On Sun, Feb 27, 2011 at 9:33 AM, Rogelio Serrano <[email protected]> wrote: > On Sat, Feb 26, 2011 at 10:49 PM, fooler mail <[email protected]> wrote: > >>>> >>>> http://www.f-secure.com/weblog/archives/00002097.html >>>> >>>> >>> >>> i know that >> >> really? do you really understand it? > > of course i do, i read it, and i have written code to do the same > thing. in my experience i was able to inspect the code and certifty > it. it works. but i dont think it will work with binary only. no way. > maybe managed code will be secure but i dont think current processor > architectures will allow performance good enough compared to native > code. even in a pc native code is preferred because of performance. > > the scary thing here is the complete and opaque control m$ has on the > app and its behavour. thats the main issue i have with this kind of > security scheme. and how much does it take to have m$ certify the > binary? when submitting code for certification to nokia i had to pay a > fee! and one submission is not enough.
it simply shows you really dont understand wp7 security model... it provides privileges based on needs rather than hunger...all apps goes to certification test by microsoft and all apps that are certified are code signed and goes to market place with least privileged.. furthermore.. IE mobile browser cannot install and run programs and plugins from other websites... with all these.. this simply reduce potential exposure to malware threats as what f-secure agreed while here you are wildly accussing of malware for the next billion... > >> >>> but i have an open source mindset. if i dont see the code its just >>> marketing. >> >> you wont see the code and it is not a marketing.. it is a design decision.... > > thats bad design for so many reasons. nahhh.... because you simply dont understand the secuirty model design... > >> >>> and its still an environment under the tight grip of microsoft. and i >>> want to protect myself and my way of life from a company that is so >>> determined to wipe out everything that does not agree with their way >>> of doing things. >> >> do you believe in choice? if you dont like their business model.. stay >> away with it.. you have your own choice.. dont emotionally attached to >> what you hate... instead.. intelligently attached to what you love >> most and be productive... >> > > haha! this is so cliche! asking which prison i would rather be locked > in? its like askng me whether i would rather be in north korea or > iran! > > its not personal. its just business. i do my best to defend myself. defending yourself? microsoft is not forcing you to adopt their business and not attacking you... you are simply attacking microsoft and not defending yourself.. plain and simple... as what i told you .. you are emotinally atatched to what you hate... > >>> the development tools are free. but somehow i dont think those are >>> enough to develop useful apps... >> >> the quality of apps depends on your quality of thoughts...it depends >> on your creativity irregardless of what tools you have... >> > > well of course. when you can reverse engineer support for api and code > that you have to buy in the more expensive visual studio version. > thats really good. but wait, thats illegal... simply because you dont respect the intellectual property of others.. thats why.... > >>> but then who cares? most windows people i know think that the internet >>> and computers are inherently insecure that they "dont put important >>> stuff in it". they think im stupid for doing all my important stuff >>> over the internet. for them malware is a fact of life. >> >> if you put your own personal porn scandal materials (ala hayden kho), >> credit card details, servers passwords and other confidential and >> secret document without encryption in an untrusted place.. then you >> are stupid... > > oh my pc is trusted. its a toughbook with an encrypted hard disk. and > my servers are hardened as well... oh i got hardened usb drives too. > that kind that erases its contents when you try to access it with an > electron microscope! > > i am also collaborating with other people on the internet to build my > own versions of the drive... > > i have been in this business for a while you know... you are talking about putting your important stuff on the internet and here you are singing to a different tune... > >> that is what windows phone 7 security model is trying to >> achieve if you *really* understand its security model... >> > > what security model? signed binaries is not a security model. hehehehe tell that to any information security people... > sure you > have separation. sure there is partitioning. it looks good on paper. > but it will not work out like that in real life. the customer will > want higher performance and thats the rub. its like the difference > between watching smooth video and a choppy one. choppy just sucks. i guess.. you are just simply a developer... get a better hardware and higher bandwidth to solve those bottlenecks... dont forget murphy's law too.. like mine right now.. i dont have even a problem running windows 7 enterprise edition on my ibm thinkpad x201 duo core 4gb ram with SSD disk... it just like everything runs on a ramdisk... you wont get back again to ide and scsi disk again once you have this kind of user experience... > current processor architectures just cant handle highly secure managed > code fast enough. only native code will work and only open source code > can be secure in that environment. you really make me laugh of this statement hehehe fooler. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
