I've been playing around with all the 6.5 ROMS available on this forum (plus have been lurking for a while so felt like doing some contribution could be appreciated ).
My company is very stringent about enforcing Exchange ActiveSync policies, especially PIN CODE, timeout to lock and remote wipe.
I noticed that on the 230XX series (I have tested up to 23053) posted here, there are two different behaviors, one serie works with my Exchange Active Sync, one does not.
Since the PIN request and lock timeout work fine with them, I have to assume the remote wipe feature has somehow be disabled by this ROM.
I have been able to identify that a ROM will give me this problem even without connecting with my Exchange Server.
in 100% of the case, if I try to import a root certificate on a "hacked" ROM, it will be installed without any warning, just a "Certificate successfully installed, press OK" dialog.
Now, on a ROM that is not "hacked", when you try to import a root certificate, you are warned that this may be an unsafe operation and have actually to confirm.
This is very concerning to me, because the warning being removed means that any bad guy can leverage these ROM to deploy a rogue root certificate to your device and your device can start trusting wrong sites.
I do not intend this to be an exhaustive list, but as of my testing only the following two ROMs work correctly:
- NATF
- RRE
All the others do not. The source of the non-working ones is either the same, or these people have purposedly altered the ROM to change the security settings. But the result is the same, security altered ROMS.
If anyone could confirm they are experiencing the same, I would not feel alone on the planet
UM
I'd just like to reiterate that this is a development community- most of the cooked ROMS you've tried are experimental works in progress. We tend to take our experimenting a bit far here- but as none of our 'products' are really production tested, it's fairly safe to say that all of them are just a bit unsafe.
A stock ROM has the benefit of being tested in a production environment- and while performance on these ROMs may not be optimal, they are composed of a set recipe of components established between the OEM and Microsoft.
Many of our ROMs are conglomerations of various different components- so it's not exactly safe to say that any of them can be held completely accountable for device security- there may be plenty of exploits present behind the scenes that never have been exposed or rectified.
We're small-scale individual developers. Most, if not all of us, do this for fun. Many of our packages deliberately alter the way in which devices handle certificates and signing- because it allows us to expand the boundaries we develop within.
If you're looking for guaranteed security, your best bet is to stick with a completely stock device. If you choose to use another ROM, any insecurity is not on the developer, but you.
Very well said! On top most, actually all of the 6.5 based ROMs have a microsoft beta as a base. Though it may be a save bet that the latest built # may be the closest to the final release at Oct. 9 it's a common practice to reduce/alter some "security" settings an policies for an "easier" way to success. None of these facts is to blame on any ROM chef or developer or however you want to name these creative heads here.
Their work is just incredible and I bet that ms or HTC would be proud to have such guys on board.
Note:
I bet that some individuals of both companies keep a close eye on what's going on here.
Guys,
Don't get me wrong, I know what I'm doing when installing a beta that has been leaked.
First, it's illegal, we are stealing non published source code, infringing intellectual property and probably making ourselves guilty of too many felony counts to be able to get out of jail without a long white beard.
But, joke aside, this was not the point of my post and I am sorry if I didn't explain myself clearly.
There are 23053 builds that work well are 23053 that do not, as was the case with any previous build number and, consistantly, I have had two out of the pack working exactly as expected from a security perspective, and all of the rest not working as expected.
So, since I do not believe MS is deliberately compiling one tree of the code with embedded security and another without, it means that someone in the middle is affecting it.
That was my point.
UM
Hummm...
Wrong approach fellow...
Wrong place, wrong time and wrong people.
Don't expect to be received with an open heart while commenting such things...
Imagine the following scenario:
A priest enters a strip bar and tells the owner of his concerns of moral ground, about the practices that take pace there... LOL
I may understand your point, definitely not your purpose.
If you are lucky enough not the get flamed, you will at least see some frown faces...
Leave it...
As someone suggested before, remember this is a development community...
If what you find doesn't suit your needs simply suggest changes or don't use it at all.
If you concluded, after experimenting, that the only functional ROMs are NATF and RRE ones, allow me the following suggestion:
Choose between 3 options:
1. Use a stock ROM so you don't «steal» form anyone and don't risk having to spend 5 days in a row shaving...
2. Use a NATF ROM
3. Use an RRE ROM
I believe i made my point as gently as I could...
If i may have hurt some feelings, i am deeply sorry for that.
Cheers
Well, 2 points in answer to your post where you obviously did not read mine:
1) Did you miss the sentence that starts with "Joke aside" ??
2) Don't care of being flamed, I provided evidence to people that want to make up their miind, they don't need you to tell them what is safe or not for them
Bottom line is:
- if you do not want to have a phone crashing on you, use a stock ROM (that's actually a good joke... Stock ROMs do not crash less than their beta counterpart).
- if you do not want your passwords, contacts or personal data to end up into some hackers site, be careful about what ROM you install
wearing my flame proof vest.
UM
unlockMe said:
Well, 2 points in answer to your post where you obviously did not read mine:
1) Did you miss the sentence that starts with "Joke aside" ??
2) Don't care of being flamed, I provided evidence to people that want to make up their miind, they don't need you to tell them what is safe or not for them
Bottom line is:
- if you do not want to have a phone crashing on you, use a stock ROM (that's actually a good joke... Stock ROMs do not crash less than their beta counterpart).
- if you do not want your passwords, contacts or personal data to end up into some hackers site, be careful about what ROM you install
wearing my flame proof vest.
UM
Click to expand...
Click to collapse
Dear UM,
I had a good laugh reading your last sentence LOL
I believe that wither you misunderstood me either I was not clear...
1. I am not accusing you of anything.
2. I read you whole message (points 1 and 2 included... They were there, weren't they...?)
3. I am not trying to demote you of you purposes... I was only trying to pass a message but given the fact the message wasn't delivered, I will try to rephrase...:
You are expressing both facts and opinions.
That is, indeed, you right given the fact we are in an open community and we, still, are in a free world (so to speak...).
I do not endorse or condemn none of your previous statements.
Knowing this community for quite some time and specially knowing it's member, active ones, passive ones, contributing ones, parasite ones, etc... I just know for sure that your comment in which you address people in such manner will have one of two possible outcomes:
1. Total ignorance
2. Flaming
Now, after this, do whatever you like Don't get me wrong and sorry if I made myself misunderstood
Nuff said.
Cheers.
This thread is not development related, moved to the appropriate section
Related
Hey guys! I put together this license agreement for all the ROM chefs to use. What do you think? What should I change, add or remove?
It was partly created as a joke, but looking around, it looks as if people are getting upset with their chefs for very dumb reasons... this isn't to make the user's life miserable, but to aliviate the pressure chefs are put under or at the very least raise some awareness on the user's parts.
This is NOT the final version. Consider it a beta.
Updated: 1/1/2008 - 9:09pm Eastern Standard Time - Edited for proper syntax.
Updated: 1/1/2008 - 9:15pm Eastern Standard Time - Fixed numbering issue. Added article #16.
Over a hundred views and no comments? Was the document that horrible?
I don't release anything but if I did I probably wouldn't want to attach that to it.. It's already known that there have been legal problems on the site with redistribution of ROM's even in their original form..
