Pottering doesn't work for MSFT, he works for the 3 letter agencies. Considering that MSFT would probably be a step up on the trust scale. Where does Pottering get his money? Red Hat...okay so where does RH get THEIR money? NSA,DoD, FBI,CIA, DoJ, something like 85% of their income is from
[citation needed]
The trouble is Android's permission model is crap. If an app has a feature that requires a permission the app may need at any point in the future, it has to be approved by the user at install time, and the app cannot control how the permissions are described or even explain to the user why it needs that permission. And lots of innocuous permissions are bundled up together non-granularly with scary dangerous (or dangerous-sounding) ones, so the app only needs EraseBunnyDrawing permissions but to get that it has to request KillFamily permissions, which doesn't actually mean kill *your* family, it means kill a process family, but all the user sees is "Permission to kill family members without warning" and OH GOD WHY DOES AN APP ABOUT DRAWING FLUFFY BUNNIES REQUIRE MY FAMILY TO DIE?! THIS APP SUCKS!!!!!!1111!!!!!oneoneonetyone1!!!
And then the story hits TechCrunch, where it's summarized so that it sounds like there have been actual deaths of family members, and then the mainstream press and the Today show start calling the app developer asking "Why are you a horrible person whose app killed little Stacey's favorite uncle??
And all because Google can't get security UI right.
Read Google service configuration.
Modify system settings.
Full network access.
I've bolded the last three because there's no reason for them.
Sure there is. If Uber is doing anything that can't (or for some reason they they don't want to) be handled over HTTP, the app will need full network access. (I don't know what the Uber app uses it for, but apparently WhatsApp uses it for IM communications with other app users.) "Modify system settings" is apparently (per the linked explanation from WhatsApp) the only way to get permission to read system settings. "Read Google service configuration" (again, per previous link) is used for interacting with Google services like Maps, which you can easily imagine why Uber's app would want to do.
The researcher found Uber was SENDING ALL OF THIS BACK TO UBER'S SERVERS.
Sorry for yelling, but it's an important point.
NO HE DID NOT.
Sorry for yelling, but it's an important point.
Go back and read the original GironSec blog post where he even acknowledges explicitly what he (inexcusably, IMHO) failed to do -- that others did after him and surprise! found nothing especially amiss -- before he wrote an inflammatory blog post based on supposition, conjecture and ignorance of context.
However, as we haven't been complaining about China's low prices hurting our business, shouldn't China raising the price be good for other train makers?
I don't see how this is good for any other train makers other than China. China's train maker will still undercut the price, and now will simply have one less company that it is betting against when doing so, ensuring that it undercuts the price by the least amount needed to win the contracts. The only one that wins in China in the long run when it forces all the other train manufacturers out of business and then wins the contracts by fiat as the only entity.
Even spelled correctly it is the wrong word. Wow. A new low.
"Money is the root of all money." -- the moving finger