How Apple is Advancing iMessage Security

🌙 Hello world ☀️ 

Microsoft Ignite 2023 kicks off today at 8 AM PT, featuring a lineup of industry experts on the latest innovations in AI, data, security, and development tools. It’s free.

In this week’s email:

  • Security: How Apple is advancing iMessage security.

  • Big Data: Netflix’s transition to streaming SQL in data mesh.

  • WebAssembly: A new way to bring garbage collected programming languages efficiently to WebAssembly.

  • CSS: Speeding up the JavaScript ecosystem using Tailwind CSS.

  • DevOps: Highlights from the State of DevOps 2023 report.

  • Accessibility: Why accessibility is a requirement, not a feature.

Good programmers know what to write. Great ones know what to rewrite (and reuse).

Eric S. Raymond

Created with Midjourney

Apple's iMessage, known for its secure end-to-end encryption since 2011, has constantly been updated to combat evolving security threats. With hardware-aided key management, advanced sandboxing through BlastDoor, and Lockdown Mode, iMessage has established robust security features.

iMessage Contact Key Verification

The central key directory service (Identity Directory Service or IDS), which maps user identifiers to public keys, posed a single point of failure. A compromised service could return keys controlled by adversaries, enabling them to intercept messages.

Traditional Solutions
Peer-to-peer verification methods (e.g., QR codes or safety numbers) were used in other messaging systems to confirm key authenticity, but these methods were cumbersome for users, especially when devices changed or new ones were added.

Apple's Approach: iMessage Contact Key Verification With Key Transparency (KT)
Apple introduced Contact Key Verification to tackle the risks associated with the key directory service. Using Key Transparency, which leverages verifiable logs and maps, Apple ensures that users' devices can cryptographically verify the integrity and authenticity of encryption keys.

Key Aspects:

  1. Key Transparency and Verification:

    • Devices automatically verify keys using the KT system, which provides cryptographic proofs and can detect inconsistencies.

    • The KT system employs a log-backed map data structure for scalability and user privacy, using techniques like SHA-256 hash and Verifiable Random Functions.

  2. Account-Level Security:

    • An ECDSA signing key is generated on the user's device and stored securely in iCloud Keychain.

    • This account key is used to sign iMessage public keys, which are then verified automatically by users’ devices.

  3. Automatic and Manual Verification:

    • Devices verify keys automatically through the KT system, with alerts for any inconsistencies.

    • Users can manually compare short codes using the Vaudenay SAS protocol to confirm that they see the same account key for their contacts.

  4. Scalability and Notifications:

    • The system is designed to scale to billions of users and to provide notifications only when there's an unexpected security condition.

  5. Third-Party Auditing and Gossip Protocols:

    • While initially using an internal auditing service, plans for external auditing are in the pipeline for 2024.

    • The Messages app uses gossip protocols to ensure consistency of the KT logs among iMessage clients.

  6. Future Device Sign-ins:

    • The verification extends to new devices automatically, linking the process to the user’s contact card for continuous assurance.

  7. Public Persona Verification:

    • Public figures can use public verification codes to verify their identity.

iMessage Contact Key Verification represents a significant step in messaging security. It ensures that even if the key directory service is compromised, users can verify who they are messaging with and trust the integrity of their communication.

P.S. If you’re enjoying the content of this newsletter, please share it with your network:

Created with Midjourney

Netflix, known for its massive content delivery and personalized experience, relies heavily on data. The Data Platform team is responsible for creating scalable data processing infrastructure.

The Challenge
As data demands grew, Netflix introduced "Data Mesh" - a data movement and processing platform utilizing Kafka and Flink.

Data Mesh Pipeline Example

Users could build data pipelines with reusable "Processors" for tasks like filtering or renaming fields. However, this posed two major challenges:

  1. Limited Expression: Pre-built Processors didn't always fit complex needs, leading to custom, difficult-to-learn solutions.

  2. High Overhead: Pipelines with multiple Processors incurred resource and runtime costs.

Solution: Data Mesh SQL Processor
To increase flexibility and reduce complexity, Netflix developed the Data Mesh SQL Processor.

