Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment Re:A true story (Score 1) 439

Using self-signed certs for these sorts of things is more secure.. theoretically. In practice, I'm not so sure, the grandparent has a good point. By using self-signed certs you rule out MITM, but that's only when the following assumptions are also true:

* The device has the self-signed cert installed.
* The device recognized the aforementioned certificate as the *only* valid certificate for a given website.

In practice, many (most?) phones do not support installing arbitrary certificates. I've never encountered even a desktop browser that allows me to configure a cert as being the only valid certificate for a given website. For these reasons, using self-signed certificates actually trains your user to always click 'Yes' when they see a certificate warning, and they were already clueless about security to begin with. Even if the device supports installing self-signed certificates, without enforcement one can hack into a CA, create a false certificate, poison the user's DNS and redirect traffic to his MITM website.

Comment Re:What Google doesn't like, it replaces... (Score 2) 63

No, it's about the cost of the bugs vs the cost of fixing the bugs. Suppose that a smartphone costs $400 in its current state. It has a few bugs here and there, not always noticeable, and when they show up they're annoying, but in general the device works fine. Now suppose that fixing those bugs and preventing new bugs from occurring costs the company $700 million in additional developer expenses (training, hiring ever better developers, improving Q&A) etc which causes the price of the device to jump to $1400. Would you buy the $400 device and take the bugs for granted, or would you buy the $1400?

Comment Re:Clang/LLVM in FreeBSD (Score 1) 418

Uh, yeah, so? My point is that the filesystem installed on the device is what the OS sees and your post says nothing to refute that assertion. Your flash device is not going to emulate an FAT filesystem when there is in fact an ext2 filesystem on it.

Comment Re:Clang/LLVM in FreeBSD (Score 3, Insightful) 418

I believe his point was that BSD'ed code promotes standards by allowing anybody to easily incorporate the code. Suppose that the original TCP/IP stack was GPL'ed. Others could still have written their own TCP/IP stack, but would they have bothered to do that or would they just have invented their own proprietary standards instead of bothering with TCP/IP at all? BSD'ing the code makes TCP/IP the path of least resistance.

I don't necessarily agree with this point of view but I can see the reasoning.

Comment Re:Clang/LLVM in FreeBSD (Score 1) 418

Your web browser speaks HTTP. However an operating system reading the contents of a mobile device involves treating it as a block device. There is no commonly-used high-level file access protocol over USB. Unless the device can emulate an FAT filesystem over a block device interface (is this even possible without huge amounts of resources?) the device's filesystem has to be formatted as FAT.

The alternative is to create your own file access protocol and force the user to install a custom application that speaks this protocol, e.g. how iTunes interfaces with the iPad/iPhone. This really, really sucks, you now have to install iTunes everywhere.

Comment Re:Firefox - Too little, too late (Score 5, Informative) 330

I agree that Chrome is more responsive that Firefox. (Note that I didn't say "faster"...) But to say that it uses less resources is bollocks. Chrome consumes vastly more memory than Firefox and I have less than 10 tabs open. Go ahead, browse for a day and measure it; the total memory usage of Chrome tops Firefox by quite a bit. The UI responsiveness is the only reason why I use Chrome over Firefox.

Slashdot Top Deals

The moving cursor writes, and having written, blinks on.

Working...