Active Topics
-
Firefox with Leste (10)
to Maemo 7 / Leste by teroyk - 3 days ago - more...
|
2015-11-15
, 23:31
|
|
Posts: 1,548 |
Thanked: 7,510 times |
Joined on Apr 2010
@ Czech Republic
|
#52
|
Originally Posted by pichlo
My background (at least for the last few years) has been working on the Fedora and Red Hat Enterprise Linux installer. While that that's not directly security related I'd like to note that RHEL (which is used in some very important and sensitive environments, such as banks or stock exchanges) is fully open source, which is very important for security. (and sorry if this sounds like an add - that's definitely not the intention!)
Our views on security may differ too. Sorry if I got this wrong but I understand that your background is in the academia. That is very different from mine, which is computer security.
Originally Posted by pichlo
Internal configuration details, signing & private keys should of course stay (very!) private. But as for security sensitive code - that should be open source a widely reviewed before use. Also one should preferably not write such code from scratch but use a widely reviewed established open implementation if possible.
In your background, the default is sharing. In mine, it is assuming that everyone is an attacker and giving away as little as possible.
Originally Posted by pichlo
Sure, that's basic security - it makes bruteforce password cracking harder as you can't use failed login attempts for login validity checking. Related security measures for authentication you should also only store salted password hashes, introduce delays to prevent brute forcing, block login or show captcha after a given number of failed attempts, refuse weak passwords during registration, allow very long passwords (so people can use secure password managers) and ideally support two factor authentication.
One example: you know how, when you mistype your credentials at a login prompt, the usual response is, "the username or password is wrong". And you go all berserk, "why don't you tell me which one it is, you ***** ****?" The answer is that telling you could give the attacker too much information.
But that still does not contradict the implementation being open source in any way.
Originally Posted by pichlo
I'm sure they also stored your password in plaintext and sent it unencrypted through email if requested over the "lost password link".
I once closed my account for that very reason. It was with my mobile operator. To manage your account online, you could create an account and choose your username and password. Later on they changed it and made my phone number my username and I said no way. My phone number is public and this change made the link between my account and me immediately obvious.
__________________
modRana: a flexible GPS navigation system
Mieru: a flexible manga and comic book reader
Universal Components - a solution for native looking yet component set independent QML appliactions (QtQuick Controls 2 & Silica supported as backends)
modRana: a flexible GPS navigation system
Mieru: a flexible manga and comic book reader
Universal Components - a solution for native looking yet component set independent QML appliactions (QtQuick Controls 2 & Silica supported as backends)
 |
|
2015-11-15
, 23:36
|
|
Posts: 2,448 |
Thanked: 9,523 times |
Joined on Aug 2010
@ Wigan, UK
|
#53
|
P.S. I own one N900.
__________________
'Men of high position are allowed, by a special act of grace, to accomodate their reasoning to the answer they need. Logic is only required in those of lesser rank.' - J K Galbraith
My website
GitHub
'Men of high position are allowed, by a special act of grace, to accomodate their reasoning to the answer they need. Logic is only required in those of lesser rank.' - J K Galbraith
My website
GitHub
| The Following 5 Users Say Thank You to marxian For This Useful Post: | ||
|
|
2015-11-18
, 00:59
|
|
Posts: 2,448 |
Thanked: 9,523 times |
Joined on Aug 2010
@ Wigan, UK
|
#54
|
On the subject of QML, all of these running applications are using QML with no performance issues:
If Maemo5 can do it on the N900 with only 256MB RAM, there is no excuse for a more modern device with 1GB.
If Maemo5 can do it on the N900 with only 256MB RAM, there is no excuse for a more modern device with 1GB.
__________________
'Men of high position are allowed, by a special act of grace, to accomodate their reasoning to the answer they need. Logic is only required in those of lesser rank.' - J K Galbraith
My website
GitHub
'Men of high position are allowed, by a special act of grace, to accomodate their reasoning to the answer they need. Logic is only required in those of lesser rank.' - J K Galbraith
My website
GitHub
| The Following 8 Users Say Thank You to marxian For This Useful Post: | ||
|
|
2015-11-18
, 12:47
|
|
Posts: 1,100 |
Thanked: 2,797 times |
Joined on Apr 2011
@ Netherlands
|
#55
|
Talking about FUD: thanks for actually supporting statements with test cases. It adds so more value than a simple "QML is a resource hog" claim
| The Following 3 Users Say Thank You to ade For This Useful Post: | ||
 |
|
2015-11-18
, 14:05
|
|
Posts: 6,447 |
Thanked: 20,981 times |
Joined on Sep 2012
@ UK
|
#56
|
I stand corrected.
So if not QML, what else is Jolla's excuse?
So if not QML, what else is Jolla's excuse?
__________________
Русский военный корабль, иди нахуй!
Русский военный корабль, иди нахуй!
|
|
2015-11-18
, 14:31
|
|
Posts: 1,548 |
Thanked: 7,510 times |
Joined on Apr 2010
@ Czech Republic
|
#57
|
Originally Posted by pichlo
AFAIK the biggest issue is due to the V8 Javascript engine (of the Google Chrome fame) being replaced by the custom V4 engine written by the Qt developers themselves. From the Qt 5.2 release notes:
I stand corrected.
So if not QML, what else is Jolla's excuse?
