Comment by AngusH
4 years ago
Apple, for some reason, didn't advertise this change very widely, so it isn't precisely an informed decision.
Like so much of the modern security activity, it doesn't seem to be fully thought out, nor was the possibility of failure considered.
Or maybe such failures were considered and then dismissed? I don't know.
It times out and the app runs, so the failure mode was considered.
They may move to edge servers instead of centralized datacenters now though...
> the failure mode was considered
Considered but not tuned. I've never noticed any delay launching or using software that doesn't require an internet connection while not being connected to the internet. (I definitely did notice slowdowns today - Zoom in particular which I tend to quit out of when I'm not using it because I don't trust it one bit but am compelled to use it for work)
Seems like apple was accepting connections for the signature check but were unable to actually service the connections, leading to the timeout/failover.
I honestly like the idea of signature checks on software that give me some confidence that the code that is running is the code that it claimed to be when it was published/installed and has not been manipulated via some other vector.
Whether apple is the appropriate steward of that system is certainly up for debate, but certainly other companies that run app stores have similar systems and similar risk. It certainly doesn't seem obvious to me what a secure, anonymous, performant and federated system to solve such a problem would actually look like.
Until software can be proven to not be malicious, we will be stuck in a trust hierarchy
1 reply →