Adding your licence to it makes it look like the chef would be saying that they absolutely own the code and that could be a little bit of a dangerous thing to say.
It's almost like commercialising the ROM's and that would definitely be bad. Once you try and do that you are in danger of becoming a target for Microsoft and it's partners for you ripping off their property.
Providing fixes and tweaks is different to claiming responsibility for their work and code in my eyes. I'm sure thats part of why its still being tolerated to some extent.
It's also a little bit cheeky really to say "We grant you the usage of this ROM on an unlimited number of devices, unless otherwise stated. We hold the right to restrict who is allowed to use the ROM and to stop any and all distribution of this ROM." when everyone who releases a ROM has broken the original licence term that says that.
sambartle said:
I don't release anything but if I did I probably wouldn't want to attach that to it.. It's already known that there have been legal problems on the site with redistribution of ROM's even in their original form..
Adding your licence to it makes it look like the chef would be saying that they absolutely own the code and that could be a little bit of a dangerous thing to say.
It's almost like commercialising the ROM's and that would definitely be bad. Once you try and do that you are in danger of becoming a target for Microsoft and it's partners for you ripping off their property.
Providing fixes and tweaks is different to claiming responsibility for their work and code in my eyes. I'm sure thats part of why its still being tolerated to some extent.
It's also a little bit cheeky really to say "We grant you the usage of this ROM on an unlimited number of devices, unless otherwise stated. We hold the right to restrict who is allowed to use the ROM and to stop any and all distribution of this ROM." when everyone who releases a ROM has broken the original licence term that says that.
Click to expand...
Click to collapse
Truth be told, most of it is just filler. lol It was mostly a way to say "If you use this, don't complain."
You do bring up valid points, though.
The current state..
The last few days have been difficult. What has become clear now is that the Android Open Source Project is a framework. It’s licensed in such a way so that anyone can take it, modify it to their needs, and redistribute it as they please. Android belongs to everyone. This also means that big companies likes Google, HTC, Motorola, and whomever else can add their own pieces to it and share these pieces under whatever license they choose.
I’ve made lots of changes myself to the AOSP code, and added in code from lots of others. Building a better Droid, right?
The issue that’s raised is the redistribution of Google’s proprietary applications like Maps, GTalk, Market, and YouTube. These are not part of the open source project and are only part of “Google Experience” devices. They are Google’s intellectual property and I intend to respect that. I will no longer be distributing these applications as part of CyanogenMod. But it’s OK. None of the go-fast stuff that I do involves any of this stuff anyway. We need these applications though, because we all rely so heavily on their functionality. I’d love for Google to hand over the keys to the kingdom and let us all have it for free, but that’s not going to happen. And who can blame them?
There are lots of things we can do as end-users and modders, though, without violating anyones rights. Most importantly, we are entitled to back up our software. Since I don’t work with any of these closed source applications directly, what I intend to do is simply ship the next version of CyanogenMod as a “bare bones” ROM. You’ll be able to make calls, MMS, take photos, etc. In order to get our beloved Google sync and applications back, you’ll need to make a backup first. I’m working on an application that will do this for you.
The idea is that you’ll be able to Google-ify your CyanogenMod installation, with the applications and files that shipped on YOUR device already. Or, you can just use the basic ROM if you want. It will be perfectly functional if you don’t use the Google parts. I will include an alternative app store (SlideMe, or AndAppStore, not decided yet) with the basic ROM so that you can get your applications in case you don’t have a Google Experience device.
I’ll have more updates soon as I get all the code hammered out.
Thanks for all the support thru all of this.
http://www.cyanogenmod.com/home/the-current-state
The stuff Dreams are really made of....
I knew! Where there's a will there's a way! You can't keep a real boss down! Cyanogen I look forward to playing with this new stuff in the works. Rage on brother rage on, I for one honestly didn't want to leave android really, but I will continue to research back-up plans in case Google has anymore monkey wrenches laying around itching to be thrown...Good luck Cyanogen. We all owe you donations...real recognizes real! Dueces
This is great news Thank you!
fkn awesome!
this exactly what i thought and hoped would happen. everyone got in a tizy over nothing. so we have to back up before we flash which is just another way that the basic moder like myself can better understand the phone.
Does this means we need to wipe every time we flash a new rom?
tomvleeuwen said:
What do you guys think of sharing the 4.0.4 version over p2p networks?
Click to expand...
Click to collapse
Everyone already has it.
Great
This sounds good, there is more than one way to skin a cat. I think they got upset when the new market app was released before they could get it out. They had to do something, but I think it will die down.
don't go there
tomvleeuwen said:
What do you guys think of sharing the 4.0.4 version over p2p networks?
Click to expand...
Click to collapse
Cyanogen is doing his best to respect Google's legitimate copyrights, so suggesting that XDA get involved in distributing proprietary applications without a license only serves to undermine what is going on here. Mods: please remove.
ei8htohms said:
Cyanogen is doing his best to respect Google's legitimate copyrights, so suggesting that XDA get involved in distributing proprietary applications without a license only serves to undermine what is going on here. Mods: please remove.
Click to expand...
Click to collapse
I posted this in another thread but it would seem to be pertinent to here too:
Loccy said:
Let's face it, strictly speaking, all ROMs are warez.
Personally I'm surprised that it wasn't the Hero devs who got into trouble first, but this was all just a matter of time. I never understood the bizarre fixation that cropped up recently with QuickOffice and everyone going "omfg it's warez can't include it in romz!!!111!1one!". Why QuickOffice and not, say HTC_IME, or Work Email, or any number of other binary blobs that ROM cookers include as a matter of course now that have been "acquired" from non-orthodox source?
The Hero ROMs, let's face it, give people a means of "turning" their old phone into the latest and greatest HTC device. Each stable Hero ROM on the Dream/Magic potentially means a Hero device purchase lost. HTC are being far more hit in the pocket than Google are here - which is why I'm surprised the cease and desist wasn't directed at them.
I do think, however, this site and the people who run it are going to have to pick a side at some point. Either the position is "this is a site for developers, and as long as copyrighted material is not hosted on here in a fashion that would make us liable*, we will not suppress the work of individual devs". Or, their position is "no copyrighted material in any form, be that in the form to links to offsite storage repositories (eg. Rapidshare), or any other method". XDA doesn't *need* to do this in order to ensure the site does not get into legal hot water. I suspect they *might* do it, however, as some kind of misguided moral stance (and in my view the QuickOffice preoccupation was an example of just this). But in my opinion if they choose the latter then XDA is over as a site for realistic Android ROM development (and indeed, Windows Mobile and other OSes, if they apply the same standards across all their boards).
* elaborating on what I mean here - if people attach zips directly to their posts, and those zips are stored on the XDA servers, then XDA as a site is potentially liable. Alternatively, if instead people give a URL or a search string whereby people can find a ROM, but those files are not physically stored on XDA, they are not - any more than Google is liable for the many copyrighted MP3s you can find links to via their search engine.
Click to expand...
Click to collapse
The bottom line is that if ROM devs decided they were going to respect ALL legitimate copyrights, there'd be no Hero ROMs, no Windows Mobile ROMs, in fact no ROMs apart from barebones AOSP ROMs which do less than a stock ROM.
ei8htohms said:
Mods: please remove.
