Meh. It’s up to Apple to write secure software in the first place. Maybe if they spent more time on that instead of fucking over their UI in the name of something different, and less time virtue signalling, their shit would be more secure.
I totally agree, and it's basically theft that Apple simply doesn't have a standing offer to outbid anyone else for a security hole.
That said, we all get the same time on this earth. Spending your time helping various governments hurt or kill people fighting for democracy or similar is... a choice.
I don't think democracy is the panacea you seem to think it is, but that's another issue. Certainly, cracking software for governments and the police is no less legitimate an existence and occupation as, say, working for an NGO.
And yes because their UI folks should be spending time on the kernel. What next? If Apple didn’t have so many people working at the Genius Bar they could use some of those people to fix security vulnerabilities?
Are you suggesting that money spent on marketing - to the extent that it doesn't actually increase market share/sales - couldn't be spent on hardening or vulnerability payouts, etc?
Apple doesn't have unlimited money. It all gets allocated somewhere. Allocating it in places that don't improve security or usability or increase sales is, in this sense, a wasted opportunity that could be more efficiently allocated elsewhere.
> Are you suggesting that money spent on marketing - to the extent that it doesn't actually increase market share/sales - couldn't be spent on hardening or vulnerability payouts, etc?
If Apple had unlimited money they’d just buy the exploit makers at whatever asking price. Or they’d set exploit bounties at a price guaranteed to outbid others etc.
No, just like any other company they don’t have unlimited money and my point stands.
Really? You don’t think Apple could “afford” to set aside $500 million dollars for instance to pay off exploit makers? Less than 0.5% of their profit? Or even $1 billion? Less than 1% of their profit?
I don't know, but I would suspect that they don't purchase these companies out of a sense of principle: not wanting to reward the behavior. Yes, that allows them to keep operating, but it's sorta like why you don't pay a ransomware group.
Ofc they could afford to, but they don’t. They could alo afford to if they had unlimited money, but in the latter case by definition they’d lose nothing by actually buying.
Given the absurdity of the scenario and its contrivance though I’m not sure what your point is. More money spent on security is good is my point. And if they had more money they’d have more money to spend on security. And if they didn’t spend money on dumb shit like virtue signaling then they’d have more money. That’s the reasoning.
My point is that it’s silly to say that Apple doesn’t have enough money left over after spending money on marketing to pay off people who find security vulnerabilities if they have $110 billion in profit after spending money on marketing.
If you had to spend 0.5% of your income for something in a year, would that adversely affect how you chose to spend the other 99.5%?
My ethics are that certain people will die in certain circumstances and I’m okay with that. I also have no issues working on something that may result in a person’s death at a later stage. One example might be that if I worked on an automobile assembly line it might occur to me that the car I’m working on would at some point crash and the occupants be killed. But why would I care? There’s a chain of causation that you can surely understand, one that in this case would be broken many times before then (assuming I wasn’t negligent in assembling the car).
But again, your condescending tone proves my point. You and I don’t have the same values. That’s okay. But keep yours to yourself and I’ll keep mine to myself, right? That’s my point.
You're confusing ethics with your own personal views. Ethics is a subject concerning right or wrong. It's neither subjective nor objective - it's just a particular subject encompassing particular issues. Your personal opinion on a particular issue might go some way toward describing what YOU think is ethical behaviour. That's subjective. It describes a factual state (viz., your opinion about something). My opinion may be very different from yours. My opinion is also subjective.
If you think never harming any person is the highest human aspiration, then great! I wish you well on that journey. I disagree though, and personally - as a matter of my own morality and philosophy about the world - I think the earth would be a much better place with maybe 1/2 the current population (assuming we could cull the right people). Avoiding causing harm to others isn't really something I care about, and I think there are more important and more interesting things to worry about. I also think killing is absolutely justified under certain conditions and I also think the world would be objectively better off if certain people didn't exist. We disagree about this, but that doesn't mean we aren't both acting ethically. We just have very different ideas about what is good and bad and right and wrong.
Both of us can act ethically despite holding those contrary positions and stay within our own logical frameworks. I hope that makes sense to you.
Now, once again the main point was that doing work for the police or hacking shit for governments is a legitimate occupation and is legal, even if it leads to somebody being executed or arrested or deported (in fact, those are also legitimate things that plenty of people have no problems with). Laws generally reflect society's overall views on some subject matter. Feel free to Google social facts and Durkheim and Hart and the rule of law and theory of laws. Stating such is to state objective facts. If you dislike those occupations, that's cool - some people dislike prostitution, but it's a legitimate and legalised occupation in many places. But your opinion on the matter doesn't delegitimise it, and frankly nobody wants to hear your casting judgment on others based on your own personal opinions. This is the issue with protestors today - nobody else cares, man. Leave people alone lol.
That’s not what I said, I just aim to reduce harm and my culpability for it. I had assumed this was a fairly noncontroversial formulation of ethics but I guess if your goal is to explicitly bring about harm to specific people it is reasonable that we would not be able to have a discussion on this topic.
What you said was a fait accompli wherein you assumed that we both share the same moral position on certain issues and you suggested that such agreement must exist for us to both be ‘ethical’.
I agree any discussion about the morality of this is unlikely to be productive, but I could have told you that at the start. Maybe don’t bring ‘ought’ statements into a discussion that’s really about the ‘how’ - how this zero-day was exploited and/or patched is, after all, the point of the submission, not some moral discussion about whether white hats ought to be doing this sort of shit in the first place.
Yes I'd wager they're soda lime and ought to filter it. In absence of knowing the material, it's a hazard that can be mitigated with cheap PPE. Everyone can make their own choice, as long as it's informed.
For Opensauce '24 I modified a Leclerc Dorothy Table Loom to be a Jaquard. With exception of some bearings and rods it was entirely 3D printed. It could run real punch cards (that I cheated and used a laser cutter to make, I wasn't building a second machine to punch the cards. Although that machine is super cool on it's own.) I had found a book that detailed extremely well the mechanisms used in the machine. It surprisingly worked very well with not terribly much trial and error. Even surviving being in my luggage from Maryland to SF. A surprising number of people were super excited to get to see one up close and really see how they had operated. So many people came up to tell me they had been to so and so museum where they had one, but it was a giant machine you couldn't really look at up close.
Currently I'm down the rabbit hole of leavers lace machines, they make Jaquard looms look like child's toys. But they were much less common, and I don't think any exist in the united states. If anyone has any leads or information on someone that works on or with or near or has heard of one of these machines please let me know.
Id be willing to bet the number of people who sign up for ebilling, then screw up their email address is huge. then those people blame the bank for not contacting them to tell them the issue.
yes, its not how email is supposed to work. but people can be really really stupid.
Or they've proven that you can use vein patterns in human skin to positively identify individuals well enough that payment losses are an acceptable risk, and now they plan to just integrate that into their surveillance apparatus everywhere.
I couldn't make an account on the website Digikey outsourced all their 3d models to with my work email. signed up with my personal gmail account in less than 30 seconds.
This is not some Apple specific problem.
Also this was yesterday. Never did I get any of the 3 confirmation emails they claim they sent to my work mail.
reply