Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kernel of iOS 10 Preview Is Not Encrypted -- Nobody Knows Why (technologyreview.com)

Posted by msmash on from the puzzling-researchers-inc dept.

Security experts are claiming that iOS 10 preview, which Apple made available to enthusiasts last week, is not secure. iOS 10 is the latest version of Apple's mobile operating system. It will be available to standard customers later this year (likely around September). According to security experts, iOS 10's kernel is not encrypted. MIT News reports: Why Apple has suddenly opened up its code is unclear. One hypothesis in the security community is that, as author Jonathan Levin puts it, someone inside the company "screwed up royally." But he and security researcher Mathew Solnik both say there are reasons to think it may have been intentional. Encouraging more people to pore over the code could result in more bugs being disclosed to Apple so that it can fix them.

82 comments

  1. Not secure? by wiredog · · Score: 4, Informative

    How does "not encrypted" == "not secure" in this arena?

    FTA: "That doesnâ(TM)t mean the security of iOS 10 is compromised."

    --

    Best Slashdot Co
    1. Re:Not secure? by Anonymous Coward · · Score: 1

      Hell, how does "not encrypted" == "opening up the code"? The article talks like it being unencrypted means apple's giving out the source code, which is hilariously incorrect.

      I haven't read any other articles from "Technology Review", but just from this article, I have doubts about their knowledge of technology.

    2. Re:Not secure? by Anonymous Coward · · Score: 2, Funny

      If it was directly programmed in machine language, I suppose you have the source code.

      Nahhh. It's not 1960 anymore.

    3. Re:Not secure? by Anonymous Coward · · Score: 0

      How?

      Click-bait.

    4. Re:Not secure? by Anonymous Coward · · Score: 0

      Exactly. And let's get real here, with the testing framework that has to be in place, there's no way in hell that Apple screwed up that badly. Edge cases are guaranteed to pop up and tests would be added to handle those. But this wouldn't fall into that category.

      Now if we were talking about Microsoft then sure, any screwup is possible because they're primarily a marketing company. Solid technology is a distant second to that.

    5. Re:Not secure? by Anonymous Coward · · Score: 1

      The problem with closed source is that you never know where the bugs/vectors truly are. ...

      The Heartbleed and Shellshock bugs would like to have a word with your parochial attitude...

      Analysis of the source code history of Bash shows the vulnerabilities had existed since version 1.03 of Bash released in September 1989, introduced by Bash's original author Brian Fox

    6. Re:Not secure? by Maritz · · Score: 1

      there's no way in hell that Apple screwed up that badly.

      Microsoft then sure, any screwup is possible because they're primarily a marketing company. Solid technology is a distant second to that.

      So Apple aren't marketing, Microsoft are. lol. You realise that your power to convince people diminishes the more obvious your fanboyism?

      --
      I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
    7. Re: Not secure? by Anonymous Coward · · Score: 1

      "Had existed since version 1.03" does not mean that they had been known since then. Bug discovery is a very tiresome act, as let's not forget sometimes bugs in platforms that are no longer in use such as old video game consoles are not detected till decades later.

      Whooosh!

      The entire point is that a critically-serious bug lay latent in OPEN SOURCE bash code - distributed all over the place - for 25 years.

    8. Re: Not secure? by Anonymous Coward · · Score: 1

      And? What does not knowing about a bug have to do with being unable to know about a bug? In your rush to bash someone for claiming that Open Source is more secure than Closed Source, you completely failed to realize that mfh made no such claim.

    9. Re:Not secure? by Bert64 · · Score: 2

      Encrypting the kernel does nothing to improve security, as it's not true encryption but rather just obfuscation.
      The kernel has to be decrypted in order to execute, therefore every device must have the key so rather than cracking the encryption you just have to work out how to extract the key, or how to extract the decrypted kernel image.
      All it really does is create extra points of failure, waste resources and increase the risk of bugs.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    10. Re:Not secure? by Anonymous Coward · · Score: 0

      Hell, how does "not encrypted" == "opening up the code"? The article talks like it being unencrypted means apple's giving out the source code, which is hilariously incorrect.

      I haven't read any other articles from "Technology Review", but just from this article, I have doubts about their knowledge of technology.

      Perhaps it's in Java Bytecode, that's pretty easy to decompile.