The most significant change in QtQml is the new V4 JavaScript engine that replaces the V8 engine from Google Chrome. The new engine is optimized for QML use cases and can optionally have JIT (Just-In-Time) compilation turned off in order to comply with restrictions on the iOS and WinRT platforms. Because this is a significant change, I expect there may be some subtle incompatibilities in this release and I encourage you to test carefully any significant JavaScript code you might have.
It could very well be that the situation has improved since Qt 5.2, but I
m afraid Jolla might have got a bit too scared by that major Qt version update or might just not see it as a priority for now, thus keeping the current unfortunate status quo.
Oh and I have 2 N900s - I bought the first one and won the second on in one of the Coding Competitions with modRana.
__________________
modRana: a flexible GPS navigation system
Mieru: a flexible manga and comic book reader
Universal Components - a solution for native looking yet component set independent QML appliactions (QtQuick Controls 2 & Silica supported as backends)
modRana: a flexible GPS navigation system
Mieru: a flexible manga and comic book reader
Universal Components - a solution for native looking yet component set independent QML appliactions (QtQuick Controls 2 & Silica supported as backends)
| The Following 3 Users Say Thank You to MartinK For This Useful Post: | ||
|
|
2015-11-18
, 15:47
|
|
Posts: 6,447 |
Thanked: 20,981 times |
Joined on Sep 2012
@ UK
|
#58
|
Ha! So it is QML after all! Not QML as such but its Qt 5.2 implementation. And marxian's examples do not suffer the issue because they are older
Back to the topic, I have three N900s:
I had one more that I sold to a fellow TMOer a while ago. All 4 have a reinforced USB port and a replaced bupbat.
Back to the topic, I have three N900s:
- In a white replacement housing. I carry it with me all the time, even though I now use Jolla as my main phone (for no other reason than the new SIM card comes with a better call plan but I cannot swap it back because of the incompatible sizes).
- In pristine condition in its box.
- With some hardware problem, can't remember what it was.
I had one more that I sold to a fellow TMOer a while ago. All 4 have a reinforced USB port and a replaced bupbat.
__________________
Русский военный корабль, иди нахуй!
Русский военный корабль, иди нахуй!
|
|
2015-11-18
, 16:26
|
|
Posts: 27 |
Thanked: 37 times |
Joined on Jan 2012
|
#59
|
Originally Posted by enne30
I'm in a similar position. I've ordered a refurbished N9 from China (having accepted that my finances were not going to stretch to a Jolla and TOHKBD any time soon). Once it arrives, I'll have a second attempt at resoldering the N900's USB post: it's been over three years since I charged a battery *inside* the device!
Btw, I was looking for a used Jolla or N9 as a backup phone to my N900...at this time only thing annoying me about my 5 year old N900 is microb getting older with new web standards and no good replacement in the near(?) future
I've been reluctant to go poking around with my soldering iron again as if anything went wrong I'd be rolling back to an E71 as a day-to-day phone. The Symbian stock browser makes microb look like the best thing since sliced bread!
| The Following User Says Thank You to kazzie For This Useful Post: | ||
 |
|
2015-11-18
, 17:50
|
|
Posts: 290 |
Thanked: 738 times |
Joined on Mar 2008
@ .pl
|
#60
|
@pichlo: you can put micro and nano sim in the n900, if you want cheap adapter just buy some prepaid card with the cutouts and use them (here one can be had for ~2usd)
__________________
oscp - media player with network remote and almost no dependencies (pc/lin/win/maemo(n8x0/n900), x86/x64/armel/armhf) - http://talk.maemo.org/showthread.php?t=94590 - if you like it, tell others.
contact with me: #osc or #maemo on freenode/ircnet or /query KotCzarny
oscp - media player with network remote and almost no dependencies (pc/lin/win/maemo(n8x0/n900), x86/x64/armel/armhf) - http://talk.maemo.org/showthread.php?t=94590 - if you like it, tell others.
contact with me: #osc or #maemo on freenode/ircnet or /query KotCzarny
| The Following User Says Thank You to KotCzarny For This Useful Post: | ||
 |
| Tags |
| n900 anonymous, nokia n900 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
All times are GMT. The time now is 13:26.
@MartinK, I just see a difference between saying, "here is the source, build it yourself, improve it and submit amendments if you wish" and, "here is the source, run it". You may not see the difference because your code is the source. Mine isn't. I have successfully avoided scripting languages for 25 years. I appreciate there is a place for them but they are just not for me.
If you want to write your code as a script, write it as a script. QML is IMO a horrible mishmash and is neither here nor there.
Our views on security may differ too. Sorry if I got this wrong but I understand that your background is in the academia. That is very different from mine, which is computer security. In your background, the default is sharing. In mine, it is assuming that everyone is an attacker and giving away as little as possible.
One example: you know how, when you mistype your credentials at a login prompt, the usual response is, "the username or password is wrong". And you go all berserk, "why don't you tell me which one it is, you ***** ****?" The answer is that telling you could give the attacker too much information. I once closed my account for that very reason. It was with my mobile operator. To manage your account online, you could create an account and choose your username and password. Later on they changed it and made my phone number my username and I said no way. My phone number is public and this change made the link between my account and me immediately obvious.
Русский военный корабль, иди нахуй!