This Google website offers frequently updated daily GSI builds of AOSP, where code changes from literally any contributor to the Android Open Source Project are built and hosted on Google Servers.
Branch Grid
ci.android.com
The FAQ states that there is a two factor security system in place to ensure the added code is genuine and safe.
Reviewers check the added code and make sure it's consistent with Google Guidelines.
Verifiers build the changes and verify it if everything checks out.
That's basically it.
Meaning the code inside those images ready for download on ci.android.com has only been vetted by a single reviewer, before a verifier builds them for testing and it is hosted as an artifact.
I understand that these img files are not meant to be used by anyone, but it still seems a little crazy to me that Google would publicly host an image file of AOSP which could potentially be downloaded or even flashed by anyone, while the code inside has basically undergone 0 scrutiny.
Are you honestly suggesting that the AOSP source could contain malicious code?
There are very few people who can contribute to the source, and the current security measures which you've already detailed are sufficient for this. Open source does not mean open development.
V0latyle said:
Are you honestly suggesting that the AOSP source could contain malicious code?
There are very few people who can contribute to the source, and the current security measures which you've already detailed are sufficient for this. Open source does not mean open development.
Click to expand...
Click to collapse
There is literally a single person who reviews code changes in the aosp-master and aosp-android13 branches before they are built on ci.android.com and the resulting images publicly released for download on Google servers.
This reviewer person is neither a Google employee nor in any way associated with or beholden to them. It's a random civilian who was chosen to become a reviewer by virtue of submitting "high quality code".
This doesn't strike you as at least a bit ridiculous?
tablet_seeker said:
There is literally a single person who reviews code changes in the aosp-master and aosp-android13 branches before they are built on ci.android.com and the resulting images publicly released for download on Google servers.
This reviewer person is neither a Google employee nor in any way associated with or beholden to them. It's a random civilian who was chosen to become a reviewer by virtue of submitting "high quality code".
This doesn't strike you as at least a bit ridiculous?
Click to expand...
Click to collapse
No, because while Google supports AOSP, it does not control it - Android is not a Google product. This avoids conflict of interest. Whoever it is who reviews code changes was undoubtedly chosen based on their merits. Linus Torvalds isn't employed by any major company, yet I doubt you have any complaints about the fact that he maintains the Linux kernel "master" (which by the way is what the Android kernel is based on).
Android is, and was always meant to be, free and open source software, and that's the beauty of it. This is why the proper way to build Android is without GMS or any Google apps; the user themselves must choose to install those, as they are Google proprietary software. The Continuous Integration builds do not have integrated GMS; in fact the only "official" GSIs with integrated GMS are here.
It sounds like your entire argument is "How can we trust AOSP to be clean"? Simple answer: Because it's open source. You (and anyone else) can download, decompile, inspect, literally do anything you want to the code. Sunlight is the best disinfectant, as the saying goes; would you rather that Android be closed source, owned fully by a major tech giant which works primarily to serve its own corporate and shareholder interests - or would you rather things be as they currently are, with the source code freely available for anyone to inspect? It's really really hard to get away with malicious code in the latter circumstance...not so much the former.
I'm not exactly an expert in this field but I'll tag a few brilliant people who can better outline things:
@karandpr @pndwal @sd_shadow @osm0sis
There are undoubtedly more, if any of y'all know someone more knowledgeable on this issue please tag them. Also feel free to set me straight if I'm wrong
V0latyle said:
I'm not exactly an expert in this field but I'll tag a few brilliant people who can better outline things:
@karandpr @pndwal @sd_shadow @osm0sis
There are undoubtedly more, if any of y'all know someone more knowledgeable on this issue please tag them. Also feel free to set me straight if I'm wrong
Click to expand...
Click to collapse
The concept of Open Source is admirable, there is no question about that, however people tend to weaponize its significance.
Your contention that anyone could simply download, inspect and verify AOSP source code, or any high level open source code for that matter, is laughable. From a layman's perspective this might as well be closed source, they would never be able to authenticate it. Thus, they must rely on the opinions of so called experts, or in this case the decision of a reviewer who is apparently qualified to evaluate some of the most complex Javascript known to man, because they submitted "high quality code".
Putting aside the questionable requirements to become a reviewer, I really would like to stress how incredibly difficult it is to read, let alone understand code on this level. I personally know Javascript, but wouldn't even attempt to decipher a single paragraph of AOSP code.
Saying that anyone can do it is dishonest. It's the same as a local ISP telling people they can switch to another carrier if they don't like it, when there's nobody else around.
tablet_seeker said:
The concept of Open Source is admirable, there is no question about that, however people tend to weaponize its significance.
Your contention that anyone could simply download, inspect and verify AOSP source code, or any high level open source code for that matter, is laughable. From a layman's perspective this might as well be closed source, they would never be able to authenticate it. Thus, they must rely on the opinions of so called experts, or in this case the decision of a reviewer who is apparently qualified to evaluate some of the most complex Javascript known to man, because they submitted "high quality code".
Putting aside the questionable requirements to become a reviewer, I really would like to stress how incredibly difficult it is to read, let alone understand code on this level. I personally know Javascript, but wouldn't even attempt to decipher a single paragraph of AOSP code.
Saying that anyone can do it is dishonest. It's the same as a local ISP telling people they can switch to another carrier if they don't like it, when there's nobody else around.
Click to expand...
Click to collapse
Apples and oranges. My point is that everyone has the ability to do so, and if they don't know how, they can learn. This is not the same as telling someone to use an alternative that doesn't exist, and to be frank I find your comment that my statement is "laughable" to be rather disrespectful, because what I said is verifiably and factually correct. I don't know Java or Python or C++ or any programming language for that matter, but I know that I can go to Android Code Search and view any aspect that I wish. So can you, so can anyone else who has an Internet connection. Yes, it requires a certain degree of knowledge and understanding of the workings of such code but that requirement is not prohibitive in of itself. It doesn't matter if you're a layman or not - the code is freely available to view, and so is the information necessary to educate oneself to the point where they can understand it. "If you don't know, learn."
If someone does find a problem with the code, they can submit bug reports. Literally anyone can do this, and the Issue Tracker is also available for the general public to view.
I suppose my only observation from this is that the the verifiers, and possibly contributors, should have published merits by which anyone can establish their bona fides. Still, the AOSP project is made up of some of the most brilliant minds in software
To simply state that "Android can't be trusted because I don't know anything about Java and I don't know who's in charge of verifying the code" is an extremely ignorant assertion. It's one thing if you find a particular issue with the code that you can demonstrate and document, as well as any resistance from the "main" project in fixing it. It's another when you question the legitimacy of something without evidence or proof. If you're going to make accusations, you had better have receipts.
V0latyle said:
Apples and oranges. My point is that everyone has the ability to do so, and if they don't know how, they can learn.
Click to expand...
Click to collapse
They don't and they can't.
Your self-admitted lack of expertise in this area is probably why you believe that.
The equivalent of what you're claiming would be that anyone has the ability to perform brain surgery or make a revolutionary discovery in quantum physics.
You are confusing ability with possibility.
It may be humanly possible for most people to learn basic or even advanced programming, but by no means does simply anyone have the ability, or in other words mental capacity, to comprehensively read and verify source code of this caliber. I just have to stop you there.
The average xda member who flashes these images is content with understanding how to change the color of the status bar. Apples and oranges, indeed.
You are casually brushing over things that represent some of the most complex and sophisticated subject matter in all of modern computer science.
V0latyle said:
I don't know Java or Python or C++ or any programming language for that matter, but I know that I can go to Android Code Search and view any aspect that I wish.
Click to expand...
Click to collapse
Of course you can, but again, there is a difference between the possibility of you gaining access to the code and your ability to even remotely grasp its meaning.
If you are past the age of 15 yo and have never had any meaningful exposure to programming, I can guarantee you that it would be virtually impossible.
V0latyle said:
So can you, so can anyone else who has an Internet connection.
Click to expand...
Click to collapse
Again, you do not understand.
I have actually done some software engineering. Nothing major, but enough to help me understand the hierarchy.
The sheer incalculable, intellectual discrepancy between us and the people who actually drive innovation and work on stuff like the kernel project or AOSP is something that you can only appreciate once you have been personally exposed to it.
V0latyle said:
Yes, it requires a certain degree of knowledge and understanding of the workings of such code but that requirement is not prohibitive in of itself.
Click to expand...
Click to collapse
It absolutely is. 99% of the people who use this code will and could never understand it, no matter what.
