Profile picture
John C. Welch @bynkii
, 39 tweets, 7 min read Read on Twitter
Recently i saw the whole “Steve Jobs was a useless asshole who knew nothing and stole all his ideas” thing pop up. This one was diff. from the usual, as they threw in Jony Ive instead of just Woz.

Normally, I ignore that. Because Jobs has become, in death, a perfect touchstone.
People who never met or worked with the man *know* him. He is used to represent whatever aspect of tech you dislike.

All of the representations are slices of who the man was. He was, like every one of us, fucked up, wonderful, a raging tool, a good person all at the same time.
But, because of his fame, he’s this convenient wrapper that we can place on whatever thing we like or dislike about tech.

I do respect the person saying this, so I broke my internal rule and engaged on this. Which was a dumb idea.

It went about how I should have expected.
Note: if you figure out who the person is, let them be. I’ve muted them, and I don’t want anyone who follows me to engage them on this. They have their opinions, they’re not going to respond well to differing opinions on this subject, and they have that right.
But, they said something that I thought was stunningly incorrect: that Jobs had somehow “ruined” apple, that apple hadn’t done anything of substance in years.

That i found fascinating.

First, the concept of “do anything of substance” is not one I’m inclined to discuss anymore.
“Substance” has no value beyond the person using the word. What they consider substance may be completely different than what I consider substance, and since it has no inherent value, there’s no way to be “wrong” about said substance.
I’ve also learned over the years that nerds are the worst people to discuss substance with. because once they’ve made up their minds on what that is, especially programmers, they’re done.

So there’s no point in engaging. But I did want to bring up two things that I think...
…counter that view. “Substantively” if you will. First the watch.

Not the device in and of itself. The watch is nice, I like mine. But rather what Apple is doing with it. The health aspects. Regardless of how slow the movement is, the idea that your watch can notify you…
…of important things. Like afib. Or that if you fall, and can’t get up because you’re unconscious or whatever the reason, that your watch can call for help for you.

Those are things that can, & in many cases, have saved lives. The heartrate detection, even outside of the ecg…
…have saved lives. I know one of the people in that set, so I do have some personal bias. Chuck is a great person, I’m very glad he’s still with us, and the watch has a lot to do with that.

That is a substantive thing apple has created in the last few years. It’s an easy win…
…and sometimes, the easy wins aren’t fun. So let’s talk about a less easy win. (I’m setting aside Apple’s huge commitment to accessibility for now, but it’s in the same area as what I’m about to discuss.)


Apple is literally re-architecting its platforms for security.
I’m going to focus on macOS, it’s the one I care about the most, and iOS has been discussed far more anyway.

But first, I want you to read something:…

Even just the executive overview. It’s important. and a failure on multiple levels.
First, it shows how even security scans can silently fail:

“Equifax Security performed an open source component scan to identify any systems with a vulnerable version of Apache Struts. The scan did not identify any components utilizing an affected version of Apache Struts…”
“…Interim CSO Russ Ayres stated the scan missed identifying the vulnerability because the scan was run on the root directory, not the subdirectory where the Apache Struts was listed.”

They didn’t run the scan on the right directory. Probably missed a -r in the scan params...
…or something similar. Really easy to do, face it, security software UI is purest shit. It’s almost designed to suck so you have to “prove” your worth.

I can see this happening even with someone experienced running the scan. And if it was a canned scan, built by someone else?
Totally see how it happened. Doesn’t excuse it. But yeah. They had other tools (McAfee Vuln. Manager) that even after updating completely failed to detect problems. But here’s the critical one:
“After installing the first web shells, the attackers accessed a mounted file share containing unencrypted application credentials (i.e., username and password) stored in a configuration file database (the “escalate privileges” step in Figure 4).”
“Mounting is a process by which the operating system makes files and directories on a storage device available for internal access via the computer’s file system…”
given the age of the system, god only knows how old that cred file was. Given the age of the system, who was going to spend the $$ to update its password policy?


And limiting access to “sensitive data” only works if you know data is “sensitive”.
in other words, if no one considers a file that maybe hasn’t been accessed in YEARS sensitive, it’s not going to be secured, because it’s now forgotten.

