Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Re:Who do your trust (Score 1) 184

by c (#48849363) Attached to: Ask Slashdot: Can I Trust Android Rooting Tools?

Remember just because the phone is rooted doesn't mean it also isn't running the manufacturer's (if any) malware.

Sure. But we're talking about evaluating trust, not whether or not the phone's running malware. If I'm running a stock firmware, in my mind it's already compromised; slapping an XDA hack on top of it doesn't strike me as increasing risk substantially.

That being said, I don't find getting root at all useful unless it's a means to the end of unlocking the phone and replacing the stock firmware. I trust XDA hacks to perform that function, at least, and at that point trusting the manufacturer becomes moot.

Comment: Re:Manual steps vs. payload (Score 4, Insightful) 184

by c (#48847029) Attached to: Ask Slashdot: Can I Trust Android Rooting Tools?

I'm a little surprised that the comments so far haven't really tackled the crux of your question, which was NOT "how do I find root exploits", but "are they trustworthy".

Well, the way I see it, I'll trust a random XDA developer pushing closed-source hacks way more than I trust my carrier and/or handset manufacturer.

It'll grant you that it's a low bar.

Comment: Re:Makes sense. (Score 1) 629

by c (#48796279) Attached to: Google Throws Microsoft Under Bus, Then Won't Patch Android Flaw

No, not with encrypted-locked bootloaders becoming common.

Yeah, you're pretty much outlining exactly why I tend to research unlockability prior to buying my devices. I'm not going to pretend that even a small fraction of buyers do this.

  I don't really have much of a solution for people who blindly buy whatever junk the carriers decree that they're allowed to buy. Google's worked on migrating to the Play services approach to get around this, but short of hacking into, unlocking and updating everyones devices I'm not sure what more they can do.

Comment: Re:Makes sense. (Score 1) 629

by c (#48796165) Attached to: Google Throws Microsoft Under Bus, Then Won't Patch Android Flaw

Know, you are talking about an exploit that could be affecting 60% of Android phones...

No, I'm not.

I was responding to a comment about the general state of Android and iOS security updates, not anything specific to this security vulnerability.

In general, if you have an iOS device and Apple decides not to fix a security problem on your phone, it's most likely not going to be fixed.

In general, if you have an Android device and both Google and your vendor decide not to fix a security problem on your phone, you might have a chance to get it fixed by other means. It's not a sure thing, it's not without risk, and you might not be entirely happy with the end result, but it works often enough that it's not a crapshoot.

Now, if you want to get into specifics, I don't know how many of the 60% of vulnerable devices might be able to take advantage of non-Google support, but it's far better than nothing.

Comment: Re:Makes sense. (Score 1) 629

by c (#48794551) Attached to: Google Throws Microsoft Under Bus, Then Won't Patch Android Flaw

I do argue that Google's role in this malfeasance is that they haven't contractually obligated handset manufacturers to make updates available for 2+ years after model introduction.

Given the pile of shit Google's been catching over their Play store contracts, can you really blame them for avoiding anything that leaves a paper trail of arm twisting?

Comment: Re:Makes sense. (Score 4, Insightful) 629

by c (#48793977) Attached to: Google Throws Microsoft Under Bus, Then Won't Patch Android Flaw

I hold Google accountable, as well as the handset manufacturers.

I believe Google's fix is called "Android 4.4" or "Android 5.x".

That the handset manufacturers can't seem to figure out how to get updates for older devices to newer versions of Android is the core of the problem. I mean, Cyanogenmod generally seems to be able to do it, largely using volunteer labour, so it can't be rocket science (for my handset, vendor support stopped around 4.1... there's a nightly 5.0 now available).

You could argue that Google should set an explicit support cutoff date for patches for older versions, but when the handset makers policy on end of life ranges from "until the average contract runs down" to "until the retail store's return period has passed", I'm not sure there's much point.

Comment: Re:How is it misleading? (Score 2) 103

by c (#48783599) Attached to: Canadian Government Steps In To Stop Misleading Infringement Notices

If a Canadian infringes American copyright material by redistributing it within the United States, why would the Canadian not be subject to US law?

They probably could be. But the copyright owner is going to have to go through a Canadian court to get a court order to get the subscriber information from the ISP.

I expect an American corporation could start a suit in Canada, get the identification of the Canadian citizen, then dismiss it and open a new copyright lawsuit in the US. But even if they win a large default judgement, they'd then have to go back to the Canadian courts to collect on that judgement.

That last step would probably be a huge mistake.

RADIO SHACK LEVEL II BASIC READY >_

Working...