Click to expand...
Click to collapse
And I'm sorry, that's just ignorant. Just because you don't agree with a sentiment doesn't entitle you to demand the mods remove it. If the mods want to remove it they will (and in my view that would indicate which "side" they were choosing.) Personally, I don't know what it's like elsewhere around the world, but here in the UK one is at least allowed to speak freely, if not necessarily act freely.
kudos to cyanogen!
Loccy said:
If the mods want to remove it they will (and in my view that would indicate which "side" they were choosing.) Personally, I don't know what it's like elsewhere around the world, but here in the UK one is at least allowed to speak freely, if not necessarily act freely.
Click to expand...
Click to collapse
I think common U.S. practice is: if you speak freely, you get called names by people until you either cry or shoot them, thus proving to everyone that your original point is invalid.
But XDA has always had a policy of "if it doesn't get the site admins in trouble, it's probably ok." If memory serves, the site is in the Netherlands, and is subject to EU laws as to copyright, etc. I think that's important to remember when it comes to such things, since the EU laws as to intellectual property are in flux and not quite the same as those in the US or UK.
But the official policy is available in one of the toplevel forums here:
Flar said:
Hi Everybody,
We noticed that there is some confusion when it comes to posting sensitive material on xda-developers.com and mostly about what can and can't be posted.
We would like to clarify our point of view through this post.
Since the start of xda-developers this has always been a site that once in while has some sensitive material online, through the years this site has grown so big it's no longer possible to check every file on our servers or every post on the board, we also feel it wouldn't benefit the community if we did.
However with increased popularity comes an increased amount of legal complaints when sensitive material is found on our servers. Which is the reason why we have been more careful lately. Recently some sensitive material has shown up on the servers and we received legal complaints from companies who have the copyrights for this material, although we all feel this is very interesting and valuable material we cannot risk the future of xda-developers by ignoring the legal requests we receive, therefore this material has been taken offline.
We understand that maintaining the balance between legal and illegal is sometimes confusing and/or difficult but that is unfortunately how it works.
When it comes to posting sensitive material there are a couple suggestions we can make:
- if possible do not post the files on the xda-developers servers.
- use your common sense (if you feel something might not be legal it probably isn't).
- always keep in mind when posting software of any kind, that we will take it offline if there is a legal complaint from the copyright owner.
Warez is in no way accepted and will be removed upon discovery.
I hope this post will serve as a clear and valuable guideline.
Greetz,
Flar
Site admin.
P.s. When you have any questions you can always contact me or one of the moderators.
Last edited by Flar; 17th January 2007 at 10:14 AM..
Click to expand...
Click to collapse
Everyone has an opinion, and they have, or should have, the right to decide for themselves what is correct. I am on the side of Cyanogen. I do not think what he did caused any harm or loss of revenue to anyone. We can not always have our way though, and I think that's the case here. I don't know him, but I do think he's smart enough to keep doing what he is EXTREMELY good at without putting himself in a bad position. It's just a stumbling block to get past. We are puting a lot of effort into pointing fingers and throwing around ideas, but if we placed this much energy into finding a fuctional solution, we might get past it a whole buch faster. A good army fights the war, not the battle.
Warez is in no way accepted and will be removed upon discovery.
Click to expand...
Click to collapse
But every single ROM on here is warez to some extent or another! Certainly (just for example, I'm not picking on anyone specific here) Drizzy doesn't own the IPR for the contents of his Hero ROMs. I'm pretty sure the WinMo ROMs aren't being posted by Microsoft. If the policy is that "warez is in no way accepted and will be removed upon discovery", they're not doing much of a job, are they - every other post is "warez", if you take a strict interpretation.
I suppose I'm saying that "warez is in the eye of the beholder". I fully endorse the attitude "if it doesn't get the site admins in trouble, it's probably ok" - but I can't help thinking that relaxed attitude has been firmed up of late for whatever reason, given the QuickOffice oddness. I'm pretty sure no-one who own the IPR for QuickOffice was ever in touch (although do correct me if I'm wrong), so why the odd fixation recently?
Bottom line: stick to the attitudes and approaches that have made this site what it is, please don't start getting over zealous when there's no reason to.
Honestly did this need another topic though? I mean I'm all for good news like this, but add it on to one of the many topics that are out there. -.- (ready for flaming)
easy now
Loccy said:
The bottom line is that if ROM devs decided they were going to respect ALL legitimate copyrights, there'd be no Hero ROMs, no Windows Mobile ROMs, in fact no ROMs apart from barebones AOSP ROMs which do less than a stock ROM.
And I'm sorry, that's just ignorant. Just because you don't agree with a sentiment doesn't entitle you to demand the mods remove it. If the mods want to remove it they will (and in my view that would indicate which "side" they were choosing.) Personally, I don't know what it's like elsewhere around the world, but here in the UK one is at least allowed to speak freely, if not necessarily act freely.
Click to expand...
Click to collapse
First off, I'm not demanding anything. I politely requested that the mods remove a suggestion that clearly seeks to circumvent the policies of XDA: We won't distribute warez. The poster knew the suggestion was specifically aimed at getting around the XDA policy, otherwise there would be no reason for a P2P distribution alternative in the first place.
A key component of intellectual property and copyright laws (at least in the US) is that the holder of the copyright must act to defend the copyright to some reasonable extent (no, I'm not a lawyer and I don't know what this entails exactly). Now that Google has acted to defend their copyrights in these instances, the line is clear. Google apps are paid apps (licensed to the handset manufacturers or service providers) and are not free to distribute without a license. Consequently, there shouldn't be much further debate about the fact that these are warez and are not to be distributed on or through XDA.
I'm not trying to attack anyone (the original poster, ROM devs or certainly yourself), but I am interested in XDA maintaining the high ground here and continuing to operate in a respectful and respectable manner.
Perhaps we should stay on topic?
te5ter said:
Perhaps we should stay on topic?
Click to expand...
Click to collapse
Fair point. Maybe we should take the "warez is in the eye of the beholder" debate to this thread. I do actually think it's a fascinating debate, personally. Oh, incidentally, just re-read my earlier post, and want to apologise to ei8htohms - I didn't mean to come off quite so brusque.
First, I'm very happy that there seems to be a workaround that Cyanogen feels comfortable in using.
However, I see it as a band-aid to a much larger problem. Yes, it addresses those few apps that Google specifically mentioned. But there seems to be potential future conflicts that could adversely affect this whole Android community.
What about all the other apps in there? The Camera/Camcorder/Gallery app for instance. The UI? Other HTC bits? And the biggie, the Search component? Does Google also lay claim to unified search, the widget, the particular framework involved in that?
I don't know the answer to that, I'm just asking. So much is left unanswered, I just feel this is only the beginning. For now, I guess it may be enough. But it still leaves so much up in the air.
Now the 2nd major issue: Cyanogen should be commended for taking the high road here and doing his best to adhere to Google's current request. I think we all know that there was never ever any question that no one saw this coming. It came from left field and shocked everyone beyond belief.
