On Sun, Feb 27, 2011 at 11:55 AM, fooler mail <fooler.m...@gmail.com> wrote:
>> the scary thing here is the complete and opaque control m$ has on the >> app and its behavour. thats the main issue i have with this kind of >> security scheme. and how much does it take to have m$ certify the >> binary? when submitting code for certification to nokia i had to pay a >> fee! and one submission is not enough. > > it simply shows you really dont understand wp7 security model... it > provides privileges based on needs rather than hunger...all apps goes > to certification test by microsoft and all apps that are certified are > code signed and goes to market place with least privileged.. > furthermore.. IE mobile browser cannot install and run programs and > plugins from other websites... with all these.. this simply reduce > potential exposure to malware threats as what f-secure agreed while > here you are wildly accussing of malware for the next billion... > so you are attacking me now? dude, im not attacking you. are you sure least priviledge is good enough? look microsoft has smart engineers. for all i know they own the top 10 software engineers in the whole damn world. im sure they thought this through. but this is microsoft. marketing is king. they will force compromises to the model and that will cause a world of hurt. i read a lot of research papers all the time. and a lot of these come from microsoft engineers. heck im writing distributed software right now that uses some protocols invented by leslie lamport of microsoft. really good stuff. >> >> its not personal. its just business. i do my best to defend myself. > > defending yourself? microsoft is not forcing you to adopt their > business and not attacking you... you are simply attacking microsoft > and not defending yourself.. plain and simple... as what i told you .. > you are emotinally atatched to what you hate... > we all do this for our own reasons. so what? i do what i do because i can. you keep replying to this thread because you also have an emotional attachment to your corporate identity which is now inextricably entwined with microsoft for me and a lot of other peoples eyes and that puts you in the crossfire. well im not going to start arguing who started it. its war. i copied ideas from a porsche 911 cylinder head. and porsche dont throw shit at me. i copy apple software ideas and they dont throw shit at me. heck i even helped clone the apple api's and i get help from apple engineers. i joined a project for converting windows document formats and we got a lawsuit! and the arrogant lawyer even told us "yeah i know but can you afford to go to court?" thats microsoft for me. >> well of course. when you can reverse engineer support for api and code >> that you have to buy in the more expensive visual studio version. >> thats really good. but wait, thats illegal... > > simply because you dont respect the intellectual property of others.. > thats why.... > really now. microsoft invented that term. intellectual property. what a joke! you know only big companies benefit from that and the small ones get clobbered by intellectual property. if we had that when the pc was born and ibm enforced the patent and copyright there will be no pc now. oh wait there will be no m$! thats really funny! intellectual property assumes that what other people think belongs to the person who first thought about it. unenforceable dont you think? but thats really a cheap shot dude. i dont even write windows malware. or use pirated stuff. i only sell stuff thats covered by expired patents. just like what every small businesses are doing. only billionaires can use currently patented ideas. >> oh my pc is trusted. its a toughbook with an encrypted hard disk. and >> my servers are hardened as well... oh i got hardened usb drives too. >> that kind that erases its contents when you try to access it with an >> electron microscope! >> >> i am also collaborating with other people on the internet to build my >> own versions of the drive... >> >> i have been in this business for a while you know... > > you are talking about putting your important stuff on the internet and > here you are singing to a different tune... > well thats all you got personal attacks? i buy stuff via internet. i conduct business via internet. the fact that everyone who i do business with dont use windows office documents never ceases to amaze me. but i digress. i even design stuff out in the open by discussion with other interested people via the internet. in fact my way of life depends on the internet. but i dont have to explain myself to you. whether you think im stupid or not does not matter at all. >> >>> that is what windows phone 7 security model is trying to >>> achieve if you *really* understand its security model... >>> >> >> what security model? signed binaries is not a security model. > > hehehehe tell that to any information security people... > i made the same mistake a long time ago. i bragged about my signed binaries to linux and openbsd people and i got tarred and feathered. i learned about security the hard way, dude. i contributed to selinux long before it became a bloated mess and im currently studying a simpler type and domain enforcement for linux. im looking at removing root from the kernel. im looking at implementing domain enforcement in a distributed system. i also studied grsecurity and and openbsd. the type of vitriol you get from those people is really something. i learned about security the hard way. you see? i work really hard at it. i dont flash my paper credentials and slap people around with it. >> sure you >> have separation. sure there is partitioning. it looks good on paper. >> but it will not work out like that in real life. the customer will >> want higher performance and thats the rub. its like the difference >> between watching smooth video and a choppy one. choppy just sucks. > > i guess.. you are just simply a developer... get a better hardware > and higher bandwidth to solve those bottlenecks... dont forget > murphy's law too.. > what are you talking about? you dont know me. you see thats the rub. people assume stuff. better hardware? you mean better than what you are going to put in the wp7 phone? it does not exist. you mean the processor that will make managed code run like native code? it does not exist. good luck! so m$ managed code is as good as native? how? jit compilation? in a phone? hmmmm... it can be done at install time. but how do you prevent people from snagging the image direct from memory eh? oh you got the phone covered by a mesh and epoxy potting material? what happens the customer steps on it? or make mistake when he tries to change the color of the case? or drops it in the toilet when he is talking to the phone when he has a hangover? oh you got online backups? so how many backups? in which server? those servers are behind hardware firewalls? hmmmm... only m$ will own the info? hmmmmm... that can go on and on... im sure you know the details. > like mine right now.. i dont have even a problem running windows 7 > enterprise edition on my ibm thinkpad x201 duo core 4gb ram with SSD > disk... it just like everything runs on a ramdisk... you wont get back > again to ide and scsi disk again once you have this kind of user > experience... > really? mine is good enough thank you. is that the spec on your wp7 phones? you really think thats a really big deal isnt it? i wonder why im doing a lot more stuff with half the horsepower... > >> current processor architectures just cant handle highly secure managed >> code fast enough. only native code will work and only open source code >> can be secure in that environment. > > you really make me laugh of this statement hehehe > i did not grab that statement from thin air. i did not invent that. that was born out of years of talking to people and flame wars and from my own hard work tryng to make an os that worked exactly as c++ objects. on bare metal. that turned me off c++ rather quickly and showed me how inadequate current architectures are for things other than the current kernel centric os. thats exactly why microkernels are hard. -- quarq consulting: agile, open source _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
