Re: Has anyone looked at JMAP?

[Michael Richardson]

Ralph Corderoy <ralph@inputplus.co.uk> wrote:
    > Take the closed-source API client.  How does it ‘make reasonable efforts
    > to prevent and discourage other API Clients from using your
    > credentials’?  It's not shipping source, but does embedding it somewhere
    > inside an ELF executable count as reasonable?  I disassemble machine
    > code a lot, so perhaps it's only reasonable if they make some effort to
    > disguise it?

I agree. It's a bullshit security design.
A secret that is installed on every phone that has some app, and every
windows platform?  Ridiculous.

    > Or, we ship a proprietary closed-source blob, or download it if it's not
    > present, and lo, we've set the bar as high as those closed-source
    > shippers.

uhm, yeah.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

signature.asc
Description: PGP signature