Source: I was on those lists.
A PR person would bristle at the idea of denying to unlock the phone of a terrorist. It took real cojones for Apple to stand up for privacy at such a time.
Not a fan of Memcache? Personally I find it has a certain cachet about it. /jk
Then why does Apple avoid paying taxes?
Let's not kid ourselves: Apple is a company, and companies are only "altruistic" if they expect that it will help their bottom line.
> Any one may so arrange his affairs that his taxes shall be as low as possible; he is not bound to choose that pattern which will best pay the Treasury; there is not even a patriotic duty to increase one's taxes.
If we want companies to pay more taxes (which I think we do want) we should change the laws. You can't blame anybody for only paying the legally required amount of taxes.
They need and are investing in other countries besides USA. Their mapping sucks completely in Europe.
Because they're a publicly traded company who act in the best financial interests of their shareholders. They're not breaking any laws. They're playing the game by following the rules as best they can while maximizing their profits. Any for-profit company that does not do so is suicidal.
If you think what they do is wrong - campaign to fix the laws they are following.
Tim Cook is an excellent CEO, but Forestall was Steve Jobs 2.0. The company isn't the same without him.
Hmm, the cynic in me thinks that they will play up those aspects of their offerings that make hurt their competitors. They sell hardware after all. Google sells "people".
What kind of attacks would encrypting a running kernel prevent? The kernel and hardware work together to enforce memory safety, so it can't be to prevent a rogue process from reading kernel memory...
Edit: Is this talking about encrypting the kernel image in permanent storage, or encrypting a running kernel in RAM? When booting Linux for example, the boot loader will load the Linux kernel image into memory as a gzip-compressed blob. The kernel's first instructions are a small decompressor program that unpack the rest of the kernel image into memory and then jumps into the uncompressed kernel. Did previous iOS versions do something similar to their saved kernel image?
How is that supposed to work? Ok, the CPU can fetch an encrypted instruction, decrypt it and execute it, but when it needs to jump, how is it supposed to know where to jump? Also encrypting each instruction separately and independently would be trivial to reverse.
Is there any system that really runs encrypted code from RAM? Any papers describing such a system?
OTOH, there does seem to be a fair amount of competence where it matters though. In the couple companies I worked for the private keys used for signing things were very quietly kept hidden from the vast majority of the engineering teams/etc. AKA, it was possible to create an development/test builds all day long, but creating valid license keys/firmware updates/etc for the builds given to customers was limited to a formal process which contained the keys. The private keys were only available to a couple people tasked with maintaining the automation from which the builds/keys/etc came from. Those people rarely had a need to move/etc them either, and such activities were done in the open.
You mean this source code? http://opensource.apple.com/source/xnu/
"Apple confirms iOS kernel code left unencrypted intentionally"
Which is it, cache (of what?) or code?
See: http://osxbook.com/book/bonus/misc/optimizations/#TWO and https://developer.apple.com/library/mac/documentation/Darwin...
Also, TechCrunch fails to note that the kernelcache keys for most 32-bit kernels (and all iOS versions) are publicly available. Private individuals have dumped the keys for 64-bit kernels but they are not available publicly. Even without the keys, any jailbreak allows for dumping of the kernel. However, a kernel dump is missing very helpful MachO headers (handy for kloading) and, for 64-bit kernels, the EL3 TrustZone Watchtower module aka Kernel Patch Protection.
How certain are you that it's only 1 second of processing that's been removed - that's a HUGE increase in speed, that I haven't seen written up anywhere else.
Anybody else with iOS 10 on their phone able to confirm the new 5 second boot time?
I'm fairly certain that this statement was vetted by Craig Federighi himself or, at minimum, a high-level engineering manager.
Trouble is auditing TrueCrypt cost $25k and it took massive rumors of a backdoor to raise that. I'm not sold that auditing this will happen anytime soon.
This is probably the only true part of the article, it means that they disabled a kernel feature of cache encryption to speed-up performances.
It has nothing to do with source code nor binaries of the kernel.
Even in the first beta, the performance enhancements are real. Numerous Apple folks, including Craig Federighi, have said that with WatchOS1 and 2 they 'overshot' how conservative they needed to be with RAM and CPU (out of respect for battery life), and with WatchOS 3 they have rebalanced that.
Time will tell how much of a hit battery life will take from this, but for a beta things look good so far.
Although I'm guessing the whole segment is loaded into ram and verified by the bootloader at boot then never touched again.
Also, I thought a lot of the Darwin MacOS kernel had already publicly available source code.
You mean a paternoster? :)
The kernel technically is the OS, TC! Come on... :)
additionally: we now know what Watchtower looks like, something that was previously a mystery and even incorrectly thought to be something that ran on SEP instead of the AP.
https://twitter.com/i0n1c/status/745922795977187329
You just used a kernel privesc that you probably already had to read it. NOT A BIG DEAL.
