RE: We've put up a 'binary free' Firefox plugin up

What do you love about LastPass? What do you hate about it? Tell us why you like it, why you don't, and why.

Moderators: admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

RE: We've put up a 'binary free' Firefox plugin up

Postby Gerry » Tue Sep 23, 2008 6:40 am

:o Does this mean we can now do security checks on the source?!!! (sure it's compressed)

But what am I missing? If you are able to open this up now, what's changed?
Gerry
 
Posts: 46
Joined: Wed Aug 27, 2008 2:25 pm

Re: RE: We've put up a 'binary free' Firefox plugin up

Postby JoeSiegrist » Tue Sep 23, 2008 11:31 am

Gerry Wrote::o Does this mean we can now do security checks on the source?!!! (sure it's compressed)

But what am I missing? If you are able to open this up now, what's changed?

It doesn't allow account sharing (we do that using crypto++ functions that we can't easily make happen in pure javascript), and it's a good deal slower (Javascript AES and SHA256 versus crypto++), and it's obfuscated for minimal size making any security checks more difficult.

It's only recommended if you have a platform we don't support (e.g. freebsd/solaris/etc) or are having problems with the binary component (a small number of users are, that weren't before and the binary hasn't changed so we're still investigating this one).

If you want to make sure we're not doing anything evil or ill-advised you're welcome to look.

Joe
JoeSiegrist
 
Posts: 4185
Joined: Wed Aug 20, 2008 10:40 am

Re: RE: We've put up a 'binary free' Firefox plugin up

Postby Gerry » Wed Sep 24, 2008 5:31 am

JoeSiegrist Wrote:It doesn't allow account sharing (we do that using crypto++ functions that we can't easily make happen in pure javascript)
Ahh I see.

BTW... congratz on creating the biggest JS file ever! =D
Gerry
 
Posts: 46
Joined: Wed Aug 27, 2008 2:25 pm

Re: RE: We've put up a 'binary free' Firefox plugin up

Postby KamWest » Thu Sep 25, 2008 9:44 pm

Joe,

You know, I'm getting a bit tired of people questioning your sincerity with the product. I ran many websites and I always had some yahoo questioning my sincerity. I spent thousands of man hours doing things for free and still had the yahoos questioning my sincerity. I finally decided to start charging for my work and all questions stopped.

Let people pay for the service and make some money if you can. You will find most of the questions about sincerity will stop. If you are in it to run a profit then people assume you do not want to mess with your livelihood.

I really like LastPass.... in fact I like it so much that I would pay for the end product.
KamWest
 
Posts: 46
Joined: Mon Sep 22, 2008 3:01 pm

Re: RE: We've put up a 'binary free' Firefox plugin up

Postby Gerry » Mon Sep 29, 2008 12:33 am

KamWest Wrote:Joe,

You know, I'm getting a bit tired of people questioning your sincerity with the product. I ran many websites and I always had some yahoo questioning my sincerity. I spent thousands of man hours doing things for free and still had the yahoos questioning my sincerity. I finally decided to start charging for my work and all questions stopped.

Let people pay for the service and make some money if you can. You will find most of the questions about sincerity will stop. If you are in it to run a profit then people assume you do not want to mess with your livelihood.

I really like LastPass.... in fact I like it so much that I would pay for the end product.


You are missing the most important half of the point... the biggest danger with this sort of app is not that Joe and or one of the other coders would go rogue (although that can't be ruled out) but more the fact that they are human and thus are capable of oversights and code bugs. You would know this tough if you have the experience that you are suggesting.
Gerry
 
Posts: 46
Joined: Wed Aug 27, 2008 2:25 pm

Re: RE: We've put up a 'binary free' Firefox plugin up

Postby KamWest » Tue Oct 07, 2008 8:41 pm

You are missing the most important half of the point... the biggest danger with this sort of app is not that Joe and or one of the other coders would go rogue (although that can't be ruled out) but more the fact that they are human and thus are capable of oversights and code bugs. You would know this tough if you have the experience that you are suggesting.


Good point Gerry, definitely one I cannot argue against

I am putting my faith into the encryption and the fact that the owners of the software have done this before. I hear he had quite a successful business and hopefully he learned to write good secure software.
KamWest
 
Posts: 46
Joined: Mon Sep 22, 2008 3:01 pm


Return to Feedback

Who is online

Users browsing this forum: No registered users and 16 guests