> If you buy something from the App Store, we do know what you bought from the App Store, obviously. We think customers are fine with that.
Users should also be able to install apps on their iPhones without Apple knowing what they're doing. Personal computing devices shouldn't have artificial walled gardens.
But I agree with him on everything else and think he's a hero for what he's doing.
"Apple has changed its policy regarding permissions required to build and run apps on devices. Until now, Apple required users to pay $99/year to become a member of Apple’s Developer Program in order to run code on physical iPhone and iPads. As part of the new Developer Program, this is no longer required. Apps can be tested on devices, no purchase necessary."
Well, if you have a developer cert, you can use iModSign app to change the certificate on a binary and install it on your iOS device. I've done this before with a beta version of WhatsApp.
I think that what Apple has done here is an acceptable tradeoff. The app store trades a small amount of privacy for a lot more security. Looking at Android's perpetual issues with this makes me think that Apple made the right choice.
Every single release with iOS has been totally broken security-wise, as can seen from the existence of jailbreaks.
Apple doesn't even require seeing the source code, and so there is no way they can stop malicious applications written to evade detection from getting to the App Store.
And thanks to their policy you must browse with Safari WebKit, which is a nice juicy ~40% browser share target.
Of course, both Android and Windows Phone are broken too, since they also expose oversized monolithic kernels written in C to random applications, but at least Android doesn't require you to give up freedom to get non-security.
> Every single release with iOS has been totally broken security-wise, as can seen from the existence of jailbreaks.
The jailbreaks for recent versions of iOS only allow jailbreaking unlocked devices, at which point security is already compromised.
> And thanks to their policy you must browse with Safari WebKit, which is a nice juicy ~40% browser share target.
In iOS 8 they allowed other apps to use the same JIT engine Safari does[1]. This makes me inclined to take them on their word when they say it was previously disallowed for security reasons (some early jailbreaks could be done just by visiting a web page, using security holes in Safari's javascript JIT).
> What? You must mean something else because unlocked devices aren't (necessarily) compromised.
I mean compromised in the sense that the malicious party now (for example) has access to the user's email, and would be able to reset a whole host of passwords for online services (assuming they don't use 2FA or something similar, which most users don't). If they wanted to install a keylogger, or get saved passwords, then yes they still have to jailbreak my device. This xkcd is relevant: https://xkcd.com/1200/
I think we must be using "unlocked" in different ways. I'm intending it in what I think is the conventional way for this context: when the device's cellular subsystem is not electronically locked to a particular cellular service provider.
You're absolutely right, I should've picked a different word. I mean unlocked in the lock-screen/password sense. Of course, messing with carrier settings is not easily done even if the phone is not carrier-locked, and pulling of an exploit that way is even more difficult.
>Security? What security? Every single release with iOS has been totally broken
Here's a recent report from computerworld - Malware infections delivered via mobile networks - Windows 80%, Android 20%, "iOS and other operating systems were at nearly negligible percentages"
Nothing's perfect but iOS isn't that bad.
(Window's numbers seem to be mostly pcs with tethering. "Data generated from scans by Alcatel-Lucent's Motive Security Guardian technology, which is deployed worldwide by both mobile and fixed-line networks, and monitors traffic from more than 100 million devices")
I love Apple products, but please stop. Please. Do not be blind to the fact that Apple has to remove apps from the app store often due to security issues. And most of what you hear about on the Android side is either blown up in the media or because people side load apps from ... questionable sources.
You're kidding me right? Android applications are allowed to run daemons that will continue to run if you like it or not. [1] Due to Google's lax review process basically you can write a virus and post it to the store.
demon (long running task in the background) != virus
Virus' primary function is to replicate itself and infect other hosts. You can not simply install apps (or viruses) on other mobile devices without user intervention. Also viruses need access to system and/or other apps to be able to propagate itself, which is not the case on mobile platforms.
None of that things is true for demons.
Btw, iOS also has long running processes if you register proper functionality (VoIP, background download..) when submitting the app to App Store. Also iOS and Android apps can be awaken from the server and perform tasks without user noticing it.
I'm not sure knowing what users purchase makes the App Store any more secure. I'm pretty sure limiting what users can install on their devices is a different sort of tradeoff -- one of freedom for security.
Apple might just be better at covering it up. I would rather see it implemented like GateKeeper on OS X is. Safe store with the user having the power to decide if they leave the store or not.
Neither of which would be aided by opening the walled garden?
Which isn't to say I don't think there are advantages to Android's model and that of more open package repositories in general, especially for power users. However most of Apple's base is people who don't care about openness or extra repositories, they want their iPhone to work with a minimum of fuss and not have to worry about malware like you do on Android.
The fact that we can only point to a single (XcodeGhost) cromulent exploitation of the Apple App Store stack is a testament to how good Apple is at maintaining the relative security of the iOS ecosystem.
The point is that security is not an inherent or necessarily attainable feature of a walled garden. Some people seem to think that just because Apple approves apps there isn't going to be any security issues. The approval process does prevent some security problems, and has some other features, but mobile security overwhelmingly comes from things like sandboxing.
Perhaps that's the case, but if it is, then it seems clear that Apple's sandbox is far better than Android's as well. Also, approving apps does cull out a range of malware, because it is human- and computer-analyzed before entry. As I said previously, this has its downsides, but it does make it harder to get malware into the iOS App Store. Not impossible, but harder.
As far as I know the users didn't. Which is to say that the App Store doesn't provide much more security than e.g. a black list. Androids problems are more than anything having a fragmented ecosystem.
XcodeGhost wouldn't have happened if developers weren't able to disable Gatekeeper and the iCloud hack was done with phishing for security question answers.
The iCloud hack was enabled by the automatic backup feature that despite storing very sensitive information didn't provide adequate security for doing so. If there were actual precedent for Apple caring about their users privacy, there would be outrage over this rather than being trivially dismissed.
That's not relevant at all to the iCloud "hack". It's a cloud service, the whole point is to store data online.
Those accounts were breached because celebs were phished and not because of bruteforcing, as some people were speculating at the time, or some other vulnerability.
Everyone gets phished. Fraud happens. Secret Questions are especially susceptible to phishing attacks. This has been known for about a decade. Apple had not updated the security protocols for iTunes, and in turn App Store and iCloud, for that time. The hack was definitely Apple's fault.
Yes, how can one trust a company's claims about privacy when the seemingly lose no trust over even such a high-profile incident? Celebrities phones has been targeted since at least the T-Mobile Sidekick.
I don't think the public is sophisticated enough to understand the decoupling of these two ideas. But I also think that one day, probably soon, it will be.
If you want to treat users like infants, then you should hereby completely forfeit any and all rights to complain about "tech shortages" and technical illiteracy of end users.
So, this is a meta-comment because it's really just about your comment, but I feel compelled to point out the unnecessary negativity, and the unforced errors, so to speak, in representing my words, what I want, and what I've done. I'm not even sure what to call it when you create things I cannot do any longer to maintain consistency with my position - but without any evidence that I've done those things, or want to do those things. It's something like a straw-man argument.
The right thing to do is to ignore it, but on the off-chance that you might be somewhat self-aware, I thought I'd give you the opportunity to catch yourself.
Apologies, the vitriol wasn't directed towards you, specifically. You simply gave me an opportune moment to express dissatisfaction with the paradoxical desire of simultaneously wanting more locked down devices in the name of convenience and "security", while also making programming and/or CS a compulsory school subject.
With all due respect, he is not a hero. He is just the CEO of Apple. And Apple, even though it produces great products, profits from exploiting factory workers in countries where workers have less rights and where labour is cheap. If he was actively fighting this system of exploitation, that would probably make him a hero. Instead, he profits from it. That makes him not a hero but just another businessman. Furthermore, he is defending privacy only because it strengthens his business and weakens that of Google et al.
> profits from exploiting factory workers in countries where workers have less rights and where labour is cheap
At least in China, the "exploited" workers you speak of have chosen to work at factories rather than do the kind of farm labor their parents did. Do you think they would be better off if they were not able to make such a choice? If they were paid the same wages a factory worker in Norway might receive, do you think the manufacturer would choose to open a factory in China?
You describe Cook as just another evil businessman, whereas I suspect he has done more, practically speaking, to lift people out of poverty than most.
Apple could definitely afford to be a lot more idealistic, but it's just not (no longer) in their culture and frankly that is what a lot of people (stockholders) like about them. Also that's a lot of fallacies for one comment.
Apple could pay a lot more to Chinese workers and still pay less than Norway wages. Tim Cook collects $hundreds of millions by exploiting a power imbalance in the labor market.
Are you criticizing a person/organization who provides opportunity to hundreds of thousands of workers because he/it did not tweak the knobs exactly as you would have, if it had been you?
Many people have decided that working at Foxconn, etc., is better than the alternatives they perceive as being available to them. Do you not feel somewhat strange judging their arrangement as exploitative? At what hourly rate would it stop being exploitative? How much is it permissible for Tim Cook to earn in a year? Do you really feel able to decide these things?
Are you being exploited? Why not? Aren't your employment opportunities limited by the circumstances of your life, your education, your abilities, etc., just like everyone else?
I don't know what the issue with is with criticizing.
Personally, hearing stories about their ID's being taken from them, working 2 weeks+ non stop, being forced to fill out forms a certain way, workers committing suicide, etc..are all cringe worthy to me.
Not to say there are no benefits...but that does not mean it can't be better. I'd like to read interviews of people who worked there to see if the job was what they were expecting, worse, or better.
> I don't know what the issue with is with criticizing.
No issue, abstractly. But it seems to me that in this case, Apple is providing opportunities that many people are choosing them for themselves, opportunities that they would otherwise not have. And for the crime of not providing even better opportunities, Apple is being characterized as exploitative. That seems unreasonable and unfair.
> I'd like to read interviews of people who worked there to see if the job was what they were expecting, worse, or better.
I would too. From what I know, it's complicated, and contrary to what a lot of people would expect. For example, there really has been massive discontent at Foxconn, etc. -- because they weren't given as much overtime as promised.
Do I wish that people had better opportunities? So, so dearly. This is probably the deepest emotion/feeling I have in my life, the sense of how fortunate I have been compared to how difficult the lives of others have been, when many of them are just as smart, just as hardworking and resourceful as I am, but were simply born in circumstances that did not grant them as much opportunity as I have enjoyed. This is a big part of why I am in China and why I study Mandarin.
But saying Tim Cook earns "too much", or that factory workers are "exploited" because they make choices that we wouldn't, were we to be magically swapped into their bodies, but with our abilities, or some other imaginary situation that has never existed, is not very understanding of the situation, or fair or productive.
The key, I think, is to realize that if you were the "exploited" workers, you would make the same choices. Really. If you were them, you would do the same thing. Then I think it's more clear that Apple is providing avenues toward better lives, which I see as a very good thing.
What he's saying is good, but it doesn't make him a hero. It costs him nothing to take this stance, and is actually helpful to him as one of the main competitors to the company he heads is deep in this specific issue, and it's a perceived weakness of theirs.
You aren't a hero for doing or saying something convenient that benefits yourself, regardless of whether it's good and/or true.
>Personal computing devices shouldn't have artificial walled gardens.
I couldn't agree more with this sentiment. Requiring that all software on your device be signed by a single entity (i.e. apple) is horrifying when you think about where that might lead to in the future.
Accepting the risk that other people might misbehave is price of freedom.
Do you want a General Purpose Computer? Or do you want an appliance that is ultimately controlled by someone else, where you have to get permission[1] if you want to use it in any way that wasn't pre-aproved? What are the odds that the things you want to do will continue to be approved when you ask for permission next year? Or ten years from now?
If someone can restrict how you use your device, you then they are de facto the actual owner of the device. Do you want to own the products[2] you buy, or do you want a future where property rights are rare and you have to lease everything?
The War On General Purpose Computing continues, and the people that wish the Turing machine could be stuffed back in its bottle have been wining small but important battles over the last few years. Apple deserves a lot of blame here, as the walled garden was previously limited to stuff like game consoles, but the the big problem has been the many developers that chose shiny tech, promises of easy development, end-user convenience, and short-term profit over the freedom to tinker with products you actually own.
Of course there will be costs and risks. Fighting this trend toward walled gardens, like any war, will probably require certain sacrifices. I suggest paying those costs now, as price of freedom will only increase.
[1] https://www.fourmilab.ch/documents/digital-imprimatur/ (note: this is originally about publication, but the ideas apply similarly to the War On General Purpose Computing. Also, consider when the essay was written; some technology has changed, but the basic idea is still important)
[2] Many products, not just your "phone" (portable computer). Just look at the rush to throw a CPU and 802.11 PHY into absolutely everything. There are many example, but the current attempt by John Deere ( http://ifixit.org/blog/7192/john-deere-mess/ ) to circumvent the "first-sale doctrine" is a perfect example of what is going to happen to most products if we give up ownership.
What general purpose computers (even phones and tablets) do you see going this direction, other than Apple's iOS? My Mac will run anything I want, my Surface will do the same, and my Android tablet has both side-loading and an unlocked bootloader. Hell, even my router is unlocked, and it's from ASUS, not some small open-source oriented manufacturer.
You claim that if we even allow companies to put out products with locked firmware, it will lead to a dystopian future. So when is this slippery slope going to start? The iPhone was released in 2007, and pretty much nothing has become more restrictive since then (especially considering that pretty much all phones were already locked down). The threat of any computers being TPM locked by the manufacturer, let alone all of them died in its cradle. If anything, we're moving in the opposite direction, since Apple now allows sideloading on iOS devices[1].
And what about users who want a phone that is locked down for security purposes? Why shouldn't we be able to choose the phones we want, while those who want sideloading/flashing choose the many options that support that? If either laws or market collusion actually removes this as an option, I'll join the fight. But for right now, it looks like this war on general purpose computing isn't even brewing.
> What general purpose computers (even phones and tablets) do you see going this direction
Windows. Microsoft, as usual, is late to the party, but Win10 is clearly a step towards the walled garden model. It's not there yet, but stuff like their built in app store and removing choice form the user betray the direction MS intends to take Windows.
Intel CPUs. Why do you think there has been a push for SecureBoot and the new SGX instructions? Hardware support is needed if you want to change WinTel boxen form a General Purpose Computer into a locked down appliance. That hardware support now exists in Skylake and later Intel CPUs. Intel even says on their website that the SGX instructions are about creating "trusted" enclaves that software vendors can use that cannot be accessed by someone with physical hardware access.
> So when is this slippery slope going to start?
It started many years ago. Some of us have been warning about these problems for almost twenty years. When we warned that these technologies were coming, we were laughed at because the threat didn't exist yet. When implementations started to show up, we were ignored because nobody was using those tools yet to lock down systems. Now they are slowly starting to turn on, and you've been given yet another warning. Do you intend to wait until the OS is fully locked down? Or do you want to start to fight for your right to run a General Purpose Computer while you s till have the ability to do so?
Today there was even a thread on HN about homebrew having to work around OSX "System Integrity Protection". Sure, you can disable SIP by jumping through a few technical hoops most people won't understand. Are you going to fight back against this trend, or are you going to wait until you cannot disable SIP "for security reasons"?
Just because you've been ignoring these steps doesn't mean they are not happening.
> TPM
The TPM is only key storage and hashing to check the bootstrap chain-of-trust. The TPM never had any "locking" features. Why are you ignoring all the other hardware changes that have happened after the TPM? Active Management Technology (AMT), Software Guard Extensions (SGX), and UEFI SecureBoot have all happened after the TPM.
> And what about users who want a phone that is locked down for security purposes?
You know what would work a lot better? A hardware switch that had to be flipped to install (sudo) software, and had to be flipped back to boot as normal.
> Why shouldn't we be able to choose the phones we want
Of course you have that choice. That doesn't mean it's a smart choice. You're pushing the (incorrect) assumption that security is in conflict with the end user being able to control their own property. Locking your car door does not require giving up your ability to modify the car's engine. There are other ways to provide security. More importantly, the concept of freedom means that some people will do stupid things with that freedom, but we respect their right to make those mistakes. The answer to malware apps isn't removing everybody's right to use the products they buy as they like, but to educate users and write better UIs that help guide novices.
edit: (accidentally clicked submit before I was done)
Show me a way to prevent people from getting viruses and malware that doesn't involve the equivalent of requiring everyone to know how to service the entire engine on their car by themselves.
It doesn't exist. There is no way to prevent evil from happening when your opponent is a sentient actor that can see your defenses.
Also, stop conflating basic computer literacy (which includes common security knowledge) with the knowledge required to "service the entire engine". We expect people to learn how to drive a car safely. This doesn't require learning how to repair the car or other technical knowledge.
This belief that we should keep users ignorant is highly offensive. If there isn't a clean way for someone to learn the basics of how to use use software safely and securely, that is entirely the fault of the software vendors. Unfortunately, instead of addressing these problems (which is probably hard and expensive), it has become fashionable to blame the victim.
My point is that things that are "easy" for the tech elite are not so easy for the general public. People have a hard time figuring out how to (e.g.) "program the VCR" let alone use the computer.
I know that's what you believe, and it's a perception that must change in the tech industry, because it gets in the way of important things like education and it breeds contempt. When you treat people like idiots, they will respond like idiots and learn to hate you because of it.
The "VCR blinking 12:00" problem is a good one, because it is absolutely not caused from a lack of capability. The clock on the VCR is often a very low priority for most people, and while those of us that understand technology think it's a simple thing to set it and move on to other problems, for a lot of people, they estimate that it would require finding the manual, reading it for a while, some trial and error, etc, and they judge it's not worth their time. They have more important things to do. The much easier solution is to either ignore it because they really don't care, or wait until the local nerd stops by and bug them to do it. I would even suggest it's a very good evaluation of opportunity cost.
Now, computer security is very important, but it suffers from a pandemic problem: most people are ignorant (which is not their fault) of just how common security problems are, the cost of failure, and the novel problems that technology has created (e.g. automated attacks that make questions like "am I a target?" irrelevant.
You will never solve those problems by taking people's capabilities away. All you've done is give them a false sense of security, because they trust devices based on an incorrect threat model. Educate them, and they will adjust their behavior. This is significantly less technical than learning how to set a VCR's clock.
As for UI - consider the example I used in another comment: include a hardware switch that must be flipped to allow "sudo"-style access for things like installing software. People understand this (I knew a LOT of non-technical people that regularly used the write-protect switch on 3.5" floppies when they didn't want to erase their homework. Simple metaphors like this, when applied consistently (they shouldn't have to use the switch very often) can help a lot.
You will never solve everything; if you had a truly foolproof way make a safe OS for everybody, I suspect you would have solved the Halting Problem. So use technology to catch the obvious stuff and provide tools for people, educate them well (this will take a few generations), and most people will be safe enough.
What you absolutely shouldn't do is limit everybody in a futile effort to try to make it safe for everybody. This is an impossible task, so you will inevitably end up in a cycle where you remove more and more features, as clever people find ways to abuse them.
My Galaxy S3 let me flash whatever I wanted on it. Just had to reboot in a special mode and click a button agreeing to void my warranty. No back door required.
Why can't iPhones do the same (from a security perspective, I understand the business reasons)?
I'm saying that the flashing/side-loading is the back door. A malicious actor with physical access to your phone (think screen repair shop, TSA agent, etc) could flash a compromised OS or install malware on your device.
Also, there a lot of not-savvy people who will follow instructions in a well-crafted email or pop up and allow themselves to succumb to spyware and malware.
I should have been more clear. I was using Tim Cook's statement as an analogy for flashing/side-loading. Allowing good guys to do it means bad guys can do it too.
Tricking a user into side-loading malware does not require physical access to the device and is relatively common on the Android side (more so on third-party stores).
Well, it's a good thing we have Apple's track-record to show us it's impossible to break out of these walled gardens, otherwise we'd really be in trouble if someone got physical access to our phones.
Fair enough. I used to keep up with jailbreaks way back before I started buying unlocked phones and had read about difficult-to-crack OS versions (and the as-of-yet unjailbreakable 3rd generation Apple TV), but I wasn't aware that it was still this pervasive.
While I hate the economic stifling of tech innovation that is the App Store culture, I would like to point out that Jailbroken iphone were used by the Chinese government to target protesters in Hong Kong quite recently.
My point is that stating that side-loading is a back-door that can be abused when your phone is in someone else's possession ends up not being a very good argument when that actually ends up being the harder way to accomplish getting software onto the phone, considering side-loading is both password protected (if your phone is) and still doesn't expose functionality beyond what the OS allows (unlike jail-breaking).
The device clears user storage before allowing you to flash a new OS, so that isn't an effective way to compromise a user's data. Application installation requires unlocking the device, so the ability to sideload doesn't give an attacker any meaningful ability over installing from an unscanned app store like Apple's.
back door for the good guys? you mean being able to execute unsigned code?
If apple is ever compelled by the government to not allow a certain app (if they lose in the FISA courts) or if the leadership of apple changes? Stories like this could be just the beginning: http://www.theguardian.com/technology/2015/sep/30/apple-remo...
> Personal computing devices shouldn't have artificial walled gardens
To me this seems excessively moralistic, like "all closed source is bad". There are concrete advantages and disadvantages to a walled garden and whether a device has one or not should be up to the manufacturer. Customers then can weigh the tradeoffs when they make their decisions.
I also don't find privacy to be among the significant disadvantages of walled gardens. Lack of choice leading to lower quality experience, the chilling effect of disallowing specific content or entire categories and the potential for price gouging seem to be far and away the biggest issues.
Another issue is "walled gardens are bad" is a bit ignorant of real restrictions device makers have historically had to navigate such as carrier contracts saying no tethering apps.
Their used to be a way around giving up a atm/credit card? I remember getting home with my big purchase, and thinking, I'm
not giving this company more money. Plus, I just don't like to give the number out.
It's possible to use the App Store anonymously. For example, Apple allows users to create and use accounts via Tor. And it accepts gift cards, which one can purchase with thoroughly anonymized Bitcoin. Getting devices anonymously is the hardest part. Paying cash for used devices is probably the best option.
I like the idea of keeping app signing requirements, but giving each user a device-specific signing key if they request one. I don't think a novice user is going to accidentally get the signing key for their device and then sign a malicious app with it.
I would support something like an Fdroid repo for ipas and apks. It supports private repos. Every company having a repo you could simply add would be the best. Would fix trust and maintenance costs too since you control the repo list, they control the repo.
I can't see Apple or Google giving up the cash cow that is their respective garden though.
Unfortunately if you remove the walls from the garden you get a malware, crapware, and (ironically given the topic) spyware explosion -- a tragedy of the commons more or less. Mobile devices are used by over a billion people, most of whom don't know much about computers. From the perspective of sleazy marketers and black hat hackers that's a lot of fresh meat. They're better than PCs since they're studded with sensors, allowing the user to be tracked and spied upon to an unprecedented degree.
Look at the Google Play store and the Android ecosystem, which is comparatively more open. If you don't know what you're doing and install apps from the app store without examining them closely, you'll get random ads, trackers uploading your geo-location constantly to god-knows-where, etc.
> If you don't know what you're doing and install apps from the app store without examining them closely
That's completely orthogonal though, because Play Store is Google's walled garden. What Google allow you to do, in addition to downloading things from their walled garden, is also side-load apps completely separately from the walled garden.
There's no evidence that the ability to side-load causes an increase in malware/crapware.
What would we do if we didn't have apple to protect us from our own ignorance?
Apple is fallible. If developers can break out of app review constraints by using carefully included bugs[1] then the only solution is actively monitoring what the apps are doing. If that's the case, what value-add is Apple's walled garden? Just keeping out crappy programs? I think there are plenty of solutions for discovering what programs are good or not, as we've been working on that problem for decades now for computers specifically, and centuries in the general case.
I think you and the downmodders are shooting the messenger. I do not like walled gardens any more than I like taxes or drunk driving checkpoints. I'm just explaining why they are there and why many users actually prefer them, and I'm doing so to let people know there's a problem worth solving. Pretending the problem doesn't exist doesn't help.
Computer security is just far too confusing and difficult for the non-tech-savvy. With walled gardens people can delegate their security to someone that, while not perfect, is much better at it than they are. For most people this is a huge win. This is what happens to most peoples' computers if they are "open":
If someone has a better idea I'm all ears, but I don't know of one that could match the Apple Store for ease of use. Since user experience trumps everything, app stores are winning.
None of the security and privacy arguments require a walled garden though. The real benefit is the fine grained control over what an application can do on your system. A set of fine grained controls and a a good set of defaults, or better yet the ability to subscribe to defaults as recommended by third parties. I Apple had controls much finer than those presented by Android with a set of sane defaults, and to that I could add what the EFF's recommends as defaults, we would all be better off, because Apple's best interests and my best interests are not always aligned.
I'm going to repeat that last part, because I think it's very important. Apple's best interests and my best interests are not always aligned. Why should they have ultimate control over what can and cannot be run on my phone.
Users should also be able to install apps on their iPhones without Apple knowing what they're doing. Personal computing devices shouldn't have artificial walled gardens.
But I agree with him on everything else and think he's a hero for what he's doing.