[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Cory Doctorow, right again

Subject: [ale] Cory Doctorow, right again
From: ghostfreeman at gmail.com (Cameron Kilgore)
Date: Fri, 16 Mar 2012 14:40:00 -0400
In-reply-to: <1331922299.9652.147.camel@dellberry>
References: <CADT30qV6md2u4njsKpgOnF3nX5ModG_8SbX8Udu5j1ocg-KwMA@mail.gmail.com> <CAAt=rgBx=g-yejxb_0kWgodfZEAnsANAvaGKFgTajjDr5Mp0PA@mail.gmail.com> <[email protected]> <CAAt=rgDBp2ApsbVxDTwRhgZeih9XYaB22TsGRzMMKAMj7Tafgg@mail.gmail.com> <[email protected]> <CAAt=rgDrjf2U2zqfxn3SMd6nskLjmkTg8x=rf86vv0-7ABEj1A@mail.gmail.com> <1331922299.9652.147.camel@dellberry>

It wouldn't matter on Android either as there is no mechanism to test the
.apk or .dex of an open-source app on the "Play Store" against the
repository build's SHA-1.

Or is there?

--Cameron <http://ghostfreeman.net>


On Fri, Mar 16, 2012 at 2:24 PM, Tim Watts <tim at cliftonfarm.org> wrote:

> I thought Apple's "good reason" for the AppStore restriction was that
> you knew you were getting safe software from a reliable source.  So the
> price you paid in your freedom was supposed to be worth it.  Turns out,
> not so much.  Turns out, the cost to your freedom is mainly for Apple's
> profits.  Now this still doesn't necessarily make FOSS safer but if I
> wanted an app and I knew of a FOSS version that I trusted but wasn't
> available on the AppStore then too bad for me.
>
>
> On Fri, 2012-03-16 at 14:02 -0400, James Sumners wrote:
> > Which all boils down to exactly what I said. Either ignore installing
> > third party software altogether, or do the best you can with the time
> > you have. The argument that open source is safer because you,
> > yourself, can look at the code before installing it is ludicrous. If
> > you have the time to do that for _every_ piece of software you
> > install, then you must not be doing anything else.
> >
> > On Fri, Mar 16, 2012 at 13:42, mike at trausch.us <mike at trausch.us> wrote:
> > > On 03/16/2012 01:29 PM, James Sumners wrote:
> > >> It has applications that are shipped with it. And you can use webapps
> > >> all day long. You don't _have_ to use the AppStore. But if you do use
> > >> it, then you still have to decide if you trust the developer. If you
> > >> install something that seems scummy in the description (poorly
> > >> translated descriptions, bad reviews, etc.) then that's on you. It
> > >> isn't the fault of anyone, or anything, else.
> > >
> > > And what if you install a highly-rated, seemingly legitimate app that
> > > does things that you aren't aware of because you have no way to
> possibly
> > > be aware of them?
> > >
> > > There are security concerns with any application software on any
> > > platform or device that are a mile long and simply cannot be addressed
> > > by the average user.  These problems will likely never go away, unless
> > > the entire world moves to a model where the source code for all
> software
> > > becomes generally available.  And even then, you have the problems that
> > > were discussed in ?Reflections on Trusting Trust? (a very worthwhile
> > > read if you haven't), making it almost completely impossible to sanely
> > > be able to settle on any level of trust in software.  One would have to
> > > take a copy of a (as Thompson calls it) "bugged" binary and examine it
> > > on a system that is known to not be bugged.
> > >
> > > I don't know about you, but I don't have the means to create a
> > > completely isolated environment in which to be able to assert such
> > > levels of trust.  At least not yet; it would be possible to do but it
> > > would not be really doable without a great deal of time, effort and
> money.
> > >
> > > And even then, who would be insane enough to trust anyone else to
> create
> > > such a thing for them?  :-)
> > >
> > >        --- Mike
> > >
> > > --
> > > A man who reasons deliberately, manages it better after studying Logic
> > > than he could before, if he is sincere about it and has common sense.
> > >                                   --- Carveth Read, ?Logic?
> > >
> > >
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://mail.ale.org/mailman/listinfo/ale
> > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > http://mail.ale.org/mailman/listinfo
> > >
> >
> >
> >
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120316/8aef47cc/attachment.html

References:
- [ale] Cory Doctorow, right again
  - From: hooterpincher at gmail.com (Charles Shapiro)
- [ale] Cory Doctorow, right again
  - From: james.sumners at gmail.com (James Sumners)
- [ale] Cory Doctorow, right again
  - From: mike at trausch.us (mike at trausch.us)
- [ale] Cory Doctorow, right again
  - From: james.sumners at gmail.com (James Sumners)
- [ale] Cory Doctorow, right again
  - From: mike at trausch.us (mike at trausch.us)
- [ale] Cory Doctorow, right again
  - From: james.sumners at gmail.com (James Sumners)
- [ale] Cory Doctorow, right again
  - From: tim at cliftonfarm.org (Tim Watts)

Prev by Date: [ale] Cory Doctorow, right again
Next by Date: [ale] Cory Doctorow, right again
Previous by thread: [ale] Cory Doctorow, right again
Next by thread: [ale] Cory Doctorow, right again
Index(es):
- Date
- Thread