undefined | Better HN

0 pointsfsflover1y ago0 comments

Security doesn’t equal to giving away the full control to a third party. By this logic, Linux servers are insecure.

Also you can’t install Linux on Android due to the closed specs and proprietary derivers. Not even on Google Pixels advertized by the GrapheneOS crowd.

0 comments

sshine1y ago

> Security doesn’t equal to giving away the full control to a third party.

Allowing the user to install and run any software does result in a less secure system.

Also if that software is run in a sandboxed way (but allowing installation from anywhere).

Because software could impersonate and trick the user into giving away sensitive information, such as credit card data, or authentication to act on behalf of the user.

> By this logic, Linux servers are insecure.

Yes, if we go with there being one single thing called "Linux servers", they are insecure by the same measurement.

I would differentiate between mobile software that targets end users and server software that targets professionals.

With server operating systems, you provide secure/convenient defaults (with Linux distros often leaning towards convenient), but you always provide the systems administrator the ability to `curl ... | sudo sh`. You also say it is the system administrator's fault if they ever do that and something goes bad. If you are a platform owner with millions of users, you cannot claim security when you allow for any code to be run, sandboxed or not.

curt151y ago

>Because software could impersonate and trick the user into giving away sensitive information, such as credit card data, or authentication to act on behalf of the user.

Emails and phishing websites are much more widely used than standalone software for tricking users into giving away personal information because 1) compared to building an application in Java or Objective C it's much easier to craft emails and fake websites and 2) everyone is already browsing the web.

fsfloverOP1y ago

> Allowing the user to install and run any software does result in a less secure system.

> Because software could impersonate and trick the user into giving away sensitive information

“Allowing direct democracy makes a country unsafe, because the citizens could be tricked by propaganda”

sshine1y ago

That quote would apply perfectly if Apple were a country.

j / k navigate · click thread line to collapse

0 comments

sshine1y ago

> Security doesn’t equal to giving away the full control to a third party.

Allowing the user to install and run any software does result in a less secure system.

Also if that software is run in a sandboxed way (but allowing installation from anywhere).

Because software could impersonate and trick the user into giving away sensitive information, such as credit card data, or authentication to act on behalf of the user.

> By this logic, Linux servers are insecure.

Yes, if we go with there being one single thing called "Linux servers", they are insecure by the same measurement.

I would differentiate between mobile software that targets end users and server software that targets professionals.

curt151y ago

>Because software could impersonate and trick the user into giving away sensitive information, such as credit card data, or authentication to act on behalf of the user.

fsfloverOP1y ago

> Allowing the user to install and run any software does result in a less secure system.

> Because software could impersonate and trick the user into giving away sensitive information

“Allowing direct democracy makes a country unsafe, because the citizens could be tricked by propaganda”

sshine1y ago

That quote would apply perfectly if Apple were a country.

j / k navigate · click thread line to collapse