Right - and the article's scenario is that some untrustworthy code has somehow obtained (with or without the user's OK) root access such that it can see the allegedly plaintext data and do something nefarious with it. But fundamentally they're complaining that in that scenario, said code running as root can (gasp) access private data. Well, duh, if they gave it root access, it's game over for local security: that's how root access works.
They say the info is only available if the device has been rooted: the malicious software has root access. And their "solution" is that Google should store the local data in encrypted form. Anyone notice a fundamental flaw in this "solution", or heck, in the assumptions underlying their alleged problem?
If you rooted your device and therefore you disabled the security, what good is encrypting data locally? Any hack worth its salt would... well, I won't elaborate, but to software running as root, by definition, any locally accessible data and software is accessible. (And of course the same goes for an attacker having leisurely physical access to the hardware.) Basic security facts.
Honestly this all strengthens the argument for keeping all sensitive data only & always in the cloud: then the meagre security of your local device (pc, phone, whatever) might well not be the weakest link in the chain. This aspect did get a brief mention in the article, sort of, but it should have been the focus.
I wonder if the ebook sales indicate more precisely what people actually want to read, as opposed to what the marketing machine of bookstores convinces them to buy. (You didn't really think that piles of "our recommended books" or even "best-seller" lists were fair and/or merely the things that bookstore employees liked, did you?)
Of course marketing does affect ebook sales as well, but perhaps not as much as the effect of being in a store and seeing a pile of what's clearly the latest hot seller, the book that everybody is talking about, which obviously you should buy. Not to mention that the selection in a physical store is so limited, which thus skews sales toward what is already selling well (whether fairly or not).
Well, um, I have to admit that we are indeed given ice cream too. Ben & Jerry's "Fairly Nuts" is my current favorite, though their Chocolate Fudge Brownie is a close second. Luckily the freezer is on the floor above mine so I always walk up the stairs to work off the calories in advance. That works, right??
Whatever they decide to do, some people are going to complain. The gmail-based service lets people use POP and IMAP so they can use a different UI if they want. So you've got real flexibility, and a default UI that (in most people's opinions) doesn't suck. So... what was the problem again?
so... which other hackers are you suggesting would have (as their primary goal) to access the Gmail accounts of Chinese human rights activists? Perhaps you should reread http://googleblog.blogspot.com/2010/01/new-approach-to-china.html if you are fortunate enough to have access to it.
The point is China's ongoing surveillance and censorship of its own citizens, which I hope nobody needs extra evidence to believe in.
Gears was a smart way to get important new features into stagnant older browsers (we're looking at you, IE...) and implemented far more quickly than any standards process allows.
Now that those features are in the HTML5 standard, there's no reason to require gears. Until the next round of feature-adding, of course...
According to a disassembly of the bot, there are more than a hundred domain names tried each day. (4 per bot variant, but at least 55 different seeds aka magic numbers.)
Still, it might be worth registering all those domains until someone determines the private key, so a 'good guy' can give the bots a suicide pill.
Yet another company purchasing another completely unrelated company simply because they feel the need to dump their cash somewhere. In te end, one company always ends up dragging the other down.
Yup, my first thought was "we're now a floor wax and a dessert topping!"
You're confusing 5.x with 6.x. There's really no such thing as a "native OS5" app. 99% of apps you use today on a Palm OS 5 device are 68k applications, running inside something called PACE (Palm Application Compatibility Environment... a thin 68k emulator on top of the real OS.)
It is native Palm OS 6 applications which would need a recompile. The native code which you can find in optimized apps running on 5.x ought to be fine on Palm OS for Linux since that'll use an ARM processor just like Palm OS 5.x.
Yes, the plan is to use the same 68k emulator that has been present since Palm OS 5.0. Very fast and successful; users don't realize that nearly all of their app code is being emulated. (Yes I work at PalmSource...)
Slashdot Mirror
Right - and the article's scenario is that some untrustworthy code has somehow obtained (with or without the user's OK) root access such that it can see the allegedly plaintext data and do something nefarious with it. But fundamentally they're complaining that in that scenario, said code running as root can (gasp) access private data. Well, duh, if they gave it root access, it's game over for local security: that's how root access works.
They say the info is only available if the device has been rooted: the malicious software has root access. And their "solution" is that Google should store the local data in encrypted form. Anyone notice a fundamental flaw in this "solution", or heck, in the assumptions underlying their alleged problem?
If you rooted your device and therefore you disabled the security, what good is encrypting data locally? Any hack worth its salt would... well, I won't elaborate, but to software running as root, by definition, any locally accessible data and software is accessible. (And of course the same goes for an attacker having leisurely physical access to the hardware.) Basic security facts.
Honestly this all strengthens the argument for keeping all sensitive data only & always in the cloud: then the meagre security of your local device (pc, phone, whatever) might well not be the weakest link in the chain. This aspect did get a brief mention in the article, sort of, but it should have been the focus.
I wonder if the ebook sales indicate more precisely what people actually want to read, as opposed to what the marketing machine of bookstores convinces them to buy. (You didn't really think that piles of "our recommended books" or even "best-seller" lists were fair and/or merely the things that bookstore employees liked, did you?)
Of course marketing does affect ebook sales as well, but perhaps not as much as the effect of being in a store and seeing a pile of what's clearly the latest hot seller, the book that everybody is talking about, which obviously you should buy. Not to mention that the selection in a physical store is so limited, which thus skews sales toward what is already selling well (whether fairly or not).
Well, um, I have to admit that we are indeed given ice cream too. Ben & Jerry's "Fairly Nuts" is my current favorite, though their Chocolate Fudge Brownie is a close second. Luckily the freezer is on the floor above mine so I always walk up the stairs to work off the calories in advance. That works, right??
Whatever they decide to do, some people are going to complain. The gmail-based service lets people use POP and IMAP so they can use a different UI if they want. So you've got real flexibility, and a default UI that (in most people's opinions) doesn't suck. So... what was the problem again?
so... which other hackers are you suggesting would have (as their primary goal) to access the Gmail accounts of Chinese human rights activists? Perhaps you should reread http://googleblog.blogspot.com/2010/01/new-approach-to-china.html if you are fortunate enough to have access to it.
The point is China's ongoing surveillance and censorship of its own citizens, which I hope nobody needs extra evidence to believe in.
Gears was a smart way to get important new features into stagnant older browsers (we're looking at you, IE...) and implemented far more quickly than any standards process allows. Now that those features are in the HTML5 standard, there's no reason to require gears. Until the next round of feature-adding, of course...
Still, it might be worth registering all those domains until someone determines the private key, so a 'good guy' can give the bots a suicide pill.
-David
Yup, my first thought was "we're now a floor wax and a dessert topping!"
No comment.
You're confusing 5.x with 6.x. There's really no such thing as a "native OS5" app. 99% of apps you use today on a Palm OS 5 device are 68k applications, running inside something called PACE (Palm Application Compatibility Environment... a thin 68k emulator on top of the real OS.)
It is native Palm OS 6 applications which would need a recompile. The native code which you can find in optimized apps running on 5.x ought to be fine on Palm OS for Linux since that'll use an ARM processor just like Palm OS 5.x.
Yes, the plan is to use the same 68k emulator that has been present since Palm OS 5.0. Very fast and successful; users don't realize that nearly all of their app code is being emulated. (Yes I work at PalmSource...)