Michael Tsai on Twitter: "@pmod Right, but in this particular case, how would I be worse off if it weren't signed? (Like installers used to not be.)"

Country	Code	For customers of
United States	40404	(any)
Canada	21212	(any)
United Kingdom	86444	Vodafone, Orange, 3, O2
Brazil	40404	Nextel, TIM
Haiti	40404	Digicel, Voila
Ireland	51210	Vodafone, O2
India	53000	Bharti Airtel, Videocon, Reliance
Indonesia	89887	AXIS, 3, Telkomsel, Indosat, XL Axiata
Italy	4880804	Wind
3424486444	Vodafone
» See SMS short codes for other countries

Michael Tsai ‏@mjtsai Mar 3

Previously Downloaded OS X Installers No Longer Work: http://mjtsai.com/blog/2016/03/03/previously-downloaded-os-x-installers-no-longer-work/ … #mjtsaiblog
43 retweets 30 likes
Peter M. O’Donnell ‏@pmod Mar 3

@mjtsai @siracusa Calling certificate-signed software "planned obsolescence" is reductive and entirely ignores the security angles.
Michael Tsai ‏@mjtsai Mar 3

@pmod What exactly is the security angle here?
Peter M. O’Donnell ‏@pmod Mar 3

@mjtsai Code signing with expiring certs? Have you not yet considered that some of the recent hiccups are related to compromised certs??
Michael Tsai ‏@mjtsai Mar 3

@pmod In what scenario would it be beneficial securitywise for Apple to disable their own installers that users downloaded from their store?
Peter M. O’Donnell ‏@pmod Mar 3

@mjtsai Because they had to retire a compromised certificate??
Michael Tsai ‏@mjtsai Mar 3

@pmod Sorry, not following you. Which certificate do you think was compromised? And how could that endanger the installer I already have?
Peter M. O’Donnell ‏@pmod Mar 3

@mjtsai Contemporary cert validation is a security feature, yeah?
Michael Tsai ‏@mjtsai Mar 3

@pmod In general, yes. But in this case I downloaded Apple’s installer from Apple’s server over HTTPS. So how is code signing helping me?
Peter M. O’Donnell ‏@pmod Mar 3

@mjtsai Your particular case of having gotten it over a secure channel cannot securely confer trust to the underlying OS.

‏@mjtsai

@pmod Right, but in this particular case, how would I be worse off if it weren't signed? (Like installers used to not be.)

8:28 PM - 3 Mar 2016

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

Michael TsaiVerified account

@mjtsai

Loading seems to be taking a while.

false

Saved searches

Michael TsaiVerified account

@mjtsai

Go to a person's profile

Saved searches

Retweet this to your followers?

Saved searches

Are you sure you want to delete this Tweet?

Promote this Tweet

Block

Add a location to your Tweets

Profile summary

Your lists

Create a new list

Copy link to Tweet

Embed this Tweet

Embed this Video

Preview

Log in to Twitter

Sign up for Twitter

Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

Two-way (sending and receiving) short codes:

Confirmation

Buy Now

Hmm... Something went wrong. Please try again.

Welcome home!

Tweets not working for you?

Say a lot with a little

Spread the word

Join the conversation

Learn the latest

Get more of what you love

Find what's happening

Never miss a Moment

Loading seems to be taking a while.

Promoted Tweet

false