SoylentNews is people
SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.
SoylentNews
An engadget story has the following to say about KeePass2 and developer Dominik Reichl:
Think it's bad when companies take their time fixing security vulnerabilities? Imagine what happens when they avoid fixing those holes in the name of a little cash. KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the "indirect costs" of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue. Yes, the implication is that profit is more important than protecting users.
This discussion has been archived.
No new comments can be posted.
Password App Developer Overlooks Security Hole to Preserve Ads
|
Log In/Create an Account
| Top
| 47 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Revenge is a meal best served cold.
(Score: 2) by Pino P on Monday June 06 2016, @05:34PM
Running the insecure OS inside a VM on a secure OS solves incompatibility with applications but not incompatibility with hardware. Good luck getting Bluetooth, Wi-Fi, camera, audio, and suspend working on an ASUS T100TA [debian.org] or X205TA [debian.org] using only free software.
(Score: 2) by NotSanguine on Monday June 06 2016, @07:18PM
Running the insecure OS inside a VM on a secure OS solves incompatibility with applications but not incompatibility with hardware. Good luck getting Bluetooth, Wi-Fi, camera, audio, and suspend working on an ASUS T100TA or X205TA using only free software.
There is such a thing as perfect security. It involves powering off your hardware, unplugging everything and then storing said hardware in a locked vault buried in steel reinforced concrete in your back yard. And then never leave your home long enough to allow someone to breach the concrete and break into the vault. Booby traps would be useful too, I imagine. I'd also recommend lots of lethal weapons and trustworthy mercenaries (so you can sleep once in a while).
Unfortunately, this causes some minor usability issues.
As such the issue isn't making things perfectly secure, rather it's securing your data within budgetary and usability constraints.
If your data is valuable enough, purchasing new hardware that works with the software you build from audited sources yourself (don't forget to audit and build the compiler(s) from source too!) is a small price to pay.
Can you say "cost/benefit analysis"? Sure you can. I knew you could!
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by Runaway1956 on Monday June 06 2016, @07:28PM
If you purchased hardware that is incompatible with a more secure operating system, then you have done things so very wrong already, that there is little hope for you.
Seriously, before I purchase any components to go into a machine, I check out the support for my preferred operating systems.
Need a car analogy? I'm driving a Ford. I need/want some gadget or another - let's say a James Bond machine gun that mounts in the left rear fender, and fires on pursuing enemies. Do you think I'm going to General Motors for my machine gun? Chrysler? Not only "NO", but "HELL NO!" Mercedes or Suzuki may offer that machine gun with better looking specs, but, dammit, I'm driving a Ford, and I need that damned machine gun to interface with my Ford's computer! I'm going to Ford for my murder and mayhem accessories, thank you very much. Fat lot of good it will do me to purchase Suzuki's superior-looking machine gun, only to find that it will never calibrate precisely with my Found-On-Road-Dead computer.
(Score: 2) by maxwell demon on Monday June 06 2016, @09:48PM
That assumes you've decided on that secure operating system before deciding on the hardware you bought. Which is hardly the case for someone just learning about that secure operating system. They will not buy a new computer just to try it out, they will try to run it on the computer they already have. And which they obviously didn't buy with that operating system in mind.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Runaway1956 on Tuesday June 07 2016, @02:03AM
Well - I'm "someone", and that is exactly what I did. I rapidly got fed up with Windows, so I began researching hardware that was compatible with Linux. I purchase hardware because it is compatible with Linux.
I have this mild contempt for people who don't understand diddly squat when it comes to the computers they buy. It's on par with my mild contempt for people who pay some grease monkey to check the air in the their tires. Some things are so damned simple, there has to be something wrong with you if you fail to grasp the concept. 1+1=2 Windows costs a fair chunk of change out of Joe Sixpack's paycheck, and it's always frustrating him. Linux is free, and it's not any more frustrating than Windows, even through the learning curve. Then it is far less frustrating. Simple, simple, simple.
Back to car analogies - most people want to purchase the vehicle that requires the most scheduled and unscheduled maintenance, right? I say that the most mechanically ignorant person in America who browses the internet, searching for the "most reliable car" or "low maintenance car" and other similar terms is more diligent than the average computer consumer.
(Score: 2) by Pino P on Tuesday June 07 2016, @03:22PM
Linux is free
Only if you already have compatible hardware.
and it's not any more frustrating than Windows
It shifts the frustration to the time of purchase. Someone considering buying a computer, for example, might find it frustrating that the local Best Buy doesn't display whether each particular computer or component that it sells is Linux-compatible, nor does it carry Linux-compatible laptops in some size classes at all. And even if you're willing to buy a laptop sight unseen, without trying its keyboard or screen before you buy, what method do you recommend to search across all manufacturers of laptops in a particular size class for those that happen to be Linux-compatible? I tried looking at individual manufacturers that specialize in Linux, but then I found that System76 doesn't have anything smaller than 14 inches.
(Score: 2) by Pino P on Tuesday June 07 2016, @03:13PM
before I purchase any components to go into a machine, I check out the support for my preferred operating systems.
So in other words, whenever you try a different operating system, you first have to make yourself willing to buy or build a brand new computer in which to run it. Here's a trick(y) question for you: Which warranted 10.1" laptop is fully compatible with a secure operating system?
I'm driving a Ford. I need/want some gadget or another
What do you do when the class of gadget you want is not available for your Ford? Buy a whole new car?
(Score: 2) by Runaway1956 on Tuesday June 07 2016, @08:49PM
Well - I don't do 10", so I've never even looked to see which of them might support Linux. I want a large laptop, the more screen space the better. But, without researching, I alrady know that Android is available on notebooks and tablets, as well as telephones - thus cyanogen mod, and I presume, it's possible to to install Linux on most of those. Android is, after all, based on Linux.
Some gadget is not available for my car? I may buy another car, or I may trade my car in, or I may do without the gadget. Or, I may create the gadget I need. But, chances are, whatever I need is available somewhere. The aftermarket has stuff that Ford never even though about putting on a car, after all.
(Score: 2) by Pino P on Tuesday June 07 2016, @09:31PM
I want a large laptop, the more screen space the better.
I guess our needs differ, as a bag that's more obviously a laptop bag is more likely to attract muggers. So I carry my current Linux netbook in a nondescript satchel. I just worry about what'll replace it once it finally dies.
I alrady know that Android is available on notebooks and tablets [...] Android is, after all, based on Linux.
I guess it depends on how hard it is to bring up X-based desktop applications in a GNURoot [google.com] inside Android. But then this reintroduces the application compatibility barrier, as ARM tablets probably don't run an x86 VM efficiently.
(Score: 2) by Runaway1956 on Tuesday June 07 2016, @10:01PM
Pino, I wasn't sure if you were trolling, or if you were serious. Sorry for being suspicious.
This guy went with an 11" and he seems to be doing well, initially at least - https://www.reddit.com/r/linux/comments/3j6hnb/linux_compatible_netbook/ [reddit.com]
Similar reddit discussion here - https://www.reddit.com/r/linux/comments/4397p8/linux_for_netbook/ [reddit.com]
This looks kind of promising, but I can't find a list of compatible hardware - http://simplicitylinux.org/ [simplicitylinux.org]
The search terms I used return a lot of Chromebooks - I'm not thrilled by the things I've heard about those, but that is a possibility.
I am encouraged that there are discussions on the net, regarding small devices such as you describe. Apparently, you're looking around, and giving some thought to your next laptop, netbook, or whatever now. That's the way to go. Waiting until the day after your device dies to start looking would guarantee a lot more frustration.