Page 27 of 29 « First 172526 27 2829
Reply
Thread Tools
ndi's Avatar
ndi is offline ndi
2010-07-06 , 13:17
Posts: 2,050 | Thanked: 1,425 times | Joined on Dec 2009 @ Bucharest
#261
Originally Posted by ossipena View Post
actually your phone number is sent within headers if gateway is configured that way.
If you mean HTTP_X_UP_SUBNO then it is not known from what I can tell of any actual providers do this. Usually, a hash is used to identify users uniquely without publishing number.

Admittedly, with enough nutcases out there it is doable.

@graham cobb
I voted for sms package, but I feel silly.
__________________
N900 dead and Nokia no longer replaces them. Thanks for all the fish.

Keep the forums clean: use "Thanks" button instead of the thank you post.
 
Matan is offline Matan
2010-07-06 , 13:22
Posts: 1,224 | Thanked: 1,763 times | Joined on Jul 2007
#262
Originally Posted by pelago View Post
As far as I know it would be safe to remove the /usr/bin/cherry executable
Don't worry, this will be fixed in PR1.3.
__________________
My repository

"N900 community support for the MeeGo-Harmattan" Is the new "Mer is Fremantle for N810".

No more Nokia devices for me.
 
eiffel's Avatar
eiffel is offline eiffel
2010-07-06 , 13:40
Posts: 600 | Thanked: 742 times | Joined on Sep 2008 @ England
#263
Running "more" on /usr/bin/cherry shows that it includes this string:

com.nokia.phone.net/com/nokia/phone/netPhone.Netget_current_cell_info

I don't know about this stuff, but does it mean Nokia gets to know where we were when we were forced to register?

Also the first line of the output from 'more' includes the string "GNU". I don't suppose this means that we are entitled to the source?

Sorry if these are false leads. As I said, I don't know how to read the inside of a binary file, but I thought these things were interesting.
 

The Following 4 Users Say Thank You to eiffel For This Useful Post:
pelago's Avatar
pelago is offline pelago
2010-07-06 , 14:17
Posts: 2,121 | Thanked: 1,540 times | Joined on Mar 2008 @ Oxford, UK
#264
Originally Posted by eiffel View Post
Also the first line of the output from 'more' includes the string "GNU". I don't suppose this means that we are entitled to the source?
Thanks for investigating this. Unfortunately "GNU" in a binary file isn't really much to go on. For example, it could just be an artefact from cherry executable being compiled with gcc, which of course doesn't mean we can demand the source.
 

The Following 2 Users Say Thank You to pelago For This Useful Post:
narcisgarcia is offline narcisgarcia
2010-07-06 , 15:43
Posts: 115 | Thanked: 19 times | Joined on Jun 2010
#265
With this command we can see the maintainer:
Code:
apt-cache show cherry
And with this other we can see that it's GPL licensed:
Code:
dpkg --license cherry
 

The Following User Says Thank You to narcisgarcia For This Useful Post:
daperl's Avatar
daperl is offline daperl
2010-07-06 , 17:43
Posts: 2,427 | Thanked: 2,986 times | Joined on Dec 2007
#266
Originally Posted by eiffel View Post
Running "more" on /usr/bin/cherry shows that it includes this string:

Sorry if these are false leads. As I said, I don't know how to read the inside of a binary file, but I thought these things were interesting.
For future reference, check out these commands:

Code:
hexdump -C | less
strings | sort -u | less
objdump | less

and when the binary is not stripped

nm | sort -u | less
WARNING: What follows is not for noobs and may not be optified

If you do the following as root, they'll be available to you:

Code:
echo "deb http://repository.maemo.org/ fremantle/sdk free non-free" >> /etc/apt/sources.list
echo "deb http://repository.maemo.org/ fremantle/tools free non-free" >> /etc/apt/sources.list

apt-get update
apt-get install less
apt-get install binutils
apt-get install bsdmainutils
__________________
N9: Go white or go home
 

The Following 2 Users Say Thank You to daperl For This Useful Post:
lma is offline lma
2010-07-06 , 17:59
Posts: 2,802 | Thanked: 4,491 times | Joined on Nov 2007
#267
Originally Posted by narcisgarcia View Post
And with this other we can see that it's GPL licensed:
Code:
dpkg --license cherry
That option displays the licence of dpkg itself, and any package arguments after it are silently ignored.
 

