Everyone who has commented so far is a regular Liberationtech mailing-list contributor, so I don't see any trolls here. Not that anyone has done it yet but, just in case, please refrain from any personal attacks.
Best, Yosem One of the moderators On Tue, Jan 21, 2014 at 9:26 PM, Andrés Leopoldo Pacheco Sanfuentes < alps6...@gmail.com> wrote: > I don't understand the "troll" stuff.. Can you explain, please? Thanks! > On Jan 21, 2014 11:11 PM, "Paul Ferguson" <fergdawgs...@mykolab.com> > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> On 1/21/2014 8:52 PM, Andrés Leopoldo Pacheco Sanfuentes wrote: >> >> > What is the "value proposition" of changing email client from >> > Gmail? >> > >> >> Please don't feed the troll. >> >> Thank you. >> >> - - ferg >> >> >> >> > On Jan 21, 2014 10:24 PM, "Tony Arcieri" <basc...@gmail.com >> > <mailto:basc...@gmail.com>> wrote: >> > >> > On Tue, Jan 21, 2014 at 6:53 PM, Fabio Pietrosanti (naif) >> > <li...@infosecurity.ch <mailto:li...@infosecurity.ch>> wrote: >> > >> > I just would like to argue that the delivery (download, >> > installation, upgrade) of an Chrome App is far more secure than an >> > native application with an executable installer, due to the trust >> > model of application store and the reduced risks of being >> > hijacked/infected during the download. >> > >> > >> > Yes and no. >> > >> > It's true that Chrome extensions distributed through Google's >> > walled garden are more secure than typing an address into your URL >> > bar. >> > >> > It's true that native applications have wide-ranging capabilities >> > that browser extensions don't. >> > >> > But it's important to keep in mind that browser extensions are >> > fraught with their own problems, and that browsers are complex >> > beasts with even more complex potential interactions between >> > components, the possibilities of which are extremely hard to >> > understand, even by the browser authors themselves. >> > >> > Where browser extensions can fall down is unexpected interactions >> > with web pages and JavaScript running on them. This is a problem >> > that native apps don't have because the browser is attempting to >> > act as a sandbox, so escalating privilege from a JavaScript to >> > access to native code execution is much more difficult than >> > escalating privileges to interact with browser extensions >> > unexpectedly. In this regard, native apps are superior, because the >> > browser is trying to prevent that interaction from happening. >> > Native apps are "airgapped" from web pages in a way browser >> > extensions are not. >> > >> > This is a good talk on the matter, specifically in regard to >> > Chrome: >> > >> > >> http://www.slideshare.net/kkotowicz/im-in-ur-browser-pwning-your-stuff-attacking-with-google-chrome-extensions >> > >> > Don't get me wrong, things are getting better, but we're not >> > completely there yet. >> > >> > -- Tony Arcieri >> > >> >> >> >> - -- >> Paul Ferguson >> PGP Public Key ID: 0x54DC85B2 >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2.0.22 (MingW32) >> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >> >> iF4EAREIAAYFAlLfUwsACgkQKJasdVTchbKpwQD5ARHMTMUwUnt3r3FeeCWvzzB1 >> W+jWmAk/pIvZPOltOf8BAMAiTOu8wbzawNSP8I+svj+TlrlEM13FNJ2ALRamFGqB >> =5BXU >> -----END PGP SIGNATURE----- >> -- >> Liberationtech is public & archives are searchable on Google. Violations >> of list guidelines will get you moderated: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech. >> Unsubscribe, change to digest, or change password by emailing moderator at >> compa...@stanford.edu. >> > > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > compa...@stanford.edu. >
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
