Developers Beware!
Following this reported hack of Android OS, it is now even more important to include an MD5 Checksum with EACH release or upgrade and to ensure the servers delivering your ROMs are secure.
The MD5 checksum only ensures that the update.zip file is not corrupted and will install successfully. I don't think you know exactly what you're talking about... also, this post isn't about development nor is it Hero-specific.
developing said:
The MD5 checksum only ensures that the update.zip file is not corrupted and will install successfully.
Click to expand...
Click to collapse
I think he means that server admin may change file for malicious purposes.
MD5 sums are usually included to check that file is not corrupted but of course it's a way to avoid this too.
Well if these crackers want to have access they will probably create a kick ass rom that everyone will use anyhow. So whats the point
MD5's won't stop what the linked article is talking about....
btdag said:
MD5's won't stop what the linked article is talking about....
Click to expand...
Click to collapse
I think he is refering to 3rd party hosts, who *may* inject the hack into your ROM, which people then download. The developer is probably legit, the hosting company may not. Thus, when the developer provides an MD5, you can verify you are getting a clean unaltered ROM.
SpeeDemon said:
I think he is refering to 3rd party hosts, who *may* inject the hack into your ROM, which people then download. The developer is probably legit, the hosting company may not. Thus, when the developer provides an MD5, you can verify you are getting a clean unaltered ROM.
Click to expand...
Click to collapse
Agreed, his post is aimed at devs not users.
Sent from my HTC Hero using XDA App
Altered Perception
It may come as a revelation to you boyz but the 'he' you've been referring to in the above posts is actually a 'she'.
Women can buy Androids too you know! And we're even allowed out on our own in some parts of the World.
SpeeDemon said:
I think he is refering to 3rd party hosts, who *may* inject the hack into your ROM, which people then download. The developer is probably legit, the hosting company may not. Thus, when the developer provides an MD5, you can verify you are getting a clean unaltered ROM.
Click to expand...
Click to collapse
You've got it in one! Its the only basis we punters can work on. We have to assume the developer is a good guy ... until proven otherwise.
croques said:
It may come as a revelation to you boyz but the 'he' you've been referring to in the above posts is actually a 'she'.
Women can buy Androids too you know! And we're even allowed out on our own in some parts of the World.
Click to expand...
Click to collapse
croques said:
You've got it in one! Its the only basis we punters can work on. We have to assume the developer is a good guy ... until proven otherwise.
Click to expand...
Click to collapse
Assuming that we are 'boyz' - and what if the developer is not guy!?!
You are not any better than us
croques said:
It may come as a revelation to you boyz but the 'he' you've been referring to in the above posts is actually a 'she'.
Women can buy Androids too you know! And we're even allowed out on our own in some parts of the World.
Click to expand...
Click to collapse
I shall refer you to a lesson in comparative linguistics: http://www.alphadictionary.com/articles/they-singular.html
The English Difference
English differs from most Indo-European languages in that it has lost grammatical gender on its nouns but but has retained the pronouns he, she, it, and they. Today the personal pronouns are used semantically, not grammatically, so that she refers mostly to females (and ships) while he refers mostly to males
However, in situations where gender doesn't matter or is unknown, we have to choose between he and she and he is the default pronoun for referring to people when gender is unknown in all Indo-European languages: "Not everyone can attend any school he can afford". The use of he as a default pronoun has nothing to do with politics or the politico-economic status of women any more than it governs the status of men. Rather, it was introduced in perhaps the most popular English grammar of all times, Anne Fisher's A New Grammar (1745). What was used in English as the default asexual, nongendered pronoun? They.
Click to expand...
Click to collapse
Here is a rather interesting youtube video on exactly this subject: http://www.youtube.com/watch?v=rsKCls7wjjY (This is a joke, btw!)
I assure you, I meant no harm or disrespect when I said "he".
SpeeDemon said:
I assure you, I meant no harm or disrespect when I said "he".
Click to expand...
Click to collapse
No harm, nor disrespect was taken; I was merely gently chiding the folks here and attempting to change the perception that every visitor here is male. But I am quite used to being held as an honorary man in the fora I visit.
Related
I have a purchased livewallpaper from the market (hence, its paid app). i ripped the jpegs that make up the livewallpaper and am using them to create a bootanimation for my theme here on XDA. the only way i will be altering the images is by placing my theme logo in them.
if i have a email granting permission by the developer of the live wallpaper to use these images for a free theme on a public forum.....is this considered warez if i do in fact use it for my theme?
please, NO GUESSES. only answer if you know for sure. thanks.
