On 2/20/07, Paul Klapperich <[EMAIL PROTECTED]> wrote:
How many mobile phones have you found that provide unfettered access to 3rd party applications?
Symbian mobile phones. Windows mobile phones. Palm mobile phones. Any phone with java. They don't provide 'unfettered access' but they certainly allow one to install a tcp/ip server on them.
On 2/20/07, Simon Budig <[EMAIL PROTECTED]> wrote: > *If* you install an internet service, then you know about it. Then you > can also judge on how to secure it. If you cannot do it then simply > don't install this service and you're fine. That's true. I accept the risk and would like to secure it. How the hell am I supposed to do that without a firewall?
A firewall will allow you to restrict access to the internet tablet from specific IPs. That's all. Any TCP/IP service that doesn't have a decent authentication mechanism shouldn't be installed on the tablet in the first place. Relying on IP based whitelists/blacklists is not a reliable technique authentication. If you install SSH, use ssh-keys. If you install canola, only allow local access. You simply should not be installing an application that does not allow for decent authentication !
Nokia really doesn't have to do anything to "guarantee" that 3rd party apps are safe, but I would certainly trust the integrity an official iptables compiled by Nokia. They certainly have something to loose by somehow subverting it, so I would trust it. And as it really wouldn't take anything more than a checking the option in the kernel config before building, I really don't think this is any additional burden to them. Hell, for all I care they could leave iptables unconfigured. Power users, Linux users, and IT Staff should have no problem setting it up. There's no reason to include a gui or do anything beyond compiling it into the kernel and releasing it as part of an update/new OS image. Absolutely no customization should be needed. Can you give me ANY argument against including iptables beyond the argument that you don't feel it's necessary or that you somehow think Nokia would have to spend more than 5 minutes on this?[1] I'm sure this is why Zora didn't feel bothered to make an actual argument; there's no argument on the other side.
I'm sure it would be reasonably straightforward, just rather pointless. Gav _______________________________________________ maemo-developers mailing list maemo-developers@maemo.org https://maemo.org/mailman/listinfo/maemo-developers