V0latyle said:
It doesn't matter if you're a layman or not - the code is freely available to view, and so is the information necessary to educate oneself to the point where they can understand it. "If you don't know, learn."
Click to expand...
Click to collapse
That is simply a logical fallacy.
Just because it is possible doesn't mean it is plausible.
V0latyle said:
I suppose my only observation from this is that the the verifiers, and possibly contributors, should have published merits by which anyone can establish their bona fides.
Click to expand...
Click to collapse
I agree. I also like that you used the phrase "bona fides". Very nice, lol. You know latin by any chance?
V0latyle said:
To simply state that "Android can't be trusted because I don't know anything about Java and I don't know who's in charge of verifying the code" is an extremely ignorant assertion.
Click to expand...
Click to collapse
It's a realistic one.
This is a problem with modern science as a whole. If I asked you right now to prove to me the existence of DNA or viruses, you'd have to refer me to scientific theories and expert opinions, that you have chosen to trust, even though you could hypothetically verify their findings yourself, yet never will.
If you're going to blatantly disregard all the points I've made, I see no need to continue this. I'm not sure whether you're arguing for argument's sake, or have an actual reasonable concern for the integrity of Android source.
V0latyle said:
If you're going to blatantly disregard all the points I've made, I see no need to continue this. I'm not sure whether you're arguing for argument's sake, or have an actual reasonable concern for the integrity of Android source.
Click to expand...
Click to collapse
With all due respect, your argument was weak and I have soundly refuted it.
Neither you, nor I will or could ever fully understand AOSP source code, let alone verify it. That's simply the bottom line. We have to trust in the assurances of its creators, thus it may as well be closed source to us.
Also, I believe you should remove the warning about politics, since you have already opted to edit my post.
tablet_seeker said:
With all due respect, your argument was weak and I have soundly refuted it.
Neither you, nor I will or could ever fully understand AOSP source code, let alone verify it. That's simply the bottom line. We have to trust in the assurances of its creators, thus it may as well be closed source to us.
Click to expand...
Click to collapse
Except we could. Plenty of people do. It's not written in an obscure or secret language; with sufficient knowledge of the code involved, one can easily decompile and understand it. And since the resources that can give one said knowledge are freely available, anyone can do it. I've never bothered to, and apparently neither have you, so while it is true that we don't understand the code as it is, we could, and there are many members of this forum who can - none of whom are Google employees, nor are they directly involved with AOSP.
There's a difference between someone who doesn't understand but is willing to learn, vs someone who doesn't understand and won't be taught.
Related
Hi all!
I'm an android developer, and I regularly read the official android-dev and android-porting lists, but on all the fan blogs and from lurking here, it seems that all the good development is coming from XDA-dev!
So why don't you guys do some patch submission? Features like auto-rotating browser and the transition animations should really, really be in the main source, but the official Android team have their thumbs up their asses in regards to UI/polished stuff.. (I bet they're too busy working on the lower level cellular stuff and the ARM-generating stuff like in the *flinger libraries).
So you guys should make some patch submissions over at (http://source.android.com/submit-patches)!
That way, the next RC will have all of these lovely features you guys have implemented.
((Or, alternately (but more ambitiously), fork the entire codebase. Strip out the DRM and add a framework for native code execution. Perhaps that's a pipe dream, though..))
Thoughts?
I think forking the Android source would be a very nice touch, if Google doesn't pull it together. We could still add on to stuff from the official code, but add on all the special stuff that Google refuses to (they've said they won't add the ability to change CPU speed, etc).
Oh, absolutely, there would be numerous advantages to having a fork. It should definitely be discussed! I'm afraid that Google may be trying to exert too much control on their platform in ways that we don't always want, so there is nothing legally to stop us from forking and maintain a more badass tree. GitHub could provide the hosting.
Of course, it might be a waste of effort. If you submit the badass patches, then the good features here go out into all the phones in the next versions. Work on the fork, and only the selected users who are able to flash their own phones can use it, unless some Chinese companies start using it or something like that.
Names?
XanDroid? I'd rather like to see Mandroid with in a slick black theme..
Well to me it seems like the only people doing cool things right now with android have rooted devices
So why cant you ***** a little on google lists to make them actually do some work. The Roadmap @ http://source.android.com/roadmap is a joke. Either they give us root or they start working imo. =)
Seanambers said:
Well to me it seems like the only people doing cool things right now with android have rooted devices
So why cant you ***** a little on google lists to make them actually do some work. The Roadmap @ http://source.android.com/roadmap is a joke. Either they give us root or they start working imo. =)
Click to expand...
Click to collapse
Do you think that the release of the new unlocked Dev phones will change things?
Yeah it'll most probably shake things up a bit, however what about all those that already have a g1?
I for sure isnt buying a new phone to get root.
But even so, we're still talking about modifications to the OS and the packaged applications, which would be released in the next RC version, so even non-root users would get the features in the next update, along with anyone running Android on something besides a G1.
my .02
Id say submit some of the things found here and see what goog does with it, if they openly add these things that need root at this point and let xda dev participate in the OS with such submitions...then cool thats how open source works best, when anybody can add to the project, a phone OS utopia
If they ignore it then, a fork is the way to go but give google a chance to do the right thing first before, just leaving them in the xdadevs dust with a custom distro...
bhang said:
Id say submit some of the things found here and see what goog does with it, if they openly add these things that need root at this point and let xda dev participate in the OS with such submitions...then cool thats how open source works best, when anybody can add to the project, a phone OS utopia
If they ignore it then, a fork is the way to go but give google a chance to do the right thing first before, just leaving them in the xdadevs dust with a custom distro...
Click to expand...
Click to collapse
Google has refused to add multiple features. They feel that they aren't necessary, or that your average consumer wouldn't want it (main thing I can think of atm is CPU speed).
If they don't add the features we request, simply because *they* don't like them, then a fork would get us exactly what we want/need. After we fork it, and the number of users using stock Android plummet, maybe they will listen .
I see a problem with forking... who says what is allowed and not allowed? That is the main problem. Now if you wanted to just add an app that would be one thing but there is not going to be an easy way to do this.
Gary13579 said:
Google has refused to add multiple features. They feel that they aren't necessary, or that your average consumer wouldn't want it (main thing I can think of atm is CPU speed).
If they don't add the features we request, simply because *they* don't like them, then a fork would get us exactly what we want/need. After we fork it, and the number of users using stock Android plummet, maybe they will listen .
Click to expand...
Click to collapse
Given the number of G1s with modified fw installed compared to the total number of sold units, I somehow doubt the number of users is going to plummet.
IMHO it would be a needless fork unless some new or considerably modified features were planned. Better to just patch the functionality into the official builds, if at all possible.
I'm not convinced by that logic. There would be an important difference between a fork and patched versions of the firmware, as a fork would have a totally different design philosophy. Whereas Android is focused on speed (or whatever the hell they're concentrating on..but to be honest, I think they're dicking about over there), Mandroid could have more focus on polished features and low-level access. ((And! No DRM, and I'd like to see some more security features..ZRTP?))
Either way, I think it's really important for the success of the open future of phones that the open source community take and give back. There's no need for the back-and-forth like with, say, PSP-cracking as we have the source code and we are allowed to do whatever we like with it. If we just keep patching what they give us and keeping the modifications closed, then we aren't really in control.
As for project management, I'm absolutely sure there are people who are capable of maintaining an active open-source project such as this, as long as there is a well-thought out design philosophy. I'd love to be involved, if enough people are willing to give it a shot. But, first, it'd be easier just to submit patches.
Miserlou! said:
PSP-cracking
Click to expand...
Click to collapse
PSP cracking is insanely different. If you were in that scene, does my name look familiar ? Was net admin at toc2rta/malloc, admin of psp-hacks.com, worked with a lot of people on a lot of stuff that I barely remember as it was years ago .
But for the PSP, we were working with a system we knew nothing about. So yes, Android would be a lot simpler to work with. But if Google doesn't listen to us, it's not like it would really matter.
neoobs said:
I see a problem with forking... who says what is allowed and not allowed? That is the main problem. Now if you wanted to just add an app that would be one thing but there is not going to be an easy way to do this.
Click to expand...
Click to collapse
Android is licensed by both the Apache Software License (do whatever you want with it) and the General Public License (do whatever you want with it as long as you make the source code available for others). We are certainly allowed to do this, but the problem lies with the G1 owners running the official RC30. They wont have the rights required to flash the image which leaves them out of the party.
2 words
The community(did I spell that right?)