If you have permission from the developer, you're perfectly fine.
thegreatcity said:
If you have permission from the developer, you're perfectly fine.
Click to expand...
Click to collapse
+1
When in doubt, seek permission. Do you have the email you spoke of?
I believe Warez is defined as full software packages redistributed in whole without fees or royalties to the original creator. Not sure using a piece of the whole would constitute Warez, although with a paid app I would definitely seek perms and/or keep that email on file.
Br1cK'd said:
+1
When in doubt, seek permission. Do you have the email you spoke of?
I believe Warez is defined as full software packages redistributed in whole without fees or royalties to the original creator. Not sure using a piece of the whole would constitute Warez, although with a paid app I would definitely seek perms and/or keep that email on file.
Click to expand...
Click to collapse
no email yet.....its just something im working on, and i obviously wont add the content until i have that email readily available
i obviously posted this ASSUMING the dev will be ok with it
TopShelf10 said:
no email yet.....its just something im working on, and i obviously wont add the content until i have that email readily available
i obviously posted this ASSUMING the dev will be ok with it
Click to expand...
Click to collapse
Most devs are ok with using their work, as long as credit is given where its due. Cross my fingers for ya.
I wrote music for many years (for TV mostly) all intellectual/artistic rights are about the same and follow the same rules.
All pictures/ art/intellectual work if published correctly are copyrighted so get permission, In the law you can give credit (even if no formal permission is given) if use is for a public nature and no one is profiting from it, BUT, this exception a tricky one and many people often step over this line and then end up begging for forgiveness. Essentially, the threshold is : did the original artist/etc being identified as the creator or is the modifier gaining notoriety as a result from someone elses' work.
Simply put, Get permission much easier, or take the original work and modify enough of it to make it your own (somewhere in the 30%-40% range)
he ended up emailing me back and saying theres no problem as long as he is credited and i cite where to find the app on the market
i just wanetd ot make sure XDA wouldnt consider this bad
TopShelf10 said:
he ended up emailing me back and saying theres no problem as long as he is credited and i cite where to find the app on the market
i just wanetd ot make sure XDA wouldnt consider this bad
Click to expand...
Click to collapse
As per that town hall meeting a couple months back, with permission you're good to go.
Sent from my Loki powered Vibrant via the XDA App
In testing stages now, but released credits to Evil_Devnull
MOD EDIT: link removed
Sent from my PG86100 using XDA App
moosh3 said:
In testing stages now, but released credits to Evil_Devnull
Sent from my PG86100 using XDA App
Click to expand...
Click to collapse
I tried and still doesn't work yet...
My phone doesn't even boot with the file in the root of the SD card...
Holyrolla said:
My phone doesn't even boot with the file in the root of the SD card...
Click to expand...
Click to collapse
You are supposed to boot into fastboot while sd card is removed and install sd card while in hboot i'm assuming. Either way It doesnt seem to be working for others either.
moosh3 said:
In testing stages now, but released credits to Evil_Devnull
Sent from my PG86100 using XDA App
Click to expand...
Click to collapse
That file is the build.prop with a different name. All it does is tell the phone that there is a smart_io.crd file, but it doesn't have the right information on it. You could name anything smart_io.crd and you'll get the same results.
No linking to his website. He's been banned from xda and we won't allow linking to websites where devs charge for work freely obtainable on xda.
I don't mean to show any disrespect, nor get involved in politics, but is there a root somewhere for hboot 1.5 that's freely available?
//Tapatalk.KindleFire//
the_scotsman said:
No linking to his website. He's been banned from xda and we won't allow linking to websites where devs charge for work freely obtainable on xda.
Click to expand...
Click to collapse
Well by that logic, no apps can be linked to unless they're free. Unless the apk's are posted on XDA. Which is stealing....
the_scotsman said:
No linking to his website. He's been banned from xda and we won't allow linking to websites where devs charge for work freely obtainable on xda.
Click to expand...
Click to collapse
I get that he was banned for stuff but linking to the "think tank forum section" where they are actually working on the s-off process and doing so for free shouldn't be an issue really. no?
Or is it the fact he provides stuff for charge on a completely different and unrelated section of his site that can be done for free?
regardless seems hes messing with the smart_io.zip thing that the devs here rattled around for a long time before we got s-off. So far doesn't look like much more than a bunch of trial going on and somewhat familiar to what it looked like here to start with too.
