Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Granular permissions up-front worse for securit (Score 1) 223

If a user is not technical enough to understand "This app requires access to your contacts" and "This app requires dialing phone numbers", they probably should donate their phone for their own good.

Ah, the old "blame the user" tactic of the fanboy.

No objection to that.

Well, these are mobile phones. And mobile phones are meant for ordinary people. If they're not suitable for ordinary people, then that's the fault of the hardware/software, not the user.

Cars are meant for ordinary people too. And that's why we don't let anyone drive but require driving licences. Not because we want to keep it some special privilege, but because it is potentially dangerous. And storing private data in a connected device is not without dangers, too. And with that, there are some responsibilities.

Like servicing your brakes. And if cars are for everyone, not everyone can do that. But the solution is not to do it, but to pay someone to do it. And in exactly the same way, someone has to check an apps data requests against the purpose of it. Either you can do it yourself, or you let someone else do it. Not doing it is a bad idea.

The fact is that there's a better way to do it, and iOS shows the way. Ask the user for permissions for a resource whilst the app is running, the first time the app wants access to that resource. That way the user can better assess the app, and whether it is a reasonable request.

No, definitly no. A user who can't assess OS privileges at install time can't do it at runtime either. We learned that from those personal firewalls that teached users to allow everything because something got blocked every few minutes.

It may come as a surprise to you, but even I think that overall safety is better on iOS. But that's not due to WHEN an app asks for privileges. It's the stricter checks before something goes into the store. It's as simple as with the brakes. You either check those permissions or you let apple do it. The costs here are a loss of flexibility and variety (alternate browser in iOS that is not merely a skin for the built in browser?)

Definitly reduces the malware risks, but not for me, thank you. But I know that this means more responsibility. That is no more elitist than any other kind of DIY.

Comment Re:The Technical Elitist (Score 1) 223

If a user is not technical enough to understand "This app requires access to your contacts" and "This app requires dialing phone numbers", they probably should donate their phone for their own good.

That's odd, I would like to live in a world where even such people can make use of technology. The world I want to live it allows EVERYONE to benefit from technical advances, not a high-tech priesthood that snickers at the LUsers.

Well, let me rephrase it: In my ideal world, everyone would understand that "This app requires dialing phone numbers" means that this app might dial phone numbers - at your expense. That's not too difficult. OK, I would love to free users from the burden of permission checking, too. But you can't complety block phone or net access, when you WANT half of the apps to have phone or net access.

So how could anyone but the user decide if a required permission is neccessary for what the app is supposed to do? Evil-Flag anyone?

Or you would need a list of "sensible" permissions for each application and check the required permissions against that "sensible" permissions.

Comment Re:Granular permissions up-front worse for securit (Score 1) 223

A big list of permissions that non-technical users hardly understand helps almost no-one. It allows a technical user to avoid some traps, but it screws over the large majority of users.

If a user is not technical enough to understand "This app requires access to your contacts" and "This app requires dialing phone numbers", they probably should donate their phone for their own good.

The more difficult thing is to judge if those permissions are reasonable for that app they want to install. But as they're the only one who know what for they're installing it, no one can take that burden from them.

Comment Re:This is why you want a walled-off app store (Score 1) 223

Does anyone even say no to these permissions since every app wants a bunch of them and you can't use it without click yes?

Why should someone do that? In 99% of the installs the required permissions match the purpose of the app, so there simply is NO REASON to say no. I definitly would (and did so) say no if suddenly a simple flashlight (or in my case metronome) app asks for access to contacts, location and internet.

How about letting the app run WITHOUT those permissions? Why do I have to decided if I want an app or not based on the fact that it wants access to my call log at install time rather than saying 'no, you cant see me call log' and still getting the app? Why can I not use the app but tell it to go fuck itself when it wants access to my contacts?

The answer is simple. Google doesn't actually want it to be too secure as that would prevent them from getting all the information they want to target you.

Sorry but that's BS. The reason why those rights are asked for at install time is that they are considered as required for the app. What use would a calendar application have that is denied access to the phone calendar? So there's no need to install an app without the requirements for it to work. The actual security check is "do the required rights match the apps purpose?" if not, don't install. But that's between you and the app developer.

However, there are two improvements I'd like to see to the android permission system:

Optional Permissions.
For exactly those cases you mentioned. Stuff that's not required for the base function of an app, but only for several specific features. Those wouldn't have to be granted at install time.