      But more realistically, if it has properly named symbols it will be easier to attack than a encrypted black box, especially if you have access to software like Hex-Rays. (Unless there's even better disassemblers these days)

    11. Re:Not secure? by Anonymous Coward · · Score: 0

      What the gp is saying is basically correct imho. Microsoft has stooped to essentially putting affiliate ads in their Win10 start menu. Apple derives almost all its revenue from hardware sales and polished experience.

      Technical sloppiness is far more detrimental to Apple. With Microsoft they can let tons of bugs slip through and monetize their users because no one will care. If someone is using Microsoft products it's because they're most likely locked in with no escape. Apple on the other hand locks in with the prospect of future hardware sales, big difference.

      So marketing in the sense of "where is your bread buttered".

    12. Re:Not secure? by Anonymous Coward · · Score: 1

      There is one big difference.

      When a bug happens with F/OSS, the -bug- is announced, and people are told to get workarounds out. An hour or two later, a temporary fix is issued, and a few days after, it is fixed permanently. Usually this is done well before the bad guys can attempt compromises on a wide scale.

      When a bug in a closed source OS is announced, it isn't just the bug, it is because the exploit is actively being used, 0-days are out there, and sites are being compromised. There usually are few ways to work around it, other than pull the network cable or turn off services, and it can take days to a month to actually get a fix.

      Heartbleed and Shellshock were pretty much addressed almost immediately. I spent more time updating Excel spreadsheets to hand to the auditors than actually pushing out the updates and checking if they fixed the issue.

    13. Re:Not secure? by BronsCon · · Score: 1

      It also ensures that the kernel on the device wasn't modified (think: desolder NVRAM, solder onto your own board, modify, replace).

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    14. Re: Not secure? by Anonymous Coward · · Score: 1

      And? What does not knowing about a bug have to do with being unable to know about a bug? In your rush to bash someone for claiming that Open Source is more secure than Closed Source, you completely failed to realize that mfh made no such claim.

      BULLSHIT.

      Because he did claim just that:

      The problem with closed source is that you never know where the bugs/vectors truly are. ...

      That must be why the Shellshock bug lay latent for 25 years.

      Explain how "open source" makes such bugs "shallow"?

      Because REALITY says otherwise.

    15. Re: Not secure? by Mattcelt · · Score: 1

      It isn't the openness of code that makes bugs shallow. In fact, as I remember the original quote, it went something like: 'given enough eyes, all bugs are shallow'.

      It has nothing to do with the state of the code and everything to do with how many people are analysing the code.

      With open source, the opportunity exists for many more people to examine the code and discover the faults, and that increases hugely with the popularity of the software and its development. With closed-source development, only the people authorised to see the code will examine it.

      So the number of lines of code (x) divided by the number of developers looking at it (y) gives the real "shallowness" value. As x:y decreases, more faults tend to be discovered in a given time period. (This does not account for the complexity of the faults, obviously.)

      A popular open-source project will be much more likely to have a lower x:y ratio than a comparable closed-source project, even if for no other reason than it is in the company's best interest to increase x:y for profit.

      What's more, not only are faults found more easily with more eyes, but the fixes for those faults are also more easily written and applied with more minds working on it.

      I hope this helps explain the 'REALITY' you speak of a bit better to you. There is real security value in open-source software.

    16. Re: Not secure? by ShaunC · · Score: 1

      The entire point is that a critically-serious bug lay latent in OPEN SOURCE bash code - distributed all over the place - for 25 years.

      But it was found eventually and we're all safer now as a result. Could such a vulnerability have been found at all in a closed-source OS like Windows? Certainly not by a third-party researcher as was the case in Shellshock and Heartbleed.

      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
    17. Re:Not secure? by macs4all · · Score: 1

      It also ensures that the kernel on the device wasn't modified (think: desolder NVRAM, solder onto your own board, modify, replace).

      Exactly.

    18. Re:Not secure? by tbuddy · · Score: 3, Informative

      Article was stupid. Why anyone would get the source code from the build when they can get the source code for XNU right here for the last 20 years.

    19. Re:Not secure? by AK+Marc · · Score: 1

      Why is encryption required for that? Wouldn't a hash/checksum be sufficient?

      --
      Learn to love Alaska
    20. Re: Not secure? by Anonymous Coward · · Score: 0

      It isn't the openness of code that makes bugs shallow. In fact, as I remember the original quote, it went something like: 'given enough eyes, all bugs are shallow'.

      It has nothing to do with the state of the code and everything to do with how many people are analysing the code.

