Ralph Corderoy <ralph@inputplus.co.uk> wrote:
> Take the closed-source API client. How does it ‘make reasonable efforts
> to prevent and discourage other API Clients from using your
> credentials’? It's not shipping source, but does embedding it somewhere
> inside an ELF executable count as reasonable? I disassemble machine
> code a lot, so perhaps it's only reasonable if they make some effort to
> disguise it?
I agree. It's a bullshit security design.
A secret that is installed on every phone that has some app, and every
windows platform? Ridiculous.
> Or, we ship a proprietary closed-source blob, or download it if it's not
> present, and lo, we've set the bar as high as those closed-source
> shippers.
uhm, yeah.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature