Comment by Spivak
4 years ago
Unfortunately there’s not a way to differentiate “we’re online but Apple’s servers are having issues — probably fine” and “we’re online and something something is preventing us from talking to them — something nefarious might be happening.”
Local copy of whatever Apple is checking? Update that daily (on sign on or something). Not going to catch zero day type stuff, but better than making the laptop unusable.
I'm going to make a bold claim but Linus made a claim to this effect. Security is important but it cannot be the only main priority when designing systems. Apple's mistake here is probably the main story but more generally this attitude (letting systems spectacularly fail for the sake of hypothetical security) is foolish and results in rather terrible bugs like this.
I think the point is that that database is too large to store on a single machine which is why it has to be ad-hoc queried and cached. I mean it will have the signature of every program run on a Mac.
Funny how DNS has that same issue, and yet, we still decentralized it to a point, even if there is some inertia going on to keep it as centralized as possible.
I don’t really want a giant hash table on my disk either.
A Bloom Filter[1] could be used as a lighter alternative. You probably have at least one of those in your disk now.
[1]: https://en.wikipedia.org/wiki/Bloom_filter