      With open source, the opportunity exists for many more people to examine the code and discover the faults, and that increases hugely with the popularity of the software and its development. With closed-source development, only the people authorised to see the code will examine it.

      So the number of lines of code (x) divided by the number of developers looking at it (y) gives the real "shallowness" value. As x:y decreases, more faults tend to be discovered in a given time period. (This does not account for the complexity of the faults, obviously.)

      A popular open-source project will be much more likely to have a lower x:y ratio than a comparable closed-source project, even if for no other reason than it is in the company's best interest to increase x:y for profit.

      What's more, not only are faults found more easily with more eyes, but the fixes for those faults are also more easily written and applied with more minds working on it.

      I hope this helps explain the 'REALITY' you speak of a bit better to you. There is real security value in open-source software.

      REALITY:

      Two of the most popular open source packages had the most severe bugs lay latent - FOR DECADES.

      It's really, really hard to be more popular than bash and OpenSSL.

      And yet, Shell Shock and Heartbleed happened.

      You know, the ancient Greeks also had their myths....

    21. Re: Not secure? by Anonymous Coward · · Score: 0

      Lol. They've demonstrated they DO NOT have a test framework worth a damn.

      Gotofail

    22. Re: Not secure? by Anonymous Coward · · Score: 0

      You offset the checksum after you make modification.

    23. Re: Not secure? by HiThere · · Score: 1

      That was the quote, and that was the hypothesis. It's been shown to be *largely* true, but not guaranteed. The actual statement should have been a lot more modest, something along the lines of:
      given enough eyes, most bugs are shallow, but some aren't

      Open Source tends to have its bugs corrected more rapidly, but this is only a tendency, and it seems to depend more on the number of people trying to join the project than on the number of people using the project. E.g., I've never looked at the source code of most of the tools I use, but I have looked at various compiler libraries.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    24. Re: Not secure? by TangoMargarine · · Score: 1

      If you really want to make this into a dick-waving competition, how many bugs of comparable severity have closed-source ecosystems such as Windows and MacOS had in that same time period?

      Nobody is saying open source makes things perfect. It makes things *better.*

      --
      Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
    25. Re: Not secure? by Anonymous Coward · · Score: 0

      One counterexample. Not interesting, much like your shitty posts.

      More interesting - are open source projects less susceptible to issues than closed source projects with a similar use base.

    26. Re: Not secure? by Mattcelt · · Score: 1

      The most popular open- and closed-source packages have had severe bugs lay latent - FOR DECADES.

      FTFY.

      And speaking of myths... the Heartbleed vulnerability was committed to the OpenSSL source on 31 December, 2011. If 'DECADES' have passed since then, there's something seriously wrong with my NTP server.

    27. Re: Not secure? by Mattcelt · · Score: 1

      Well-put. Perhaps the caveat should be the number of contributors, rather than simple popularity. (Though I do imagine those numbers are somewhat correlated in open-source projects.)

      Some software faults are tremendously obscure. In fact, there are many that exist that will *never* be discovered. It's just a fact of life.

      But I think we agree that open-source software has the inherent potential to be more secure by its nature than its closed-source counterparts.

    28. Re: Not secure? by Plumpaquatsch · · Score: 1

      The entire point is that a critically-serious bug lay latent in OPEN SOURCE bash code - distributed all over the place - for 25 years.

      But it was found eventually and we're all safer now as a result. Could such a vulnerability have been found at all in a closed-source OS like Windows? Certainly not by a third-party researcher as was the case in Shellshock and Heartbleed.

      So a bug in an Open Source project that is widely exploited is better than a bug in closed soured software that is never found and thus never exploited. Because OPEN SOURCE.

      --
      Of course news about a fake are Fake News.
    29. Re: Not secure? by Plumpaquatsch · · Score: 1

      Lol. They've demonstrated they DO NOT have a test framework worth a damn.

      Gotofail

      Gotofail? Wasn't that in an Open Source part of the OS? Considering it was called for the actual code snippet that contained the bug - yes it was. So make that another fail for Open Source.

      --
      Of course news about a fake are Fake News.
    30. Re: Not secure? by Anonymous Coward · · Score: 0

      its signing that takes care of all that. the bootloader in the hw checks for it.

