Forgot your password?
typodupeerror
Blackberry

BlackBerry Code Signing Server Outage 32

Posted by Unknown Lamer
from the no-keys-for-you dept.
ThirdNormal writes "In a really painful move for most third party developers RIM's code signing servers have been down and having issues since the weekend started. This has caused a furor in the Blackberry Support Forum, and must surely exacerbate the defecting of developers from the Blackberry platform."
This discussion has been archived. No new comments can be posted.

BlackBerry Code Signing Server Outage

Comments Filter:
  • The outage was resolved earlier today. But yeah, it's a bit of a pissoff.
  • The easier you make it for people to develop on your platform, the better it will be.

    Unless you're apple, then you can get away with anything it seems.
    • by grub (11606)

      Apple doesn't require access to their code signing servers to run an app-in-progress on development devices or the simulator.

      If this outage happened at Apple , it would have affected (only?) those uploading apps to the store.
      • BlackBerry doesn't require signing on the simulator, only for running on the devices.
        And the reason for requiring it on the devices is that there are no dedicated development devices. All devices can be used for development.
        • there are no dedicated development devices [for applications on the BlackBerry platform]. All devices can be used for development.

          This is true of Android as well, but it doesn't need any sort of signature (other than perhaps a self-signature) to adb install a homemade program.

          • by yvajj (970228)

            You can install apps on the playbook without requiring signing if you install a debug token on the device.

            • According to this page [deleteaso.com], to create a debug token, one must first sign up for signing keys. According to this page [blackberry.com], signing keys are without charge, but "Company" is marked as a required field in the form, which appears to imply that all developers must request keys on behalf of a company. Did RIM intend this to exclude individual hobbyists?
    • by Anonymous Coward

      Where else can you get a closed source compiler for $5.00 [apple.com]? Apple does have a strict review policy to get something through.

      In comparison, Microsoft wants $800 [microsoftstore.com] for their blessing to build on their platform. There are workarounds on the Express editions, but it's more trouble than it's worth.

      Android development is free [android.com]. Also, there isn't a review process to worry about.

      Which platform is easiest?

      • Android development is free.

        Development includes testing, which requires buying hardware on which to test. The last time I checked, Android-powered devices on which to test software were by and large more expensive because they tended to be $500 cell phones rather than $250 media players. People recommend the Archos 43 Internet Tablet as an Android-powered alternative to the iPod touch 4, but it doesn't come with access to Android Market. People recommend the Samsung Galaxy Player, but it wasn't even available for me to buy when I che

      • Where else can you get a closed source compiler for $5.00

        The compiler in Xcode is Clang, which is not closed source. $5 for the IDE though, that's neat.

        In comparison, Microsoft wants $800 [microsoftstore.com] for their blessing to build on their platform. There are workarounds on the Express editions, but it's more trouble than it's worth.

        What workarounds? If you develop for Windows Phone, you download VS Express for WP [google.com], and that's that.

        Which platform is easiest?

        It's a wrong kind of question to ask. WP is probably the easiest for a really simple, barely-above-Hello-World kind of app, but the major problem there is with platform limitations (lack of APIs, no native code etc). On the other hand, Android is clearly the hardest to work with, as tools are nowhere near as polishe

  • DRM strikes again - and again and again and again...
    • You are not very technical, are you?
      Code signing is a malware protection feature, not HDCP.

      • by JMZero (449047)

        It's not that simple. This outage also affected developers attempting to run their own code on their own development devices. That's not malware prevention (which can be served by limiting access to "App Stores" or something, like other competitors do). RIM is clearly concerned with platform control beyond any malware concerns - it's a kind of DRM.

        • Yep, and it's very telling about the competency of RIM -- App signing didn't have to be implemented this way.

          Look at the Web + SSL(TLS); Webmaster owner requests cert, CA creates cert for webmaster; Webmaster uses cert to sign their code. Different capabilities can be mentioned in certs in order to that allow the webmaster to perform different tasks such as create more certificates for others, or just sign/encrypt web pages for a given (sub)domain. (P.S. "webmaster" sounds dumb. I miss "SysOps".)

          Do

      • by tepples (727027)

        Code signing is a malware protection feature

        Sure, when your definition of "malware" includes everything developed by individuals working out of home offices. This is the case with, say, Nintendo.

      • You are not very technical, are you? Code signing is a malware protection feature, not HDCP.

        Code signing is purely a mechanism for verifying that a given binary has not been modified since it left the hands of the party that also possesses a given private key. That's all it does, allows you to mathematically verify that a given series of bits has not been modified since it left the possession of somebody who knows a particular secret. Everything else depends on the infrastructure in which it is embedded.

        This capability has a number of uses:
        In concert with a system for authoritatively connecti

      • by sjames (1099)

        Code signing is only just malware protection when the device's owner has the power to do the signing. Otherwise, it's more akin to DRM even if the intentions are better.

    • by nurb432 (527695)

      I agree, but code signing like this really has nothing to do with it.

  • All four remaining developers are considering switching to Android... oh, wait, if they're at all mindful of the future they're probably cross-compiling and porting everything anyway.
  • I must say that although I like Blackberry, but other FAILS and now this really disappoints me. And my customers. When people create sites like this:

    http://isthesigningserverdown.com/beta/ [isthesigni...erdown.com]

    then something is seriously wrong.

    A short summery of the issue at hand: An application is divided into multiple files for over-the-air install. Each files is signed individually and might require signatures from more than one server, all depending on what APIs are in use. So at the moment I need 15-20 signatures p

An Ada exception is when a routine gets in trouble and says 'Beam me up, Scotty'.

Working...