Ralph Corderoy <[email protected]> wrote: > Take the closed-source API client. How does it ‘make reasonable efforts > to prevent and discourage other API Clients from using your > credentials’? It's not shipping source, but does embedding it somewhere > inside an ELF executable count as reasonable? I disassemble machine > code a lot, so perhaps it's only reasonable if they make some effort to > disguise it?
I agree. It's a bullshit security design.
A secret that is installed on every phone that has some app, and every
windows platform? Ridiculous.
> Or, we ship a proprietary closed-source blob, or download it if it's not
> present, and lo, we've set the bar as high as those closed-source
> shippers.
uhm, yeah.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