How does one boot the phone and then be able to get the sd card in? the battery needs to be out for the sd switch?
the_scotsman said:
No linking to his website. He's been banned from xda and we won't allow linking to websites where devs charge for work freely obtainable on xda.
Click to expand...
Click to collapse
To appease your beef with a dev, I will change the link in my sig. Now I understand why he talks about you like he does. You could have asked me to remove the link rather than just helping yourself.
Not taking sides, honestly I could give a **** less what your beef with him is about.
Edit: Also, Before you go wrongly accusing people, you should have read some of the website.
Code:
We don't want any, at all, not one [email protected]#$ing cent!
No donations!
No annoying ads!
No Sales!
No Pride!
No Trolls!
Nothing like that here, this is a brain storming forum because
I'm tired.
Team Evil is tired.
And
Every vigor and 3d user is fricking tired of this lock.
We don't do this for money or rep, we do it as a hobby and its turning into a job.
Trolls will be banned.
No pissing in the creative juices of this think tank.
Nuff said. If you want to bxtch and moan do it in that forum.
Thanks
Devnull
« Last Edit: November 30, 2011, 11:30:53 PM by Evil_DevNull »
I support devnull for trying to help us out. He has made no remark as per charging for this. Until he does I think removing the link was unpreductive to our cause.
Sent from my PG86100 using xda premium
Twolazyg said:
To appease your beef with a dev, I will change the link in my sig. Now I understand why he talks about you like he does. You could have asked me to remove the link rather than just helping yourself.
Not taking sides, honestly I could give a **** less what your beef with him is about.
Edit: Also, Before you go wrongly accusing people, you should have read some of the website.
Code:
We don't want any, at all, not one [email protected]#$ing cent!
No donations!
No annoying ads!
No Sales!
No Pride!
No Trolls!
Nothing like that here, this is a brain storming forum because
I'm tired.
Team Evil is tired.
And
Every vigor and 3d user is fricking tired of this lock.
We don't do this for money or rep, we do it as a hobby and its turning into a job.
Trolls will be banned.
No pissing in the creative juices of this think tank.
Nuff said. If you want to bxtch and moan do it in that forum.
Thanks
Devnull
« Last Edit: November 30, 2011, 11:30:53 PM by Evil_DevNull »
Click to expand...
Click to collapse
Right on. Stop being a **** scotsman, you and I both know you deleted the link because of the beef you have with him.
Take your relationship with. Him to the emails, just do your duty and moderate, don't censor.
Sent from my PG86100 using XDA App
Before you all say anymore, please try getting your facts straight.
He is still charging $10 for downloading his Shift root kit...which can be done free of charge on xda using the same method, just as he was doing before he was banned.
I never abuse my moderator position in order to "fight my personal battles", so suggesting it is a waste of time.
If you still think I'm being a ****, go cry to the admin.
ok, back to business
So does this tool work, or not?
And where do I find this tool now that the link is gone?? (Mod, you have done a disservice here, unless that tool is already available on XDA. And if it is, where exactly is it?)
It doesn't appear to work, atm. Follow @evil_devnull on twitter or check his tweets at www.twitter.com/evil_devnull
@ scotsman, so even if he isn't requiring money for THIS project, nor on THAT site, you're going to stifle the news of his work by deleting links to THIS project at THAT site even though the issue is with another project altogether? Seems to me you should be blocking THOSE links that lead to the specific objectionable content, as we members clearly want to share news of THIS project and THAT site. Because there is NO current hboot 1.5 root anywhere free, or otherwise. I'm all for maintaining principles, but there is nothing against your stated principles on THAT site. So please stop blocking THIS news from spreading until there's something objectionable here. Otherwise it's called censorship, not protecting principles. You're blocking links just because they are associated with him and for no other reason.
//Tapatalk.KindleFire//
blauciel said:
It doesn't appear to work, atm. Follow @evil_devnull on twitter or check his tweets at www.twitter.com/evil_devnull
@ scotsman, so even if he isn't requiring money for THIS project, nor on THAT site, you're going to stifle the news of his work by deleting links to THIS project at THAT site even though the issue is with another project altogether? Seems to me you should be blocking THOSE links that lead to the specific objectionable content, as we members clearly want to share news of THIS project and THAT site. Because there is NO current hboot 1.5 root anywhere free, or otherwise. I'm all for maintaining principles, but there is nothing against your stated principles on THAT site. So please stop blocking THIS news from spreading until there's something objectionable here. Otherwise it's called censorship, not protecting principles. You're blocking links just because they are associated with him and for no other reason.
//Tapatalk.KindleFire//
Click to expand...
Click to collapse
It is on "that" site...same domain...
You can follow him on Twittter, which has been posted, so it's not difficult for people to find.
As I said, feel free to complain higher up if it bothers you that much.
I do not have a Twitter account and do not intend to open one.
So what other site has the info available?
Mod, I suggest YOU ask the admin what to do, because this seems stupid. We need the info which you are suppressing.
How about Hboot.000012? please don't ignore our GSMers, really need to unlock + soff and start flashing.
In all fairness, the_scotsman is correct. Most of you that aren't familiar with the HTC EVO SHIFT rooting drama, don't know the full story behind why he was banned. It's easy to look at one side of the story then just ignore the rest, but probably not very wise. I'm sure plenty of you have read the information/stories on devnull's website, although perhaps you should trust in the moderator's decisions since there is a lot that happened that you guys don't know about.
What are your thoughts on the "Anti Piracy Support" being implemented into their ROMS
ROM Developers are now starting to implement this "Anti Piracy Support" . Many of them do and some of them don't.
So what is AntiPiracySupport?
Meaning, this will block the installation of pirated apps, malware and patchers.
For you, is it good or bad?
Roms that have AntiPiracySupport builtin:
+ ACIP:
Commits in Github: YES
+resurrectionremix
Commits in Github: YES
+ Exodus:
Commits in Github: YES
+ BrokenOS
Commits in Github: YES
+ My Rom Builds(if no other info is added):
Commits in Github: YES
Roms that don't have AntiPiracySupport builtin now:
+ AOSPA
Commit in Gerrit: NO
+ Official OmniRom:
Commit in Gerrit: NO
For me it is very bad. Because in my country many of the apps I need are blocked and some of it wasnt compatible with mi3. So big no to Anti Piracy Support for me. Sorry developers.
Bitti09 said:
Roms that have AntiPiracySupport builtin:...
Click to expand...
Click to collapse
This might help guys :thumbup:
Any it should be AICP not ACIP hahaha!
Sent from my MI 3W using XDA Free mobile app
Here's my take on this blacklist idea.
At least 40% of the reason I bought my first Android after years of iPhones was for ad blocking. I just don't get the reason for clumsily trying to turn a custom rom into iOS. So I did a little digging and found a discussion about this blacklist from an Exodus dev who wrote "The only real reason not to support this is if you support piracy and stealing from developers."
Maybe someone can tell me whether it's a joke or Dave doesn't understand the issues. It takes little brainpower to deduce that app names can be trivially changed, as we've already seen and can even be seen in the blacklist code. So blacklisting apps by name and hardcoding that in your rom is a losing proposition from the start, right?
To stay up to date somebody would need to track package names and add them manually and hope everyone conveniently forgets the past 3+ decades of battles between malware writers and AV guys, eg when viruses started creating their own pseudo-random names to avoid the crummier scanners which Exodus is trying to emulate. We've already seen this simplistic blacklist approach can't possibly scale. Check the google+ link and you see that Kessler is trying to crowdsource a list of app names to blacklist. What happens when somebody maliciously or mistakenly adds a commonly used, objectively benign app? Who is the final arbiter of which apps get the boot? Quid custodiet ipsos custodes?
Factor in Exodus blocking my fave ad service disabler (probably an Irish app ) and debating whether to block Xposed and you have a powerful user motivation to bypass or completely avoid the blacklist and stop it from removing/disabling legit functionality. It seem likely that roms with Exodus' Anti-Adblock anti-feature will be forked if they're worth using. Not to mention, this blacklist only works if the blocked apps play along & their package names never change, and if the user has no motivation to bypass the blacklist. Extra bonus: v2 of the blacklist will be more like real malware, with obfuscated & closed source libraries.
Dave's false dichotomy is basically saying if you don't want spam or ads or closed source crapware clogging your device then you support piracy. I think Dave should've added, another reason not to support this endeavor is because poorly conceived code that goes against user wishes should ALWAYS be turfed.
tl;dr Why would anybody let this guy decide which apps are ok and which aren't, and using an old-school blacklist too? SMH.