      LIKE On every other smartphone for 16 years

    31. Re:Not secure? by Anonymous Coward · · Score: 0

      Everyone, even the least tech savvy user --unless they've been living under a rock, knows that Android is NOT secure and they make their purchase knowing full well that this is the case. Usually, the excuse is something like "I want to "customize" my phone" that for most people means "I've moved my icons and changed the colors and the font of the UI" but whatever the excuse, the users are not surprised. On the other hand, one of Apple's major selling points is their security and anything that calls that into question will invariably result in some percentage of users defecting and some other percentage not purchasing a product that they would otherwise have purchased or purchasing it from someone else. For a corporation like Apple that depends on selling customers more than one widget that "just works", anything that casts doubt on either "just works" or "more secure than Blackberry ever was" or any of the other foundational ideas is bound to cost Apple a great deal of sales. Since the entire company depends on "making the whole widget" and selling the user experience, even a rumor, and particularly, one that "seems clear enough" or "common sensical enough" to the average man on the street, can bankrupt the company. Think I'm exaggerating? What would happen to Microsoft if no one HAD to buy Windows or Office because that was "what they make us use at work"; maybe someone can ask Corel or WordPerfect developers?

  2. iOS vs OS/X by Viol8 · · Score: 1

    Just out of interest, how much codebase do they have in common, does anyone know? Is it the same mach kernal running on both for example?

    1. Re: iOS vs OS/X by Anonymous Coward · · Score: 0

      More or less. The iOS kernel is usually further along in development, and there are parts unique to each, but in general yes they are the same. The open source xnu code is pretty close to iOS except that they've been stripping out what I assume to be iOS specific #ifdefs. Sometimes they slip through but they've been getting better about that.

    2. Re: iOS vs OS/X by Anonymous Coward · · Score: 0

      So both are about 8 years behind Linux.

  3. Not the source code by Anonymous Coward · · Score: 2, Insightful

    The article seems to react as if they gave the source code, which is not the same thing as being unencrypted. If it's just a binary blob it's not really "open". However, I guess that's still easier to find exploits than an encrypted kernel, though.

    I know the kernel is Darwin which IS open source. Does Apple modify it much without releasing their changes?

    1. Re:Not the source code by LichtSpektren · · Score: 5, Informative

      The kernel is XNU which is open source: http://opensource.apple.com/so...

      Darwin is the open source OS that is the Unix core of macOS, iOS, watchOS and tvOS. So that is to say, when you say "iOS", you're talking about some closed source additions to Darwin which is particular to iPhones and iPads.

    2. Re:Not the source code by mfh · · Score: 3, Interesting

      There were hidden behaviours before that are now visible to the trained eye.

      --
      The dangers of knowledge trigger emotional distress in human beings.
    3. Re:Not the source code by Anonymous Coward · · Score: 0

      The source code of the iOS version of XNU is _not_ open. The tarball dumps of XNU are of the OS X version, and contain _no_ ARM specific code. We're talking about thousands of lines missing, here.

    4. Re:Not the source code by Anonymous Coward · · Score: 0

      The reason this is so important comes down to to KPP or kernel patch protection. To jailbreak the phone, you need to bypass this additional layer. The source code wasn't available until this kernel release.

  4. Ok? by LichtSpektren · · Score: 4, Informative

    iOS shipped unencrypted by default until v.8. The source code is freely available to view online: http://opensource.apple.com/so...

  5. limited preview by i.r.id10t · · Score: 2

    It is a limited preview release... not released to the masses. I would expect that some stuff will change between now and release day... including whether or not the kernel is encrypted or not...

    --
    Don't blame me, I voted for Kodos
    1. Re:limited preview by Anonymous Coward · · Score: 0

      Except it doesn't matter now. It's out so there's no going back. If it was a mistake it's a big one. Encrypting future releases wont help unless they trash the entire kernel and write a new one.

    2. Re:limited preview by tlhIngan · · Score: 1

      I don't think it's even an issue - it's a limited developer preview. These are builds given to developers to load onto their devices so they can develop and test their apps running on the new OS ahead of time.

      It's not meant to be secure, it's not meant to be used in production, it's just so developers can test out the new APIs and start coding against them

      Hell, you're allowed to downgrade your device back to iOS 9 if you don't need it anymore.

