Snippet: We Found a Ticking Time Bomb in macOS TCP Networking – It Detonates After Exactly 49 Days ☇
Photon:
Every Mac has a hidden expiration date. After exactly 49 days, 17 hours, 2 minutes, and 47 seconds of continuous uptime, a 32-bit unsigned integer overflow in Apple’s XNU kernel freezes the internal TCP timestamp clock. Once frozen, TIME_WAIT connections never expire, ephemeral ports slowly exhaust, and eventually no new TCP connections can be established at all. ICMP (ping) keeps working. Everything else dies. The only fix most people know is a reboot. We discovered this bug on our iMessage service monitoring fleet, reproduced it live on two machines, and traced the root cause to a single comparison in the XNU kernel source. This is the full story.
Hopefully the attention this has already gotten has put it on Apple’s radar (pun intended), as it appears to be affecting more recent versions of macOS. Nonetheless, if you’ve got some Macs in a server/unattended role, it may be worth scheduling a restart so that you won’t go more than 49 days.
Snippet: LinkedIn is Illegally Searching Your Computer ☇
Fairlinked/Browsergate:
The problem with BrowserGate is not only that it affects millions of individuals. It is what LinkedIn can do with the data once it has it.
LinkedIn is not Reddit. It is not Twitter. It is not an anonymous forum where people use pseudonyms and joke about their cats. LinkedIn is the world’s largest verified professional directory. It has 1.2 billion registered members across 200 countries. More than 67 million companies are listed on the platform. Users register with their real names. Many are verified with photo ID. They list their real employers, real job titles, real education history, real professional connections. In many industries, having a LinkedIn profile is not optional. It is a prerequisite for being hired.
This means LinkedIn does not just know that someone has a religious browser extension installed. It knows that person’s name, employer, job title, department, location, and professional network. And it knows the same about every one of their colleagues who also uses LinkedIn.
That is not a privacy breach. That is an intelligence operation.
I debated about including the original provocative headline, as it’s technically true, but a little misleading. When visiting on a Chrome-based browser, LinkedIn looks at what extensions you have loaded. Depending on what extensions one has, this can provide additional demographic data tied to your profile. It’s still intrusive and important to remember that LinkedIn is owned by the same company that happens to make the operating system for most personal computers.
Article: Apple at Fifty
I’ve been trying to keep up with posts and celebrations related to Apple’s fiftieth birthday and it’s been a fun trip down memory lane. I had been planning on writing something encapsulating all of this, but chances are, someone somewhere has covered Apple’s history more in-depth and better than I can in a single post. Instead, I thought about what Apple means to me…
“Whenever I purchase a new Mac with the money I have made from selling things on the App Store, it does at least make me think how ridiculously circular these things are. A disturbing amount my lifespan has consisted of moving money slowly back and forth between Apple and myself, whether I’m working for them or not. I think I’m currently ahead, but who knows what the future holds. I do sometimes wonder if I never actually stopped working for Apple.”
Snippet: Ron Wayne, Apple’s Other Founder ☇
Ernie Smith for Tedium (via Stephen Hackett):
Jobs didn’t like that answer—but it likely led to the inevitable follow-up where he told Wayne about Woz. But there is a timeline where Ronald Wayne and Steve Jobs became slot-machine entrepreneurs, leaning on Wayne’s technical knowledge of the devices.
What are the odds that these three men would end up working together—almost like hitting the jackpot?