But will other rom devs be as diligent as Cyanogen? Will theme developers adhere to this? And with all of these added steps required to get a functioning "Google Experience", consider the flood of newbie questions this forum is about to endure. We all thought "brick" and "hardspl" questions were tedious at best ... prepare yourselves for the onslought of mass confusion. That fun has just begun.
I still believe the burden lies with Google to make this right. I'm not saying they should make their apps open source by any means. I'm just saying that there must be a way for Google to allow the inclusion of their apps (perhaps a different license or maybe some encryption trick that protects the apps from modification <I don't know, I'm not that smart>). Google needs to step up to the plate in this. They also need to save-face and stifle this PR nightmare. Android does not need this, Google does not need this, HTC does not need this, carriers do not need this, Cyanogen does not need this, and users do not need this. Growth of the entire Android project is simply too important. I see this as speed bump. They just made the bump too big and it needs to be shaved down some so everyone can get it over without damaging anything else.
this is great news indeed. can't wait to see what is to come!
I was wondering if anyone knows a real answer for this. How easy would it be to cook in something that would send back your email login and password? Or other logins to stuff like banking sites. The people who make the roms seem to be hard working enthusiasts, but it still makes me nervous.
The reason I am asking this is because WM6.1 seems pretty buggy and slow and I was hoping that maybe updating to 6.5 would help, however Sprint is being super slow and vague (as usual) about if they will ever release an official rom.
And please no "then just don't use custom roms" replies. I am just hoping someone has some way to show that they are safe and then I will happily use it!
I was wondering the same thing. I don't use any cooked rom for anything banking related for this possible risk.
I know there are other threads that have the answer but can't find them maybe someone hid them?
Anyway what would the average chef gain, second of all how do you know a member of Opera or IE is not taking down your details or even Bill? "by that i mean there is more to worry about"
My point being chefs cook ROMs to give users better phones than stocks... Also the world of WM isn't laden with virus's/spyware so even doing so would be hard and no one would be bothered to spend there time considering how much time cooking consumes.
Just Hard-SPL your device and start flashing
I find cooked roms are the best! They are tweeked, customized, optimized, flexable, etc. Happy Flashing
Im still leary. Im going to wait until you all flash...then i will know its safe
If any chef here did anything as dumb as that, I guarantee you everyone would know in VERY short order what was done, and that chef would be hung up by his ankles and verbally flogged by everyone here.
Trust me, it's never happened here, and it's not GOING to happen; because we have a great community here with great chefs who do nothing but make life better for everyone else. Choose a ROM, flash it, and quit being so paranoid.
FloatingFatMan said:
If any chef here did anything as dumb as that, I guarantee you everyone would know in VERY short order what was done, and that chef would be hung up by his ankles and verbally flogged by everyone here.
Trust me, it's never happened here, and it's not GOING to happen; because we have a great community here with great chefs who do nothing but make life better for everyone else. Choose a ROM, flash it, and quit being so paranoid.
Click to expand...
Click to collapse
That is a very argumentative answer to a very simple and valid concern that allwires has regarding the security of using cooked rom's. Some people that use these rom's like to use their device's web capabilities for banking and for storing personal information and he brings up a very valid question regarding the safety of using these rom's for these purposes. Then you insult the poster by saying he or she is being paranoid when we all know that the capabilities for wrong doing via viruses and other malicious software are very valid concerns in this day and age. I would like to hear an intelligent and informative answer to this question since I'm sure as this sort of thing becomes more mainstream as it is bound through time to become there will be many more inquiries made as to the safety of their usage.
I'm with FloatingFatMan here, any cook daft enough to do such a thing to a ROM would very quickly be found by his peers, tried, convicted and summarily thrown to the lions.
For all that how do we know Messrs Gates, Jobs, well their minions anyway , and other sundry "professional" ROM cooks are not hiding sneaky payloads in?
deedee said:
I'm with FloatingFatMan here, any cook daft enough to do such a thing to a ROM would very quickly be found by his peers, tried, convicted and summarily thrown to the lions.
For all that how do we know Messrs Gates, Jobs, well their minions anyway , and other sundry "professional" ROM cooks are not hiding sneaky payloads in?
Click to expand...
Click to collapse
Well, but you see that is my point exactly. Whether it is the big guy or the small guy doing it history has shown that where there is a will there is a way, especially when there is a profit to be made. Its like when Norton got busted for spyware found in their AV software in the early 2000's, remember that? I just wonder if such an attempt will be made with this newly emerging technology that is similar to the PC of the late 90's and the early 2000's, vulnerable. No one is offering (at least no one that I'm aware of) AV or firewall software for these various mobile OS's and I think that it is only a matter of time before the bad guys find a way to take advantage of these opportunities the same way they did the PC. Al least over time there became ways to detect these types of illegal practices with firewall software and packet capture software that made the average user capable of some control over his or her personal data.
qqa92 said:
Well, but you see that is my point exactly. Whether it is the big guy or the small guy doing it history has shown that where there is a will there is a way, especially when there is a profit to be made. Its like when Norton got busted for spyware found in their AV software in the early 2000's, remember that? I just wonder if such an attempt will be made with this newly emerging technology that is similar to the PC of the late 90's and the early 2000's, vulnerable. No one is offering (at least no one that I'm aware of) AV or firewall software for these various mobile OS's and I think that it is only a matter of time before the bad guys find a way to take advantage of these opportunities the same way they did the PC. Al least over time there became ways to detect these types of illegal practices with firewall software and packet capture software that made the average user capable of some control over his or her personal data.
Click to expand...
Click to collapse
Hey There,
Not wanting to be unkind but i think you are being very paranoid here and btw, you can indeed purchase AV software for mobile devices; youve only gotta google AV software for windows mobile to see that
The limited OS and how its written means the "baddies" would have nothing to gain/find it difficult to exploit so whats the point.
The only "virus" (and i use the term loosely) i ever came across actually asked you "do you want to install blah blah blah" to which the obvious answer was no.............oooo that was dangerous
To summerise, dont get your knickers in a twist about it and enjoy!
^^ And to add to Tim's comments. Just make sure you get your cooked ROM from an established chef if you're worried, and there won't be any problems.
Now, if the ROM was from someone with a tiny postcount and wasn't known, then you might have cause to think twice; but that's not going to happen here...
timmymarsh said:
Hey There,
Not wanting to be unkind but i think you are being very paranoid here and btw, you can indeed purchase AV software for mobile devices; youve only gotta google AV software for windows mobile to see that
The limited OS and how its written means the "baddies" would have nothing to gain/find it difficult to exploit so whats the point.
The only "virus" (and i use the term loosely) i ever came across actually asked you "do you want to install blah blah blah" to which the obvious answer was no.............oooo that was dangerous
To summerise, dont get your knickers in a twist about it and enjoy!
Click to expand...
Click to collapse
Well then why not let the cat out of the bag. I'm just in here to see if I can get a large portion of the members in here's knickers in a twist so that they will all go out and buy my mobile AV since mine is the biggest one out there currently. Lots of potential there, in terms of cha-ching you have to agree. LOL!
There's also the option of downloading a kitchen and cooking your own ROM ... this method permits you to look at each package in detail.
Cheers,
I once opened my yahoo on a cooked room, later on I was trying to log on on my laptop and password was rejected. I freaked out and kept trying, later that day I was able to log in after few hours for some unknown reason...