      The public beta isn't until a month or more away

  6. here's an idea by Anonymous Coward · · Score: 0

    "Why Apple has suddenly opened up its code is unclear"

    Geezus, why doesn't some reporter call up Apple and ask them? At least, get a comment for the record. It'd be quite a scoop since apparently this has not occurred to any security researchers or reporters on the planet. They are too busy making hypothesis about it, I guess

    1. Re:here's an idea by Anubis+IV · · Score: 1

      A lot of the reporting coming out yesterday following the initial reports indicated that the company either hadn't been responding or had been responding with, "No comment."

    2. Re:here's an idea by Blade · · Score: 4, Informative

      FTA,

      "Apple declined to comment on why it didn’t follow its usual procedure."

      Someone did ask, Apple didn't say anything.

    3. Re:here's an idea by rockmuelle · · Score: 1

      FTA,

      "Apple declined to comment on why it didn’t follow its usual procedure."

      Someone did ask, Apple didn't say anything.

      Which is Apple's usual procedure (not responding). Heck, even within Apple engineers aren't allowed to share details like this outside of their immediate team.

      But, as many other posts have pointed out, the source code for most of the kernel is already open source and iOS was unencrypted until iOS 8. Not really much to see here...

      (on a side note, what's up with /. suddenly becoming just a string of "gotcha" stories about software bugs and corporate mistakes?)

    4. Re: here's an idea by adolf · · Score: 1

      "gotcha" articles are better than the insufferable ones about workplace demographics that used to litter these pages.

      --
      Kid-proof tablet..
    5. Re:here's an idea by Plumpaquatsch · · Score: 1
      https://techcrunch.com/2016/06/22/apple-unencrypted-kernel/

      “The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” an Apple spokesperson told TechCrunch.

      --
      Of course news about a fake are Fake News.
  7. National Security Letter by Anonymous Coward · · Score: 0

    Sounds like a "National Security Letter" oops.

    1. Re:National Security Letter by Thud457 · · Score: 3, Funny

      Those damn canaries keep dying.
      Must be bad air around here.

      --

      the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

    2. Re: National Security Letter by Anonymous Coward · · Score: 0

      Yeah bullshit. We know that Apple has caved to the Chinese government as the iPhone has been allowed to succeed in that market. We do not yet have solid proof that Apple has caved to western governments demands for a Backdoor .

    3. Re:National Security Letter by DoubleUP · · Score: 2

      Those damn canaries keep dying. Must be bad air around here.

      Nah, the foreman said something's wrong with the canaries. Keep digging.

      --
      This sig may contain nuts.
    4. Re:National Security Letter by Anonymous Coward · · Score: 0

      Those damn canaries keep dying.

      Must be bad air around here.

      Nah, the foreman said something's wrong with the canaries. Keep digging.

      It's probably the work of Kobolds. They killed so many cobalt miners we named the stuff after them. Seriously.

  8. Summary is pretty shit by Anonymous Coward · · Score: 0

    And the website doesn't work.
    So, did they open source it?
    Do they normally encrypt the binary and didn't this time?
    How does that make it less secure?
    Windows is encrypted. Linux isn't encrypted.
    What is this article talking about?

  9. Lets check by hlavac · · Score: 1

    Time to compile the source and see what the difference will be against the binary?

    1. Re:Lets check by hlavac · · Score: 1

      And unencrypted kernel is a good thing. It just needs to be SIGNED, not encrypted.

    2. Re:Lets check by i.r.id10t · · Score: 1

      Wouldn't encrypting it work sorta like a signature? If the boot loader is loaded with a key, and only that kernel - or kernels released as part of point releases/security updates - will decrypt with that key, isn't that equivalent to checking a signature?

      --
      Don't blame me, I voted for Kodos
    3. Re:Lets check by Anonymous Coward · · Score: 0

      No. Not unless you're using a cipher that implements Authenticated Encryption. An encrypted kernel without a fingerprint / hash is next to pointless. One can spray and pray bits into the kernel image and even though we don't know what the result will be when the block is decrypted, we know we're changing bytes and can then examine the result of running that code. Most changes will crash the system or cause invalid instructions, but not all changes do. Once we find a location and bit pattern to overwrite which causes the first desirable outcome, we keep it in place and repeat the process until we have a fully working patch to get our malware into the encrypted system.

      So, it's actually MORE important for the data to be signed than encrypted. Without signing malware can still infect the kernel image (provided it's writable -- which is why my /boot/ resides on a CD-ROM).

  10. Re:Only LUDDITE software is encrypted. by Anonymous Coward · · Score: 0

    2/10, you tried.

  11. Noscript friendly link by invictusvoyd · · Score: 2

    http://www.macrumors.com/2016/...

