Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What if he’s wrong? Computers do things their programmers don’t expect them to literally all the time. Security bugs generally come from a mistaken assumption about how something behaves.

He doesn’t have to be a liar to be telling you untruths about how it works.



What if everyone is wrong about the effectiveness of Android’s mitigations? Then iOS would be more secure.

Could you please make concrete a point?


You asked why we would need to verify things he said. I explained it quite concretely. What part did you not understand?

Edit: whether people are wrong about android security is orthogonal and whataboutism


My android comment was taking yours, turning it around and taking it to the extreme to illustrate a point.

And no, I never asked why we would need to verify the security researcher’s claims (but sure, you should).

1. Dma54rhs says Apple’s (!) claims supposedly can’t be verified and that you need to take Apple’s word for it

2. I ask why not, provide a link to a talk about iOS security by a renown security researcher as both an example of how to verify Apple’s claims (reverse engineer iOS) and to lend some credence to the point that they are likely to be true

3. You talk about the researcher and/or programmers being wrong by replying with an “orthogonal” comment containing “whataboutism”.

Edit: Could we please talk about the actual topic? Do you or someone else know about instances where Apple lied about mitigations like lockdown mode before? Maybe there’s a long history of it and I just don’t know. Or is there some other flaw in my logic?

There is always the argument about hidden bugdoors, backdoored compilers or whatnot. But that’s not practical, by then you might as well stop using technology.

If Apple can’t be trusted then why can you trust google? Or Qualcomm?


You’re the one derailing from the actual topic, which was broadly can we trust our devices and specifically can we trust iOS, by muddying the water with what-about-android. The question wasn’t which we can trust more, the question was whether and how much we can trust Apple.

You can’t verify that iOS is doing what Apple says that it’s doing, because you can’t read the code. You can’t trust that Apple perfectly understands their product, because it’s extremely complicated, and therefore you can’t just take their word for it. I’ll state that the check here, although it’s painfully obvious, is that exploits happen. Researcher opinions are fine, but facts are better.

None of this is in any way contentious or new, it’s the exact debate about open-vs-closed that we’ve been having since the beginning of software.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: