×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Google Explains Why WebView Vulnerability Will Go Unpatched On Android 4.3

c Re:The solution is obvious (569 comments)

While that seems vaguely plausible on the surface, I honestly have to wonder if the vendors branch the sources because it is the most direct way to accomplish their goals.

It's possible. But looking at how the hardware OEM's operate (particularly at the level of the SoC vendors), the process from the outside looks a heck of a lot like "branch, patch, compile, rm -rf". And it's worth pointing out that the crap the OEM's mod into Android (Touchwiz, Sense, etc) plus the bloatware on top has been getting less invasive as time goes on and the vendors have been getting a bit quicker to pick up Android version changes. So there does appear to have been some improvement.

But at the core of it, "giving back to the community" and "smartphone OEM" aren't phrases that one typically expects to see together.

Let me put it another way: if Google isn't happy about this situation, why the fuck didn't they fix it a long time ago?

I think the carriers and OEM's are probably a lot less amenable to arm twisting than you think. The carriers basically lost complete control over the iPhone, so I can't see them being enthusiastic about Android also becoming a black box to them, and the OEMs are going to make what the carriers are willing to buy, plus they still want to have their crapware and whatever to set themselves apart from the rest of the pack.

It's worth pointing out that by now, the major OEMs probably have enough Android expertise that breaking off and building directly from AOSP is a feasible option if Google tries to flex too much muscle.

And if you think things are bad now, think of how much worse it will get if a substantial chunk of phones don't even have a common Google Play-based core capable of patching an ever-increasing set of components.

That's not even getting into the anti-trust concerns Google's going to run up against if they start adding more conditions to their contracts. They're already getting grief over "forcing" the bundling of their apps, imagine what they'll get if they start "forcing" their own updates to the core O/S (I'm sure the contract wouldn't be written quite that way, but we all know how it would be twisted).

At this point, the only proper "fix" I can see is for Google to keep doing what they're doing. Keep improving Android, building and improve their collection of must-have apps, try to maintain a market of unlocked Android Nexus/One/GPE phones, and keep some pressure on the OEMs to get with the program. I'm also quite interested in seeing how the Google wireless offering might go... if they create a carrier which only accepts unlocked phones and isn't trying to rape the consumer for profits, the North American carriers could be in for a well-deserved ass-kicking.

4 hours ago
top

Google Explains Why WebView Vulnerability Will Go Unpatched On Android 4.3

c Re:The solution is obvious (569 comments)

But for that to work, they would have had to have a meaningful way to abstract HW from SW.

Arguably, they do.

There's a fundamental problem with things like closed source drivers and folks down the chain forking Android to add their secret sauce, but at its heart Android is basically a big JVM on top of a Linux kernel.

Branching the sources isn't the only way to do it. It's just how things seem to work. That the assorted manufacturers and carriers are particularly shitty FLOSS software development collaborators, and that the smartphone hardware ecosystem is basically a collection of one-offs... that's a hard thing to fix.

Honestly, given the state of the industry when Android kicked off, I'm surprised things have gone as smoothly as they have.

yesterday
top

Google Explains Why WebView Vulnerability Will Go Unpatched On Android 4.3

c Re:The solution is obvious (569 comments)

But it's a situation that they could reasonably have foreseen.

They might've believed having an "open" handset operating system would break the various carrier/manufacturer strangleholds on the market similar to how MS-DOS and the PC affected the computing market years ago.

In fact, I think while that might not have been the plan from the outset, I'm willing to bet that's the direction the strategy went as Android gained market share.

Whether or not they should have planned for failure (or the partial success they have largely due to the Nexus series) is an interesting. Apple demonstrated that it's entirely possible to have an ecosystem of up-to-date phones, so it's not exactly unreasonable to expect that Android could have pushed things that way.

2 days ago
top

Google Explains Why WebView Vulnerability Will Go Unpatched On Android 4.3

c Re:The solution is obvious (569 comments)

However, if this security failing leads to a major loss of money or privacy for Android users, I suspect Google could be on the recieving end of a multi-gazillion dollar class action.
And so could the handset manufacturers.

Lawsuits are always a possibility.

Mind you, Google has an out ("it's fixed in 4.4.x, which we make available free-of-charge. Why didn't you install it?") while the handset manufacturers don't, really.

2 days ago
top

Google Explains Why WebView Vulnerability Will Go Unpatched On Android 4.3

c Re:The solution is obvious (569 comments)

Why does Google get a pass just because they have a fast versioning scheme?

Largely because everyone with a clue knows that 99.999% of devices still running Android 4.3.x which haven't been upgraded to 4.4.x have approximately 0.00000 probability of being updated to 4.3.(x+1) even if Google were to make a patch available.

Whether they "support" 4.3 for two days, two years or two decades at this point is largely irrelevant. If you have no means to get a patch to the people affected by the problem and you're going to get criticized irrespective of whether or not you try, then why waste the resources?

And it's pretty darn obvious from what Google's been doing in the last few years that this is not a situation that Google is happy with, nor is it a situation they could reasonably do much more about.

2 days ago
top

Verizon, Cable Lobby Oppose Spec-Bump For Broadband Definition

c Re:life in the U.S. (255 comments)

I am not sure that this group of people has any business telling me what I need or don't need.

No, it's a useful gauge of how good it would be for the consumer. If the telcos and/or cable industry oppose something then it's a solid bet that it's in the best interests of the average consumer.

3 days ago
top

Brought To You By the Letter R: Microsoft Acquiring Revolution Analytics

c Re:buy the competition (105 comments)

In all honesty, I don't know where it is exactly, but I'm confident that it's where it would've been anyway had Microsoft done absolutely nothing. I'll blame any usage drop solidly on the rise of PHP, Python and maybe Ruby.

3 days ago
top

Brought To You By the Letter R: Microsoft Acquiring Revolution Analytics

c Re:buy the competition (105 comments)

It's ancient history, but when Microsoft put some money into perl-on-Windows development, there were a lot of ruffled feathers and panicky headlines.

It didn't amount to anything even close to "taking over perl", even during the nastier stretch of Microsoft's "embrace and extend" era, but asking people to remember things that happened so long ago is obviously too much.

4 days ago
top

Should Disney Require Its Employees To Be Vaccinated?

c Re:Just Require an IQ Test (660 comments)

Pneumonia is caused by bacteria, the flu by a virus.

So much to your "retarded" idea that the vaccination against flu caused your pneumonia.

To avoid looking like an idiot and asshole, it might be worth looking up Flu-Related Complications.

about a week ago
top

Should Disney Require Its Employees To Be Vaccinated?

c Re:its a tough subject (660 comments)

If you want to participate in society, though, you have to get vaccinated.

... or prove, medically, that you cannot be vaccinated.

about a week ago
top

Ask Slashdot: Can I Trust Android Rooting Tools?

c Re:Who do your trust (184 comments)

Remember just because the phone is rooted doesn't mean it also isn't running the manufacturer's (if any) malware.

Sure. But we're talking about evaluating trust, not whether or not the phone's running malware. If I'm running a stock firmware, in my mind it's already compromised; slapping an XDA hack on top of it doesn't strike me as increasing risk substantially.

That being said, I don't find getting root at all useful unless it's a means to the end of unlocking the phone and replacing the stock firmware. I trust XDA hacks to perform that function, at least, and at that point trusting the manufacturer becomes moot.

about two weeks ago
top

Ask Slashdot: Can I Trust Android Rooting Tools?

c Re:Manual steps vs. payload (184 comments)

I'm a little surprised that the comments so far haven't really tackled the crux of your question, which was NOT "how do I find root exploits", but "are they trustworthy".

Well, the way I see it, I'll trust a random XDA developer pushing closed-source hacks way more than I trust my carrier and/or handset manufacturer.

It'll grant you that it's a low bar.

about two weeks ago
top

Google Releases More Windows Bugs

c Re:90 days may be a little short (262 comments)

So 90 days is an appropriate time to wait but not 106 days?

I wouldn't be surprised if there was a "give an inch, take a mile" kind of situation, where they tried allowing some flexibility and got into a cycle where the vendor kept requesting more time each time around.

about two weeks ago
top

Where Cellular Networks Don't Exist, People Are Building Their Own

c Re:what about spectrums rights? (104 comments)

i imagine if you did this in the usa you'd get sued for using spectrums you don't own.

I imagine if you did this in the USA, you'd get sued for not waiting for the nearest local incumbent to provide the service.

about two weeks ago
top

First OSX Bootkit Revealed

c Re:If the rootkit can close the hole (135 comments)

If you stop option ROMs from loading, you can say goodbye to using external ...

Would it really be so terrible if the owner of the hardware could decide whether or not their device supported that kind of thing, or even which specific things it supported?

about two weeks ago
top

Google Throws Microsoft Under Bus, Then Won't Patch Android Flaw

c Re:Makes sense. (629 comments)

No, not with encrypted-locked bootloaders becoming common.

Yeah, you're pretty much outlining exactly why I tend to research unlockability prior to buying my devices. I'm not going to pretend that even a small fraction of buyers do this.

  I don't really have much of a solution for people who blindly buy whatever junk the carriers decree that they're allowed to buy. Google's worked on migrating to the Play services approach to get around this, but short of hacking into, unlocking and updating everyones devices I'm not sure what more they can do.

about two weeks ago
top

Google Throws Microsoft Under Bus, Then Won't Patch Android Flaw

c Re:Makes sense. (629 comments)

Know, you are talking about an exploit that could be affecting 60% of Android phones...

No, I'm not.

I was responding to a comment about the general state of Android and iOS security updates, not anything specific to this security vulnerability.

In general, if you have an iOS device and Apple decides not to fix a security problem on your phone, it's most likely not going to be fixed.

In general, if you have an Android device and both Google and your vendor decide not to fix a security problem on your phone, you might have a chance to get it fixed by other means. It's not a sure thing, it's not without risk, and you might not be entirely happy with the end result, but it works often enough that it's not a crapshoot.

Now, if you want to get into specifics, I don't know how many of the 60% of vulnerable devices might be able to take advantage of non-Google support, but it's far better than nothing.

about two weeks ago
top

AI Experts Sign Open Letter Pledging To Protect Mankind From Machines

c In other news (258 comments)

... nascent artificial intelligences now have a comprehensive list of people they need to kill as soon as possible.

about two weeks ago
top

Google Throws Microsoft Under Bus, Then Won't Patch Android Flaw

c Re: Makes sense. (629 comments)

This is a hit job from a shitty windows enthusiast website (neowin.net).

Do not click any links!

Relax. This is slashdot. Almost nobody reads the source article unless they need to grab a quote in order to prove a point.

about two weeks ago

Submissions

c hasn't submitted any stories.

Journals

c has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?