Comments (2)
Hola @nark
So lots of questions in here so I'll try and seperate them out a little:
-
How can you trust Duo?
Quite honestly trust is yours to determine where you want to place it. I'm sure you use code that is from a variety of open source projects and online sources each day, follow the same rules you do for those sources to determine whether you trust Duo and the data we have compiled and provide for free. -
How can you trust the data in the API?
Again, trust is yours to place where you see appropriate. The data is compiled on a best effort basis and as far as we know it is the only source of Apple EFI version data available, but there is always the chance for there to be a mistake in the dataset and we know for sure it is by definition incomplete. If the API, dataset and tools are helpful to you then great, if you don't trust them enough to use them then that's your decision to take and we completely understand. -
How can we be sure the services we provide are safe?
The client is open source so feel free to inspect the code and let us know questions or bugs you find. The API is a very simple RESTful API making on the wire inspection of requests and responses easy to review. From your review of the client code you will see that the responses from the API are just JSON messages that get parsed and provide a guidance message to the user nothing more, as such if the API server got hacked it could give you incorrect data in response but couldn't cause the client to 'do anything bad'. Again exercise the same level of scrutiny and caution with this service as you would for any other API you make use of in your day to day computer use. -
Protections against internal corruption/the NSA zip'lining into the office at night to mess with the dataz.....
This is an opensource project and is provided on a best effort basis. There are no guarantees as to the correctness of the dataset, but we do our best to have it as accurate as possible. Our threat model does not currently include protections against the NSA, CIA or even MI6. -
Do we plan on releasing an offline version of the dataset?
I won't say never but we don't have a timeline on doing so at the moment. The online API allows us to keep the dataset up to date for everyone as easily as possible and also allows to continue to gather data about the versions of EFI running on Apple systems that contributes towards our continued research in the space. If your organisation's threat model doesn't allow you using an online API then I would suggest building up your own EFI version dataset using the detailed walkthrough we gave in the technical paper and using that offline so as you can keep a check on the EFI versions being run.
Hope this is of some help to answering your questions, but ultimately questions of trust (or in this case trustworthiness) really are ones only you can answer based upon your threat model.
from efigy.
No activity on this for a while so closing it out
from efigy.
Related Issues (20)
- log option HOT 1
- EFI firmware version check ERROR - Unknown Build Number '17B48' given. (1511394575.64) HOT 4
- API Feature request HOT 2
- EFI version not found HOT 5
- Dubious Version Number Warning HOT 6
- Incorrect results? HOT 6
- Wrong Results HOT 3
- Exception if running on firmware with "E" in build number HOT 2
- API returning out of date results HOT 3
- Using EFIgy with Mac management systems HOT 5
- EFI Verification HOT 5
- Request - additional option to auto run HOT 2
- Support the 2018 MacBook Pros HOT 5
- EFIgy database not being updated? Wrong command/version processed? HOT 3
- Handling for new firmware version style seems to be incorrect HOT 6
- Version information in EFIgyLite_cli.py wrong HOT 4
- -o command line flag returns bad result HOT 2
- SMC version and model unrecognized
- Catalina OS and firmware not supported?
- https://api.efigy.io SSL Certificate has expired HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from efigy.