Bhang
Datruesurfer said:
Android is licensed by both the Apache Software License (do whatever you want with it) and the General Public License (do whatever you want with it as long as you make the source code available for others). We are certainly allowed to do this, but the problem lies with the G1 owners running the official RC30. They wont have the rights required to flash the image which leaves them out of the party.
Click to expand...
Click to collapse
I meant who is going to the be decision maker of what features will be added... The Community as a whole? What about some that want it but only 25% of the community wants it?
neoobs said:
I meant who is going to the be decision maker of what features will be added... The Community as a whole? What about some that want it but only 25% of the community wants it?
Click to expand...
Click to collapse
That's what project leads are for. And hypothetically when enough people are dissatisfied with the xda-dev fork they will go and create their own fork. Except I don't think there is any real argument yet to go and create an xda-dev fork in the first place. Forking an operating system meaningfully is not a weekend project for a single person.
I have said it before, let's give them a bit more of a chance, a fork isn't something a guy can do in a weekend.
So let's see what happens in RC3X, the next release will give folks a bbetter idea of where their heads are at. If enough of the community is unhappy there will be a fork
Bhang
The current state..
The last few days have been difficult. What has become clear now is that the Android Open Source Project is a framework. It’s licensed in such a way so that anyone can take it, modify it to their needs, and redistribute it as they please. Android belongs to everyone. This also means that big companies likes Google, HTC, Motorola, and whomever else can add their own pieces to it and share these pieces under whatever license they choose.
I’ve made lots of changes myself to the AOSP code, and added in code from lots of others. Building a better Droid, right?
The issue that’s raised is the redistribution of Google’s proprietary applications like Maps, GTalk, Market, and YouTube. These are not part of the open source project and are only part of “Google Experience” devices. They are Google’s intellectual property and I intend to respect that. I will no longer be distributing these applications as part of CyanogenMod. But it’s OK. None of the go-fast stuff that I do involves any of this stuff anyway. We need these applications though, because we all rely so heavily on their functionality. I’d love for Google to hand over the keys to the kingdom and let us all have it for free, but that’s not going to happen. And who can blame them?
There are lots of things we can do as end-users and modders, though, without violating anyones rights. Most importantly, we are entitled to back up our software. Since I don’t work with any of these closed source applications directly, what I intend to do is simply ship the next version of CyanogenMod as a “bare bones” ROM. You’ll be able to make calls, MMS, take photos, etc. In order to get our beloved Google sync and applications back, you’ll need to make a backup first. I’m working on an application that will do this for you.
The idea is that you’ll be able to Google-ify your CyanogenMod installation, with the applications and files that shipped on YOUR device already. Or, you can just use the basic ROM if you want. It will be perfectly functional if you don’t use the Google parts. I will include an alternative app store (SlideMe, or AndAppStore, not decided yet) with the basic ROM so that you can get your applications in case you don’t have a Google Experience device.
I’ll have more updates soon as I get all the code hammered out.
Thanks for all the support thru all of this.
http://www.cyanogenmod.com/home/the-current-state
The stuff Dreams are really made of....
I knew! Where there's a will there's a way! You can't keep a real boss down! Cyanogen I look forward to playing with this new stuff in the works. Rage on brother rage on, I for one honestly didn't want to leave android really, but I will continue to research back-up plans in case Google has anymore monkey wrenches laying around itching to be thrown...Good luck Cyanogen. We all owe you donations...real recognizes real! Dueces
This is great news Thank you!
fkn awesome!
this exactly what i thought and hoped would happen. everyone got in a tizy over nothing. so we have to back up before we flash which is just another way that the basic moder like myself can better understand the phone.
Does this means we need to wipe every time we flash a new rom?
tomvleeuwen said:
What do you guys think of sharing the 4.0.4 version over p2p networks?
Click to expand...
Click to collapse
Everyone already has it.
Great
This sounds good, there is more than one way to skin a cat. I think they got upset when the new market app was released before they could get it out. They had to do something, but I think it will die down.
don't go there
tomvleeuwen said:
What do you guys think of sharing the 4.0.4 version over p2p networks?
Click to expand...
Click to collapse
Cyanogen is doing his best to respect Google's legitimate copyrights, so suggesting that XDA get involved in distributing proprietary applications without a license only serves to undermine what is going on here. Mods: please remove.
ei8htohms said:
Cyanogen is doing his best to respect Google's legitimate copyrights, so suggesting that XDA get involved in distributing proprietary applications without a license only serves to undermine what is going on here. Mods: please remove.
Click to expand...
Click to collapse
I posted this in another thread but it would seem to be pertinent to here too:
Loccy said:
Let's face it, strictly speaking, all ROMs are warez.
Personally I'm surprised that it wasn't the Hero devs who got into trouble first, but this was all just a matter of time. I never understood the bizarre fixation that cropped up recently with QuickOffice and everyone going "omfg it's warez can't include it in romz!!!111!1one!". Why QuickOffice and not, say HTC_IME, or Work Email, or any number of other binary blobs that ROM cookers include as a matter of course now that have been "acquired" from non-orthodox source?
The Hero ROMs, let's face it, give people a means of "turning" their old phone into the latest and greatest HTC device. Each stable Hero ROM on the Dream/Magic potentially means a Hero device purchase lost. HTC are being far more hit in the pocket than Google are here - which is why I'm surprised the cease and desist wasn't directed at them.
I do think, however, this site and the people who run it are going to have to pick a side at some point. Either the position is "this is a site for developers, and as long as copyrighted material is not hosted on here in a fashion that would make us liable*, we will not suppress the work of individual devs". Or, their position is "no copyrighted material in any form, be that in the form to links to offsite storage repositories (eg. Rapidshare), or any other method". XDA doesn't *need* to do this in order to ensure the site does not get into legal hot water. I suspect they *might* do it, however, as some kind of misguided moral stance (and in my view the QuickOffice preoccupation was an example of just this). But in my opinion if they choose the latter then XDA is over as a site for realistic Android ROM development (and indeed, Windows Mobile and other OSes, if they apply the same standards across all their boards).
* elaborating on what I mean here - if people attach zips directly to their posts, and those zips are stored on the XDA servers, then XDA as a site is potentially liable. Alternatively, if instead people give a URL or a search string whereby people can find a ROM, but those files are not physically stored on XDA, they are not - any more than Google is liable for the many copyrighted MP3s you can find links to via their search engine.
Click to expand...
Click to collapse
The bottom line is that if ROM devs decided they were going to respect ALL legitimate copyrights, there'd be no Hero ROMs, no Windows Mobile ROMs, in fact no ROMs apart from barebones AOSP ROMs which do less than a stock ROM.
ei8htohms said:
Mods: please remove.
Click to expand...
Click to collapse
And I'm sorry, that's just ignorant. Just because you don't agree with a sentiment doesn't entitle you to demand the mods remove it. If the mods want to remove it they will (and in my view that would indicate which "side" they were choosing.) Personally, I don't know what it's like elsewhere around the world, but here in the UK one is at least allowed to speak freely, if not necessarily act freely.
kudos to cyanogen!
Loccy said:
If the mods want to remove it they will (and in my view that would indicate which "side" they were choosing.) Personally, I don't know what it's like elsewhere around the world, but here in the UK one is at least allowed to speak freely, if not necessarily act freely.
Click to expand...
Click to collapse
I think common U.S. practice is: if you speak freely, you get called names by people until you either cry or shoot them, thus proving to everyone that your original point is invalid.
But XDA has always had a policy of "if it doesn't get the site admins in trouble, it's probably ok." If memory serves, the site is in the Netherlands, and is subject to EU laws as to copyright, etc. I think that's important to remember when it comes to such things, since the EU laws as to intellectual property are in flux and not quite the same as those in the US or UK.
But the official policy is available in one of the toplevel forums here:
Flar said:
Hi Everybody,
We noticed that there is some confusion when it comes to posting sensitive material on xda-developers.com and mostly about what can and can't be posted.
We would like to clarify our point of view through this post.
Since the start of xda-developers this has always been a site that once in while has some sensitive material online, through the years this site has grown so big it's no longer possible to check every file on our servers or every post on the board, we also feel it wouldn't benefit the community if we did.
However with increased popularity comes an increased amount of legal complaints when sensitive material is found on our servers. Which is the reason why we have been more careful lately. Recently some sensitive material has shown up on the servers and we received legal complaints from companies who have the copyrights for this material, although we all feel this is very interesting and valuable material we cannot risk the future of xda-developers by ignoring the legal requests we receive, therefore this material has been taken offline.
We understand that maintaining the balance between legal and illegal is sometimes confusing and/or difficult but that is unfortunately how it works.
