Normally, I ignore that. Because Jobs has become, in death, a perfect touchstone.
All of the representations are slices of who the man was. He was, like every one of us, fucked up, wonderful, a raging tool, a good person all at the same time.
I do respect the person saying this, so I broke my internal rule and engaged on this. Which was a dumb idea.
It went about how I should have expected.
That i found fascinating.
First, the concept of “do anything of substance” is not one I’m inclined to discuss anymore.
So there’s no point in engaging. But I did want to bring up two things that I think...
Not the device in and of itself. The watch is nice, I like mine. But rather what Apple is doing with it. The health aspects. Regardless of how slow the movement is, the idea that your watch can notify you…
Those are things that can, & in many cases, have saved lives. The heartrate detection, even outside of the ecg…
That is a substantive thing apple has created in the last few years. It’s an easy win…
Apple is literally re-architecting its platforms for security.
But first, I want you to read something: oversight.house.gov/wp-content/upl…
Even just the executive overview. It’s important. and a failure on multiple levels.
“Equifax Security performed an open source component scan to identify any systems with a vulnerable version of Apache Struts. The scan did not identify any components utilizing an affected version of Apache Struts…”
They didn’t run the scan on the right directory. Probably missed a -r in the scan params...
I can see this happening even with someone experienced running the scan. And if it was a canned scan, built by someone else?
And limiting access to “sensitive data” only works if you know data is “sensitive”.
This happens everywhere. Don’t front.
That’s some truth. And even with password managers, it’s still true.
But 2FA doesn’t change that quote. So apple did something really radical:
They neutered root.
Turns out, it ruined nothing. And when presented with clear reasons why a directory needs to not be part of SIP, Apple will change its mind.
This is not speculation, this is fact, I have the closed RADAR that proves it.
Then Apple went after Kexts. Like the idea that an installer should just be able to install a kernel extension and that’s it? once someone, anyone provides an admin password, you’re done? With a *kernel* plugin?
However, Apple allowed for MDM environments to be able to work around the “user must approve every kext” thing. By and large, a good solution.
Then there’s the T2 chip, the hardware security changes. So many white papers. All of them really effective. Touch ID. Face ID.
Biometrics aren’t new…
Apple making the hardware and the OS is a huge help here.
But what do Touch/FaceID actually do?
Yeah, you can do some fun stuff with fake fingerprints, but that’s not going to work through say, a web server vulnerability.
Where one might store things like oh…files with sensitive data. Like possibly passwords.
They also require more steps to just run scripts on apps.
Where again, people tend to store things.
sensitive things. Because we are imperfect dolts.
The idea that anything should just get full access because of where it is? Apple is killing that. Root has no restrictions? Not any more.
oh yeah, signed apps. those are important too.
Passwords? Apple is killing those. Slowly, but surely.
They’re rethinking how things work, how they need to work.
How long did it take Torvalds to accept that security...
Apple is, outside of the public announcements and the fights with governments, fundamentally changing the assumptions of how an OS works in terms of security. Some of what they’re doing is just a better implementation of existing ideas.
On the iMac, sure, faceid. That’s almost an easy one. But how do you do it where there’s no camera and you don’t make the keyboard?
That is substantive, it is *foundational*.
It’s not as flashy as an iPhone. But it is, I think, critical to helping normal people, non-technical people, every day people not have to live in fear of computers.
That, I think is substantive change.