Home » 2015 » April (Page 3)

Facebook 提供 Android 效能分級的函式庫

一樣是在 OSNews 上看到的,Facebook 提供了一套 Library,可以將 Android 裝置依照年份分類:「Facebook's simple trick for serving many different Android devices」,原始報導是「Facebook's simple trick for serving so many different Android devices」。

可以在 GitHub 上的「Device Year Class」看到如何使用的範例程式碼:

int year = YearClass.get(getApplicationContext());
if (year >= 2013) {
    // Do advanced animation
} else if (year > 2010) {
    // Do simple animation
} else {
    // Phone too slow, don't do any animations
}

寫起來感覺沒什麼節操,但很實用 XDDD

Nokia 以 166 億美金買下 Alcatel-Lucent

在「Nokia to acquire Alcatel-Lucent」這邊看到的報導,Nokia 以 166 億美金買下 Alcatel-Lucent

Nokia 的新聞稿在「NOKIA AND ALCATEL-LUCENT TO COMBINE TO CREATE AN INNOVATION LEADER IN NEXT GENERATION TECHNOLOGY AND SERVICES FOR AN IP CONNECTED WORLD」這邊。

其中 OSNews 被拿出來講的... 由於 Nokia 將手機部門賣給了微軟,所以 Nokia 其實是不能發展手機的 (應該有時間限制),但是 Alcatel-Lucent 現在手上有:

Nokia is not allowed to make smartphones for a while, but Alcatel-Lucent does make smartphones.

而這是從 HP 買來的 Palm... (所以 Nokia 又要玩什麼花招了 @_@)

Mac OS X 的安全性漏洞:蘋果沒打算修 10.9 以下的版本...

在「Hidden backdoor API to root privileges in Apple OS X」這邊揭露了這個漏洞 (接近於後門的設計)。

10.10.3 修正了這個問題,但沒打算修 10.7.x 到 10.9.x 的版本:

Apple has now released OS X 10.10.3 where the issue is resolved. OS X 10.9.x and older remain vulnerable, since Apple decided not to patch these versions. We recommend that all users upgrade to 10.10.3.

從 2014 年十月發現回報,2015 年一月蘋果建立 CVE-2015-1130,到 2015 年四月才正式修復 10.10.x 的部份:「About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004」。

靠靠,我不想升到 10.10 啊...

FBI 的搜索「創意」被美國法院否決

Zite 上看到「FBI can’t cut Internet and pose as cable guy to search property, judge says」這篇文章,講 FBI 的「創意」被法院給否決。

搜索的手段是這樣發生的。FBI 的人先把網路給剪斷,然後偽裝成修復工人進去搜索:

The Las Vegas court frowned on the FBI's ruse of disconnecting Internet access to $25,000-per-night villas at Caesar's Palace Hotel and Casino. FBI agents posed as the cable guy and secretly searched the premises.

然後就宣稱因為這是被邀請入內,所以搜索是合法的:

The government claimed the search was legal because the suspects invited the agents into the room to fix the Internet.

不過法官顯然不買帳,引用法官的話:

Permitting the government to create the need for the occupant to invite a third party into his or her home would effectively allow the government to conduct warrantless searches of the vast majority of residents and hotel rooms in America,

也就是說,除非當事人明確知道搜索並且同意,不然這種惡搞「同意」的行為並不合法。

RFC7469:Public Key Pinning Extension for HTTP

前幾天的 Standards Track:「Public Key Pinning Extension for HTTP」。

HPKP (HTTP Public Key Pinning) 機制是讓 server 端在第一次連線時告訴 client (像是瀏覽器) Public Key 資訊,也就是建構在 TOFU (Trust-on-first-use):

Key pinning is a trust-on-first-use (TOFU) mechanism. The first time a UA connects to a host, it lacks the information necessary to perform Pin Validation; UAs can only apply their normal cryptographic identity validation. (In this document, it is assumed that UAs apply X.509 certificate chain validation in accord with [RFC5280].)

機制上很像 HSTS (HTTP Strict Transport Security,RFC6797)。依據 Mozilla 的「Public Key Pinning」資料,目前新版的 Google ChromeFirefox 都有支援了。

Archives