I have a continuous data stream encrypted by aesgcm, I did not find a way to decrypt it using CryptoKit unless I have the full data. My question is Can CryptoKit decrypt or encrypt a stream without a complete read? Like EVP_xxx_Update in OpenSSL. Thank you.

I am using NEPacketTunnelProvider to write a VPN app. When the vpn is off, I could use res_9_getservers to get the current network DNS server, so that when the vpn is on, I could choose whether I reply the dns query or drop the query to the default dns server. My question is when the vpn is on and the network changes, I did not found a way to get the new network's default DNS server, res_9_getservers returns the dns server which I was setting up. So how can I get the new DNS when network changes? Thank you!

In the official explanation, "deployment targets" refers to "the OS range supported by this version of Xcode for uploading apps to App Store Connect." On the Xcode Support page (https://developer.apple.com/support/xcode/), I can find the deployment targets supported by each Xcode version. My question is: can I use a newer version of Xcode to build an IPA with an older deployment target that isn’t listed? For example, can I use Xcode 26 to build an iOS 12 IPA (just build, not debug)? In my opinion, since the new SDKs still contain many old macros restricted to earlier iOS versions, it should be possible, but I’m not sure if that’s correct. Thanks.

Hello, I am experiencing a specific authorization error on macOS Tahoe when trying to discover all available service types on the local network. While the implementation works perfectly on iOS and macOS Sonoma, it fails on Tahoe with a specific error code. The Issue When calling DNSServiceBrowse with the meta-query string _services._dns-sd._udp, the function immediately returns kDNSServiceErr_NoAuth (-65555). // This call fails on macOS Tahoe DNSServiceErrorType err = DNSServiceBrowse( &ref, 0, kDNSServiceInterfaceIndexAny, "_services._dns-sd._udp", // Meta-query for all services domc, probe_browse_reply, (__bridge void *)self ); Important Findings & Observations Specific Services Work: If I change the service type to a specific one (e.g., _http._tcp or _ssh._tcp) using NWBrowser, it works correctly and returns results. The error only occurs when browsing for _services._dns-sd._udp using DNSServiceBrowse. Local Network Permission: I have confirmed that the Local Network toggle is ON for my app in System Settings > Privacy & Security > Local Network. Entitlements: My app has the com.apple.developer.networking.multicast entitlement. Info.plist: Both NSLocalNetworkUsageDescription and NSBonjourServices (including _services._dns-sd._udp) are properly configured. Sandbox: The issue persists regardless of whether the App Sandbox is enabled (with incoming/outgoing connections) or disabled. Environment Not Working OS: macOS Tahoe 26 Working OS: macOS Sonoma, iOS 26 Question It seems macOS Tahoe has introduced a stricter policy regarding Network Reconnaissance or meta-service browsing. Is there a new requirement or a specific entitlement needed in macOS Tahoe to browse for _services._dns-sd._udp? Any guidance on how to restore this functionality for network utility apps on macOS Tahoe would be greatly appreciated. Best regards.

Hi, I have an extension using NEPacketTunnelProvider, I need bind both lan address and localhost so that other apps can connect it and transfer data. I found that if I bind INADDR_LOOPBACK, other apps on the phone can connect it using the localhost(127.0.0.1) If I bind INADDR_ANY, other apps on the phone can connect it using the lan address but not the localhost(127.0.0.1) My question is why other app on the phone can not connect using localhost(127.0.0.1) when binding INADDR_ANY? Thank you. NEPacketTunnelNetworkSettings: Exclude route: 192.168.0.0/16, 127.0.0.0/8, 169.254.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 255.255.255.255/32, 239.255.255.250/32, fc00::/7, fe80::/10, ff02::c/128, ff05::c/128, ff08::c/128, ff0e::c/128 Include route: [NEIPv4Route defaultRoute] NEProxySettings with HTTPEnabled and HTTPSEnabled to localhost (a http server) NEProxySetting exception: 192.168.0.0/16, 127.0.0.0/8, 169.254.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 255.255.255.255/32, localhost, *.local, captive.apple.com NEProxySetting excludeSimpleHostnames: YES

Is it a bug? It’s troublesome to modify the version in Build Settings.

Hi I use JSObjectMakeTypedArrayWithBytesNoCopy(JSContextRef ctx, JSTypedArrayType arrayType, void *bytes, size_t byteLength, JSTypedArrayBytesDeallocator bytesDeallocator, void *deallocatorContext, JSValueRef *exception) to create a JSObjectRef, and [JSValue valueWithJSValueRef: inContext:] to create a JSValue. I then pass the JSValue to the JSContext. I have noticed that even if I don't pass the JSValue to the JSContext, the JSTypedArrayBytesDeallocator is always called after the deallocation of the JSContext. In my understanding, it should be released by the JS garbage collection when there are no references to it. Since I have a large amount of data to pass to the JSContext, if the JSTypedArrayBytesDeallocator is called too late, it may cause memory issues. Where am I mistaken in this case? Thanks.