←back to thread

Apple vs the Law

(formularsumo.co.uk)
378 points tempodox | 6 comments | 11 Jul 25 06:49 UTC | HN request time: 1.45s | source | bottom
Show context
grishka ◴[11 Jul 25 07:28 UTC] No.44529279[source]
> "...unfortunately, it's impossible to do all the complex engineering to comply with the Commission's current interpretation of the DMA..."

There's nothing complex and impossible about removing some "if" statements responsible for code signature enforcement.

replies(9): >>44529310 #>>44529322 #>>44529363 #>>44529431 #>>44529446 #>>44529695 #>>44530078 #>>44531016 #>>44531269 #
interpol_p ◴[11 Jul 25 07:40 UTC] No.44529363[source]
It’s extremely complex. I’m not debating whether they should comply - they should. But it’s gonna cost them years of engineering effort, and maintenance far into the future. See, for example, BrowserEngineKit

https://developer.apple.com/documentation/browserenginekit

They needed to engineer, maintain, document and support a whole class of APIs so that third parties can create their own competitive browser engines (that offer JIT, etc) while still maintaining iOS sandbox security. There are going to be hundreds of frameworks, thousands of APIs, that will need to come to ensure compliance with the DMA

replies(2): >>44529396 #>>44529401 #
idle_zealot ◴[11 Jul 25 07:47 UTC] No.44529396[source]
Or, they could just let their pocket computers run the software users download and install, like every single other computer ever made and sold, rather than special-case engineer padded cells for every use-case, application class, or bit of interoperability.
replies(3): >>44530059 #>>44530285 #>>44533417 #
bzzzt ◴[11 Jul 25 09:22 UTC] No.44530059[source]
You mean those users that don't even know what an application is? And you mean that software that only has the users best interests in mind and is not spying on them, trying to scam or confuse them into buying unnecessary stuff?

I think Apple has done a great job of protecting non-technical people from a lot of the possible harms of malware. There's a lot of incentive for them to make sure security is handled right. I'm convinced going back to the 90s and giving every software developer full access to users phones would create a lot more problems than it would solve.

replies(1): >>44530345 #
1. grishka ◴[11 Jul 25 09:59 UTC] No.44530345[source]
Maybe let's not optimize everything around people being tech-illiterate? We live in a society. You are expected to have some baseline knowledge to live in one. So let's instead educate people about that stuff instead of encouraging ignorance and punishing power users.
replies(1): >>44530429 #
2. bzzzt ◴[11 Jul 25 10:12 UTC] No.44530429[source]
Would be nice if everything instantly became better with a bit of explanation, but I'm just a bit to cynical to trust that. Most people using tech need guard rails.
replies(1): >>44530558 #
3. grishka ◴[11 Jul 25 10:32 UTC] No.44530558[source]
Yes, guard rails are good. I'm not denying that. They are an important part of user education.

But only when they can be overridden. MacOS around 10 years ago is a good example. It came out of the box in a foolproof state — only apps from the app store or registered developers would run, and SIP is enabled. But if you know what you're doing, you could disable both those things without any loss of functionality.

replies(1): >>44531013 #
4. bzzzt ◴[11 Jul 25 11:42 UTC] No.44531013{3}[source]
You can see the problem by browsing old help forums and see how often people suggest 'disable SIP' as a solution to some problem instead of really fixing the problem. Also, the clueless user will -at best- just follow instructions and disable all kinds of security features making them more vulnerable to malware.
replies(1): >>44531219 #
5. grishka ◴[11 Jul 25 12:10 UTC] No.44531219{4}[source]
If someone is trying to help themselves by participating in forums and following instructions, that's already very much an above-average user. They'll be fine anyway. I'm talking more about the kinds of people who would download a .jpg.exe and run it. Or transfer their savings to a "safe account" because someone called them out of the blue and told them to do so. Or fall for scammy ads. You get the idea.
replies(1): >>44531916 #
6. bzzzt ◴[11 Jul 25 13:29 UTC] No.44531916{5}[source]
I'm more concerned about the 'good with computers' type people helping the average users. Those are the people who use google and forums and leave other peoples phone and/or computer in a less than optimal state which makes the .jpg.exe attack more likely to succeed.