I stopped using my HTC fuze for emails since.
The myth that ALL cooked ROMs in here are completely clean sounds like an old familiar story of when the young man said to the girl "don't worry it will not hurt a bit" lol
I wish there was a tool that scans for such security gaps in a ROM
I'm not sure what your reasoningn was to stop using email on the phone because of a failure to login to yahoo from a laptop. Did you notice any malicious activity on your yahoo account? Have you since? Have you changed that password? Just seems strange.
As for the security of cooked ROMS, I've never used one but I have a new phone coming and I'm going to try one from a reputable party here. I'm not nervous about it and I use online banking all the time. Here is why I am not concerned:
1.) As several people pointed out already, your PC is more vulnerable just because of sheer numbers. WinMo has a small market share and cooked ROMs would represent an even smaller market share. Even then, there are many custom ROMs to choose from. Then if EVERY user of a specific tainted ROM used their online banking on their phones, there is still little they could actually do with that information. For example, chase uses text messaging which means yes, someone could get my balance and stuff, but I actually have to login to the site to authorize my phone rather than login through the phone. So the information itself may or may not be useful. At the end of the day, it just wouldn't make the chef much money since there would simply be too few potential victims.
2.) The liklihood is very high that the perp would be caught by their peers and exposed in order to 1 - protect their own integrity, and 2 - get bonus points for being the one who exposed the bad guy (or girl). When you add this level of risk to the low reward, it just doesn't make sense. High risk, lots of work, little reward.
3.) Then of course, if someone fraudulently accesses your account, you can usually get that money back.
So I'm perfectly comfortable froma security standpoint. It's the stability standpoint I'm a bit concerned about but that's why I'm waiting till I get my new phone to try one out so I can go back to my old phone if it all craps out.
RedScorpion78 said:
I once opened my yahoo on a cooked room, later on I was trying to log on on my laptop and password was rejected. I freaked out and kept trying, later that day I was able to log in after few hours for some unknown reason...
I stopped using my HTC fuze for emails since.
The myth that ALL cooked ROMs in here are completely clean sounds like an old familiar story of when the young man said to the girl "don't worry it will not hurt a bit" lol
I wish there was a tool that scans for such security gaps in a ROM
Click to expand...
Click to collapse
I was thinking the same thing and how much it would cost to have Lavasoft or AVG or Symantec evaluate ROMs as an impartial third party.
If anybody is thinking peer review would snuff out cheaters there are plenty cases where Ebay and Craigslist deals go bad and everybody is in on it - even (inadvertently) the local police authority that doesn't have the technical knowhow to deal with a cyber-based threat.
startluvova said:
I was thinking the same thing and how much it would cost to have Lavasoft or AVG or Symantec evaluate ROMs as an impartial third party.
If anybody is thinking peer review would snuff out cheaters there are plenty cases where Ebay and Craigslist deals go bad and everybody is in on it - even (inadvertently) the local police authority that doesn't have the technical knowhow to deal with a cyber-based threat.
Click to expand...
Click to collapse
Hey there,
Way to go to ressurect an old thread
Nothing has changed, i have never heard of seen of a custom rom that has a virus cooked in, or one that has been intentionally created to spy on the user.
That said, i guess you have to make your own decision after reading the comments from some experienced chefs/flashers here
CHeers.
This writer seems to think so.
http://www.theverge.com/2012/2/16/2801916/home-baked-roms-its-going-to-blow-up-sometime-soon
Actually he makes some valid points (and I use a Custom ROM myself).
Absolutely ZERO disrespect intended to the ROM developers here --- we should appreciate their very hard work and opening our devices up to so many other options and enhancing performance.
But after reading this article, what do people think about the safety of ROM flashing .... not in terms of bricking the device (we all know the risks), but in terms of:
A) Unintentionally opening the device up to exploits due to poor coding etc
B) A rogue developer intentionally exploiting to capture data for profit
Are you comfortable doing bank transactions on a rooted android device w/ custom ROM?
Interesting question
I have never even thought about what I do and don't do on my custom devices.
Forget the internet banking etc, there's also the entire gamit of email, social sites, work email etc etc
Just as well I trust you all!
This is definitely a concern......
Here in Korea though, the banking apps do not allow you to use them with a rooted device.....So each time, I have to unroot my device in order to do banking.
I do not know, however, if once I root again it would give the developer or hackers access to that data......
Something to think about as well though!
I realized: I never looked for an app that investigates security issues on a smart phone.
perhaps someone with knowledge in this field can give a few hints to usefull apps?
and yes, "I am with stupid too"
Motorola Defy+ with Quarx's CM9 nightlies and most of the time I still have no clue to what I am doing precisly.
But on the bright side: I do not use my phone for banking, there's nothing to "bank around"
Hmmm -- I had never considered that banks would block it -- have not tried yet. You make a good point about what remains on the device later -- at a minimum clearing browser history is a good idea -- but even that could be circumvented with a devious enough approach.
[email protected] said:
This is definitely a concern......
Here in Korea though, the banking apps do not allow you to use them with a rooted device.....So each time, I have to unroot my device in order to do banking.
I do not know, however, if once I root again it would give the developer or hackers access to that data......
Something to think about as well though!
Click to expand...
Click to collapse
I agree. From what I have seen most of the "advanced" posters here dismiss antivirus packages as a waste of time and money and they could well be right. Still I have not been able to find any real discussions on the risks the article I posted raised. It would be great if some of the more "expert" members here could offer their views.
I am loving my rooted G-Note with custom ROM ---- but I do not really have confidence in Android and its various hacks yet. Unfortunately the alternatives are rather poor.
gentle_giant said:
I realized: I never looked for an app that investigates security issues on a smart phone.
perhaps someone with knowledge in this field can give a few hints to usefull apps?
and yes, "I am with stupid too"
Motorola Defy+ with Quarx's CM9 nightlies and most of the time I still have no clue to what I am doing precisly.
But on the bright side: I do not use my phone for banking, there's nothing to "bank around"
Click to expand...
Click to collapse
I would say I agree and disagree with the article.
For me personally, when I decide to get all flash happy with my Android devices, I tend to not put any information regarding banking or credit cards. Logically, at least to me, the concerns sited in this article do occur to me. Then again, to be honest I do not put any of this information on my non jail broken company secured and encrypted I phone either. Call me paranoid.
Where I disagree with the article is in the insinuation that using a stock ROM with apps downloaded from let's say th he iTunes store is really much more secure. If a baked ROM can be pulling information behind your back, and somehow bypass security measures written into a banking app, why could not a fart app some momo downloads to be the life of the party do the same?
Flyer
I have been thinking about this ever since I've rooted my phone and flashed the first custom rom...
-and I still don't have a real answer.
Thats why I prefer stock ROM
finally its your (user) wish, weather to use custom rom or stock rom.
none of the developers are forcing to use their custom rom.
rom development is hobby,passion, and part-time for some of developers.
my few words.pls correct me if I'm wrong
Ever heard of pdroid? Droidwall?
reversegear said:
finally its your (user) wish, weather to use custom rom or stock rom.
none of the developers are forcing to use their custom rom.
rom development is hobby,passion, and part-time for some of developers.
my few words.pls correct me if I'm wrong
Click to expand...
