Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:It has a security hole every week (Score 1) 211

Congratulations. You are technically correct—the best kind of correct.

Let me clarify my original comment slightly. iOS App Store policies explicitly forbid the use of interpreters to run scripts downloaded from the Internet, and always has since the very first version of that document. It is technically possible to build apps that use a Flash interpreter internally to run Flash scripts that are bundled into the app. However, it is not possible to provide a generally functioning Flash Player Plugin on iOS, nor is it possible to provide general-purpose Flash support in a browser on iOS without jailbreaking or requiring users to build the app themselves.

The only apps that "support" Flash actually either A. support flash video only (by not using Flash to do the playback) or B. "support" Flash by running the Flash code on a desktop computer and streaming the video. The former is limited to only certain types of content, and the latter is a horrible bandwidth hog that still isn't 100% functional. No apps are actually running arbitrary, downloaded Flash content on the device.

Comment Re:The gov is just trying to level the field (Score 1) 312

That's what they say, but it's misguided..you can block data from Google or Facebook. You can't from your ISP.

You're close, but your wording is slightly off in a subtle but critical way. It really has nothing to do with blocking Facebook. You choose what information to share with Google and Facebook. All of your Internet communication is routed through your ISP, so apart from using things like VPNs to explicitly block their access, they basically own access to all of your traffic.

You can choose to use a different search engine if you don't like Google's privacy policies (*). You are not in any way obligated to post every little detail of your medical history on Facebook for everyone to see. But your ISP sees all unless you explicitly prevent it. That makes it much, much more important to have privacy protection that prevents abuse by an ISP than it is to have similar protections that apply to any arbitrary website.

Now obviously to the extent that Google and Facebook run ad networks, they are more capable of monitoring you than most websites, but still way less than ISPs (*).

(*) Unless, of course, Google is your ISP.

The biggest irony, of course, is that staunch advocates of government surveillance just passed a law that pretty much guarantees everybody who hasn't moved to HTTPS will do so, and even had my aging parents asking about personal VPNs. Talk about the government shooting itself in the foot... but I digress.

Comment Re:It has a security hole every week (Score 1) 211

There has never been any version of Flash available for iOS, bundled or otherwise, because Apple doesn't allow any third-party interpreters on the iOS platform. (Maybe you're thinking of when they stopped shipping it preinstalled with Safari in OS X?)

SJ's refusal to allow it on the iOS platform was the final nail, though you're correct that Adobe's mismanagement caused a low-quality product that mostly built its own coffin.

Comment Re:Flash killed flash. (Score 1) 211

They literally did everything they could do to avoid improving the product. Little surprise that it eventually failed. They frequently spent more time and effort explaining why they couldn't fix something than it would have taken to fix it. Gross mismanagement doesn't even begin to cover it. I'm amazed Adobe is still in business. Then again, IBM....

Comment Re:HUGE number of vulnerabilities in Flash (Score 1) 211

This. At the time that the decision to not support Flash was made, one of the major driving factors behind that decision was its terrible reliability. Flash was responsible for... IIRC, the #1, #2, and #3 most common crashes on Safari on the Mac. Now bear in mind that for all intents and purposes, every single crash of the Flash plugin was a security hole. The terrible quality of Flash led to stricter and stricter sandboxing of the plugins, shifting it into its own process so it couldn't gain root, etc.

On iOS, at the time, Safari ran in a completely unrestricted user account with the equivalent of superuser privileges. The sandbox model was basically either "full access" or "access to the app's data", with nothing in between. It would have required a herculean effort to make Flash behave in a usable manner without it turning the entire operating system into a giant data leak.

And it seems very clear to me, at least from an outside perspective, that the problem is Adobe's management. Adobe has never taken security, stability, reliability, etc. seriously. If they did, their products would be much better than they are. Just take a look at the average Adobe app on OS X, which starts having serious reliability problems within one OS release after the last supported OS version, i.e. Adobe's code is so skanky that as soon as they stop patching it, it breaks. Now I'll grant that their code is considerably more complex than your average app, but the parts that break aren't typically the complex parts. They're menial things like file open dialogs—the sorts of things that should be written once and never touched again.