When it comes to posting sensitive material there are a couple suggestions we can make:
- if possible do not post the files on the xda-developers servers.
- use your common sense (if you feel something might not be legal it probably isn't).
- always keep in mind when posting software of any kind, that we will take it offline if there is a legal complaint from the copyright owner.
Warez is in no way accepted and will be removed upon discovery.
I hope this post will serve as a clear and valuable guideline.
Greetz,
Flar
Site admin.
P.s. When you have any questions you can always contact me or one of the moderators.
Last edited by Flar; 17th January 2007 at 10:14 AM..
Click to expand...
Click to collapse
Everyone has an opinion, and they have, or should have, the right to decide for themselves what is correct. I am on the side of Cyanogen. I do not think what he did caused any harm or loss of revenue to anyone. We can not always have our way though, and I think that's the case here. I don't know him, but I do think he's smart enough to keep doing what he is EXTREMELY good at without putting himself in a bad position. It's just a stumbling block to get past. We are puting a lot of effort into pointing fingers and throwing around ideas, but if we placed this much energy into finding a fuctional solution, we might get past it a whole buch faster. A good army fights the war, not the battle.
Warez is in no way accepted and will be removed upon discovery.
Click to expand...
Click to collapse
But every single ROM on here is warez to some extent or another! Certainly (just for example, I'm not picking on anyone specific here) Drizzy doesn't own the IPR for the contents of his Hero ROMs. I'm pretty sure the WinMo ROMs aren't being posted by Microsoft. If the policy is that "warez is in no way accepted and will be removed upon discovery", they're not doing much of a job, are they - every other post is "warez", if you take a strict interpretation.
I suppose I'm saying that "warez is in the eye of the beholder". I fully endorse the attitude "if it doesn't get the site admins in trouble, it's probably ok" - but I can't help thinking that relaxed attitude has been firmed up of late for whatever reason, given the QuickOffice oddness. I'm pretty sure no-one who own the IPR for QuickOffice was ever in touch (although do correct me if I'm wrong), so why the odd fixation recently?
Bottom line: stick to the attitudes and approaches that have made this site what it is, please don't start getting over zealous when there's no reason to.
Honestly did this need another topic though? I mean I'm all for good news like this, but add it on to one of the many topics that are out there. -.- (ready for flaming)
easy now
Loccy said:
The bottom line is that if ROM devs decided they were going to respect ALL legitimate copyrights, there'd be no Hero ROMs, no Windows Mobile ROMs, in fact no ROMs apart from barebones AOSP ROMs which do less than a stock ROM.
And I'm sorry, that's just ignorant. Just because you don't agree with a sentiment doesn't entitle you to demand the mods remove it. If the mods want to remove it they will (and in my view that would indicate which "side" they were choosing.) Personally, I don't know what it's like elsewhere around the world, but here in the UK one is at least allowed to speak freely, if not necessarily act freely.
Click to expand...
Click to collapse
First off, I'm not demanding anything. I politely requested that the mods remove a suggestion that clearly seeks to circumvent the policies of XDA: We won't distribute warez. The poster knew the suggestion was specifically aimed at getting around the XDA policy, otherwise there would be no reason for a P2P distribution alternative in the first place.
A key component of intellectual property and copyright laws (at least in the US) is that the holder of the copyright must act to defend the copyright to some reasonable extent (no, I'm not a lawyer and I don't know what this entails exactly). Now that Google has acted to defend their copyrights in these instances, the line is clear. Google apps are paid apps (licensed to the handset manufacturers or service providers) and are not free to distribute without a license. Consequently, there shouldn't be much further debate about the fact that these are warez and are not to be distributed on or through XDA.
I'm not trying to attack anyone (the original poster, ROM devs or certainly yourself), but I am interested in XDA maintaining the high ground here and continuing to operate in a respectful and respectable manner.
Perhaps we should stay on topic?
te5ter said:
Perhaps we should stay on topic?
Click to expand...
Click to collapse
Fair point. Maybe we should take the "warez is in the eye of the beholder" debate to this thread. I do actually think it's a fascinating debate, personally. Oh, incidentally, just re-read my earlier post, and want to apologise to ei8htohms - I didn't mean to come off quite so brusque.
First, I'm very happy that there seems to be a workaround that Cyanogen feels comfortable in using.
However, I see it as a band-aid to a much larger problem. Yes, it addresses those few apps that Google specifically mentioned. But there seems to be potential future conflicts that could adversely affect this whole Android community.
What about all the other apps in there? The Camera/Camcorder/Gallery app for instance. The UI? Other HTC bits? And the biggie, the Search component? Does Google also lay claim to unified search, the widget, the particular framework involved in that?
I don't know the answer to that, I'm just asking. So much is left unanswered, I just feel this is only the beginning. For now, I guess it may be enough. But it still leaves so much up in the air.
Now the 2nd major issue: Cyanogen should be commended for taking the high road here and doing his best to adhere to Google's current request. I think we all know that there was never ever any question that no one saw this coming. It came from left field and shocked everyone beyond belief.
But will other rom devs be as diligent as Cyanogen? Will theme developers adhere to this? And with all of these added steps required to get a functioning "Google Experience", consider the flood of newbie questions this forum is about to endure. We all thought "brick" and "hardspl" questions were tedious at best ... prepare yourselves for the onslought of mass confusion. That fun has just begun.
I still believe the burden lies with Google to make this right. I'm not saying they should make their apps open source by any means. I'm just saying that there must be a way for Google to allow the inclusion of their apps (perhaps a different license or maybe some encryption trick that protects the apps from modification <I don't know, I'm not that smart>). Google needs to step up to the plate in this. They also need to save-face and stifle this PR nightmare. Android does not need this, Google does not need this, HTC does not need this, carriers do not need this, Cyanogen does not need this, and users do not need this. Growth of the entire Android project is simply too important. I see this as speed bump. They just made the bump too big and it needs to be shaved down some so everyone can get it over without damaging anything else.
this is great news indeed. can't wait to see what is to come!
Hi.
I have seen these apps from Björk but they don't seem to be for android. They are only for iPhone.
BUT I've read that the app could be ported from iOS to another operating systems because it was made to allow this. And Björk encouraged hackers to do that! That was said from Björk herself in an interview!
She told Drowned in Sound that the apps had been specifically designed so that they could be easily ported to other platforms -- like Symbian, BlackBerry and Android. "We really made sure when we wrote all the programs that they will transfer to other systems."
"I'm not supposed to say this, probably, but I'm trusting that the pirates out there won't tie their hands behind their back."
Click to expand...
Click to collapse
http://www.wired.co.uk/news/archive...shttp://www.compositiontoday.com/blog/115.asp
I personally think that the art, sounds, videos, etc, could be extracted, but what ist with the software itself? How could it be ported if the source code is not available....
What do you think?
Can someone clarify if it would be possible?
Thanks!
Some videos of these apps. You can interact with the music and make your own versions playing or changing things in a very innovative concept.
http://youtu.be/FsxsGrnCGIk
http://youtu.be/kb3kLXVs9J0
http://youtu.be/0Rx-P2UsD5g
Still waiting!
Did anything ever come of this?
Hey anybody! Do sth about it! She preety much asked to do this, so lets do sth. I guess many people would want this app for android, and here? No reply? Please!
Nobody is interested...
I think this app is cracks for iphone, but it wasn't ported to android... It would be much more interesting.
Yeah, It would be interesting for milions of people who have android phones, and not Iphones. Android is bigger market than iphone so i just don't have a clue why nobody wants to port biophilia app on android.
[email protected] said:
Yeah, It would be interesting for milions of people who have android phones, and not Iphones. Android is bigger market than iphone so i just don't have a clue why nobody wants to port biophilia app on android.
Click to expand...
Click to collapse
There no hackers who like this app, i would say.
humano said:
BUT I've read that the app could be ported from iOS to another operating systems because it was made to allow this. And Björk encouraged hackers to do that! That was said from Björk herself in an interview!
I personally think that the art, sounds, videos, etc, could be extracted, but what ist with the software itself? How could it be ported if the source code is not available....
What do you think?
Can someone clarify if it would be possible?
Click to expand...
Click to collapse
I think it's generally not feasible.
Björk is a very interesting artist. I think her understanding of technology, and specifically software development, "hacking" and "pirating", is limited however.
Yes, the app may have been made potentially portable, but without source code that is more or less useless.
Porting an app between platforms is a much bigger task than "pirating". It's not a simple matter of pulling files from hidden directories, or even doing some limited reverse engineering and patching of an app to bypass license checks. It's MUCH more than the mere pirating of music and movie files.
I'm presuming the app was written to IOS with Objective C, and not some portable language where the source code is embedded in the ios apps.
Anything is possible, though. With enough time one could reproduce what the app does. That's probably easier than trying to reverse engineer it.
But I'd guess this is a substantial effort, likely requiring at least many months of work by a single person. But with all the paid work, and interesting free projects available to a person with the skills to port an ios app to Android without source code, why would anyone spend at least several months doing this ?
They could face the prospect of lawsuits from the rights holders, and might be unable to sell their work on official app markets. For what ? A wink from Björk, without even a physical pat on the back ? And perhaps a certain amount of gratitude from some users...
I hope she and others have learned something. If she/they want this to happen, they should at least release open source code freely, and make sure it's not difficult to port. Yeah, the video and audio recordings can remain "proprietary" but the app source code and design documents need to be released.
Or is much of the artistic expression integrated into the source code ? I haven't looked much but I guess these are not simple apps to play video and audio. These are apps that allow some form of interaction; perhaps the music changes with that.
If that's the case, the rights holders likely will want to hold onto their "intellectual/artistic property" and keep any source and design documents to themselves.
IMO, No amount of "nudge, nudge, wink, wink" from Björk will make a porting job easy.
And AFAIK there are no ios emulators for Android that might render this a simpler "pirating" effort.
mikereidis said:
I think it's generally not feasible.
Björk is a very interesting artist. I think her understanding of technology, and specifically software development, "hacking" and "pirating", is limited however.
Yes, the app may have been made potentially portable, but without source code that is more or less useless.
Porting an app between platforms is a much bigger task than "pirating". It's not a simple matter of pulling files from hidden directories, or even doing some limited reverse engineering and patching of an app to bypass license checks. It's MUCH more than the mere pirating of music and movie files.
I'm presuming the app was written to IOS with Objective C, and not some portable language where the source code is embedded in the ios apps.
Anything is possible, though. With enough time one could reproduce what the app does. That's probably easier than trying to reverse engineer it.
But I'd guess this is a substantial effort, likely requiring at least many months of work by a single person. But with all the paid work, and interesting free projects available to a person with the skills to port an ios app to Android without source code, why would anyone spend at least several months doing this ?
They could face the prospect of lawsuits from the rights holders, and might be unable to sell their work on official app markets. For what ? A wink from Björk, without even a physical pat on the back ? And perhaps a certain amount of gratitude from some users...
I hope she and others have learned something. If she/they want this to happen, they should at least release open source code freely, and make sure it's not difficult to port. Yeah, the video and audio recordings can remain "proprietary" but the app source code and design documents need to be released.
Or is much of the artistic expression integrated into the source code ? I haven't looked much but I guess these are not simple apps to play video and audio. These are apps that allow some form of interaction; perhaps the music changes with that.
If that's the case, the rights holders likely will want to hold onto their "intellectual/artistic property" and keep any source and design documents to themselves.
IMO, No amount of "nudge, nudge, wink, wink" from Björk will make a porting job easy.
And AFAIK there are no ios emulators for Android that might render this a simpler "pirating" effort.
Click to expand...
Click to collapse
Thanks Mike for the reply. I didn't see this.
Are you sure, that the source code is not included? Is not possible that there's a intermediate state of the the code, that could be built for Android? I always thought, that is something like that.
You are totally right. With the artwork we cannot build the app for android...
And I don't even have an iphone to see how the apps should look like in android.
humano said:
Are you sure, that the source code is not included? Is not possible that there's a intermediate state of the the code, that could be built for Android? I always thought, that is something like that.
You are totally right. With the artwork we cannot build the app for android...
And I don't even have an iphone to see how the apps should look like in android.
Click to expand...
Click to collapse
I'm pretty sure. Anyone who claims otherwise is challenged to "show me where the source is".
For Android there is an emulator for PCs that many apps can run on, and an app of this type could run.
I know almost nothing of ios development, but likely there is an ios emulator that can run on a Mac at least ? AFAIR, ios development requires a Mac.
Feel free to send Bjork, or the companies that represent her, email asking about this.
I've been a fan of some of her music, and even acting and I even find her cute... And that's why I responded here. I had an initial thought that this could be an interesting project, but I have no time for such an unpaid hobby project.
BTW, Just looked at the iTunes page and some others. Seems to be a $12.99 app. And says "The full Biophilia App Album is now a paid app for new users, old users maintain same in-app-purchase ability." Something tells me the legal fine print says you're screwed if you hack it, especially if you tried to make a few bucks or do it publicly with your real name.
Artists (with money), hollywood and recording industry types tend to have iPhones. They don't know tech per se, don't want to know tech, and they have the cash to spend. They want something that "just works" and that's what the iPhone does, for a price. And ios is where devs make REAL money. Comparatively speaking, Android sucks for making money.
I saw some comment that they didn't make an Android app "for legal reasons". Sounds like a different way to say "business reasons". I imagine her recording company sells her music on iTunes, but doesn't sell it on Google Play in that big ongoing power play between media companies and tech companies ?
mikereidis said:
I think it's generally not feasible.
Björk is a very interesting artist. I think her understanding of technology, and specifically software development, "hacking" and "pirating", is limited however.
Yes, the app may have been made potentially portable, but without source code that is more or less useless.
Porting an app between platforms is a much bigger task than "pirating". It's not a simple matter of pulling files from hidden directories, or even doing some limited reverse engineering and patching of an app to bypass license checks. It's MUCH more than the mere pirating of music and movie files.
I'm presuming the app was written to IOS with Objective C, and not some portable language where the source code is embedded in the ios apps.
Anything is possible, though. With enough time one could reproduce what the app does. That's probably easier than trying to reverse engineer it.
But I'd guess this is a substantial effort, likely requiring at least many months of work by a single person.....
Click to expand...
Click to collapse
Quoting my words from a year ago out of sheer vanity, LOL.
New news about her kick-starter project for Android and Windows ports of the IPad Biophilia being put "on hold". Among other sources: http://www.guardian.co.uk/music/appsblog/2013/feb/08/bjork-cancels-biophilia-kickstarter
Summary of my opinion: I love her as an artist, but she doesn't understand technology. Ooooh, and I wish she would forget about Windows and just do Android.
IMO the IPad was targetted first because that's what all the at least reasonably well off artsy people used at that time, and could afford. Now she wants the app in the hand of those who can't afford IPads.
So why can't/haven't they just open sourced the code ? Original IOS devs still hold the rights ?
Bjork says:
"porting the app "proved unbelievably complicated""... LOL.
And the estimate seems to be 8 devs (staff?) for 5 months, for both Windows and Android. So maybe 20 developer months for each.
And that's a small project in the world I've come from, with 10-100 dev teams working for years. And she thinks that's "unbelievably complicated".
Now I don't know exactly the scope of the app is; I've never used it on Ipad, and I don't know if it uses some magic IOS stuff that's hard to port.
For all I know it could require the minimum of my quoted estimate of "...at least many months of work by a single person". Or it could be 10-20 man-years. I don't know.
My point continues to be that she doesn't have a grasp of technology. And that's fine, she's a wonderful artist IMO, and there's no shame in not having or not wanting tech knowledge.
mikereidis said:
Quoting my words from a year ago out of sheer vanity, LOL.
New news about her kick-starter project for Android and Windows ports of the IPad Biophilia being put "on hold". Among other sources: http://www.guardian.co.uk/music/appsblog/2013/feb/08/bjork-cancels-biophilia-kickstarter
Summary of my opinion: I love her as an artist, but she doesn't understand technology. Ooooh, and I wish she would forget about Windows and just do Android.
IMO the IPad was targetted first because that's what all the at least reasonably well off artsy people used at that time, and could afford. Now she wants the app in the hand of those who can't afford IPads.
So why can't/haven't they just open sourced the code ? Original IOS devs still hold the rights ?
Bjork says:
"porting the app "proved unbelievably complicated""... LOL.
And the estimate seems to be 8 devs (staff?) for 5 months, for both Windows and Android. So maybe 20 developer months for each.
And that's a small project in the world I've come from, with 10-100 dev teams working for years. And she thinks that's "unbelievably complicated".
Now I don't know exactly the scope of the app is; I've never used it on Ipad, and I don't know if it uses some magic IOS stuff that's hard to port.
For all I know it could require the minimum of my quoted estimate of "...at least many months of work by a single person". Or it could be 10-20 man-years. I don't know.