The Following 3 Users Say Thank You to lma For This Useful Post:
nsjra is offline nsjra
2010-07-08 , 20:19
Posts: 10 | Thanked: 0 times | Joined on May 2010
#268
Originally Posted by ndi View Post
No problem, you shall be enlightened.
I call your bluff. This is a geek forum, many people know how this works. I, for one, can recite HTTP by heart and have, repeatedly, used a telnet client to debug a server. I also routinely dump network traffic at OS level, if Firefox would send odd stuff I'd know by now.
And yet I see your geeks falling to level of local users (losers), whom I so dearly love.
I don't speak HTTP, I have never done, If I ever spoke any working language, that was x86 assembler.
Using telnet to do much more than just HTTP debug is old stuff, I use it for IMAP/SMTP trouble solving almost daily.


Originally Posted by ndi View Post
I realize quite well what is going on. Nothing sent to a HTTP address is a breach of privacy, any more than any other connection. Should you allow your browser/flash/java to send stuff about you that's another story.
Agreed, but still just by opening web-browser you give away your IP, which can be used to dig out more about you, right ?
Heck, I do that thing daily as work.

Originally Posted by ndi View Post
What? I call your bluff again. Please open a darned book, digital or otherwise. WAP is a networking protocol over wireless and smells like any other network protocol. Several sub-protocols under the Wireless Application Protocol implement simplified access, so older, smaller devices can implement a subset of the full internet connection.
No, I won't open any damn book anymore, school ended long ago. I told WAP is old school thing, but it is still widely used for mobile services at least here, and because that protocol is what it is, you atleast could setup your serving server to have all phone information, including your number on logs, before download started.

Originally Posted by ndi View Post
I don't even know where to start. Which WAP service do you think breaches your privacy? I ... is it the simplified HTTP? It's a specialized HTML page, served over TCP/IP. Gateways?
See above ....


Originally Posted by ndi View Post
That makes no sense. I choose who to disclose that info to, and WHAT info since many people have a business phone number to share with companies. Except, of course, when Nokia sends out SMSs while hidden.
You must be lucky, I haven't got any so far ....

Originally Posted by ndi View Post
Stop that. By making a call I disclose my phone number at most, nothing if it's hidden by network. By receiving a call I disclose nothing.
And when you type number one digit wrong and someone answers ?
Do you call after and ask that person to delete all information about previous call ?
What about call you answered was dialed wrong ?


Originally Posted by ndi View Post
Finally, calls are made by me, on my own terms, to people I choose, when and if I choose. It's communication, not assault.

See above, typing errors do happen in real world ....

I'll guess "hypocrites"? No matter, I say unto you what I have already said. Pick up a book and look stuff up. Hypocrites aren't what you think they are.

In order for me to become a hypocrite in this context I'd have to steal information from other people's phones. Or to condemn Nokia because it's trendy to do so, but support Android doing the same or secretly support Nokia by helping them.

What I am is selective about who I share personal data. Since it's, you know, personal.
Whom I do trust more to keep my information safe; Nokia or Public Sector ? Nokia.
Just by looking News headlines past year, how many million peoples information was *just* left somewehe by public sector employees.
Companies doesn't leave customer information leying to anywhere and they tend to protect those by what ever means they need against thievery.

I am nerd, and I still don't see the reason for all this gossip, but the fact, that nerds once again didn't read all the docks and afterwards realized, something happened.

This is called life, it happens. Life is a ***** and then you marry one.
 
pelago's Avatar
pelago is offline pelago
2010-07-08 , 22:01
Posts: 2,121 | Thanked: 1,540 times | Joined on Mar 2008 @ Oxford, UK
#269
Originally Posted by Graham Cobb View Post
I have just submitted two requests to open the components used for this: cherry and libsms. Having either or both open sourced would help with being able to protect people from this.

Of course, it won't happen. But feel free to support the requests by voting for Bug 10869 and Bug 10870.

And, while you are about it, if you haven't already, vote for the bug about this problem: Bug 10366.
Voted, and I urge everyone else to vote for these bugs. Many thanks Graham for continuing to push this issue.
 

The Following User Says Thank You to pelago For This Useful Post:
danramos's Avatar
danramos is offline danramos
2010-07-08 , 22:28
Posts: 4,672 | Thanked: 5,455 times | Joined on Jul 2008 @ Springfield, MA, USA
#270
Originally Posted by Matan View Post
Don't worry, this will be fixed in PR1.3.
Or worse... the new mantra will be...
FIXED IN MEEGO

Also... ndi FTW. You go boy!

HUGE thanks for Graham for those links! I agree with pelago. PLEASE vote them up!
Last edited by danramos; 2010-07-08 at 22:36. Reason: Unnecessarily insulting
 

The Following User Says Thank You to danramos For This Useful Post:
Reply
Page 27 of 29 « First 172526 27 2829

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 05:52.

Contact Us - Home - Archive - Top