IMO, the problems with Flash can be readily explained by taking a look at a single bug I filed about Adobe's high-end apps not working on case-sensitive volumes because they linked to frameworks with incorrectly cased pathnames. They hemmed and hawed for years, repeatedly blaming Apple's tools for something that very obviously was caused by a typo in their Xcode project (or whatever build script they used instead of an Xcode project). They looked for every possible excuse to avoid fixing a problem that should have taken no more than a minute to fix (I've fixed the same mistake in my own projects, so I know it really is that simple). And you just know that every single one of those crashes was an equally silly bug that could have been fixed in a minute by an intern. But instead of spending the time to fix them, they kicked the can down the road and focused on adding features and bloat, all of which added even more security holes, ad infinitum. And they continued to do so for a decade until the situation got so bad that they were publicly shamed for it. I'm not entirely convinced they've learned their lesson even now.

Comment Re:Phishing is good (Score 1) 250

If by succeeding, you mean completely failing to have any significant role in online commerce, and not being a significant source of information beyond currently trending events, then sure. Call me when there's something equivalent to Wikipedia that's built into Facebook without linking out into the Internet as a whole, or something equivalent to Amazon, or something equivalent to airline and hotel reservation websites, or....

So no, Facebook is not succeeding as a replacement for the Internetâ"only for the very narrow slice of the Internet that was previously dominated by MySpace.

Comment Re:Phishing is good (Score 1) 250

If by succeeding, you mean completely failing to have any significant role in online commerce, and not being a significant source of information beyond currently trending events, then sure. Call me when there's something equivalent to Wikipedia that's built into Facebook without linking out into the Internet as a whole, or something equivalent to Amazon, or something equivalent to airline and hotel reservation websites, or....

So no, Facebook is not succeeding as a replacement for the Internet—only for the very narrow slice of the Internet that was previously dominated by MySpace.

Comment Re:Phishing is good (Score 1) 250

If by succeeding, you mean completely failing to have any significant role in online commerce, and not being a significant source of information beyond currently trending events, then sure. Call me when there's something equivalent to Wikipedia that's built into Facebook without linking out into the Internet as a whole, or something equivalent to Amazon, or something equivalent to airline and hotel reservation websites, or....

So no, Facebook is not succeeding as a replacement for the Internet—only for the very narrow slice of the Internet that was previously dominated by MySpace.

Comment Re:Never saw that coming (Score 1) 250

It's not always a home ISP that's doing subtle MITM modification. It might be someone malicious in the same coffee shop as you.

Assuming DNSSec gets deployed as it should, someone in the same coffee shop will be able to passively snoop, but won't realistically be able to be in the middle of the communication unless the infrastructure is badly broken. After all, two hops over Wi-Fi should always realistically have higher latency than one hop plus a DHCP response. The biggest weakness is UDP-based DNS. For that matter, you could disable UDP-based DNS today, and you'd pretty much kill any hope of MiTM attacks by anybody other than your ISP. Arguably, you probably should.

Or it might be a government agency using the Fullscreen API to spoof the chrome of the entire desktop environment.

At that point, your endpoint is untrusted, so the communication is untrusted, period. There is no security mechanism that can have any real benefit if you cannot trust the browser itself or the operating system under it.

Comment Re:i cant believe what im seeing. (Score 1) 126

my one wish before I die --assuming I can merge-- is to see the second sign for the exit to interstate 10. Could this app be the miracle ive prayed for between prayers for the sweet release of death? I sure hope so.

Fear not, my friend, for I have heard tales of a land beyond the jam—a mythical place called the O.C.—where giant mice and princesses roam the streets and the terrors of Hollyweird are but a distant memory. But to get there, you must turn left now, for your current path leads only to drowning after you drive off into the ocean at Huntingdon Beach. Beware the Tides of March.

Slashdot Top Deals

"Only a brain-damaged operating system would support task switching and not make the simple next step of supporting multitasking." -- George McFry

Working...