Landon Fuller on Twitter: "@ameaijou @mjtsai I have to assume that's the end-game. They're whitelisting/grandfathering in user reqs that would cause blow-back [1/2]"

Country	Code	For customers of
United States	40404	(any)
Canada	21212	(any)
United Kingdom	86444	Vodafone, Orange, 3, O2
Brazil	40404	Nextel, TIM
Haiti	40404	Digicel, Voila
Ireland	51210	Vodafone, O2
India	53000	Bharti Airtel, Videocon, Reliance
Indonesia	89887	AXIS, 3, Telkomsel, Indosat, XL Axiata
Italy	4880804	Wind
3424486444	Vodafone
» See SMS short codes for other countries

Gwynne Raskind ‏@ameaijou 12 Jul 2015

@landonfuller @mjtsai That’s what inspired a new impl in the first place: Local admin control is assumed to be too stupid to be safe.
Gwynne Raskind ‏@ameaijou 12 Jul 2015

@landonfuller @mjtsai Unfortunately, in a lot of cases it’s a legit assumption. Many users don’t know what an admin password even is.
Gwynne Raskind ‏@ameaijou 12 Jul 2015

@landonfuller @mjtsai That being said, those same users have no clue how to go to single-user mode so...
Landon Fuller ‏@landonfuller 12 Jul 2015

@ameaijou @mjtsai kern.securelevel solves that problem. On (all?) BSD-derivatives, increasing securelevel is a one-way street till reboot.
Gwynne Raskind ‏@ameaijou 12 Jul 2015

@landonfuller @mjtsai I actually think it’d be much harder to social-engineer users into turning off SF_IMMUTABLE than into booting Recovery
1 like
Landon Fuller ‏@landonfuller 12 Jul 2015

@ameaijou @mjtsai Agreed. Enforcement is always on, securelevel just makes it possible to unset. TrustedBSD (on which Apple's stuff is…[1/2]
Landon Fuller ‏@landonfuller 12 Jul 2015

@ameaijou @mjtsai …based) gives us fine-grained MAC, but it's SPI, and rootless' use of entitlements enforces a very static Apple-only model
Gwynne Raskind ‏@ameaijou 12 Jul 2015

@landonfuller @mjtsai Use of the existing options for this kind of control would keep them from being able to bypass it for themselves.
Landon Fuller ‏@landonfuller 12 Jul 2015

@ameaijou @mjtsai Yes, and keeping it Apple-only makes it easy to flip a switch and make it mandatory, like iOS.
Gwynne Raskind ‏@ameaijou 12 Jul 2015

@landonfuller @mjtsai Do you foresee that as a serious possibility? I have to imagine there’d be some serious blowback on the desktop side.

@ameaijou @mjtsai I have to assume that's the end-game. They're whitelisting/grandfathering in user reqs that would cause blow-back [1/2]

12:40 PM - 12 Jul 2015

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

Landon Fuller

@landonfuller

Loading seems to be taking a while.

false

Saved searches

Landon Fuller

@landonfuller

Go to a person's profile

Saved searches

Retweet this to your followers?

Saved searches

Are you sure you want to delete this Tweet?

Promote this Tweet

Block

Add a location to your Tweets

Profile summary

Your lists

Create a new list

Copy link to Tweet

Embed this Tweet

Embed this Video

Preview

Log in to Twitter

Sign up for Twitter

Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

Two-way (sending and receiving) short codes:

Confirmation

Buy Now

Hmm... Something went wrong. Please try again.

Welcome home!

Tweets not working for you?

Say a lot with a little

Spread the word

Join the conversation

Learn the latest

Get more of what you love

Find what's happening

Never miss a Moment

Loading seems to be taking a while.

Promoted Tweet

false