Read on Twitter
If you want to understand why Apple keeps checking apps on your machine, just watch a bunch of smart technologists loudly encourage you to change your software based on valid-sounding misinformation from a complete stranger
Those technologists ARE smart, but they’re human.
Establishing trust in software safety is really difficult and getting worse by the day; that’s what makes Jeffrey Paul’s blog post somewhat valuable but far more dangerous.
Some of the misinformation I’m talking about: https://twitter.com/yoz/status/1327447106039156737
Establishing trust in software safety is really difficult and getting worse by the day; that’s what makes Jeffrey Paul’s blog post somewhat valuable but far more dangerous.
Some of the misinformation I’m talking about: https://twitter.com/yoz/status/1327447106039156737
It’s dangerous because it encourages people to abandon Apple’s malware prevention systems, which are VITAL. The pretext is some bullshit about “not owning your computer”, i.e. not having total control over everything the computer is doing.
Really? WELCOME TO FUCKING SOFTWARE
Really? WELCOME TO FUCKING SOFTWARE
You can NEVER have total trust in what a computer is doing. You have a chain of trust based on the thousands of humans who wrote the code you use, and the trust decisions *they* made, etc.
The most certain thing you can say is: those humans probably screwed up at some point.
The most certain thing you can say is: those humans probably screwed up at some point.
Yes, it IS better to be able to read the source code. No, it doesn’t actually solve the problem: almost nobody actually does that. Even when they do, they still miss problems. A famously horrible person once said, “many eyes make bugs shallow”, but many lines make eyes tired.
The reason I put *some* trust in Apple is that
a) nobody has enough money to bribe them
b) they’ve increasingly focused a big chunk of their brand around privacy
… and this is where the “somewhat valuable” aspect of Jeffrey Paul’s Inflammatory blog post comes in…
a) nobody has enough money to bribe them
b) they’ve increasingly focused a big chunk of their brand around privacy
… and this is where the “somewhat valuable” aspect of Jeffrey Paul’s Inflammatory blog post comes in…
The huge reaction to Paul’s blog post demonstrates what happens if/when Apple gets this wrong.
Imagine if it was Amazon. Sure, you would disapprove, but it’d be eye-roll number six in your morning coffee doomscroll.
When it’s Apple’s screw-up, it’s everywhere.
Imagine if it was Amazon. Sure, you would disapprove, but it’d be eye-roll number six in your morning coffee doomscroll.
When it’s Apple’s screw-up, it’s everywhere.
I’m glad of this because Apple does plenty of things I disagree with. I don’t trust them completely. And while Jeffrey Paul’s blog post is overly inflammatory and seems to be significantly wrong, I don’t know that it’s *completely* wrong. I’m interested to see Apple’s response.
We interrupt this rant for some validation from the person I trust most in these matters, who is currently Lead Product Manager for the security of the Chrome browser. He goes on to explain why OCSP encryption is problematic. https://twitter.com/konklone/status/1327508465070211072
… though it sounds like those problems wouldn’t affect this usage. And opacity could be valuable to people under repressive regimes that do deep packet inspection. But it’d have to be MITM-proof. Or something? Yeah?
@konklone I am so out of my depth, halp
@konklone I am so out of my depth, halp