My point continues to be that she doesn't have a grasp of technology. And that's fine, she's a wonderful artist IMO, and there's no shame in not having or not wanting tech knowledge.
Click to expand...
Click to collapse
Yes I love her but that's why I think too , she too thought that porting an app will need 5 guys working on it and two months oh bjork
Sent from my Nexus 4 using Tapatalk 2
Chad_Petree said:
Yes I love her but that's why I think too , she too thought that porting an app will need 5 guys working on it and two months oh bjork
Sent from my Nexus 4 using Tapatalk 2
Click to expand...
Click to collapse
Originally, she hoped that "hackers" would do it, somehow, without source code, and she was giving a "wink, wink" to that.
She seemed to think that porting an app to a different platform would be almost as easy as pirating music, movies or apps.
I'm too busy to get involved, but I would be happy if someone(s) would ask her to get the source code released, and the "community" may be able to look and see and offer opinions or ideas.
Perhaps a few fans have the tech abilities and free time to make something of this at little or no cost, as opposed to professional devs making a normal professional dev income.
There's a forum here: http://4um.bjork.com/viewforum.php?f=16&sid=c28e2e0870bdc695ce7da8da94849918
Anybody know if she communicates openly with her fans online ? Is there an easy way to ask her for source code and offer ideas ?
IMO, she needs to forget about a Windows port, at least for now. It should have been Android from the beginning, but that said, Android is still relatively sub-par when it comes to real-time music generation. IOS stomps Android in this area, though the latest JB changes are promising.
mikereidis said:
Originally, she hoped that "hackers" would do it, somehow, without source code, and she was giving a "wink, wink" to that.
She seemed to think that porting an app to a different platform would be almost as easy as pirating music, movies or apps.
I'm too busy to get involved, but I would be happy if someone(s) would ask her to get the source code released, and the "community" may be able to look and see and offer opinions or ideas.
Perhaps a few fans have the tech abilities and free time to make something of this at little or no cost, as opposed to professional devs making a normal professional dev income.
There's a forum here: http://4um.bjork.com/viewforum.php?f=16&sid=c28e2e0870bdc695ce7da8da94849918
Anybody know if she communicates openly with her fans online ? Is there an easy way to ask her for source code and offer ideas ?
IMO, she needs to forget about a Windows port, at least for now. It should have been Android from the beginning, but that said, Android is still relatively sub-par when it comes to real-time music generation. IOS stomps Android in this area, though the latest JB changes are promising.
Click to expand...
Click to collapse
I will ask it in her forum. Perhaps she reads this proposal. It could work.
humano said:
I will ask it in her forum. Perhaps she reads this proposal. It could work.
Click to expand...
Click to collapse
I signed up on that forum and didn't get any confirmation email.
I was reading the main thread about this, and I think some of the posters understand a bit about s/w development. But some others are very misinformed about how development works.
mikereidis said:
I signed up on that forum and didn't get any confirmation email.
I was reading the main thread about this, and I think some of the posters understand a bit about s/w development. But some others are very misinformed about how development works.
Click to expand...
Click to collapse
I am registered in that forum too and it's what you say. They don't have any idea.... :laugh:
But there's good news, at least somebody told in the forum, that she told in an interview, that she will find a cheap way to port biophilia to android.
She would never release the code as open source... It would be crazy... We would have a BIOPHILIA+
It's what you told before. She doesn't really understand the power of doing it... :victory:
humano said:
She would never release the code as open source... It would be crazy...
Click to expand...
Click to collapse
Well, no open source basically, generally means it's "commercial property".
So this is a commercial venture she has.
That's fine, that's OK. It belongs to her (and/or whomever) and she can do what she wants with it. No different than other software devs / vendors, musicians, song, book or movie writers etc.
But she can't expect some "benevolent hackers" to come along and "port" an app like this for her for free; with or without source code.
And she has something going on with bringing music education to the poor or something like that. And that's why she wants an Android port it appears. The poor can't afford iDevices.
And that's fine too. But it seems like it's a jumble of commercial stuff and some form of self promoting philanthropy.
Anyway, I think she should forget about this years old project and make something completely new for Android. Why re-do what's already been done ? But I guess money comes in there too. It should be faster and cheaper to re-use the high level design and media components.
mikereidis said:
Well, no open source basically, generally means it's "commercial property".
So this is a commercial venture she has.
That's fine, that's OK. It belongs to her (and/or whomever) and she can do what she wants with it. No different than other software devs / vendors, musicians, song, book or movie writers etc.
But she can't expect some "benevolent hackers" to come along and "port" an app like this for her for free; with or without source code.
And she has something going on with bringing music education to the poor or something like that. And that's why she wants an Android port it appears. The poor can't afford iDevices.
And that's fine too. But it seems like it's a jumble of commercial stuff and some form of self promoting philanthropy.
Anyway, I think she should forget about this years old project and make something completely new for Android. Why re-do what's already been done ? But I guess money comes in there too. It should be faster and cheaper to re-use the high level design and media components.
Click to expand...
Click to collapse
I fully agree. These apps are already a little obsolete for android.
And I have good news. She found a team of developers who is going to do the work for low price. We will have biophilia for android after the summer. Let's see how it is...
humano said:
I fully agree. These apps are already a little obsolete for android.
And I have good news. She found a team of developers who is going to do the work for low price. We will have biophilia for android after the summer. Let's see how it is...
Click to expand...
Click to collapse
I hope it's not some "boiler room" s/w dev hack operation that promises more than it can deliver. I'm restraining myself from mentioning/identifying certain world areas where this is more common.
She's apparently coming to my town this summer; I've never seen her live; would be interesting.
mikereidis said:
I hope it's not some "boiler room" s/w dev hack operation that promises more than it can deliver. I'm restraining myself from mentioning/identifying certain world areas where this is more common.
She's apparently coming to my town this summer; I've never seen her live; would be interesting.
Click to expand...
Click to collapse
She said that in one interview. That's what the people in the 4um.bjork.com say. I think it's real.
I saw her live last sommer and was amazing.
Well Biophilia app is already for Android devices!
Check the playstore https://play.google.com/store/apps/details?id=com.bjork.biophilia
I'm trying to get Samsung to release the source for their ar6000.ko ethernet kernel module as well as the source they used for wpa_supplicant (which contains extensions to wpa_supplicant.) To that end, I've sent them a few messages making those requests. Here was their reply (edited)
1. about 'ar6000.ko'
: source code of atheros chip set is not GPL.
We get BSD/GPL dual license from Atheros company.
We choose BSD license, so we do not have any obligation to publish source codeof it.
2. wpa_supplicant
Wpa_supplicant is also BSD/GPL dual license. (and we also choose BSD license)
________________________________________________________________
WPA Supplicant
==============
Copyright (c) 2003-2008, Jouni Malinen and contributors
All Rights Reserved.
This program is dual-licensed under both the GPL version 2 and BSD
license. Either license may be used at your option.
Click to expand...
Click to collapse
Sadly, they seem to have failed to meet the conditions of the BSD licensing as well. I've sent them another message stating this:
Concerning the atheros AR6000 driver and the wpa_supplicant binary. In denying the making available source for both the ar6000 module and the wpa_supplicant binary, you state that you get both of these with dual GPL/BSD licensing and choose the BSD license. That is fine, however you failed to meet the terms of the BSD license. In particular, for both items, the BSD license states: " Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution." You have failed to state your licensing terms and this disclaimer in reference to the above stated items in either the printed documentation or the legal licensing screen embedded within the settings app on the device. As a matter of fact, you've failed to provide any licensing notice for GPL or BSD licensing for either item.
Regardless, I'm asking for these items in order to attempt to FIX BUGS that have been left in the device. It's been well documented in the forums for users of these devices that the wifi chipset drivers are causing crashes, freezes, "sleep of death" situations, etc. Samsung's support has been EXTREMELY unresponsive in attempting to resolve these issue, and I'd be willing to bet that reports of these issue aren't even getting through to your development teams.
Therefore, I once again ask that you release the source for the ar6000 module and wpa_supplicant binary that you have NOT followed the licensing terms of (regardless of which license you've chosen.) Oh, and there's no licensing string embedded in the ar6000.ko module either. modinfo ar6000.ko reveals nothing (for the ar6000.ko module on the GT-P6210 with KL1 firmware.)
Click to expand...
Click to collapse
Honestly, I don't expect for Samsung to be responsive and/or helpful. I think the best that anyone can expect is that they release an updated firmware that includes the proper licensing information.
Gary
Check and mate Sir. I despise these OEMs. You GO gary. Whatever happened to opensource? What are they so afraid of?
