Yep, there's no way to make what's described in that screenshot work without embedding the private key in the application, so I just downloaded the installer and strings | grep 'BEGIN RSA PRIVATE KEY' 
-
-
See if I was smart I would have done this first instead of having blind faith they had a good architecture
2 replies 2 retweets 51 likes -
@taviso isnt quite true about being no way to do this without a static key, they could be generating a self signed cert for each session then explicitly trusting it. Theres a lot of overhead to that, but its doable.1 reply 0 retweets 1 like -
As Raymond Chen says to nitpickers, "it's true enough".
1 reply 0 retweets 1 like -
It is, but there are products that do this "properly" with self signed, installed certs and you saying "theres no way to do it" might panic people about them.
1 reply 0 retweets 0 likes -
You have a TON of influence for blanket statements, imo, unless they are ironclad truth.
1 reply 0 retweets 1 like -
Don't make me block you for nitpicking.
1 reply 0 retweets 1 like -
Lol what a threat. Have a great day.
1 reply 0 retweets 0 likes -
when you get 20 people doing this to you a day, your patience for it wears thin really fast. i dont even warn people. i just mute or block instantly these days.
1 reply 0 retweets 3 likes -
That's cool, I'm just saying that people with influence should be careful when making sweeping generalizations in public.
2 replies 0 retweets 0 likes
You know I know how this works, so why did you want to explain it to me? Is it because you really believe useful concise guidance is dangerous, and must be accompanied with pages of footnotes, context and edge cases?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.