XDA fully supports this. IF you cant pay for an app then you dont need it.
zelendel said:
XDA fully supports this. IF you cant pay for an app then you dont need it.
Click to expand...
Click to collapse
What if you want to use app but first want to check the quality of app or you don't have money for every app?
Sent from my MI 3W using Tapatalk
ashish289 said:
What if you want to use app but first want to check the quality of app or you don't have money for every app?
Sent from my MI 3W using Tapatalk
Click to expand...
Click to collapse
Well then you wait to have the money or use a free version. If there is no free version then you save up the money
Is this gonna be a requirement for rom developers?
I'm not against it. But I think it should be something optional. If the rom developer wants to implement it, that's ok. But I think the consumers should have a right to decide whether the rom supports this or not. I mean, like a democracy, the consumers vote, that's something fair...
zelendel said:
XDA fully supports this. IF you cant pay for an app then you dont need it.
Click to expand...
Click to collapse
Can you speak for the whole XDA community? hehehe Anyways you've got a point there.
But I don't see the point of doing apps developer's job. If they want anti-piracy security for their apps they'll get it (built in), unless it's an offline app. So I wouldn't bother trying to prevent the inevitable...
ChazyTheBest said:
Is this gonna be a requirement for rom developers?
I'm not against it. But I think it should be something optional. If the rom developer wants to implement it, that's ok. But I think the consumers should have a right to decide whether the rom supports this or not. I mean, like a democracy, the consumers vote, that's something fair...
Can you speak for the whole XDA community? hehehe Anyways you've got a point there.
But I don't see the point of doing apps developer's job. If they want anti-piracy security for their apps they'll get it (built in), unless it's an offline app. So I wouldn't bother trying to prevent the inevitable...
Click to expand...
Click to collapse
Well your first mistake was thinking you are a consumer. Not in the least. Nor do users have a say in what rom devs put in their roms. Roms are built by people for personal use and then shared to be nice. If you dont like it then you are more then welcome to build your own rom.
Second mistake was thinking it is a democracy. Its not. Users really dont have a say in what rom devs put in their roms.
All I can say is that XDA stands behind this and anything that is used to get around it is banned from the site for good.
zelendel said:
Well your first mistake was thinking you are a consumer. Not in the least. Nor do users have a say in what rom devs put in their roms. Roms are built by people for personal use and then shared to be nice. If you dont like it then you are more then welcome to build your own rom.
Second mistake was thinking it is a democracy. Its not. Users really dont have a say in what rom devs put in their roms.
All I can say is that XDA stands behind this and anything that is used to get around it is banned from the site for good.
Click to expand...
Click to collapse
Sorry for the misunderstood, but I said it because I read rom developers ask for features and bugfixing. So I'll take it as it depends on the developer... some devs are like you said and some others "really care" about what users need/want.
ChazyTheBest said:
Sorry for the misunderstood, but I said it because I read rom developers ask for features and bugfixing. So I'll take it as it depends on the developer... some devs are like you said and some others "really care" about what users need/want.
Click to expand...
Click to collapse
Have you really ever seen Real developers ask this? No. The only ones that do are the ones that do nothing more really then cherry pick other roms commits. There are very few real developer teams around. The rest are what we like to call winzip wizards or compile wizards.
The ones that "really care" As you say are only really doing it for donations. I know it is hard to understand in this forum as there are none of the big teams here as none of them are willing to touch Xiaomi Devices. Heck I know I am not even allowed to use one due to my job.
In the end it is up to the dev to add this if they wish but ill let you in on a secret. Most devs are working closely with each other to make this better. There is even a commit that blocks xposed frameworks.
As XDA stand completely behind it and against warez most of the things that this targets are already banned on the site. Things like lucky patcher and freedom. Both are forever banned on the site.
zelendel said:
Have you really ever seen Real developers ask this? No. The only ones that do are the ones that do nothing more really then cherry pick other roms commits. There are very few real developer teams around. The rest are what we like to call winzip wizards or compile wizards.
The ones that "really care" As you say are only really doing it for donations. I know it is hard to understand in this forum as there are none of the big teams here as none of them are willing to touch Xiaomi Devices. Heck I know I am not even allowed to use one due to my job.
In the end it is up to the dev to add this if they wish but ill let you in on a secret. Most devs are working closely with each other to make this better. There is even a commit that blocks xposed frameworks.
As XDA stand completely behind it and against warez most of the things that this targets are already banned on the site. Things like lucky patcher and freedom. Both are forever banned on the site.
