Sometimes the lack of any other god indicator leaves you having to really on that. Imagine if you had to right some javascript that was compatible with IE and another version for Firefox and you used the agent string to determine which code to run. Easy enough. Now imagine a hypothetical world where the agent string doesn't exist and you instead have to use some other identifier like the company name.
As a developer you would probably know it was bad to depend on the company name field, but it might be the best you've got.
Indeed!!!! And on top of that Android's architecture is such that the user knows exactly what access a program will have whenever it is installed. That is how they were able to produce this report, because every program has to request those granular permissions.
Really the is a demonstration of why android's operating system is great for security, because on a desktop platform, when you install a program, you don't know what it is going to try and do, whereas on Android you know exactly what access it will have.
No where does that article you link to come close to stating that "20% of Android apps are malicious." It states that 20% of applications have access to private data. So if to you that is the definition of malicious, then, for example, every email client in the world is a malicious. Having access to do is not the definition of malicious. It only becomes malicious when that access is misused.
This is the second time I've seen a slashdot post that totally misquotes this article. Until itwbennett learns some basic reading comprehension skills, they should stay away from the keyboard and stop spreading misinformation.
Very true. When you install an android app or an update it always tells you exactly what access the application will have before you install it. So android users who are paying attention to what they are doing already know what their apps have access to.
Additionally, to say the apps "expose" private data is very misleading, when the report only shows what apps have access to. If the app isn't compromising the data, transmitting it off the phone, and contains no vulnerabilities/features that allow remote access to the data, then the app is not "exposing" the data. So in a nutshell the access an app has does give it a potential to expose data, but to say that all 1/5th apps that have that access also expose the data is simply false.
The author of the post probably knows this, but he knew it'd get more attention if he said the apps expose the data rather than saying they have access to it.
That's a funny coincidence. Bluecherry is the same people I bought my home surveillance equipment from. They actually have a neat little linux LiveCD that you can get for testing your hardware once you receive it. They also indicate which of their hardware is compatible with ZoneMinder, a open source linux app I use for surveillance. I really was happy with the service. I know this probably sounds like an advert, but if I have good experience I want others to know about it.
Ok, so I didn't reallize a different link explained what was going on... "A PIC 18F2550 fills an EEPROM with values, and then verifies the content. Each successful write-verify cycle adds one to the counter display." So each count represents all sectors having successfully been written to. So this is a pretty great test, since it will show us how long until the first sector fails. This actually means a larger chip would be more likely to fail sooner because more sectors would mean more opportunities for failure.
It's not a single chip that is supposed to last a million cycles, but a single sector, unless you wrote to the entire chip in one cycle. I'm really curious about what the counter is actually counting. We would need to know some more details about how the chip is being written to to determine if this is a count of writes across the chip, or if they are to a single sector. What if they are writing a single byte repeatedly, then a 1gb chip+wear leveling could sustain something like 1,000,000,000,000,000 writes, (1,000,000,000 bytes each written to 1,000,000 times). I'm sure there is more to it than that. My point being the methodology of this experiment is unclear to me. I didn't see any information on the live stream site that linked to any information on the methodology.
Well that makes sense. I have looked at lots of companies that have been successful for a long decades and still don't pay dividends. So even when you are talking about long term investments in valuable companies, I guess it is still a gamble on whether or not they ever choose to offer dividends.
If there were some kind of conditional guarantee written into the stock that says, "if we make X profits you get Y in dividends" then the stock's value would be more directly tied to the company's profits. You, as an investor providing them with capital, would share in their success.
I have kind of an off topic question. How is a stock's value tied to a company's performance? If a stock's value is based purely on the demand for the stock and what other's bid for it, what incentive do they have to buy the stock?
It's almost like I am buying a turd under the pretense that someone else will be stupid enough to come along and buy that turd for more money. All the explanations of stock price I see seem to have no relation to the value of the company, except in those cases where the company pays a dividend. So for non-dividend paying stocks why would there be a demand for the stock? Why do people want to own the stock other than to hope someone else will want it more?
I totally agree. I created a Slashdot account just so I could try and bring some sanity to this totally misinformed discussion. The Reference Source was never intended, nor was it ever marketed as an open source project. It was released to fill a very specific need, which is to allow users of the framework to better understand the framework and to also allow debuggers to step into.NET framework code.
I had hoped I'd be able to upvote accurate comments like yours but apparently only moderators can.