Anything we can do to help, let us know. Even if it means just spamming their inbox.
It's not like I buy the tablet because it has such an epic driver....
I buy it for the hardware...
When your entire OS is practically open source... not open sourcing the drivers for the wireless chip seems like shooting yourself in the foot just because you can.
Thanks garyd9 for fighting the good fight.
When companies do stuff like this for critical things, it _really_ makes me want to spend my money elsewhere.
In regards to the SOD issue, I've noticed that quite a few honeycomb tablets have this issue or something similar to it. I've only personally seen it with Samsung branded ones (10.1 and 7.0+), but have heard similar issues with asus and and acer.
Perhaps its a honeycomb issue?
Gary
give em hell!
If you'd like to help, please click the link near the top of the OP to submit the article to the XDA portal. Perhaps if this issue is shown on the front page, and enough people notice, Samsung could be convinced to "choose" GPL over BSD.
Thank you
Gary
Did you get any useful /proc/last_kmsg dumps of SoDs? Enabling wifi may only be making a difference because of the wakeups.
That said - I am completely shocked that Broadcom's drivers are open source and the ar6000 driver isn't. I've lost a lot of respect for Atheros AND for Samsung over this. I can understand if it's BSD - but seriously, what trade secrets could Samsung have in a freaking Atheros driver, and for something like this, what possible business reason could they have for witholding source for that ONE module? It's freaking stupid.
I was hoping that they'd start becoming more developer-friendly as a result of hiring Cyanogen, but they're being asshats at this point. They donated a device to Codeworkx (or someone else on Teamhacksung) to get CM7 ported, but have not given him a shred of assistance with the porting effort. Basically, trying to get "Supported by CyanogenMod" credits without ANY significant effort.
As much as I hate Sony - SE seems to be doing the best of any manufacturer in terms of supporting people doing platform-level development.
Edits:
You know, this is proving to be a clear and recurring pattern. I have never seen XDA get anything useful out of SamsungJohn for example, all he does is come over, tease us with something, and never follow up.
Over in the Captivate forums - he came in and posted that source code was out, then left without any followup - by the time he made this announcement, people had already found the source and were working with it - http://forum.xda-developers.com/showthread.php?t=997098
He then came and teased us with the Samsung Developer Program - guess what, it provides NOTHING for developers doing platform work - http://forum.xda-developers.com/showthread.php?t=1392847 - John also didn't come and respond to any of the feedback
Prior to that there was the Samsung Developers Conference tease - http://forum.xda-developers.com/showthread.php?t=1291758 - nothing useful came out of this for anyone doing platform work. In fact, John just dropped off the face of the earth, I'm assuming that not a single person from XDA actually was brought by Samsung to the event, otherwise there would've been a followup/debrief post. Anyway, the "big announcement" was just the Galaxy Nexus release announcement. Big deal - that's a dev phone because Google forces it to be one, it's more of a Google product than a Samsung one.
http://forum.xda-developers.com/showthread.php?t=954896 (and many similar posts) - He just crossposted to a ton of forums saying something awesome was coming. Something awesome never came. The linked thread from many of his posts doesn't even exist. Actually, most of his 67 posts are just crossposting this tease - NOTHING ever came out of it.
http://www.engadget.com/2011/06/08/samsung-shows-affection-to-cyanogenmod-gives-its-devs-a-free-ga/ - As a PR stunt, Samsung threw a Galaxy S II over the wall to one of the CM developers. Without a doubt, Dan Hillenbrand (codeworkx) and Atin Malvaya (atinm) have not received any support from Samsung since Sammy threw a device over to them. The GSII is likely to be codeworkx's last Samsung device, he has become so frustrated with Samsung (Check his posts in the CM9 thread for I9100). Compare this to Sony Ericsson's effort here - http://blogs.sonyericsson.com/wp/2011/09/28/sony-ericsson-supports-independent-developers/ - They have given FreeXperia MASSIVE amounts of support, and it shows - http://www.cyanogenmod.com/blog/sony-ericsson-xperia-support
imnuts07 asked for some help regarding Droid Charge kernel source issues - https://twitter.com/#!/SamsungJohn/status/152835654303236097 - All he responded with was "how can we help" - no further response, imnuts07 didn't get anywhere until jt1134 gave him some pointers. (It turned out to be more proprietary module vermagic bull****...)
After all this, it's clear that with regards to platform developers, Samsung's intent is to do the bare minimum to meet their legal obligations with the GPL and no more. Even source code which they COULD release and have no valid reason for withholding is withheld if they are able to (such as the ar6000 module source code). I thought that the Galaxy S II was a step forward towards devices with 100% open source kernels, however it is clear that the GSII was just a fluke. I'm getting sick and tired of dealing with module vermagic headaches. I've spent at this point a few hundred hours of my spare time working on improvements to various products of theirs(maintaining kernels for three different products - Samsung Infuse, AT&T Galaxy S II, and Galaxy Player 5.0), and their consistent message back has been "go away, screw you, stop bothering us".
There may be a small bit of hope - I've been contacted by someone at samsung (perhaps due to your rant combined with my constant pestering on their open source website.) It isn't much, but the first line of collaborating is communication. They seem more interested in fixing the bugs than sharing code, but I'll take what I can get.
Oh, and the last_ksmg memory was corrupted when the one person who had adb, my kernel and root installed was able to check it. (As you know, the file won't be generated if header area for the ram console can't be found or is in bad shape.)
We'll see what happens, but I'm not going to hold my breath with the lunar new year coming up.
Take care
Gary
so how many people do we need to sue??
chrisrotolo said:
so how many people do we need to sue??
Click to expand...
Click to collapse
No lawsuits required. Although... that might explain the poor customer support from Samsung. Perhaps they've been afraid that Apple will sue them for patent infringement if they help a customer?
Not that I've ever had any GOOD support from Apple... mostly just clueless kids taking guesses. Even their so-called "geniuses" are mostly clueless.
In typing that, I realized that I'm probably one of the hardest people in the world to provide technical support to. When I have a question, it's only after I've exhausted the combined knowledge of myself and whatever google can provide... meaning the only good response from phone support would be "Would you like to cross-ship an exchange or wait for the repair?"
can we spook them with a (legal)letter they are in violation of the GPL/BSD agreement, and If it isnt provided in X amount of time, we will be forced to escalate?
I like to annoy people to (;
Speaking from personal experience ,when dealing (even on corporate high level) with Samsung there is nothing to gain but some weight due to stress.
They do care( up to a degree) about some customer relations and I've seen very nice, honest and helpful people there. But this is where it all ends.
The farther you go the worse it gets. Somehow they got this Apple attitude of profit and secrecy all over their structure. Apple calls themselves "innovators" to reason the secrecy, but Sammy are nowhere near. If I was to say they do act like copycat killers I risk getting called names- though they "adapt" almost everything, from design to business models. The Korean HQ has drawn quite strict regulations for the rest of the world.
We should remember that Samsung is a HUGE corporation. Android devices D&R is a tiny faction, ruled like in Middle Ages. They have the road map and they ever raise the stake every time. From my point of view, I sincerely understand those people for not jumping out with the source code. If you get paid 100k+, you don't help anyone but yourself. The decisions are not theirs. The people taking decisions don't give a rat's a55 about GNU or Linux, Minux or whatever. On top of that, there are some people that MIGHT have some influence in changing this policy ( the brown bearded, we call them) but those are the pride ridden SOBs.
You can read this from their mobile device history. They had to go into that, given the fact they build everything, from ships to home furniture. They got a share of the market because they were big and had some bright minds there. I know for a fact that, at the beginning, working @ cell phone dept was like sentenced to prison, only the undesirable but indispensable were sent there. Huh, those people left, some for Apple and some for others ( LG,Sony and Hyundai). Panasonic and Toshiba flops are some examples of how, in a degree, cultural burdens lead to a fail. HTC, a mobile phone company, depends on how much stir dev's can produce. On the other hand, Samsung can get a write-off for their mobile dept. without a blink. Bada is a perfect example. It was close to write off so they decided to make it open- see HP. They are too big to follow rules and beside being big, they hold the power few have- the power TO BEND rules, that is.
Getting any serious, development like help from Samsung is close to what ''Acts of God" are described in car insurance.
htc9420 said:
HTC, a mobile phone company, depends on how much stir dev's can produce.
Click to expand...
Click to collapse
You are, obviously, an HTC fan or employee. Well, I have a samsung tablet, so I'm developing on a samsung tablet. At least the device was unlocked when I bought it and I didn't have to petition on facebook/twitter/etc just to be able to root it.
