Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Just to play devil's advocate (not a lawyer though):

What constitutes a "phone"? Any device with cellular capabilities? What about WiFi calls? What if it's an industrial device with no network (LTE/data) access? Is a laptop with a 3G modem covered under this?

I would suspect the problem is in defining what devices to target, and also the fact that forcing any company to modify the functionality could be perceived as a slippery slope (i.e. security notifications first, NSA backdoors later...)

In Apple's defense, it is pretty difficult to miss an update alert considering it comes through as (a) a push notification, (b) a mandatory alert, and (c) a persistent red badge on the Settings app.

I agree that it might be a good idea to differentiate between a normal update and a security critical one, though.



Valid points. How about restricting the scope to devices connected to a network and having some sort of push notification capability?

> In Apple's defense, it is pretty difficult to miss an update alert considering it comes through as (a) a push notification, (b) a mandatory alert, and (c) a persistent red badge on the Settings app.

> I agree that it might be a good idea to differentiate between a normal update and a security critical one, though.

But there is no mention of severity like you pointed out, and that is crucial. And till such a patch is available, Apple should notify users to disable offending apps/features if possible.


So... every computer running some sort of syslogd?


Not sure if I'll define it that way, but why not? If my mobile device is capable of showing inane ads as push notifications, why can't I expect security advisories to be delivered that way?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: