[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read

No one mentioned the passwords need to be encrypted?

Why have an old encryption method that isn't secure?

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 31, 2019 at 11:34 AM Royce Williams <royce at techsolvency.com>

> On Tue, Dec 31, 2019 at 7:17 AM Matt Harris <matt at netfire.net> wrote:
>> On Tue, Dec 31, 2019 at 9:11 AM Seth Mattinen <sethm at rollernet.us> wrote:
>>> On 12/31/19 12:50 AM, Ryan Hamel wrote:
>>> > Just let the old platforms ride off into the sunset as originally
>>> > planned like the SSL implementations in older JRE installs, XP, etc.
>>> You
>>> > shouldn't be holding onto the past.
>>> Because poor people anywhere on earth that might not have access to the
>>> newer technology don't deserve access to Wikipedia, right? Gotta make
>>> sure information is only accessible to those with means to keep "lesser"
>>> people out.
>> The better solution here isn't to continue to support known-flawed
>> protocols, which perhaps puts those same populations you're referring to
>> here at greatest risk, but rather to enable access to open technologies for
>> those populations which ensures that they can continue to receive security
>> updates from a vendor that doesn't have a big financial motive to deprecate
>> devices and force users to purchase upgraded hardware instead of just
>> receiving security updates to their existing devices.
> Unfortunately, this is the high-tech privilege equivalent of saying "let
> them eat cake" - because of upgrade friction on mobile in under-resources
> areas (including, I might add, specific sub-populations of US consumers!)
> If there were reliable, official, clean replacement Androrid ROMs for
> older hardware, the cottage industry of end-user phone repair in many
> countries could take a perfectly good phone and get basic modern services
> working on it.
> But there aren't - and there's little financial motivation for the phone
> OEMs to provide one. And there isn't really much you can do to replace the
> OS on an old iPhone, either.
> One of the best things that Google could do for the security of the
> Android ecosystem is to provide clean, OEM-bloat-free, reference ROMs for
> older phones with minimal backported security updates. I would expect that
> such ROMs must actually exist internally, as needed for OEM patch
> integration testing.
> The answer to why such ROMs will likely not be made publicly available is
> left as an exercise for the reader.
> Royce
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191231/09f6a2ae/attachment.html>