upvote

points

by seba_dos19 hours ago |
comments
upvoteby goblin898 hours ago|
next
[-]
> somehow we don't go and ban kitchen knives

False analogy. You can’t have your kitchen knife exploited by a hacker team in North Korea, who shotgun attacks half of the public Internet infrastructure and uses the proceeds to fund the national nuclear program, can you? (I somewhat exaggerate, but you get the idea.)

> Systems can be secure and trusted by the user without having to cede control

In an ideal world where users have infinite information and infinite capability to process and internalize it to become an infosec expert, sure. I don’t know about you, but most of us don’t live in that world.

I agree it’s not perfect. Having to use liquid glass and being unable to install custom watch faces is ridiculous. There’s probably an opportunity for a hardened OS which can be trusted by interested parties to not be maliciously altered, and also not force so many constraints onto users like current walled gardens do. But a fully open OS, plus an ordinary user who has no time or willingness to casually become a tptacek on the side, in addition to completely unrelated full-time job that’s getting more competitive due to LLMs and whatnot, seems more like a disaster than utopia.

reply
upvoteby ruszki3 hours ago|
parent|
[-]
> You can’t have your kitchen knife exploited by a hacker team in North Korea, who shotgun attacks half of the public Internet infrastructure and uses the proceeds to fund the national nuclear program, can you? (I somewhat exaggerate, but you get the idea.)

Isn’t the status quo, that you need to intentionally choose to allow this?

reply
upvoteby seba_dos11 hours ago|
parent|
[-]
Yes (well, kinda - attested systems can be and are vulnerable too), and remote attestation is completely orthogonal to that threat anyway. Securing the boot chain does not involve letting apps verify the environment they run in, it's an extra (anti-)feature that's built on top of secure boot chains.

It's also really incredible how people can see "user being in control" and just immediately jump to "user having to be an infosec expert", as if one implied the other. You can't really discuss things in good faith in such climate :(

reply
upvoteby Avamander9 hours ago|
prev|
[-]
> but somehow we don't go and ban kitchen knives, as having them around is valuable

Some countries do :) Though I think physical analogies are misleading in a lot of ways here.

> Systems can be secure and trusted by the user without having to cede control, and some risks are just not worth eliminating.

Secure, yes, trustworthy to a random developer looking at your device, no. They're entirely separate concepts.

> Most importantly - it's the user who needs to know whether their system has been tampered with, not apps.

Expecting users to know things does a lot of heavy lifting here.

reply
upvoteby seba_dos11 hours ago|
parent|
[-]
I never mentioned users having to know things (what you quoted was about the user getting informed whether their system is compromised, which is the job of a secure boot chain). The user being in control means that the user can decide who to trust. The user may end up choosing Google, Apple, Microsoft etc. and it's fine as long as they have a choice. Most users won't even be bothered to choose and that's fine too, but with remote attestation, it's not the user who decides even if they want to. And we don't need random developers looking at our devices to consider them trustworthy, it's none of their business and it's a big mistake to let them.
reply