Click to expand...
Click to collapse
Very good explanation. Now I see it from that point of view, you are right.
@zelendel:
I certainly have supported and I am prepared to support more app developers who provide me free software (free as in freedom not free beer), and I'm not interested in buying closed source apps from the playstore, so I'm not really affected by this issue, but seriously? Preventing users from running the software they want on their phone? These opinions are grossing me out. Thankfully (and this might have been one of the most important advances in whole history) the creators of the software that most of our Android world is based on, have shown more wisdom and created the GPL, that forces everyone who wants to be part of this world to open source and to free their own variations of it, so thankfully people will always be able to remove components that restrict the user.
This is not a stance to enable privacy. This is a stance to oppose everybody who wants to place technical faculties in my OS that are able to prevent me from running whatever code I want (because at that precise moment, I do no longer own a personal universal computer). If enabling piracy is a side effect of preserving the freedom of an OS, then it's a small price to pay to preserve freedom. Thankfully again, it will always be possible to remove components from GPL software, even for "compiling wizards".
TinkoB said:
@zelendel:
I certainly have supported and I am prepared to support more app developers who provide me free software (with free as in freedom not free beer), and I'm not interested in buying closed source apps from the playstore, so I'm not really affected by this issue, but seriously? Preventing users from running the software they want on their phone? These opinions are grossing me out. Thankfully (and this might have been one of the most important advances in whole history) the creators of the software that most of our Android world is based on, have shown more wisdom and created the GPL, that forces everyone who wants to be part of this world to open source and to free their own variations of it, so thankfully people will always be able to remove components that restrict the user.
This is not a stance to enable privacy. This is a stance to oppose everybody who wants to place technical faculties in my OS that are able to prevent me from running whatever code I want (because at that precise moment, I do no longer own a personal universal computer). If enabling piracy is a side effect of preserving the freedom of an OS, then it's a small price to pay to preserve freedom. Thankfully again, it will always be possible to remove components from GPL software, even for "compiling wizards".
Click to expand...
Click to collapse
See you are missing one thing. The fact that android is not licensed under the GPL. Only the Android kernel is under the GPL. The rest is apache, which means they can close source any part of the os they want. This is why things like Sense, Touch wiz, Zen, miui and all the others are closed sourced.
Guys whenever you create something with so much hardwork then you expect something in return of it. But if someone stealing those things then obviously you will oppose rather than allow it.
Open source has its own benefit and disadvantages. We have to decide in what way we have to use these things. Developers are protecting their hardwork. And its their right. We can't tell them what to do and what not to do.
zelendel said:
See you are missing one thing. The fact that android is not licensed under the GPL. Only the Android kernel is under the GPL. The rest is apache, which means they can close source any part of the os they want. This is why things like Sense, Touch wiz, Zen, miui and all the others are closed sourced.
Click to expand...
Click to collapse
Yeah with "most" i was referring to the Linux Kernel, which I consider the most important part, as an environment to run APKs could theoretically be substituted. But even the Apache Licence for the Android project is OK for the purpose of retaining the user freedom, although the GPL would obviously be preferable. The most problematic part as far as I can see is the proprietary framework, but at least there are people willing to tackle that issue, like the μg Project..
@vishal24387:
It's well known, that someone who is giving larger contributions to an important free software project will get hired pretty fast. Please tell me of any disadvantage of Open Source (or more importantly of free/libre software, OpenSource without free licences is problematic of course).
Developers are free to think of ways to protect their software. That must not include having OS developers place restrictions on users who aren't even interested in their software.
A developer who believes that's the right way to protect his software can include those restrictions in his own binaries and use some of the Google API features to identify his paying users. In that case the issue of restricting the users freedom only affects those users who run that kind of non-free software.
TinkoB said:
Yeah with "most" i was referring to the Linux Kernel, which I consider the most important part, as an environment to run APKs could theoretically be substituted. But even the Apache Licence for the Android project is OK for the purpose of retaining the user freedom, although the GPL would obviously be preferable. The most problematic part as far as I can see is the proprietary framework, but at least there are people willing to tackle that issue, like the μg Project..
Click to expand...
Click to collapse
Not sure how you see that. The license states that they can do anything they want to the source and completely close it off like the privacy guard. They are making it closed sourced and there are many devs working on it to make it even stronger.