  12. And as a side-line by Anonymous Coward · · Score: 0

    Congress has voted to make April 20th:
    National Brownies Day, National Pizza Day, National Cheetohs day,
    National Open-Source iOS Day, National Pie Day, National Clown Day, National Hassenpfeffer Day,
    National DeadPool Day, and National Psychics Day
    in an unprecedented flurry of add-on clauses to the National No-Government-Snooping Day Bill....

    1. Re:And as a side-line by Plumpaquatsch · · Score: 1

      Congress has voted to make April 20th: National Brownies Day, National Pizza Day, National Cheetohs day, National Open-Source iOS Day, National Pie Day, National Clown Day, National Hassenpfeffer Day, National DeadPool Day, and National Psychics Day in an unprecedented flurry of add-on clauses to the National No-Government-Snooping Day Bill....

      They forgot National Hitler's Birthday?

      --
      Of course news about a fake are Fake News.
  13. No backdoors here! by MTEK · · Score: 1

    Did encrypting it raise suspicion in countries like China?

  14. A little help for the JailBreak community? by grc · · Score: 5, Funny

    Maybe Apple is just trying to revive the JailBreak community. This community has contributed many innovative ideas that Apple eventually incorporated into newer versions of iOS. The JailBreak community is not what it once was, and maybe Apple is just trying to resuscitate it...

    1. Re:A little help for the JailBreak community? by Anonymous Coward · · Score: 0

      Close..... Apple wants them to find more security holes, so that Apple can patch them IMO.

    2. Re:A little help for the JailBreak community? by Anonymous Coward · · Score: 0

      What's up, is arstechnica down or did you just hit the wrong website?

      Of course someone at apple fucked up and the next kernel is going to be encrypted again.

    3. Re:A little help for the JailBreak community? by Anonymous Coward · · Score: 0

      Funny how the empty can rattles the most.

      This is obviously Apple's response to the FBI. The next kernel will not be encrypted. Think it through before you make stupid comments.

      BTW Arstechnica has a hell of a lot more accurate technical discussion than this site does. Reading Slashdot doesn't make you a genius, idiot.

  15. Immediately following this . . . by mmell · · Score: 2

    Sam Flynn was seen jumping off the Encom Tower . . .

    1. Re:Immediately following this . . . by aristotle-dude · · Score: 1

      Sam Flynn was seen jumping off the Encom Tower . . .

      That would be the Shangri-La hotel in Vancouver on West Georgia St.

      --
      Jesus was a compassionate social conservative who called individuals to sin no more.
  16. They are on IRC and forums by Ilgaz · · Score: 1

    Funny thing is you can actually go find Apple kernel developers in not so secret places like IRC, Apple isn't Microsoft.

    It needs a secret long forgotten wizardry like journalism of course.

  17. Why _would_ they encrypt it? by Anonymous Coward · · Score: 0

    This looks like either a non-story, or a minor sign of Apple's security (and performance) improving (but even so, it's just minor).

    Can anyone think of a reason why encrypting the OS would make any sense, or do anything useful? Probably just wasted cycles.

  18. Re:Only LUDDITE software is encrypted. by Maritz · · Score: 1

    I don't think you can hit 3/10 or higher with the whole "appy apps" or "cows moo" shit. It's just weak as fuck.

    --
    I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
  19. Is this something similar to a warrant canary? by Varka · · Score: 1

    Maybe Apple's been forced to include some sort of backdoor that they can't talk about, and this is the only way it might be "exposed." Then again, I wouldn't expect Apple to give two shits if it had the potential to negatively impact sales, so maybe not...

  20. Re:Only LUDDITE software is encrypted. by mlts · · Score: 1

    I have never gotten the "app" verb used in this context. I assume "apping an app" means using XCode and Git, with a very well-honed Agile and Scrum process, with multiple development, alpha, and beta stages to get code that is as bug-free as malware (malware tends to be the least buggy of types of software.)

  21. Better apps? by valnar · · Score: 1

    If this means people can write better apps geared towards the kernel, I'm all for it. There aren't any (or any good) WiFi scanner apps available for iOS like Android. It would be nice to have that in my toolkit. Apple has prevented such apps before in the past.

  22. Maybe they WANT some people to analyse it by allo · · Score: 1

    Somebody forced them to include something ugly, they are not allowed to tell and they really hope we'll find it now.