The key words missing from the title is "without _connection to_ apple". From the original title I assumed that you had to take it to the apple store to reset it or something.
Unpopular opinion but I like that if someone steals my MacBook, it’s impossible for them to factory reset it unless they get a BootROM exploit or even use it if they don’t have an early boot exploit. If there’s a way to “turn this off” then thieves would be able to use that mechanism to bypass the activation lock. If you want 100% total control, then don’t buy Apple.
Whenever apple decides to shutdown the service that activates this hardware, many of these wiped computers will no longer be operational which won’t be great for future retro computer collectors and computer historians. Lots of ppl still run their Commodore 64, amigas, and even original Macs. JCS is even doing a whole video series on programming on the original Mac.
At this time, I feel a 100% offline, airgapped environment is something of a niche. The way Apple has things set up, likely work better for the average consumer.<p>Apple is omakase, not a la crate. They have made decisions that they think are best for their consumers, and they are not trying to be all things to everyone. That has the advantage that if you are in Apple’s target audience, you get a very nice, polished system. If not, you are free to use many of the various other computers that are available.
<i>airgapped systems that never touch the internet, such as: [...] SCIFs, or other secure/offline data processing facilities</i><p>It seems to me that if you were buying hardware for a totally airgapped system for a SCIF or something, you wouldn't buy a computer with built-in wifi or bluetooth at all. I mean, really? Does the NSA buy consumer hardware with network interfaces they don't intend to use?
This is a great example of the divergence between "military-grade" security and real world security. Most people will never "fully wipe, zero out, and then boot from cryptographically verified (locally, on other high assurance systems) boot media" so Apple's restrictions aren't a problem. But Apple's anti-theft system does benefit normal people.
He's talking about Apple Configurator and yes, it connects to Apple to download the T2 firmware automatically:<p><a href="https://support.apple.com/guide/apple-configurator-2/revive-an-intel-based-mac-apdebea5be51/mac" rel="nofollow">https://support.apple.com/guide/apple-configurator-2/revive-...</a><p>"You may need to configure your web proxy or firewall ports to allow all network traffic from Apple devices to Apple’s network 17.0.0.0/8."
Wow, this is extremely unfortunate. And I'm pretty surprised it's the first I'm hearing about it, given that T2 chips have been out for a while.<p>Is this true even if the OS is installed to an external hard disk, such as a USB drive? That's not a great solution of course, but perhaps a partial one?
It may be a one-in-a-million risk, but I don't like the idea that if some disaster strikes and takes out industrial civilization, at some point we could have perfectly good laptops that are no better than bricks because they can't talk to Apple over the internet...
If you need to do something like what the author does, you should not use a mac in the first place, but use a 100% open source machine that is put together from different parts from different shops and put in a Faraday cage.
> This means that macs, even the recent Intel ones, are now entirely unsuitable for certain critically important industrial applications<p>For "secure/offline data processing facilities" or "systems that must maintain cryptographic integrity", why would a closed source operating system even be considered in the first place? I don't think this is a good use case for a Mac.
We used to fix about 80% of the apple products coming in for recycling around 5 years ago by swapping parts and sending them back into action. Now it's mostly scrap waist that ends up in a land fill.
If your use case is what the author describes then why consider Apple products anyway? Your threat model (whatever this is) defines your choice of hard- and software, not the other way around. Apple doesn't care its products don't fit 0,5% of all the use cases. There are other products and mitigations (TEMPEST anyone?) for that
The T2 chip has utterly failed its purpose. It doesn’t seems to stop any dedicated actor (government or any security company) to crack someone’s phone, all it does is hampering the right of repairing and brings troubles to power users.
What we see now is that companies like Apple, and other hardware & software manufacturers as well, is transforming into service companies, you are de facto renting the system you have purchased.<p>Service companies in other sectors, like social media, is actively banning their customers when the customer in some way is not following the service contract.<p>I predict this will be the next logical evolution, customers will be banned from their purchased hardware.
apple no longer makes general purpose computers. they make iphones, and iphones with keyboards. unfortunately, the processor tech seems spectacular from all accounts.
Apple may sell you a computer, but ultimately you do not control it.<p>Who really controls your computer: <a href="https://youtu.be/Ag1AKIl_2GM?t=57" rel="nofollow">https://youtu.be/Ag1AKIl_2GM?t=57</a>
When I read rumors about the new Magsafe leading to the removal of all ports on the iPhone, I had my doubts because the lightning port is the only reasonable way to restore the device after a bad update. Maybe Apple's not too concerned with this...