This happens everywhere. Don’t front.
So now back to Apple, and what they’re doing with SIP. First, a quote from the session where SIP was first introduced: “We realized every mac was one password away from being owned.”

That’s some truth. And even with password managers, it’s still true.
Don’t talk to me about most 2FA. Most 2FA is a mess, i mean, it uses SMS in most implementations and SMS is not even vaguely secure. So that’s a joke.

But 2FA doesn’t change that quote. So apple did something really radical:

They neutered root.

Turns out, it ruined nothing. And when presented with clear reasons why a directory needs to not be part of SIP, Apple will change its mind.

This is not speculation, this is fact, I have the closed RADAR that proves it.
but ultimately, it was a remarkably painless change.

Then Apple went after Kexts. Like the idea that an installer should just be able to install a kernel extension and that’s it? once someone, anyone provides an admin password, you’re done? With a *kernel* plugin?
Apple changes that. That one caused a bit of pain, some people, notably printer driver coders, love kexts. Seems dumb, but they do.

However, Apple allowed for MDM environments to be able to work around the “user must approve every kext” thing. By and large, a good solution.
now, do I think a warning dialogue is some magical “Shield vs. bad people +20”? No. I know better. But it is at least a stumbling block. It means bad kexts don’t automatically get to run just because they’re in the right directory with the right file permissions.
and sometimes, security is just a series of stumbling blocks. Being nibbled to death by baby ducks is pretty effective.

Then there’s the T2 chip, the hardware security changes. So many white papers. All of them really effective. Touch ID. Face ID.

Biometrics aren’t new…
but Apple integrates them into the OS in a way that makes them actually useful, and not just the login to the machine trick you see in most implementations.

Apple making the hardware and the OS is a huge help here.

But what do Touch/FaceID actually do?
they reduce reliance on the password. Because you need it much less. You have a much more secure, much harder to remotely hack way to authenticate.

Yeah, you can do some fun stuff with fake fingerprints, but that’s not going to work through say, a web server vulnerability.
Then in Mojave, they take another step: they remove the assumed automatic access to a user’s home directory.

Where one might store things like oh…files with sensitive data. Like possibly passwords.

They also require more steps to just run scripts on apps.
as someone who writes as many scripts as I do, this is a pain in the ass. Really. But, I get it, and I approve. because I know what kind of shit I could do even just in a home directory.

Where again, people tend to store things.

sensitive things. Because we are imperfect dolts.
so now, even though you, the human, are god over your home directory, other things like apps are not.

The idea that anything should just get full access because of where it is? Apple is killing that. Root has no restrictions? Not any more.
Location and file permissions mean you can just inject code into the kernel? Nope. sorry.

oh yeah, signed apps. those are important too.

Passwords? Apple is killing those. Slowly, but surely.
And they aren’t doing it by just slapping yet another abstraction layer on things ala windows and the registry. (don’t even get me started on some of the security nightmares hardcoded into windows.)

They’re rethinking how things work, how they need to work.
Apple is looking at the assumptions we’ve all been making for decades and changing things because the old ways have failed. Over and over. They fail over and over and yet so many people won’t take the lessons to heart.

How long did it take Torvalds to accept that security...
…has to live in the kernel too?


Apple is, outside of the public announcements and the fights with governments, fundamentally changing the assumptions of how an OS works in terms of security. Some of what they’re doing is just a better implementation of existing ideas.
but a lot of it is not. And some of it, I don’t envy them. Like implementing the T2 security and face/touchID on a mini? or the eventual pro?

On the iMac, sure, faceid. That’s almost an easy one. But how do you do it where there’s no camera and you don’t make the keyboard?
Apple’s security focus and the changes they’ve made and are making?

That is substantive, it is *foundational*.

It’s not as flashy as an iPhone. But it is, I think, critical to helping normal people, non-technical people, every day people not have to live in fear of computers.
and if Apple is able to do that? To give the average person a safe by default computer and OS? One that “just works” in terms of security?

That, I think is substantive change.

so yeah.

Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to John C. Welch
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!