Slashdot Mirror
Sometimes the lack of any other god indicator leaves you having to really on that. Imagine if you had to right some javascript that was compatible with IE and another version for Firefox and you used the agent string to determine which code to run. Easy enough. Now imagine a hypothetical world where the agent string doesn't exist and you instead have to use some other identifier like the company name. As a developer you would probably know it was bad to depend on the company name field, but it might be the best you've got.
I would include a glider from John Conway's Game of Life
I pity the fool that gets owned by his TOS.
Indeed!!!! And on top of that Android's architecture is such that the user knows exactly what access a program will have whenever it is installed. That is how they were able to produce this report, because every program has to request those granular permissions. Really the is a demonstration of why android's operating system is great for security, because on a desktop platform, when you install a program, you don't know what it is going to try and do, whereas on Android you know exactly what access it will have.
No where does that article you link to come close to stating that "20% of Android apps are malicious." It states that 20% of applications have access to private data. So if to you that is the definition of malicious, then, for example, every email client in the world is a malicious. Having access to do is not the definition of malicious. It only becomes malicious when that access is misused. This is the second time I've seen a slashdot post that totally misquotes this article. Until itwbennett learns some basic reading comprehension skills, they should stay away from the keyboard and stop spreading misinformation.
There is a list of all the accesses the application will have before you install the app, or any update to the app as well.
Very true. When you install an android app or an update it always tells you exactly what access the application will have before you install it. So android users who are paying attention to what they are doing already know what their apps have access to. Additionally, to say the apps "expose" private data is very misleading, when the report only shows what apps have access to. If the app isn't compromising the data, transmitting it off the phone, and contains no vulnerabilities/features that allow remote access to the data, then the app is not "exposing" the data. So in a nutshell the access an app has does give it a potential to expose data, but to say that all 1/5th apps that have that access also expose the data is simply false. The author of the post probably knows this, but he knew it'd get more attention if he said the apps expose the data rather than saying they have access to it.
That's a funny coincidence. Bluecherry is the same people I bought my home surveillance equipment from. They actually have a neat little linux LiveCD that you can get for testing your hardware once you receive it. They also indicate which of their hardware is compatible with ZoneMinder, a open source linux app I use for surveillance. I really was happy with the service. I know this probably sounds like an advert, but if I have good experience I want others to know about it.
Ok, so I didn't reallize a different link explained what was going on... "A PIC 18F2550 fills an EEPROM with values, and then verifies the content. Each successful write-verify cycle adds one to the counter display." So each count represents all sectors having successfully been written to. So this is a pretty great test, since it will show us how long until the first sector fails. This actually means a larger chip would be more likely to fail sooner because more sectors would mean more opportunities for failure.
It's not a single chip that is supposed to last a million cycles, but a single sector, unless you wrote to the entire chip in one cycle. I'm really curious about what the counter is actually counting. We would need to know some more details about how the chip is being written to to determine if this is a count of writes across the chip, or if they are to a single sector. What if they are writing a single byte repeatedly, then a 1gb chip+wear leveling could sustain something like 1,000,000,000,000,000 writes, (1,000,000,000 bytes each written to 1,000,000 times). I'm sure there is more to it than that. My point being the methodology of this experiment is unclear to me. I didn't see any information on the live stream site that linked to any information on the methodology.
My friend was at the doctor's office for a sprained ankle and witnessed the nurse Google sprained ankle treatments!
Well that makes sense. I have looked at lots of companies that have been successful for a long decades and still don't pay dividends. So even when you are talking about long term investments in valuable companies, I guess it is still a gamble on whether or not they ever choose to offer dividends. If there were some kind of conditional guarantee written into the stock that says, "if we make X profits you get Y in dividends" then the stock's value would be more directly tied to the company's profits. You, as an investor providing them with capital, would share in their success.
I have kind of an off topic question. How is a stock's value tied to a company's performance? If a stock's value is based purely on the demand for the stock and what other's bid for it, what incentive do they have to buy the stock? It's almost like I am buying a turd under the pretense that someone else will be stupid enough to come along and buy that turd for more money. All the explanations of stock price I see seem to have no relation to the value of the company, except in those cases where the company pays a dividend. So for non-dividend paying stocks why would there be a demand for the stock? Why do people want to own the stock other than to hope someone else will want it more?
I totally agree. I created a Slashdot account just so I could try and bring some sanity to this totally misinformed discussion. The Reference Source was never intended, nor was it ever marketed as an open source project. It was released to fill a very specific need, which is to allow users of the framework to better understand the framework and to also allow debuggers to step into .NET framework code.
I had hoped I'd be able to upvote accurate comments like yours but apparently only moderators can.
What do you mean no source code? It's right there on the site for download. It's a reference, not an open source project.