Tuesday, March 29, 2011

Unsuscribed - Wired

Recently, Wired have been more of a gossip where it starts to be fond of talking about Private Bradley Manning's private life and personal relations (including rumours possibly unverifiable about him). I decided to unsuscribe from Wired because of the gossiping nature rather than the solid technology reporting nature it once had.

Too bad, Wired, if you want serious tech readers, you gotta be neutral and talk about tech (and not private lives of others like a gossiping newspaper).

Friday, March 25, 2011

How much do I trust android's openness

Despite all the justification Andy Rubins can make about keeping Honeycomb's source codes under wraps (if the article is true), or even in the future or past, I don't really see how open Android is. I have been hoping Android would release the Market's SDK and allow those who do not have Market Place  apps to at least have an API so users could officially connect into Market Place without the risk of third party apps libraries and cloned market places.

Although Android's source codes are open to the public via their public git repository, it's not like the Linux kernel or other open source projects where other parties could simply hop in and join in the development and contribute patches and suggestions.

Most developers could only face the truth of the "take it or leave it" scenario.

I am sure patience are wearing thin for the Android platform and for Google for being open and outright honest about their practises.

For Apple and Microsoft, both of you, don't bother laughing at Google's Android. Apple's iOS and Microsoft's Phone 7 OS is actually so much more close sourced and I would rather term them "Iron Curtain" then Android's "walled garden".

The terms of using the whole or any part of this article post is to properly cite and reference it, and you can use it.

Wednesday, March 23, 2011

How trustworthy is the CA model


Recently a hacker with Iranian IP addresses managed to compromise a partner account at Comodo Group's CA and procured eight legitimate SSL cert for the following 6 respectable domains: mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and login.live.com.

Web browser makers frantically tried to update browsers to exclude the bogus certificates and Mozilla managed to plead with a famous security researcher, Jacob Appelbaum to withold information from public before patches are sent out.

How secure is the CA trust model after all ? Considering the use of TOR network instead of centralised CA ?

Tuesday, March 22, 2011

Sending sensitive emails

For all that has been mentioned in the article above, HTTPS, encrypted archives and files... encrypted file sharing services... there's one thing that's so famous and so well known and common it has forgotten and put to the back burner... PGP/GPG email encryption.

Yup, that's it.

You could sign your PGP/GPG email, encrypt it and voila.... it's secure. If your attachments need to be doubly secured, PGP/GPG could allow you to encrypt your files on your computer Desktop for you and then attach it to your email and encrypt your entire email, sign with a signature and send it out to your lawyer.

There are front ends and email plugins for your PGP/GPG tool and even standalone clients where you paste in a message and it encrypts the message for you and you paste it back into your email editor which does not have PGP/GPG capabilities.

Monday, March 14, 2011

Top 10 best alternative OS

Besides the typical Windows, Mac, Linux trio group of typical OSes people use to some extend, the article contains interesting OSes that those who are daring could give it a try in a virtual machine (VirtualBox or VMware).

Saturday, March 12, 2011

Flickr and Censorship

Like many other famous community based tools like Facebook and Twitter, you do not trust them AT ALL. They have an agenda which is commercialisation. You are better off opening your own website or a Freenet site if you are afraid of censorship and have mirrors.

Monday, March 7, 2011

No Minimize and Maximize for Gnome 3

Is it worth removing the minimize and maximize buttons. We would never know until it's in full production phase. If there is no minimize and maximize buttons, the functions that support minimize and maximize should be easy to use and not cumbersome and elegant.

Another Absurd Judicial Judgement

Corporate America... where the System always supports the Corporations and kowtow-ing to them than protect the Rights of the People.

Oilrush for Linux

Looks not bad... hmmm... finally a good decent game with Linux in mind as a first class citizen unlike Blizzard and other many big game developers who can only see marketing potentials in Windows and Mac.

Linux actually has a huge potential for gaming but it has always been underdeveloped and undermined.

Android with Secure Hashing

As we know, Android have a good amount of trouble with malwares and the primary reason is that the apps are taken from the unofficial marketplaces instead of Android's Marketplace.

Google should seek to quickly release it's protocols for accessing the official marketplace and make an app that anyone can download and install the official marketplace app. An example is the Android version of the Archos tablets where there is no access to official Android Marketplace but some other marketplaces.

Google should also see to provide SHA 256 and SHA 512 hash signatures for every application and provide a hashing tool that would show the users if their application's hash signatures matches.

Google should also consolidate and look over all Android marketplaces and may need to move in the direction like Apple's Appstore to establish a central final authority but Google should be like a benevolent dictator. This would solve most of the headaches of becoming splintered and allowing bogus apps or apps that have been deliberately modified from the original and pass off as a copy of the real app, to harm others, be nearly impossible with the use of a central authority.

Hosting hacking competitions and more open research and discussion that can be conveniently accessed by the general public would allow better discovery of bugs and exploits. 

By following Linux kernel development's footstep which actively exposes it's development in real time and allowing the community a piece of the pie to research and contribute would really enhance Android. 

The Android development team within Google would not be enough. Tapping into the power of community development and listening to the community would proof to be the wisest decisions.

In the end, Android's malware exploits are mostly caused by Google's own undoing for the above I have stated and partly caused by malicious minded people who are out to make a quick bug and harm others, not regarding the privacy and safety of others.