|
|
|
|
|
|
by Terretta
1830 days ago
|
|
|
In each disputed area you suggest it’s “likely” Apple is right. In my experience, security engineers, even Apple security engineers, have the same very human kind of “can’t see my own typos” bias as the rest of us. In my experience, fresh eyes looking from a different perspective are more likely to be right. (Part of why pen testing and security researchers are a thing.) |
|
|
I've written web apps, and I've written embedded security code. It's a lot easier to screw up and have a race condition in rate limiting code in a web stack than in a carefully designed HSM consensus algorithm (especially since the latter kind of depends on this being handled properly for data correctness, not just defending against attacks).