[WalterBright]

This has entered programming language design. It's not longer "educate the programmer so he doesn't make stupid mistakes", but "design the language so that stupid mistakes are detected by the compiler". Mechanical verification is far more reliable than hoping people don't make mistakes.

[potatolicious]

Yeah, the "you should wipe your phone!" and "you should never keep sensitive data on your device!" chorus seem to be missing the point entirely:

We can design devices and operating systems to be safe by default in the same way we are now designing programming languages to be safe by default. There's no reason why the data should have been recoverable from a bricked phone without the user's authentication.

We really can have our cake and eat it too - we can have devices that you can freely store nudes on without risking that some rando with a USB cord and physical access can just make off with the data, bricked device or otherwise!

[WalterBright]

The goal in the D programming language is to allow the programmer to do unsafe things (no way to implement malloc() in safe code!), but it is not by default and isn't going to happen by accident. The programmer will have to positively do something.

It's also done in a way that a programming manager can mechanically verify the absence of such code. Exceptions can be flagged for special review. Often there are safe ways of doing the equivalent.

[potatolicious]

Yep, and I think we should apply the same principles to consumer technology. You should be free to do unsafe things - but it should not be possible to accidentally do unsafe things.

It should be harder to have your photos be unencrypted on device, accessible via any USB connection, than it is to have them to be entirely inaccessible at rest.

[WalterBright]

Yes, it's a sound rule in general.