logic involved

SELinux is coming to Android. Called SEAndroid, the project looks pretty interesting:

Some distinctive features of our SE Android reference implementation in comparison to prior efforts of which we are aware include:

• Per-file security labeling support for yaffs2,
• Filesystem images (yaffs2 and ext4) labeled at build time,
• Kernel permission checks controlling Binder IPC,
• Labeling of service sockets and socket files created by init,
• Labeling of device nodes created by ueventd,
• Flexible, configurable labeling of apps and app data directories,
• Userspace permission checks controlling use of the Zygote socket commands,
• Minimal port of SELinux userspace,
• SELinux support for the Android toolbox,
• Small TE policy written from scratch for Android,
• Confined domains for system services and apps,
• Use of MLS categories to isolate apps.

• New Java desktop UI toolkit:
  Amino brings some nice features
• Authentication != Authorization (and more):
  Diaspora has a long way to go, but there are lots of things you can learn. Things like what you should never, ever do, that is.
• Java obfuscation:
  the Android developers recommend ProGuard. It’s actually a very nice utility, but I don’t feel comfortable to apply a complicated technique to already complicated applications.
• One Time Passwords, remote logout:
  Facebook adds new security features, and some questions are crossing my mind:
  why not add add OPIE-like features, with One Time Password Lists and/or two-factor authentication (with something you know and something you have)? We got lots of smartphones out there, just use them…?
  re “remote logout”: why not just invalidate existing web sessions on the next login of the user? Can Facebook make a difference between web and API (e.g. widget, apps) sessions?