SQL Process Workflow

This innovation leveraged Flink SQL to allow complex data transformations using SQL queries instead of multiple Processors, thus reducing latency and resource usage.

Key Features:

  • Managed Flink Jobs: Simplified the transformation process with parameterized jobs.

  • Streaming SQL Support: Enabled direct use of Flink SQL within Data Mesh without architectural changes.

  • Interactive Query Mode: Provided real-time feedback and query validation for faster iteration.

  • Schema Inference: Automated output schema creation from SQL queries, streamlining schema management.

User Workflow
Software engineers using the SQL Processor follow these steps:

  1. Sample Data: Use Interactive Query Mode to sample upstream data.

  2. Iterate on Queries: Modify and validate SQL queries in real-time.

  3. Deploy: Save the query into the Data Mesh Pipeline for execution.

Adoption of the SQL Processor has been met with excitement. It allowed a more intuitive expression of business logic and unlocked new use cases without the need for writing custom Processors.

Lessons Learned
Netflix realized the benefits of Flink SQL early on could have saved significant engineering resources. Additionally, setting up guardrails for Flink SQL was crucial for managing expectations and operational workload.

Future Plans
The Data Platform team continues to expand SQL Processor features, such as supporting stream enrichment and advanced joins, to further harness the power of stream processing.

Netflix's transition to a Streaming SQL approach within Data Mesh signifies a strategic move towards more efficient, scalable, and manageable data processing methodologies that cater to the complex needs of a leading streaming service.

Contains Duplicate

Missed the solutions to this week’s coding workout?

Learn the solution to one of the most common interview questions here.

Created with Midjourney

WebAssembly's latest optimization includes built-in support for garbage collection, allowing languages that traditionally rely on it, such as Java and Python, to run more efficiently on the Web.

By leveraging WebAssembly's garbage collection, these languages can produce smaller and faster binaries.

This advancement holds promise for more performant web applications utilizing these languages in the future.

Created with Midjourney

Marvin’s article discusses how Tailwind CSS is used to style web projects and explores ways to optimize its performance.

He analyzes the Tailwind architecture on its own website but encounters issues with noisy traces, so he runs the Tailwind CLI to identify key areas for improvement.

Marvin suggests that significant speed improvements in Tailwind CSS can be achieved not by following best practices but by understanding and optimizing the code based on its purpose and the problems it solves.

Created with Midjourney

Tomas highlights key findings from the State of DevOps 2023 report including the influence of AI on productivity, factors affecting job satisfaction and burnout, and the importance of cloud choices.

It emphasizes user-focused development, key technical capabilities like CI/CD, the role of flexible cloud infrastructure, and the impact of quality documentation on job satisfaction and performance.

The report also advocates for a generative culture to boost innovation and performance.

Created with Midjourney

In her article, Nicole argues that accessibility in software is a crucial requirement, not an optional feature.

She likens it to ongoing needs like security, needing constant attention in development.

Her personal experience with temporary disability underscores the importance of accessible design for all users, not just those with permanent impairments.

JS Weekly Pulse

To-Do List

 Interesting: How AT&T lost over $60 million due to one line of code.

 TypeScript: A complex technique in TypeScript to specialize generics.

 Learn: Have the technical skills but communication needs improvement? Check out this guide to public speaking for software engineers.

 Watch: An in-depth video on the growth of JavaScript runtimes over the years from James Snell himself.

Hot Picks in the Dev Community

Svelte Flow - A customizable Svelte component for building node-based editors and interactive diagrams.

Lenis - A better smooth scroll library created for performance and accessibility. The demo.

Fkill CLI - A CLI for killing processes cross-platform.

Imba - A full-stack programming language for the web that compiles to performant JavaScript.

Pannellum - A lightweight panorama viewer for the web.

Pair Programming Be Like…

What'd you think of today's edition?

Login or Subscribe to participate in polls.

Join the conversation

or to participate.