On Sat, 19 Nov 2011 12:10:15 +0100 Anders Rundgren wrote: > It would be nice to understand what Google will do in the future w r t > platform language.
They've started enough of their own under apache licenses. Hopefully something that avoids Just In Time Executions but I doubt that will happen with the need for easy apps, though it's apparently always trivial to avoid JIT if you have the apps source code. The browsers are getting worse at requiring these things too, except Opera which works by default, unfortunately it's closed source and doesn't render web pages the same as most browsers, damn it. (requiring JIT by default is likely due to the rediculous stats focussed on faster javascript rather than rendering and so JIT tracemonkey with tens of sites running pointless tracking javascript etc. which any knowledgeable person disables anyway of course.) Ever tried running Firefox and Chromium on x86 with Pax's mprotect, doesn't even start when it used to just disable some insecure flash, even turning JIT options off doesn't work anymore with fx libGl and chromiums TEXT relocation. I guess mprotect is one very important security mechanism that's not even an option for mobiles. I believe SELinux has an mprotect and so if used properly then likely issues with JIT too. Still atleast a Unix-like OS has so much market share even if it is reduced to a very distant relative. ;-). It was mentioned recently about the need for a middleman daemon for iptables. Surely this is just unnecessary work when you would reduce the attack surface and memory usage anyway with the traditional unix method of load from editable protected config during boot, you could even use traditional unix tools to add realtime functionality via a specified user in minutes, removing the primary reason for people reducing their security through rooting. Android is great in many ways and especially for the price but some of the oversights like business and personal contact groups and lack of iptables are baffling. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