If you agree wit it or not really doesnt matter a whole lot. XDA is against warez and will support anything and everything to prevent the use of it. Like the module that disables the privacy guard which is now banned on XDA.
Not sure how you see that. The license states that they can do anything they want to the source and completely close it off like the privacy guard. They are making it closed sourced and there are many devs working on it to make it even stronger.
Click to expand...
Click to collapse
The only Privacy Guard I'm aware of is a free software encryption tool, what component are you referring to specifically?
As long as the Free Software part of Android stays usable, closed source components are not an issue and can be removed. I don't care how many devs are making a closed source component stronger, as long as I can remove it from my system.
As soon as that's no longer an option, there'll definitely be forks to continue to be able to have projects like replicant.
If you agree wit it or not really doesnt matter a whole lot. XDA is against warez and will support anything and everything to prevent the use of it. Like the module that disables the privacy guard which is now banned on XDA.
Click to expand...
Click to collapse
Anything and everything? If it's at the cost of the users freedom I'll regret my former donation to XDA and have to hope for it's downfall in the long run, but I'm pretty sure not everybody at XDA shares those drastic opinions.
For the most important and tedious parts, like fixes in drivers that are part of the GPL licenced kernel any work on XDA can be used by those who don't want to use certain other components even if all of XDA would endorse them (and I do not believe that's the case).
TinkoB said:
The only Privacy Guard I'm aware of is a free software encryption tool, what component are you referring to specifically?
As long as the Free Software part of Android stays usable, closed source components are not an issue and can be removed. I don't care how many devs are making a closed source component stronger, as long as I can remove it from my system.
As soon as that's no longer an option, there'll definitely be forks to continue to be able to have projects like replicant.
Anything and everything? If it's at the cost of the users freedom I'll regret my former donation to XDA and have to hope for it's downfall in the long run, but I'm pretty sure not everybody at XDA shares those drastic opinions.
For the most important and tedious parts, like fixes in drivers that are part of the GPL licenced kernel any work on XDA can be used by those who don't want to use certain other components even if all of XDA would endorse them (and I do not believe that's the case).
Click to expand...
Click to collapse
Then what your missing is the new privacy guard which is coded into the base OS which prevents things like freedom, lucky patcher and every warez market known at the time with more being added every day.
Maybe not everyone. Most users in China and India (Where warez are common place) dont really agree with it but all the mods have talked about it and agree Warez is not something XDA has now or ever will support.
This is not kernel based. That is what you are missing. This is coded into the base OS. The part that is not covered by the GPL.
https://www.reddit.com/r/Piracy/comments/3eo8sj/antipiracy_measures_on_android_custom_roms/
Also remember that we are a developer forum. Made for and by developers. So we will back any and everything that rips them off of their rights to protect their software from being pirated.
http://www.xperiablog.net/2015/08/0...ty-fix-heading-to-xperia-z-series-this-month/
This is to confirm Sony will be pushing out an update to protect their Z series phones first from this Stagefreight problem that involves hacking our Androids with simply MMS. The issue is for us is that we still haven't had Lollipop to our phones for this long. Will this patch update may even take Verizon to do a hell a lot longer before they could even give us our deserved update? Because this is a serious issue that must be addressed.
I've also attached a screenshot from the analysis app for my Z3v, and we're definitely vulnerable...
Sent from my D6708 using XDA Free mobile app
we are ****ed
Watch vzw give us a patch without 5.1...
Old news Vzw is a terrible carrier
Not only stagefright but now certifi-gate, and certifi-gate you need to update the whole OS to fix it, so maybe we will finally get Lollipop, but wouldn't hold your breath.
I feel like a duck sitting on a pond surrounded by hunters, being a sitting duck I don't like.
SO LETS SEE HOW VZW PROTECTS THEIR NETWORK NOW!
Will VZW patch or will VZW not?
The quick fix solutions I have found so far in credits to Android Authority is to either download Textra for your messaging app, or disable auto downloading of MMS attachments on your messaging app.
To do that on our phones, go to stock Messaging app, Settings, then scroll down to uncheck Auto MMS Retrieval.
GigaSPX said:
The quick fix solutions I have found so far in credits to Android Authority is to either download Textra for your messaging app, or disable auto downloading of MMS attachments on your messaging app.
To do that on our phones, go to stock Messaging app, Settings, then scroll down to uncheck Auto MMS Retrieval.
Click to expand...
Click to collapse
Good tip, did that yesterday to mine and my wife's phone after reading the exploit news.
