative. There's the Nvidia Shield TV Pro, but it's...meh. So apart from my M1 MBP, which I'll keep around for the odd Cryptical bug fix, the Apple TV is the only Apple device left in this house. If someone had predicted that two or three years ago, I would have called them insane.
René Fouquet4d ago
I've cancelled our Apple One subscription today. I've had some kind of Apple services subscription since the days of iTools. Okay, granted, that wasn't really a subscription, so .Mac is probably more fitting. Feels weird. But now that both my wife and I are no longer in the Apple ecosystem, it makes no sense to have it. We were, in fact, only using parts of Apple One itself, but it made sense financially to buy the whole package.
Show threadRené Fouquet5d ago
Furthermore, a total rejection of the technology will soon be hard or impossible for most people, because management is often pushing for its use. If you are in a position where you can decide if you want to use LLMs, go ahead and do what you feel is right. But please realize that this is a privileged position that many people will not be in. I'd argue it's more sensible to try to shape the AI processes at work instead of rejecting them outright and hoping the bubble will burst.
Show threadRené Fouquet5d ago
I guess I'm somewhere in the middle. I see the risks and inherent problems. Yes, the training data is problematic in almost all cases, the AI company boom raises hardware prices by a ridiculous degree, the energy costs are staggering, and many people are in fact using it thoughtlessly and often dangerously. And yet, it does have legitimate and useful applications. Nobody who wants to be taken seriously can argue that LLMs are useless; plenty of real world examples prove their worth every day.
René Fouquet5d ago
I'm reading a lot of extreme LLM takes in my timeline these days, from both AI believers, who see the technology as more important than the Industrial Revolution and the invention of the wheel, and from total AI rejectors, who believe every LLM is a collection of copyright infringement, that the technology is actually completely useless, and that LLMs are (figuratively, although from some people it sounds like literally) melting your brain.
René Fouquet6d ago

I'm happy to announce that #Cryptical for #Android is out of beta and now available as a regular release on Google Play. It's free, without ads, in-app purchases or tracking. You can get it here:
https://play.google.com/store/apps/details?id=me.fouquet.cryptical

I also wrote a blog post with an overview what the app does here:
https://fouquet.me/2026/03/14/cryptical-for-android

Enjoy! And please boost 😎

Cryptical - Apps on Google Play

A full featured Random Password and Passphrase Generator

René Fouquet6d ago

Hate the #Samsung #S26 Ultra wobble when placed flat on its back? I made a thing to fix that.

https://makerworld.com/models/2521070

#3dprinting #BambuLab

René FouquetMar 12

My wife is now using my "old" Samsung Galaxy S25 Ultra. Her very first reaction, coming from iOS: "OH MY GOD THE KEYBOARD IS WORKING SO MUCH BETTER!"

Yup.