EraYaN 2 days ago

Not at all actually, passing hostnames means they can fully handle happy eyeballs for you and all other performance optimizations that you can do if you resolve and connect in one call.

Reply View 11 replies
  • ruthmarx 2 days ago

    It also means if you do it the 'Apple' way they might choose to intercept or modify responses. That seem in line with Apple's practices as a company even if they are not doing it yet. I feel anything they might do like that might be less likely to extend to what the article refers to as a legacy API.

    Reply View 10 replies
    • tpmoney 2 days ago

      If you were writing a Java application, would you do your own DNS resolution, or would you make a new socket address object and give it a hostname and let the api resolve the hostname for you? If you don’t hand roll your own dns protocol lookups, how do you know the OS, or Java or your socket library aren’t intercepting and modifying request out from under you? Heck, even if you use getaddrinfo directly how do you know your libc implementation isn’t intercepting and modifying the lookups on you? If the threat model you’re coding for is “Apple is a hostile actor intercepting and modifying dns queries” then you really can’t trust their provided posix calls either.

      Reply View 3 replies
      • ruthmarx 2 days ago

        > If you were writing a Java application, would you do your own DNS resolution,

        Java isn't known to nanny the users of apps developed in it's language. It's never even tried IMO.

        > If the threat model you’re coding for is “Apple is a hostile actor intercepting and modifying dns queries” then you really can’t trust their provided posix calls either.

        Sure, but that isn't the threat model. I described the threat model above, which is closer to "I don't trust a company famous for trying to nanny not to try to nanny if using their preferred developer frameworks, while I kind of trust they won't for a legacy API they barely pay attention to".

        Reply View 2 replies
    • dwaite 2 days ago

      I would feel far more concerned that an arbitrary application that decided to do its own DNS resolution would be doing so for nefarious reasons, or might mess up the process (such as not supporting encrypted DNS in this case).

      If you genuinely cannot trust the OS vendor, you don't try to tinker around in user space but you stay off their platform. Personally, this is why I don't have any machines with a Microsoft OS, and why I don't have a Playstation.

      Reply View 1 reply
      • ruthmarx 2 days ago

        The concern isn't that Apple controls the OS and so could do nefarious rootkit type stuff, but rather they may try to nanny through the framework they prefer and push for all apps for their platform to be developed in.

        Reply View 0 replies
    • EraYaN 2 days ago

      But you are already on their OS, so they would always be able to do that. They make the kernel, the hardware and it's firmware, so it's a moot point and needless paranoia. Might as well use the API that gives a better user experience.

      Reply View 3 replies
      • ruthmarx 2 days ago

        > so it's a moot point and needless paranoia.

        No it's not. You are misunderstanding my point.

        I'm not talking about Apple being able to patch the OS and control everything at that level - of course they can, but it seems unlikely.

        I'm talking about a developer framework, a high level abstraction, where the method of resolving would be more likely to be intercepted - consider for example something like that on an iPhone with the justification being safety or 'for the children' or whatever.

        That doesn't seem unlikely or improbably at all, and certainly not moot or any kind of paranoia.

        Reply View 2 replies