Click to collapse
You are not wrong, but you are definitely off topic.
This is so one sided. You can say the same about any OpenSource program with small userbases. Take any little Linux Distri, any small OSS and you get to this problem quickly. Most of us can't review the source code properly so we have to rely on others. But at least you CAN rely on someone. You can't rely on anyone at closed source programs.
That's why you use Truecrypt for encrypting your hard drive and not Bitlocker, that's why you should use a Linux Distri and not Windows and that's why i use OpenSource ROMs and not the closed source StockRoms and even try to have as much OpenSource Apps on my Phone as possible.
Just my 2 cents.
He has the points and those are sorely his.
Calling other ROM flashers idiots is ridiculous and not very nice. In fact, based on what he typed, he seems to be an idiot himself.
Now to other Rom flashers, as long as then understand the risk of doing so, they entitle and fully responsible for their actions, no need to teach them.
Security issue? I drive a car to a bad area, get off, windows still lower, not even care to lock the car. That is my choice.
Now I'm going to the very nice, high educated area, I choose to lock the car, put the steering-wheel lock on. Again, it's my choice. Home wireless network, I choose to set the password or not, it's my decision. I understand the risk of not doing that. And if I choose not to do that, it doesn't make me an idiot.
Next, not all baked ROM are based on leaked official one. CyanogenMod team is well-known and they based on the Google source code, ASOP, not a leak one from vendors.
So, if ROM flashers realize what source they use, they're all set.
Writing a long article with just one-minded lopsided thinking like this is pretty lame.
an0nym0us_ said:
Ever heard of pdroid? Droidwall?
Click to expand...
Click to collapse
Pdroid: looks very promissing but you need to be a programmer and only for Gingerbread.
Droidwall: from what I understand from it it is a kind of fine-tuning of your data traffic. Pdroid goes much, much further and I would prefer it.
A real shame I'm not a developper/programmer and also very happy with my custom ICS ROM.....
On the bright side; I like tweaking but not social networking or any other more "dangerous stuff" Just like I'm used on my PC.
I've never bothered with a custom ROM, partly because I just realise that pretty much everything I could do with a custom ROM, I can do manually with a rooted phone. I don't like to install a package of software someone else thinks I should use, I prefer to pick and choose the stuff I want. Security concerns never really bothered me, I don't care too much about the security of my phone (I guess maybe some people would be annoyed at me if my contacts were stolen or something, but other than that there isn't really anything I care about on my phone). I never do online banking etc. on it, but that's just because that's something I do very rarely and only do when I'm at a computer anyway.
gentle_giant said:
Pdroid: looks very promissing but you need to be a programmer and only for Gingerbread.
Click to expand...
Click to collapse
You don't need to be a programmer. All you do is get your ROM zip, run the PDroid patcher on the ROM zip, it'll give you a patch zip, flash the patch zip in recovery, install PDroid from market. And I think there are unofficial ports to ICS possibly.
Doesn't stop me from flashing custom ROMs.
Oh well...?
Sent from the future.
I though the article itself was a bit sensationalistic but at the same time I think changing the ROM in a system (not to mention giving root permissions to apps) is a lot more potentially intrusive than downloading apps from Itunes or Gplay.
Anyway I like my custom ROM setup but I sort of feel like I am whistling in the dark at times. I think a lot depends on how sophisticated we are as users.
Case in point:
When I flashed my ROM for the first time, I freaked out seeing a bunch of Chinese names every time I made a call to certain numbers. The good thing about XDA is if you search you can find anything about ROM issues and in this case I learned that this was due to the developer using the contacts part from the leaked Chinese ICS and it had something to do with a "Phone locator service" that could be disabled. Ok so I disable and go back to whistling in the dark --- but I have not been able to learn what the phone locator service is in the first place or WHY i had Chinese names showing in my calls.
As a relative Noob I can follow instructions from most of the generally well written instructions on XDA and not get into trouble --- but (rhetorically) do I really understand the background issues and risks with some of these things?
What is this phone locator service anyway? Why the Chinese Names and Locations in the call indicators?
mcord11758 said:
Where I disagree with the article is in the insinuation that using a stock ROM with apps downloaded from let's say th he iTunes store is really much more secure. If a baked ROM can be pulling information behind your back, and somehow bypass security measures written into a banking app, why could not a fart app some momo downloads to be the life of the party do the same?
Flyer
Click to expand...
Click to collapse
Well you are right that we are all responsible for our own choices. I just think it is better for all that people can make as informed as choices as possible. That is why discussions like these can be good (even if the article was inflammatory).
To extend your analogy, maybe you think it is your choice to leave your car unprotected. But maybe your insurance company will disagree and try to teach you better? Maybe the police inform you to secure your car because you make more work for them when your car is stolen?
So as a car driver it is your choice, but many might argue that the community of car drivers needs to be educated on the risks of their behavior so that they can make more informed decisions. Then you benefit and the community benefits (keep insurance rates down, free up police resources etc.)
I hope I made sense
votinh said:
Now to other Rom flashers, as long as then understand the risk of doing so, they entitle and fully responsible for their actions, no need to teach them.
Security issue? I drive a car to a bad area, get off, windows still lower, not even care to lock the car. That is my choice.
Click to expand...
Click to collapse
I'd rather take the risk and enjoy life than sit on the sidelines. Considering that all smartphones have vulnerabilities, stock or no, I'll take my chances. I also have a bit of faith left in humanity in general and more so some in communities like XDA and Rootz where the general idea is clearly that these are places for everyone to contribute to everyone else, not to come in and scam.
Let's be real: if someone comes through here and drops something that ends up defrauding other for every person involved in coding the malicious item there are ten more capable devs who will have the motivation to take them to task in most unpleasant ways. I, for one, would not put my butt on the line by choosing a dev forum to release or market my malware.
Many of you are going to know all this, and many know far better than I. Please, those that do, please step in and correct my information if I make any mistakes.
I see the word stable thrown around a lot - "Is this ROM stable", "stable release", etc.
I want to attempt to pin down a definition when in use for regular conversation, and I also want to address that there is one use of the word that is clearly defined and cannot be used lightly.
First, in the development/open source world, the vast majority of projects you will see are in beta or sometimes even alpha. This means that it's still in some sort of testing phase, and there are usually some bugs that need to be ironed out before it's termed a "finished product". By the very nature of software and developers' desire to be honest, it's quite common that there are some pieces of software that will never leave beta(and some even used in a corporate production environment. "beta" is not a death sentence and doesn't mean there's something fatally flawed). There is always more work to be done, a bug here, something to smooth out there, something that needs to be optimized, etc. A developer can not be satisfied to release a final version. That being said, it does happen. Once it reaches past beta, it often gets promoted to a "release candidate".
A release candidate, or RC, means that they are fairly satisfied that bugs are taken care of, and that they are PRETTY sure there's no major flaw lurking in the depths waiting for the perfect moment to rise and bring down death and destruction upon any innocent fool who crosses its path. This is the final step leading up to that coveted and rare specimen - the :victory:Stable Release.:victory:
Once the release candidate has gone through rigorous testing by developers, users, testers, etc, it can finally become a stable release. It's a big risk to label something as a stable release. This is the developer giving you their word and staking their reputation to say "there are no bugs in this piece of software. It is being released as a final version and will not cause you any trouble".
