Hacker News new | ask | show | jobs
by pramodliv1 3722 days ago
Also, since the code is open sourced (https://github.com/wikimedia/apps-android-wikipedia), I guess they get the benefit of the doubt?
3 comments
lern_too_spel 3722 days ago
Exactly. Their explanation for requesting the permission looks reasonable, and the source code confirms that they aren't using it for anything else. Wikimedia did nothing wrong here, and OP is getting worked up over nothing. If he wants better assurances, he should use a better phone.
link
dredmorbius 3722 days ago
OpenSSL was open sourced. That worked out real well.

It's not being open sourced that leads to secure, well-behaved software.

It's being well-behaved, secure software. Which, among other properties, means following the principles of least privilege and least capability. See the OpenBSD project for more on that philosophy.

link
noobermin 3722 days ago
As someone else mentioned, open source is not a golden bullet. But, it being open source led tot he discovery of the bug and the fix, right?
link
Nullabillity 3722 days ago
This isn't C we're talking about. You don't magically expose random memory with Java code.
link
dredmorbius 3722 days ago
Tool choice may improve security. See again OpenBSD, which has specifically rewritten parts of the C library to avoid classes of bugs.

That said, Java has a markedly less-than-perfect record.

link
dredmorbius 3722 days ago
And, in related news, Pwncloud:

https://blog.hboeck.de/archives/880-Pwncloud-bad-crypto-in-t...

link