[Cryptography] EFF amicus brief in support of Apple
Perry E. Metzger
perry at piermont.com
Sun Mar 6 19:43:27 EST 2016
On Sun, 6 Mar 2016 15:38:46 -0500 grarpamp <grarpamp at gmail.com> wrote:
> On 3/6/16, Perry E. Metzger <perry at piermont.com> wrote:
> > I'm a practical person. I want systems that work, not that provide
> > some sort of philosophical warm fuzzies.
>
> > Economies of scale are real things. It is nice for a hundred
> > million people to be able to download patches to their systems
> > automatically without even having to think about it or understand
> > what a patch is
>
> > It is nice for people to be able to download a
> > game or a to-do application without having to personally audit
>
> Open and secure does not preclude any of these things.
You explicitly suggested that people should be compiling the code for
their own devices. Quoting you in an earlier message:
You compute hardware should be completely open.
You compute software should be completely open.
You should fuse your own keys into your own hardware
for software builds you reproducibly build sign and install
yourself from distributed opensource software.
This is silly.
> > Where's the evidence for your assertion?
Just to remind people, your earlier assertion was:
However, when a billion humans around
the world *may* look at and even participate in the hw and sw if
they wanted to, versus only 25 people locked in the coderoom of a
megacorp whose primary raison d etre is by definition making
money... the possible odds that it *could* be better and even a
solution to everything as you say... are in fact better.
Your reply was:
> What is your potential when you're chained to a wall?
> With open, possibility is a right of others, with closed,
> you forclose it upon them, and likely to serve yourself.
> That may be part of the potential.
I take it you have no specific evidence for your claim that you wish
to provide us with at this time.
And again, I do indeed very strongly prefer open source
software. However, there seems to be a utopian dream being asserted
here, not a hard claim with well established evidence. In the real
world, it seems that average users -- even people with incredibly
sophisticated understandings of the systems they're using -- are
generally better off being protected from their own errors.
Note that I don't want to *impose* such solutions on people, but it
does indeed seem that a lot of the time, you're a happier camper when
you pay some company to worry about your security on your behalf so
you can get on with your life instead of "fuse your own keys into your
own hardware for software builds you reproducibly build sign and
install yourself from distributed opensource software."
> > If you look at Android vs.
> > iOS, iOS, with its much more restrictive environment, seems (as a
> > practical matter) to be more secure.
>
> iOS/Android haven't even hit 10 years old and neither
Ten years is a long time.
What you might reasonably complain is that a sample size of two is too
small. That said, I think we have pretty strong evidence that at least
sometimes, the iOS approach can have significant benefits for
users. It is entirely possible that in the hands of another firm the
walled garden would have been awful crap, but at least *some* of the
time, it seems to work pretty well.
Perry
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list