[jamesaguilar]

In almost all circumstances, I agree. However, the one circumstance I don't agree is when systems are being kept secure mainly against their own users. In this case, insecure systems are preferable (as a user), especially when the attack vector is likely to only be triggered intentionally. Since I don't plug my iphone into random USB cables pretty much ever, the only likely case where this vulnerability could be exploited against my phone is if I chose to jailbreak it.

[eridius]

Please stop speaking in generics. I assure you that, for the vast majority of iPhone users, insecure systems are not preferable.

[randyrand]

You're right, but then again, I also like being able to run my own software on my own devices.

If secure means closed well, that is not a trade off a lot of people are not willing to make. Just take a look at the outrage from the Windows 8 secure boot loader that can theoretically stop linux from being installed.

Personally, I like it when companies include some physical mechanism of getting root access to the machine. Whether we have to get root access through the charger port, or pressing F12 when the PC is booting, this mechanism will by definition have to be a 'vulnerability.' Of course, root access in this sense is referring to bootloader root access, not the operating system - that would be bad. We can only assume which type of root access is being referred to in the hack above.

[eridius]

If secure means closed well, that is not a trade off a lot of people are not willing to make

You're living inside a tech bubble. The vast majority of iPhone owners don't care about "open". They care about "it works". These people are benefited greatly from having a "closed" yet secure system.

[katbyte]

I too would like to run my own software on my iPhone, yet i would rather it be closed and as secure as possible then open. It, to me, is a phone first, and a computing device second and its security is more important then anything else.

[ekianjo]

> I also like being able to run my own software on my own devices.

Don't use an iPhone :) Vote with your wallet! And for the Windows 8 lock down of Linux, there are still numerous ways to get a Linux-enabled laptop, or to ensure that what you buy will work well.

[Terretta]

> I also like being able to run my own software on my own devices.

And you can. Visit http://forecast.io from iOS Safari and add the icon to your home screen, then run that.

This is the app distribution method Jobs tried to sell developers on. Developers mostly don't want want it.

Of course, you can also run your literally own apps, native apps, by installing them yourself. You only need the App Store to sell them.

Finally, you can set up your own distribution platform. See TestFlight.

[jamesaguilar]

For the vast majority of them, they'll never plug their phone into a non-Apple connector, so the security status of this subsystem will not have any practical importance either way.

[eridius]

I think you underestimate how willing people are to share chargers. If you make one of these malicious chargers, and mock it up to look similar enough to an Apple one, I bet you could compromise a decent number of phones just by hanging out in a popular place (e.g. a coffee shop, or an airport) and making your charger available to folks.

[dlhavema]

The airport is a perfect example, offering USB ports for iPhone, Android, etc and there would actually be a computer behind the scenes skimming whatever it wanted, or adding whatever it could to the devices connected... A lot of people are eager to plugin to charging stations while waiting for their flights.

[jamesaguilar]

I guess I didn't consider that aspect. I have to concede this point.

[bigiain]

You haven't been to a conference/tradeshow/festival lately? "Free phone charging stations" are really common these days.

[uxp]

Non-apple connectors are still just USB cables, which have to be plugged into somewhere. That somewhere could be malicious.

[Dylan16807]

Please stop speaking in generics. There is a big difference between physical security and the traditional security against malicious code.

[anextio]

> insecure systems are preferable (as a user)

No they’re not. Religious issues should never come before security.

[jamesaguilar]

What? I am not speaking about a religious desire for freedom. I'm speaking of the practical pros and cons of wanting to use a system I own in a certain way and not being able to, versus a miniscule risk of a certain attack vector being exploited.

Did the irony of calling my point of view religious while implying that security overrides all other preferential considerations escape you?