I beg you to correct me if I'm wrong, but I don't believe there are stable releases for any any ROM for the MT4GS. Once again, this is very common in the development world, and not just for phones. Just take a look at the number of projects on slashdot that are widely used by thousands of people with no trouble - much of them sitting in beta or even alpha.
Now is where we run into some ambiguity using the term. At a passing glance, and certainly to the uninformed, seeing that software isn't "stable" will naturally and intuitively lead one to believe it must be somehow unstable. Given the nature of open source and development, we know that this isn't necessarily the case. There may be something very minor that only comes up in certain situations, the developer may still feel that there hasn't been enough testing to rule out any bugs, or there may be no bugs at all but the developer is not yet satisfied with the completeness, speed, or number of features.
Now, I would like to address how the word is used in conversation or when asking questions about a ROM. Stability itself, is absolutely very important, with good reason, to a vast majority of people who own a mobile phone. This is often their only source of communication and is required for work, for emergencies, and for generally keeping in contact. If the phone fails to function in a manner that keeps the user reliably connected to their web resources as well as phone, email and messaging communication, there could very well be disastrous results. Therefore, asking if the rom is stable is very valid and relevant, but due to the fact that the word stable can have such an ambiguous definition, and is also a term for a particular stage in development, communication can break down pretty quickly between parties when the term starts getting tossed around.
The device I had previously was a Motorola Droid 1(OG Droid, Sholes, etc.). This phone had a huge and extremely active development community on many different websites. Many devs still hold the moto droid in a special place in their hearts for how hackable it was, the power it had for a device at the time of its release, and the massive userbase ranging from those with no technical ability at all to some of the best hackers ever to work on Android. This device truly represented the renaissance, if not the birth, of custom development for android devices.One thing that was extremely common across almost any ROM or kernel you could put on that phone, however, was a risk of "instability". In this case, this usually meant that the phone would randomly reboot, especially when doing something particularly tasking on the cpu(navigation was a particularly common culprit). In extreme cases, it would reboot and then go into soft bootloops once, twice, even five times. This happened more often with overclocked kernels, and most people had to look for multiple kernels and setcpu settings that would give them a balance between speed and stability. It took some trying and some tweaking. Most people would eventually get a setup that was solid. Even with a "rock solid" kernel and ROM setup, there were very few who NEVER experienced a random reboot when running a custom ROM/kernel. It was just something that happened. The other major issue people saw were force closes of apps. These were extremely common as well, but usually addressed more easily. Your setup was considered stable if you were confident that you could do all of your phone's functions without getting FC's and you weren't going to get a reboot 99% of the time. You could rely on it not to do anything unexpected.
I have, admittedly, not tested every ROM that exists for the MT4GS. I probably haven't tested half of them. I have however, tested most of the later releases with the exception of XMC's Jellybean. What I have found, however, is that out of all the ROMs I have tested for this device, each and every one one of them has met my personal definition of stable. I've never seen a random reboot on the MT4GS. If I see a FC, it's because I failed to clear data and cache before flashing something, forgot to flash or flashed the wrong version of gapps, or I'm trying to get something working that wasn't included in the ROM. It's for this reason that I really don't know how to respond accurately when someone asks something like "what's the most stable ROM for this phone?" or "I saw this particular ROM, can anyone tell me how stable it is?"
So I have two requests. The first is for anyone who cares to read all of this and answer. I'd like to ask you, if you are asking about how "stable" a rom is, what do you mean? Are you asking about whether it has bugs? They all have a bug list of what's working and what's not. Are you asking about whether it has a certain feature fully working? Once again, that's in the works/ doesn't work info usually including in the first post about the ROM.
Request 1:
Answer me this - What does "stable" mean to you?
Request 2:
When considering or just looking for info on a ROM and you have a question about this or that, be specific. If I've checked into a ROM, I very well might have an answer for you. If you just ask whether or not it's "stable", I don't know what you're asking
I can see where you're coming from.
Personally, stability for me is a rom that works well enough where the phone isn't bugged out entirely (has over 80% of the phone's default settings working such as calling or getting into e-mail, etc.).
In general, there are others who request too much and want utter perfection. No rom is ever going to be perfect, regardless of the stage of the rom (alpha, beta, release candidate).
Sent from my myTouch_4G_Slide using xda premium
To me a "stable" ROM is one where all of the phone's functions work as designed, meaning the camera, bluetooth, wifi, keyboard, etc. all function without having to do anything extraordinary. Also, the ROM itself doesn't require extraordinary measures to perform common functions and doesn't FC or random-boot. I can accept a few minor glitches, even stock ROMs from HTC have those. But, for my overall needs, I currently run only a stock-based ROM because I absolutely need the stability and all functions (especially the camera and stable wifi). This is my ONLY phone, I don't have another mobile nor a landline, so stability is #1 priority.
I've waited a long time for your post.
...and I agree with everything you've said thus far in principle.
The concept of stable is in and of itself a dynamic thing in a place like this under the many varied intentions of the people developing anything here.
Consider that in many cases things are made as examples, or proof of concept. Such things may be deemed stable by the creator on the particular proof, yet be unstable for other uses.
In many cases, such things are outlined by the developer and the bounds determining stability vary widely from project to project, and developer to developer.
In the retail world of say, phone sales, and the manufacturers guarantee against defects, the business world is held to a certain threshold of accountability for providing a working product.
For us here, there is no money involved - people aren't paying for a product, and so lose at most up time with the device while it gets sorted out. The total loss of the device itself, as in hard brick, due not to user error but to developer error is where I would say the minimum standard of stability lies.
That bears, in my eyes, the closest relation to the business world standard of a manufacturers guarantee against defects. Buggy software, and the clarification thereof being the topic to pick apart - i'd like to get a consensus of how many other people feel that simply not hard-bricking the device due to developer error is the complete polar opposite of:
karri0n said:
...
that coveted and rare specimen - the :victory:Stable Release.:victory:
...
Click to expand...
Click to collapse
...where the quote is in-context of being a final, finished product.
The minimum threshold being the easier end of the debate to reach agreement on and build our understanding from.
....
So how does a developer get to stable projects?
Drawing a parallel from the manufacturing industry, the answer is quality control.
If your business is running assembly lines of product, at the end of the line needs to be a certain amount of quality control before shipping. Else the product could vary widely in stated ability and function. A shop with little to no quality control could be one equivalent to an unstable release.
This points us in a direction in the determination of stability - the comparable equivalent from our point of view is testing. You have to test your product (project) before sharing, else you don't know if it will work right.
Unlike an assembly line where testing is done on a random small sampling of pieces, a developer must rigorously test and retest the project (product) to ensure stability and reliability of function.
Of course, this begs the question of the standards involved in testing.
Ever seen this movie? The Pentagon Wars
It's a riot - but also illustrates the importance of standards in testing.
To us one way, arguably the most important way, is developing a consistent method of testing to properly evaluate the desired results.
