Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Re:Do they charge patent royalties for Windows Pho (Score 1) 73

by beelsebob (#49550777) Attached to: Microsoft Increases Android Patent Licensing Reach

This is getting pretty weird. Windows Phone is now free, right? So if a phone maker builds WinPhones, do they pay Microsoft nothing for the same patents? Is that legal - to charge a patent royalty to device makers using somebody else's software - using no Microsoft code, while allowing makers of devices using Microsoft software to pay no software or patent fees?

Why would it not be legal - you can offer whatever licensing terms you like both on your own patents and on your own software.

Comment: Re:Good enough to criticize the mechanisms (Score 1) 126

I'm not sure how this differs from the ability to set dyld environment variables to get dyld to search other paths for loading libraries (very useful for debugging). Of course, doing that requires the ability to set environmental variables (which any user can do with the Terminal). And dyld environmental variables are cleared for apps that run as root.

To me, this presentation looks like an overview of Mac OS X management and debugging features and an ad for "knockknock".

Comment: Re:Poor Design... (Score 1) 73

by Rosyna (#49532393) Attached to: Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps

The sensible way would be to do what every Linux distro has been doing for 20 years now. The "APP" includes a manifest of its dependencies. When you install it from the App store (remember Apple does not make side loads easy, unless you are developer in which case you can solve deps issue by having the required packages available) it simply goes an fetches the required libraries at the same time if you don't already have them.

So then every developer would have to submit all the libraries they use separately so that they can be indexed and maintained? Who signs the libraries? How do they know Library A doesn't have a backdoor from Developer B when used in App C?

Comment: Re:/me is waiting for the cheaper Tesla baby! (Score 1) 613

by beelsebob (#49528501) Attached to: Cheap Gas Fuels Switch From Electric Cars To SUVs

Not quite as great, but there are beginning to be options for not crap, and not insanely priced electric cars. The VW eGolf and the Ford Focus both spring to mind - they both look just like normal every day cars, and are built to fairly reasonable quality standards.

Comment: Re:Poor Design... (Score 2) 73

by Rosyna (#49526195) Attached to: Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps

Non system libraries are statically linked .a files in IOS. Apple insists on this, although I'm not entirely sure why. I guess its to avoid DLL hell.

It saves them money; they don't have to spend the time developing a robust system for DLL registration, signing, updating, etc...

But it is still a really bad engineering decision, because it means what could have been patched once has to push security updates in *fifteen hundred statically linked applications*. It's their marketplace and their walled garden; they should be subsidizing the expenses which make it more secure for everybody and reduce total developer time for publishers. Push the update to developers a little in advance in case it breaks an app, then auto-push the update either to everyone or with a held-back copy for any apps that specifically flag no-security-update.

It's not rocket science, it's just good engineering.

So what are you suggesting? That every single library every single third party app uses all be installed into one location? And that every single application submitted to the app store break out their libraries separately?

iOS apps are meant to be completely contained within a single bundle.

(and yes, iOS supports dynamically linked libraries, of course it does)

Comment: Re:Poor Design... (Score 2) 73

by Rosyna (#49526109) Attached to: Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps

The fact that a library cannot be updated simultaneously with a security patch in all apps in the app store with a change that does not change API or in-app behavior is kind of absurd.

Disclaimer: I am guessing this is the case, or else why would 1500 apps still be vulnerable?

Maybe because it's not a library or a framework? AFNetworking is a set of classes/source code that you add to your project. It is not meant to be used as a separate library.

And yes, bug fixes always change behaviour

Comment: Re:A sane supreme court decision? (Score 5, Informative) 398

No, the point is that in order to use the dog, they need to have probable cause of another crime having been committed. There wasn't any probable cause here, so they couldn't use the dog (whether it took longer or not).

In the UK at least (not sure about the US on this part), at a traffic stop, the police absolutely are not allowed to search your car in any way, unless you give them permission, or they have reasonable suspicion of another crime having been committed.

Unix is the worst operating system; except for all others. -- Berry Kercheval

Working...