Limited Internet access.
I hate that I always have to grant full internet acces just because some app is adware. Would be cool if access could be limited to the ad network in use by that app. Or limit twitter app's internet permissions to the twitter.com domain.

Comment Re:Charge more for not having check-in luggage (Score 1) 342

Well yes. That's another thing why I don't trust airline pricing.... How can it be cheaper to buy a round-trip ticket and waive the return trip than a buying a one-way ticket.....

Accidently posting earlier gave me the idea to check flights for my next holiday. 109€ for a transatlantic flight, plus 388€ fees and taxes. that's crazy. plain crazy.

Comment Re:Charge more for not having check-in luggage (Score 1) 342

Uhmm.. yes....

I hate to be the one to break you the bad news, but if you're flying without staying at least a night, you're travelling at "business rates" anyway and overcharged that those few bucks for luggage won't matter.

I just checked FRA - LHR with LH. (what I would have to fly to meet our customer). Fly there in the morning and back in the evening: €388. Spend the night at a pub, fly back the following day: 199€. For that 180€ saved, you could check quite a bit of luggage...

Comment Re:In Australia this has been handled legislativel (Score 1) 342

So that 1 piece became in the end:

1 small suitcase declared as hand luggage
1 Laptop case
1 Handbag
1 coat with everything heavy stuffed into it to avoid weight limits for checked and hand baggage
1 umbrella
2 duty free bags
airlines are sometimes rather lenient with that fragile but bulky souvenir you bought..

Comment Re:A Mature Local Machine Product vs Immature Clou (Score 3, Insightful) 346

The 95% of business that you had experience with must have been from some bottom of the barrel places, intelectually-wise.

Not neccessarily. A combination of small shop, grown infrastructure and a field of expertise not related to file management and word processing can do that trick too.

In the three companies I've worked for in the last 12 years (the last two counting > 10k employees),

it's only natural that it gets less of in issue in bigger companies. At some point you're crossing the line where buying and maintaining something expensive as sharepoint is worth its money and you tend to use specialized software for more and more tasks. There is nothing wrong with abusing excel as a database as long as e.g. your inventory consists of a few hunderd items. (assuming you're keeping some kind of document hygiene like making sure the guy responsible for updating it knows which one is the master copy and backups are kept) But you should know when to stop doing that and get some real enterprise tools for the tasks at hand. And at 10k employees, you're WAY past that point.

What you should be aware of at that size is a backlash-effect when people turn to Excel-macros again to bypass enterprise software, because setting up that urgent report would be a 3 weeks paperwork-heavy process instead of 3 hours of Excel magic.

(During my last 12 years, I worked in companys ranging from 50 to 250 employees. Usually owner managed and specialized enough to be global market leader in their field. I guess that's a difference between US and Europe.)

Comment Re:I don't understand the version control complain (Score 1) 346

Word's version control is a lot more sophisticated. It can show you the document clean, or with strikeouts and inserts, or with annotations in the margins. You can accept and reject changes by pointing to them.

And it goes completly down the drain as soon as someone mails out the file or edits his local copy for whatever reason or simply insists on explicitly saving a new version with a different filename.

Comment Re:A Mature Local Machine Product vs Immature Clou (Score 3, Insightful) 346

But the handful of people who don't fit in that category set the standards, and they need features like tracking changes, comments, and stylesheets.

The why on earth use Word? Have you ever seen someone actually use the Word Version tracking? 95% of business, version tracking for word files is to use "Save As" Document_new.doc, Document_newer.doc, or even Document_today.doc, cluttering a shared network drive. Documents get mailed around, either to people not able to access the office network share (or even to people who are), local copies are created by the dozen and so on.

I have to admit that MS office is really easy to use, but that often leads to the mess described above. There is nothing to prevent that but user education and discipline. We all know what happens when we have to rely on that.

The proper solution to those requirements would be LaTeX (or any other text based document source format, FormattingObjects, whatever) and SVN. Perhaps combined with a pdf-based archive to documeht incomming/outgoing stuff.

The Unix philosophy doesn't sell to non-technically-minded people, especially not when it conflicts with a superior workflow.

You can set up a superior workflow with *ix-tools, but you have to do it yourself, it's nothing that comes out of a box.

Slashdot Top Deals

There are no games on this system.