Consider my first project of involvement at XDA was in understanding the differences in MicroSD cards for running CM7 booted off the Sdcard and not the internal memory of a device. Some cards were downright buttery smooth and amazing, other cards were downright impossible to work with. They were directly found to be the culprit of force closes, if it could be run at all.
Once we determined that there was a specific brand that could be consistently counted on to perform to spec (through a massive posting of speed test results by ever so many members of the community!!! :highfive: ) - I set about trying to determine how accurate the posted information was.
This thread: A Closer Look At MicroSD and Reader Speed
...was primarily established to determine how much the type of card reader used skewed the testing results.
Granted, i'm biased based on having written the article, but I would consider that project to be an example of rigorous standards of testing for a particular piece of information.
I use this example to make the point of stability. In this case it directly equates to validity of results. By recording all of the data, publishing all of the data, people can point out where my math may be wrong if i've made a mistake based on calculations of the raw published data.
( just like people can offer suggestions on published open-source code )
...or incorporate the results into further testing of their own - based on the validity ( stability ) of the data.
Another example of what I would consider trying to achieve a "stable release" of an answer to a question through rigorous testing: My first real doubleshot contribution.
So I put forth those two projects of mine to illustrate what I consider stable releases of information. If not, explain why?
So a stable release not only is important from a user perspective, but also from an open-source developers perspective.
How solid is the code(knowledge, information, etc...) being built on, if a coding (or other...) project? Is the code you are nudging in a direction you think would be interesting buggy to start with?
Is your own new code buggy to start with?
Do you just throw it out there and keep working with it until it works? Do you take the time to ensure it works to the best of your ability before releasing?
Both are very valid approaches - some radical concepts are seen to reality much more quickly because the incomplete thought was tossed into cyberspace to grow to maturity.
The developers ability to relay the type of project it is, and the expectations of use can in fact create the business world equivalent of 'buyer beware' in the context of placing the onus of determining stability on the end user.
Because stability really depends on perspective.
Saying that something is a daily-driver, i'd use it everyday kind of thing is most akin to the:
karri0n said:
...
that coveted and rare specimen - the :victory:Stable Release.:victory:
...
Click to expand...
Click to collapse
...that we are trying to define as the upper end of finished.
There again though, this varies based on perspective.
Pretend a large enough user base decided they didn't care about not having any bluetooth ability. Along come some ROMs that don't include that function. They state such, and otherwise have bugs on a very individual user level basis, if at all.
To that user-base, those ROMs are stable. What about you? You lose your bluetooth headset and can't do without that. Being as bluetooth is a functional piece of equipment within the device, any ROM without it is technically unstable. Can we agree with this?
Stability can also be defined, at least in part, by a developers ability and attention to resolve issues "Immediately, if not sooner". This becomes a determination of stability based on the developers ability and timeliness in resolving issues.
Otherwise stable software can become corrupted through interaction with other code that doesn't agree with it. There are a lot of apps out there, and Android is an environment allowing for much more freedom then the app store.
Due to the increase of involvement of chaos theory throughout the Android environment, I'd put forth that the stability of any software is in part tied to the developers attention to unforeseen interactions due to the scope of Android at large.
Here again, is another example - by this definition:
"Bulletproof was more stable when I was actively working on it - before I had to take a leave of absence." During that leave time, the ROM is less stable then it was before, because any new problems aren't attended to.
But we can say that not only the level of attention, but the quality of that attention is important too.
A consistent voluntary lack of desire in chasing down new bugs and fixing them could be seen as the equivalent of that crappy customer service call. Maybe you just exceeded the developers interest in the project, and to that developer it was stable for it's intentions at the time, and has moved on.
From one perspective, the project was completely stable. From another, quite the opposite.
There again, you have developers moving on to other phones, or using projects as stepping stones to other goals. We would need to agree to be able to define something as "stable to a point" if the project was brought so far forwards before the developer left it behind for others to build on.
Sometimes while building bulletproof I threw out stability and claims/remarks thereof in order to challenge the community to define what it was to me.
In the end, stability to me correlates to the endless anal attention to detail - on all fronts. To write clean code, to properly wipe and prepare the device, and the burden of utilizing a stable product rests with both the producer and the user - even if the only user is the producer.
Given the many facets of 'Stability' in trying to define it - how accurately can we do so?
I look forward to the postings on this thought experiment.
How big is big?
I'd bet that the word "stable" means something slightly different to nearly everyone. As an active user that tinkers with their installation a lot "stable" means no more than a 1 problem that requires a reset every week or two. Different usage would mean different definitions. Another user on my account that primarily uses his smart phone for calls won't tolerate more than 1 problem a month and for him, even that is frustrating. For emergency personnel any problem that prevents phone usage would be way too many.
The word also has different meanings for different products. I wouldn't consider a router that has more than 1 or 2 problems a year stable. Commercial communications equipment I've worked with was deployed in environments where it was expected to run at least 2 years without a problem. It was so well designed that occasionally it would run 5 or more years and the end users would forget where it was located and sometimes even that it existed at all.
I guess language just sucks for this type of thing.
All I want is a sense-less ROM that doesn't have random reboots and I'll stick with this phone for another year. As it is now I can't freaking stand it. That's with a totally fresh wipe and install of Virtuous Inquisition. I just don't buy into the idea that these phones aren't meant to download all the apps and games we can fit off the play store (not that I do... I HAVE in the past but I've barely reinstalled anything since my most recent wipe). The idea that installing things is going to lead to issues that aren't the ROMs fault is crazy. The stock ROM doesn't have these issues with my apps being installed. I only rooted to get rid of that dumb genius button (and getting rid of sense was the icing on the cake although not totally necessary).
"Stable" should refer to a ROM that works completely fine except for 2-4 functions that are not essential to smartphone daily function.
"Stable" unfortunately refers to a ROM that boots around here.
Sent from my HTC MyTouch 4G Slide using xda premium
polarbearmc said:
All I want is a sense-less ROM that doesn't have random reboots and I'll stick with this phone for another year. As it is now I can't freaking stand it. That's with a totally fresh wipe and install of Virtuous Inquisition. I just don't buy into the idea that these phones aren't meant to download all the apps and games we can fit off the play store (not that I do... I HAVE in the past but I've barely reinstalled anything since my most recent wipe). The idea that installing things is going to lead to issues that aren't the ROMs fault is crazy. The stock ROM doesn't have these issues with my apps being installed. I only rooted to get rid of that dumb genius button (and getting rid of sense was the icing on the cake although not totally necessary).
Click to expand...
Click to collapse
I can't say I've seen any problems like you are describing. I only used Vinq for a very short time, before I realized that wifi calling didn't work on it. CM9 a5 does not have any random reboots and has more features than Vinq working. That being said, I haven't heard of anyone facng random reboots using Vinq. if I had to guess, I would say it's related to the way Vinq tries to patch some elements of Sense and some elements of AOSP together, and they just don't get along. If it were me, I would move to cm9. I don't like sense's remnants tainting up my device, especially if they're going to lead to problems. the ONLY exception to this is the stock DoubleShot camera I would enjoy having that, but not if it meant that I had to run sense libs and it started causing conflicts with other parts of my AOSP.