Hacker News new | past | comments | ask | show | jobs | submit login

If the underlying hardware is compromised(it is) then it doesn't matter what the os does.\ EDIT: If you are downvoting me - state why.



Depends on your threat model. Sure, it's impossible to keep out certain nation states, but a number of OS changes can keep malicious applications developed by less-skilled nation states or highly skilled individuals under control. It's not perfect, but it's better than nothing.

Unless you are suggesting that we should just give up on security entirely because it's impossible to have a system that is 100% secure?


Do people really need to worry about other than national states with android and ios? Exploits/Viruses in these OSes are extremely rare in comparison to the desktop OSes and they're just getting harder to exploit. It's gettting to the point where you need the resources of one of the cyber superpowers to exploit these OSes. Their permissions based security model is great and hopefully will make their way to desktop.

My theory is that there is a backdoor into these OSes. It's the path of least resistance and there's precedence of this. Obviously Apple/Google are going to vehemently deny this as this and these backdoors would be able to provide the most precise form of surveillance ever created.


There are relatively easy tutorials out there, some on freaking YouTube ffs, about how to connect to the JTAG pins on most Android phones and pull data right out of memory.

These are barely above trivial attacks that don't require a nation state to pull off, just a talented engineer.


I don't think most people care about physical access exploits. If you did you would have some specialized software which would remotely wipe it upon being tampering with. Common sense.

What really matters security wise is who is this security for? If it's for state actors(vault7) then it's useless. It's known that copperheados doesn't do much to defend against them as the phones are exploited on a hardware level. All this extra security is pointless as the people you are most worried about, has access.


> If you did you would have some specialized software which would remotely wipe it upon being tampering with. Common sense.

If somebody physically attaching to your device isn't doing so in an environment that doesn't also block radio signals, they've already failed... and you can't be wiping your phone every time it loses signal.

The threat model of a personal computer and the threat model of something that literally follows you everywhere and knows everything you do are very different.

Physical access is much easier to obtain exposes you to way, way more. Getting a divorce? Your phone is probably something you want to guard extremely closely. You can get someone to pin your android phone for low-double digit thousands of dollars -- or even free if it's the right kind of person with the wrong kind of morals. IMO, if you have any meaningful assets to protect, whether they're yours or your company's, buying an Android phone with JTAG pins is _insane_ (or simply poor risk analysis).

But what do I know? I've only JTAG'd a phone before, scraped the RAM, obtained the unlock code and all of the user data. Random thought: how many people do you know whose phone unlock code is also their ATM pin number?


The first rule of vote club is you do not talk about vote club. Also, people who vote on your comments either up or down don't owe you explanations. Both of these are standard HN practice.


Not GP, but I don't consider it harmful or whatever to ask why folks disagree with you if you don't understand why folks would disagree with you. Sure, none of us owe them an explanation for voting a certain way, but maybe someone will come along and explain it, and they'll learn something new.

I don't think the system is strictly "you're right" or "your're wrong" and providing any supporting explanation is discouraged.


I don't consider it harmful

It pretty much always devolves into pointless meta. If someone wanted to tell you how right or wrong you are, they'd reply to your comment. Sometimes, perfectly reasonable comments get downvoted. Sometimes, truly awful comments get upvoted. Sometimes people fatfinger the wrong button on their phones. Every poster and every thread is better off just living with it, not worrying about it too much and sticking to the quality of the conversation itself.


We are the quality of the conversation itself.


No.


Yea, we literally are, unless all other commentors on HN are bots...


No you literally aren't. You are you. The conversation is the conversation. Those are two distinct things. Nobody can ask you to be mindful of the quality of other people. It's trivial to just avoid interminable discussions about voting.

The most telling thing about this is that nobody ever demands explanations for upvotes so it's obviously not because there's some real belief these explanations would make the conversation better. It's just that being downvoted feels bad. But really, at worst, you'd eat -4 points here or there. Best is to just put on your wizard hat and Epictetain stoic robe and move on. And this isn't merely a good idea - it's the law.


Discussions about why comments are downvoted are useful to understand the group mentality of the site, and sometimes the post is just factually wrong, badly composed, or has another negative quality that would be similarly evaluated by multiple readers. Maybe the author mistyped something.

If the only feedback is a bundle of downvotes, it makes sense to ask for more detail. The site is better off when contributors understand what comments the community considers valuable. Sometimes the meta-discussion even leads to a good, but downvoted, comment recovering.


Discussions about why comments are downvoted are useful

Well, you'd have to convince not me but the moderators of the site of that. They're quite explicitly off-topic in the written guidelines. Have been for many years along with 'neither downvotes nor upvotes come with an explanation obligation'.

And more generally, it's social interaction, not a compiler. Like most social interactions and for most people, it's not that hard for a newcomer, with a bit of participation, to sort out the context and written and unwritten norms, without constant and explicit error messages.


Or, I can just answer people's questions about their downvotes to the best of my ability. They're guidelines, in the sense of rules of thumb. There are plenty of times when they just don't make sense. In doing so, you're just taking the chance that a lot of people disagree with your reading of the situation.

> And more generally, it's social interaction, not a compiler.

You've never asked "What did I say wrong?" when someone reacted unexpectedly in a social interaction? No one owes you an explanation, but there are times when it's a reasonable question and shouldn't hurt to ask.


They're guidelines, in the sense of rules of thumb.

That's really not how they're treated. Neither 'don't be a butthead' nor 'don't whine about votes' are serving suggestions. They're both enforced constantly, directly and indirectly. Without that, the site would be an unreadable cesspool.

You've never asked "What did I say wrong?" when someone reacted unexpectedly in a social interaction?

I don't present every stranger who bumped me on the bus and then gave me the stink eye as if I was the clumsy boor with a questionnaire aimed at establishing a more constructive basis for our ongoing relationship. I just frown and go back to staring at my phone. This is a far more taxing and awkward near-daily social interaction than a seemingly inexplicable downvote.


> That's really not how they're treated.

It really is, in my experience, at least in the rare cases where the reason for a mob downvote isn't clear.

> I don't present every stranger who bumped me on the bus...

But then, you have a single, specific focus for the "downvote": Some single person, who's apparently having a bad day. The cause is obvious, won't be improved by questions, etc. It's a good example of a case where the rule-of-thumb applies. Further, your "questionnaire" could be a raised eyebrow to the person next to you, who might look up, shrug, and turn away.

The whole point is to see if you're being the asshole, or if it's the other guy being unreasonable.

Now, imagine that everyone on the bus is self-selected for a trait besides wanting to travel somewhere. Say, they're tech or business people, congregating for the chance to talk about things that interest "hackers". They're there specifically to talk and discuss. A driveby downvote doesn't aid that goal. An explanation of why the commenter is being unreasonable does, even when it comes as speculation from someone who didn't downvote them.


But then, you have a single, specific focus for the "downvote"

Cause that's what we're talking about, Willis. Downvotes and how they require none of the emotional or mental energy you seem to be willing to spend on them. It's a complete waste of time, at least, given the purpose of the site and we have rules to remind us what a complete waste of time it is.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: