Anton ChuvakinAre there technologies that are "inevitably secure", defined as secure no matter what the user does with it?
Please don't use "buried in concrete, then sunk to the ocean floor" examples, I mean the tech that is actually used... #random
Phil Brass@anton_chuvakin no, because users can be tricked into acting against their own interests
@pbrass not the point at all! You can design a system to reduce or avoid damage from such tricked users...
@anton_chuvakin I think you need to define terms better and maybe limit the scope of user misbehavior or attacker inducement.
Is Apache httpd secure for hosting a static website meant for public access?
Who is the user? The public browsing the site? Or the person setting up httpd?
@pbrass a very fair point, that. I think it is about being unfuckupable by the users,
Peter Skaronis 
@anton_chuvakin @pbrass as I posted on Twitter apple’s latest update to reset airdrop to contacts only after 10 minutes is an inherently secure design choice. The system resets itself to a known secure baseline regardless of the user’s intervention.
It’s like nightly reimagining of VMs.
ChromeOS is another example. It’s a hardened Linux OS with all the dangerous toys hidden away. Most users will stick to the browser and use anything within sight. Combination of hardened OS and security by obscurity.
Finally, apple’s product design choices, soldered everything, no removable parts or drives, limited ports, is not serviceable and annoying but it increases the inherent security due to lack of exploitable means.
Controlling both software and hardware gas the potential to increase inherent security if done right.
The alternative, for example Android devices produced by 3rd party vendors loaded with 5 different questionable app stores and some with malware as part of the image is the definition of inherent insecurity. A bag of trouble.
Phew, Twitter wouldn’t let me write all this thing without going into a 15 threat answer.