Page 1 of 1

RE: We've put up a 'binary free' Firefox plugin up

PostPosted: Tue Sep 23, 2008 6:40 am
by Gerry
:o Does this mean we can now do security checks on the source?!!! (sure it's compressed)

But what am I missing? If you are able to open this up now, what's changed?

Re: RE: We've put up a 'binary free' Firefox plugin up

PostPosted: Tue Sep 23, 2008 11:31 am
by JoeSiegrist
Gerry Wrote::o Does this mean we can now do security checks on the source?!!! (sure it's compressed)

But what am I missing? If you are able to open this up now, what's changed?

It doesn't allow account sharing (we do that using crypto++ functions that we can't easily make happen in pure javascript), and it's a good deal slower (Javascript AES and SHA256 versus crypto++), and it's obfuscated for minimal size making any security checks more difficult.

It's only recommended if you have a platform we don't support (e.g. freebsd/solaris/etc) or are having problems with the binary component (a small number of users are, that weren't before and the binary hasn't changed so we're still investigating this one).

If you want to make sure we're not doing anything evil or ill-advised you're welcome to look.

Joe

Re: RE: We've put up a 'binary free' Firefox plugin up

PostPosted: Wed Sep 24, 2008 5:31 am
by Gerry
JoeSiegrist Wrote:It doesn't allow account sharing (we do that using crypto++ functions that we can't easily make happen in pure javascript)
Ahh I see.

BTW... congratz on creating the biggest JS file ever! =D

Re: RE: We've put up a 'binary free' Firefox plugin up

PostPosted: Thu Sep 25, 2008 9:44 pm
by KamWest
Joe,

You know, I'm getting a bit tired of people questioning your sincerity with the product. I ran many websites and I always had some yahoo questioning my sincerity. I spent thousands of man hours doing things for free and still had the yahoos questioning my sincerity. I finally decided to start charging for my work and all questions stopped.

Let people pay for the service and make some money if you can. You will find most of the questions about sincerity will stop. If you are in it to run a profit then people assume you do not want to mess with your livelihood.

I really like LastPass.... in fact I like it so much that I would pay for the end product.

Re: RE: We've put up a 'binary free' Firefox plugin up

PostPosted: Mon Sep 29, 2008 12:33 am
by Gerry
KamWest Wrote:Joe,

You know, I'm getting a bit tired of people questioning your sincerity with the product. I ran many websites and I always had some yahoo questioning my sincerity. I spent thousands of man hours doing things for free and still had the yahoos questioning my sincerity. I finally decided to start charging for my work and all questions stopped.

Let people pay for the service and make some money if you can. You will find most of the questions about sincerity will stop. If you are in it to run a profit then people assume you do not want to mess with your livelihood.

I really like LastPass.... in fact I like it so much that I would pay for the end product.


You are missing the most important half of the point... the biggest danger with this sort of app is not that Joe and or one of the other coders would go rogue (although that can't be ruled out) but more the fact that they are human and thus are capable of oversights and code bugs. You would know this tough if you have the experience that you are suggesting.

Re: RE: We've put up a 'binary free' Firefox plugin up

PostPosted: Tue Oct 07, 2008 8:41 pm
by KamWest
You are missing the most important half of the point... the biggest danger with this sort of app is not that Joe and or one of the other coders would go rogue (although that can't be ruled out) but more the fact that they are human and thus are capable of oversights and code bugs. You would know this tough if you have the experience that you are suggesting.


Good point Gerry, definitely one I cannot argue against

I am putting my faith into the encryption and the fact that the owners of the software have done this before. I hear he had quite a successful business and hopefully he learned to write good secure software.