Web Excursion 2021-06-03

‘Secure Intent’ on Apple Devices

  • Interesting new document in the May update to Apple’s Platform Security guide: “Secure Intent and Connections to the Secure Enclave

    • Secure intent provides a way to confirm a user’s intent without any interaction with the operating system or Application Processor. The connection is a physical link — from a physical button to the Secure Enclave

    • With this link, users can confirm their intent to complete an operation in a way designed such that even software running with root privileges or in the kernel can’t spoof.

  • The desktop Macs eligible for secure intent — the new M1 iMac and the M1 Mac Mini that launched last November — do not qualify without a trusted peripheral. Neither of them have Touch ID on the computer itself.

  • Conspicuously absent from the list of “secure intent” devices are all most iOS devices with Touch ID on the home button.

    • The exceptions are the early iPad Pro models from 2016 and 2017.

    • one reason might be that the home button is overloaded on those devices.

  • But perhaps the reason Touch ID home button devices don’t qualify for this list is simply that those home buttons don’t have the direct “physical link” to the Secure Enclave that the new Touch ID buttons do (on MacBook keyboards and the new iPad Air’s side button).

  • Face ID by itself is a good and convenient authentication system for low-security authentication.

    • But for actions that should require extra confirmation, Face ID alone isn’t enough.

    • [E.g., IAP:] if you see the purchase confirmation on screen, you’re already looking at your iPhone or iPad.

  • I think this is why Face ID on Macs might prove a little tricky.

    • If a future iMac, say, has Face ID built in, where does the physical button connected directly to a Secure Enclave go?

    • The iMac could use its power button, like iOS devices do, but the power button on iMacs is on the back of the display. It’s not meant to be convenient


Stack Overflow Sold to Tech Giant Prosus for $1.8 Billion - WSJ

  • Prosus NV said it struck a $1.8 billion deal to acquire Stack Overflow, an online community for software developers, in a bet on growing demand for online tech learning.

  • Prosus, one of Europe’s most valuable tech companies, is best known as the largest shareholder in Chinese internet and videogaming giant Tencent Holdings Ltd.

  • The Stack Overflow deal is Prosus’ first outright acquisition in the educational tech space.

Stack Overflow sold to Prosus for $1.8B | Hacker News

  • chadlavi: "You've read 3 of your 5 free answers this month"