Quote:
Originally Posted by Galakanokis
We sign NDA's around all of our security audits so can't really divulge any details and I assume the same would be true on Apple's side. We do security audits a few times a year, Marvel, Disney, fox etc but now that Apple is in the film and tv production game we just did two in Toronto and LA, not Vancouver yet.
The main issue we have is around the T2 security chip and its need to call home all the time, every 15 minutes I believe. The T2 is in (I think) every machine made since mid 2018.But on our production side we lock down all external networks and that is where 95% of our Mac's live. So when the mac cannot call home it essentially shuts down all licensed software on the machine whether it be a software key or a dongle. So we cannot run AVID, Color Front, Resolve Baselight nothing.
Toronto has 27 new iMac Pros that are paper weights at the moment as we cannot use them on the production side. There's literally no reason for the machines to call home on a secure network when it is locked down as much as it can be locked down other than to keep tabs on the machine. I can see it on the consumer side but makes no sense to not have work arounds on the pro side.
|
I had this a little backwards/wrong. The systems doesn't try and call out every 15 minutes or so but every time you launch a program so if the program has a license and cannot connect it will cause issues. It doesn't always hang but can take 10 or 15 minutes before things start to behave properly if at all. The systems try and reach out to domain.apple.com, you almost have to clear the whole 17.0.0.0/8 block for applications to behave.
But the general issue stands. We feel Apple risks security by allowing access to systems they themselves (production side) do not want anyone to have access to in order to "keep tabs" on things.