By John Gruber
Kolide ensures only secure devices can access your cloud apps.
It’s Zero Trust for Okta.
Jason Snell, collecting a story revealed in a series of tweets over the weekend:
Nobody digs into Apple software releases like Steve Troughton-Smith. And this is a big one. Apparently Apple released a firmware download for the HomePod (not due until the end of the year!) on its servers, and inside that firmware there’s information about future iPhone hardware and support for an infrared face unlock feature code-named Pearl ID.
Among the details revealed:
How in the world does something like this happen? My understanding is that Apple is (or at least was) on the cusp of a widespread deployment of prototype HomePods to employees. Someone prepared an over-the-air software update and because it was intended to be distributed only to Apple employees, the OS was compiled without all the usual flags set to omit code that pertains to unreleased hardware. (Kind of makes sense, insofar as HomePod itself is unreleased hardware.) Building the OS without those flags set may not have been a mistake. But distributing it via a world-readable server was.
★ Tuesday, 1 August 2017