Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:A lot of apps use SSL (Score 1) 141

I wasn't the only factor here (the serverside deve was a different person unrelated to me) and in this case it was an internationalized domain that needed subdomain wildcards and a corporate cert. Find me one of those for $50 and I'll love you forever.

But you are damn right about SSL giving devs rope to hang themselves with. There are so many places to create holes in the system, and if your implementation scenario has one exception you need to make [not a "common usage scenario"] things get real messy real quick.

But I would like to point out that serverside SSL on nginx is very easy and if you don't have a funny configuration or your app isn't an intranet app then the standard SSL handlers on Android can pretty much be used as-is. So the reality is if you have a common usage scenario it is not difficult at all.

Comment Re:A lot of apps use SSL (Score 1) 141

Actually I didn't want to deal with the client. It was a job nobody else was taking, but a friend of a friend, and when I made it clear there was an SSL issue he just said to make it work and he didn't care. In order to make it work their in-house dev would have had to set things up serverside to do so and I don't think I could have ever gotten him to do it right anyway.

And the pay was awful, I pretty much lost money on it.

Comment Re:A lot of apps use SSL (Score 1) 141

It was a control panel for customer managment and the root of the problem was the server setup which I wasn't responsible for. Their in-house dev was an idiot who wasted his time writing an overly complex system and the client was a disagreeable cheepskate with a stupid shop that sold crap. I only took the job as a favor, it ate more time then I could bill hours, and I made it clear it was broken and they should do something about it.

Comment Re:A lot of apps use SSL (Score 1) 141

Well put, and in my own defense at least I knew the setup was not how it should be and I made that clear, and that in the future if the app was to be worked on that is one thing that should be focused on. Particularly when it comes to testing I'd bet the vast majority of developers [to be honest, myself included] really know how to test for all common threat scenarios.

Comment Re:A lot of apps use SSL (Score 2) 141

Hey I'm totally aware it's "wrong" and I would have loved to have done it properly, but this was a little shop with few users, limited cash (including to pay for implementation of the app) and an irregular setup. I just wanted to be done, the owner didn't care, so I kludged it and went on my way. The thing is a lot of setups end up like this and the fact that so many setups aren't the "ideal" and SSL is in a way complex by design (though setup now on things like nginx is cake!) I think a lot of things just end up being kludged and will remain broken untill something bad happens.

Comment Re:A lot of apps use SSL (Score 3, Informative) 141

Cert price all depends on the type of cert. You're talking about a standard SSL cert, which in the case I outlined would have actually been OK but it would have required some extra setup (dynamic subdomains) and the client just didn't want to deal with it. Justa heads up in certain situations (eg: corporate certs + internationalized domains + multiple sub domains + weird proprietary auth crap for odd protocols + a badge that says the cert passes some standards body tests....) the cheapest possible cert will run well over $1,000.

BTW I really recommend StartSSL https://www.startssl.com/ if you are using standard certs. The prices (free for personal certs/low end schemes, unlimited plans for more robust and corporate certs). Service and support is also pretty good.

Comment A lot of apps use SSL (Score 5, Insightful) 141

I myself have implemented them for shopping apps (SSL for anything dealing with user details, payment, etc.). When you're communicating with an external service that requires (or where you want to use) encrypted connections and that service only offers SSL (this is probably 90% of the time) you need to use it. Now the catch here is that the standard SSL handlers available to you in Android provide an "ideal" setup, where servers and certs are exactly as they "should" be. The problem is unless you are paying rediculous ammounts for dedicated SSL services and high quality certs your setup will not be the "ideal", and you'll have to make exceptions by overriding code.

As an example, in the shopping system I set up there were two sets of certs, one set was signed [payment gateway] the other wasn't [user control pannel]. I had to jump through a few hoops, and the app would be open for man-in-the-middle if set up right - but luckilly all they'd get would be user login details, address and phone number - billing is all external and requires a separate authorization.

Comment Re:The problem with FOSS office suites (Score 1) 266

Let me tell you that, as a developer, you are exactly the type of person I want writing feature requests and bug reports. Those are all necessary or neat features, and your descriptions are good. It's a shame LO doesn't have a feature request section or a task list of requested features being implemented (just check https://www.libreoffice.org/get-involved/ , I didn't see it).

I mean honestly the only rebuttial I could provide would be for 2 + 3, which would be to use documentation/guide generation tools - but that's not a valid argument because the average office user would not be able to use most of the tools out there and those tools don't usually provide print-friendly output.

Thank you for the excellent reply.

Comment Re:Why choose OO over LO? (Score 1, Troll) 266

I'll make it short: OO was taken over by Oracle. Oracle is full of jerks who hate freedom and love money. Major part of OO team forks OO to LO in order to save it from Oracle. OO usage drops and Oracle decides they don't want it so they give it to Apache, which seems to no be a foundation for software that people stopped caring about. Now we're here - keep using LO and ignore OO till it goes away or whatever.

Comment Re:Wrong question - "how to get paid?" is enough (Score 1) 167

Right, and especiialy with Open Source that comes down to selling software as a service or customization as a service. Having a core product OSS that you can offer as a service can also be beneficial in that you can develop a community of other developers doing the same, and contributing improvements and fixes in the proces (like getting ideas and code for free). Projects like Spree and Refinery CMS are great examples of this.

Comment Re:Metro? (Score 1) 484

The gradient overlays and shadow underlays are in OSX/iOS interfaces, gradient overlays usually over fake wood or leather to make it look raised and the underlays to make it look like one UI element is sitting over another. Other than the fake wood/leather I actually like this style of UI, it's unobtrusive but gives an artificial 3Desque depth as well as softening some of the edges.

Comment Re:Metro? (Score 1) 484

You have a point about the tiling on mobiles for sure. The thing is I would not say Metro does this well by restricting everything. Besides, why bother with windows phone just for the interface when you can change your home shell on Android? Even just a theme will replicate it, but in a more attractive format if you ask me: http://www.androidng.com/windows-phone-7-android-theme

Slashdot Top Deals

"Kill the Wabbit, Kill the Wabbit, Kill the Wabbit!" -- Looney Tunes, "What's Opera Doc?" (1957, Chuck Jones)