Unless you have something to contribute to solving a problem, please go elsewhere.
garyd9 said:
You are, obviously, an HTC fan or employee. Well, I have a samsung tablet, so I'm developing on a samsung tablet. At least the device was unlocked when I bought it and I didn't have to petition on facebook/twitter/etc just to be able to root it.
Unless you have something to contribute to solving a problem, please go elsewhere.
Click to expand...
Click to collapse
I wouldn't be so quick to judge him...
I just got the impression that the point of the post was to promote HTC while bashing everyone else.
Perhaps I spoke (typed) too soon. If so, I apologize.
No, the HTC thing was just one line, and what I perceived as some general comments on why some manufacturers (Panasonic, Toshiba) seem to have kind of flopped in the market.
There was definitive Samsung-bashing - but he's just joining with us in frustration.
Check PMs gary.
garyd9 said:
I'm trying to get Samsung to release the source for their ar6000.ko ethernet kernel module as well as the source they used for wpa_supplicant (which contains extensions to wpa_supplicant.) To that end, I've sent them a few messages making those requests. Here was their reply (edited)
Click to expand...
Click to collapse
Hey Gary,
I'm the developer for a CyanogenMod port for the Samsung phone (GT-I5500). Samsung have released their source for an older version of the AR6kSDK, which I have put on github here: https://github.com/psyke83/AR6kSDK.3.0. This source is quite old, and doesn't support combo scanning, but it's newer than the ath6kl source release contained in the 2.6.35 kernel.
Last night I scoured the internet trying to find some newer source, and came across a release by Sony for one of their e-book reader products. I have uploaded the source onto github which you can check here: https://github.com/psyke83/AR6kSDK.3.1
The above git's description links to the location of the original source tarball on Sony's server, but if you prefer, just clone the git and checkout the first commit, as it's the unmodified source.
I have made some changes already to get the module to initialize properly, but at present it's not even scanning properly. Perhaps it will work better for you without modifications, especially if your device is not AR6003_REV2 (which is the revision on my phone).
chrisrotolo said:
can we spook them with a (legal)letter they are in violation of the GPL/BSD agreement, and If it isnt provided in X amount of time, we will be forced to escalate?
I like to annoy people to (;
Click to expand...
Click to collapse
my friend mat has done this for me as he knows his stuff. it was a very powerful letter i must say haha. just waiting for a response
gary, thanks for all your efforts man! this is my first samsung android device, have they always been this bad in witholding source?
Responsible Disclosure is a term often used in security, but what is it?
In essence, responsible disclosure is the process of making the vendor or OEM of the vulnerable software or system aware of the problem before disclosing details of the vulnerability to the public. The idea here is that the vendor will promptly solve the issue, and release a fix to users of the software, and accredit the finding of the issue to the researcher, who then discloses the vulnerability in full, now the software has been patched.
Responsible disclosure is named as such, as vendors feel it's the most responsible way to go about handling a security issue you have found. It's often the best strategy to try if you do find an issue - look for a security contact for the company, and give them a shout.
Unfortunately, some companies are rather poor at dealing with security issues, and either don't respond, or don't issue a patch or inform users of a mitigation strategy. Or in severe cases, might not even inform users of there being an issue whatsoever, and appear to ignore the vulnerability. Do bear in mind though when dealing with mobile devices that many carriers add significant delays to software releases (where on the desktop, a fix may be available the next day, the OEM might take a week or more to make a patch available on unbranded firmware, since devices and firmwares often must be approved by regulators before release, and carriers will then want further changes applied to these firmwares before their own testing).
Often if a vendor acts like this, the only solution is Full Disclosure, a process where the full details of the vulnerability are publicly released, in order to raise awareness of the vendor's insecurity and inaction (particularly if efforts were already made to contact them). Full disclosure permits the end user to be made aware of the extent and details of the security issue, and attempt to mitigate or resolve it themselves (for example, by removing an affected plugin, deleting an APK, or using a firewall to prevent access to a vulnerable service until a fix is produced).
If you are new to security, and are unsure, responsible disclosure is usually the best way forwards, but there are plenty of people around who can give good advise about this. This may well change, in light of recent practices by some companies pertaining to how they handle security vulnerabilities which are responsibly disclosed (see https://www.openrightsgroup.org/blog/2013/nsa-affects-responsible-disclosure)
Good writeup, thanks!
Is full disclosure really an effective way of handling things though? I can understand that the intention is to make the vulnerability so well known that vendor has no choice but to fix it, but during that lead time there's going to be a vulnerability going around that people could really capitalize on. I don't have figures, but I would imagine that even if a user-made solution is found, the number of people that would actually adopt it has got to be a tiny fraction of a percent. If you're going full-disclosure, aren't you essentially ensuring the worst-case scenario? Security through obscurity is weak, but isn't it still better to sit on your hands and just hope that the vendor will get around to fixing it eventually?
Grand Guignol said:
Good writeup, thanks!
Is full disclosure really an effective way of handling things though? I can understand that the intention is to make the vulnerability so well known that vendor has no choice but to fix it, but during that lead time there's going to be a vulnerability going around that people could really capitalize on. I don't have figures, but I would imagine that even if a user-made solution is found, the number of people that would actually adopt it has got to be a tiny fraction of a percent. If you're going full-disclosure, aren't you essentially ensuring the worst-case scenario? Security through obscurity is weak, but isn't it still better to sit on your hands and just hope that the vendor will get around to fixing it eventually?
Click to expand...
Click to collapse
True, but also depends on the type of vulnerability. Is not the same finding a vulnerability where you need physical access to the device (ie a way of unlocking without PIN) than finding a vulnerabilty that allows remote access to sensite data without user action. I suppose that some sort of waiting can be defined. Like waiting for a week for the first type of vulnerabity and 3 months for the other....just my 2 cents.
Great writeup BTW!
For the security enthusiasts here: The Full DIsclosure Mailing List has been reopened. ENJOY!
Talking about responsible disclosure, I have the following question for you guys:
I found a vulnerability that can be exploited to drain the battery of a device. I informed the application vendor and they reacted that they agree with my finding and will fix it soon. I send my vulnerability and PoC 24th of February and they responded 3 weeks after. Now I am waiting for the vulnerability to be fixed.
I found this bug when writing my thesis and I really want to include it in my paper which should be published on the 31th of May. Does that fit responsible disclosure? Should I send them an e-mail stating that I will publish the details at the end of May?
It can't hurt to let them know youre doing it.
Sent from my Xperia ZL using XDA Free mobile app
Is full disclosure really an effective way of handling things though?
rakoczy12 said:
Is full disclosure really an effective way of handling things though?
Click to expand...
Click to collapse
If the end result of the disclousre is that the users can protect themselves, then yes. As the OP pointed out:
pulser_g2 said:
Full disclosure permits the end user to be made aware of the extent and details of the security issue, and attempt to mitigate or resolve it themselves (for example, by removing an affected plugin, deleting an APK, or using a firewall to prevent access to a vulnerable service until a fix is produced).
Click to expand...
Click to collapse
How did I just now see this forum? Pulser I was talking to you about such an area for many many moons ago.
@pulser_g2
I have a question about posting things I find that script kiddies would love. Like today, I opened up an apk that was supposed to be an icon pack. Instead, it has @Stericson 's RootTools package in it and someone else's libpush work. So it starts out as a script kiddies dream, cause that's all it is. But it would be good for people to learn from.
When I came here, before I installed @DaveShaw 's power menu .cab, I first learned what a cab was, what it did, how it worked, and what all the little bits and pieces did inside of it. You just can never be too safe. Which is probably why I don't go jumping on a new ROM, or app someone just released. I'll mull it over and let some other people be the testers. How could I post something like without giving away how it works, but showing what's inside. So as to let people know to be careful? Teach them how to open it up, the different parts of an apk, how to read it and such. That's the kind of thing I was meaning way back when I was asking you about making this kind of area. But you had the same concerns as me. It not turning into a scriptkiddy funhouse.
Are we going to be able to disclose threats among ourselves? You can't make everyone wear a white hat. Lord knows we didn't all wear one back in compsci. I see it like teaching firemen how to put out a fire. Yea they are going to learn what makes a really big fire that's hard to stop. But if you don't teach them how to build the fire, just put it out, then they have to go through just that extra bit of effort to do bad.
Maybe some parts of this thread belongs here. http://forum.xda-developers.com/general/security/security-threat-middle-attack-umts-t3374626
It is Awesome
wow