I know I’m late to this but here’s my (probably insane?) take. We use Subject-Verb-Object in English right? So, hear me out:

dialog_create_tab(...)
dialog_open_file(...)
dialog_close_file(...)

Software optimization is mostly not a language-level problem. I’ll be dailying my 3 year-old OnePlus 9 Pro until it starts missing out on security updates, but it will probably still be “usable” long after that. Support/updates aside, my 6 year-old galaxy s9 can still run most normal apps. Hell, I got the most recent lineageOS running on a pixel 2 XL from the year before that and it straight up felt fast as long as I wasn’t playing some super intensive game or something. This isn’t an android vs. iOS problem, it’s a “developers of [insert flashy new app here] either not bothering to put effort in to optimize their code or being forced to push out a minimum viable product ASAP” problem.

Edit: fixed my hyphen use

That’s partially my point. You can never be 100% safe, but there’s a lot you can do to increase your safety besides just relying on intuition (edit: because intuition is usually the weakest link, see social engineering/phishing tactics). Anti viruses (when they aren’t just bloatware) are part of that.

Your second point about not meaningfully defending against backdoors and vulnerabilities is kind of against the point. You can totally defend against backdoors by not giving apps admin privileges, limiting network access, etc. so that damage can be limited even if an exploit happens. Then, if some backdoor or exploit is discovered, it’s only as dangerous as the permissions you give that app.

Linux gets viruses too (see recent xz-utils vulnerability that almost got into production environments) and its kind of a shame that corporate antivirus software like Norton and McAfee end up ruining the reputation of antiviruses. In theory the idea of having a software that can scan for common viruses is a great way to increase security, even if it shouldn’t replace common sense. I’m not too sure if there are any good FOSS antiviruses, but if there aren’t there should be.

What makes you think so?

The devs said so. Check r/Suyu, that seems to be where a majority of the updates are being posted. I think there was a link to a pastebin post somewhere there as well.

The SDK mentioned was first party, presumably leaked but I’m not completely sure. And yes, that means it would be present in every other fork as well.

Edit: here are some of the links I’m talking about:

https://www.reddit.com/r/suyu/s/TqSWDlnsGs

https://pastebin.com/6FYdz9Sr

Edit 2: worth noting that the “founder” (as they call themself) still wants to continue on the project but I believe a majority of the devs left.

Edit 3: I found the archive link from someone on the Yuzu team showing they had access to a leaked switch SDK: https://web.archive.org/web/20210114104638/https://twitter.com/Slashiee_/status/1349557173970341890

I don’t know how much of this evidence is real but if any of it is they’re going to have a much harder time finding devs willing to contribute to Suyu, even if development does continue.

Suyu died though. Right now the only actively maintained Yuzu fork is Sudachi, which is only maintained by a single person.

Apparently there was some drama about the Yuzu devs using code which came from a switch SDK as a basis for emulator code, which kind of poisons the whole codebase.

I love not having downvotes federated 😎

Thanks for the explanation! I didn’t realize it was mostly a maintenance limitation, I thought maybe 32-bit instructions could be an extra attack vector on a physical CPU instruction level or something like that.

Isn’t supporting 32-bit apps on a 64-bit OS a security concern though? I thought that’s why some linux distros were disabling 32-bit repositories by default on their 64-bit versions

I feel like squash and merge on GitHub/GitLab is nicer for that anyway though, it makes the main branch so much cleaner automatically

You’ll have to settle for naming your child after one of their public keys, but then your child will only be able to talk to them.

Oh true I didn’t realize the semicolons were missing (that’s what the compiler errors are for)

Could also be rust (no parens on ifs there either), kind of hard to tell with just an if statement and some function calls

Hi, it’s me, the intern refactoring the spaghetti .NET core backend. I’m not in a basement though. AMA

I think we’re on the same page? If an attacker wanted a keylogger they wouldn’t even need to go as far as a screen, there are plenty of other ways (like a 3rd party keyboard app) that would work just as well, if not better, on an iPhone.

Hell, while we’re at it, using a phishing email to get you to enter a password in a fake site or using social engineering to reset your passwords is way more effective than reverse engineering and modding a camera/screen.

There’s no reason why Apple should get to keep exclusive rights on repairs just to profit more on parts. 3rd party screens, cameras, face id modules, etc. aren’t going to suddenly make your phone less secure.

TS and JS are completely single threaded unless you have multiple instances of node running at the same time.

You can have both though. Just add some random menu in the settings that turns bright red when using a non-certified component so security can be easily verified, but don’t needlessly lock people out and charge $500 to fix a $10-50 module on a $1000 phone

Edit: Adding on to this, Ifixit isn’t outlawing verification, the above example of whatever red warning is a clear way they could keep it.

If you think keyloggers require software running on your physical keyboards you’re in for a rude awakening.

Keyloggers are almost always at a pure software level and are conceptually simple to make. So simple that in fact, it’s the same thing as running a regular application with background shortcuts. The only thing that is different is that regular apps aren’t saving/recording anything, they’re just listening for you to press cmd+whatever.

It takes maybe ~10-15 minutes to make a keylogger in Python that could run on any computer, mac, windows, or Linux. Maybe a little longer if you wanted to use a compiled language and properly hide it.

Sorry to burst your bubble.

• A software developer

No, you can’t, because that isn’t a good analogy. Those two situations are not at all the same, but I’ll humor you.

The analogy you’re making is like saying only the company who makes doors is allowed to change the lock on your door, and they’re allowed to just stop offering the lock-changing service whenever they want. They also conveniently put a mechanism in so that whenever a third-party locksmith comes, your door falls apart. Your only option is to buy a new door, doorknob, frame, and hinge because your lock is worn out.

As a current computer science college student who was a TA for 2 semesters, can confirm… It’s wild out here