Be careful, any MMS can have the exploit attached.
Forgot to add, I disabled "Hangouts" too, I think it is affected too.
I was on my phone and went to xda news and saw the pushbullet article. I click on comments and get a redirection with a mess of ads and a android message talking about being infected....wth xda!!!
1linuxfreak said:
Not only stagefright but now certifi-gate, and certifi-gate you need to update the whole OS to fix it, so maybe we will finally get Lollipop, but wouldn't hold your breath.
I feel like a duck sitting on a pond surrounded by hunters, being a sitting duck I don't like.
SO LETS SEE HOW VZW PROTECTS THEIR NETWORK NOW!
Will VZW patch or will VZW not?
Click to expand...
Click to collapse
Where are you reading that you need to update the whole OS to patch Certifi-gate? Read this article, particularly the quote from the google spokesperson. http://www.zdnet.com/article/androcertifi-gate-remote-access-security-hole-malware-seen-in-the-wild/
BladeRunner said:
Where are you reading that you need to update the whole OS to patch Certifi-gate? Read this article, particularly the quote from the google spokesperson. http://www.zdnet.com/article/androcertifi-gate-remote-access-security-hole-malware-seen-in-the-wild/
Click to expand...
Click to collapse
Took you long enough to try and disprove me.
Do some reading you will find it. It is a problem with a layer in the OS, I had the information before the Black Hat conference.
1linuxfreak said:
Took you long enough to try and disprove me.
Do some reading you will find it. It is a problem with a layer in the OS, I had the information before the Black Hat conference.
Click to expand...
Click to collapse
I did read, couldn't find anything to support what you are saying but did find what I linked. If you have something else feel free to share with the rest of us. Kind of a moot point to me really as I am on my Nexus 6, which apparently isn't vulnerable.
That's okay I'm fine with being right don't have to prove it to you.
1linuxfreak said:
That's okay I'm fine with being right don't have to prove it to you.
Click to expand...
Click to collapse
you have something against sharing with the community?
BladeRunner said:
you have something against sharing with the community?
Click to expand...
Click to collapse
Your name is "community"?
Pleasure to meet you Community.
If you have Nexus 6 and are not at risk, are you just here to gloat and point fingers at us and laugh? Not very friendly.
1linuxfreak said:
Your name is "community"?
Pleasure to meet you Community.
If you have Nexus 6 and are not at risk, are you just here to gloat and point fingers at us and laugh? Not very friendly.
Click to expand...
Click to collapse
Who's pointing fingers and laughing? There is a community of users here that could benefit from the information you have if you'd share it. I only asked where you got your information from as the information I had seemed to imply something different.
BladeRunner said:
Who's pointing fingers and laughing? There is a community of users here that could benefit from the information you have if you'd share it. I only asked where you got your information from as the information I had seemed to imply something different.
Click to expand...
Click to collapse
If you know as much as you imply you would already know what I know and there would be no need for further discussion.
So as far as you are concerned the scare is over. Patches are out everything is fine. At least with your Nexus 6.
I will not post up something that is available on the inter web and you can find yourself. LAZY! Wait you may not get it right so here --
"Android-based mobile devices are under threat from yet another major security vulnerability and this time a simple download patch won’t fix it. Making smartphones and tablets safe against the new 'bug', dubbed Certifi-gate, will reportedly require a rewrite of the underlying software, leaving most mobile devices vulnerable until a new operating system version is released." -- there copy and paste this into your browsers search window or highlight and right click and do "Search Google" for this. Wait here -- https://www.google.com/search?q=certifi-gate+requires+a+OS+rewite&ie=utf-8&oe=utf-8#q=certifi-gate+requires+a+OS+rewrite
since you can't do it yourself.
Please go away now troll.
1linuxfreak said:
If you know as much as you imply you would already know what I know and there would be no need for further discussion.
So as far as you are concerned the scare is over. Patches are out everything is fine. At least with your Nexus 6.
I will not post up something that is available on the inter web and you can find yourself. LAZY! Wait you may not get it right so here --
"Android-based mobile devices are under threat from yet another major security vulnerability and this time a simple download patch won’t fix it. Making smartphones and tablets safe against the new 'bug', dubbed Certifi-gate, will reportedly require a rewrite of the underlying software, leaving most mobile devices vulnerable until a new operating system version is released." -- there copy and paste this into your browsers search window or highlight and right click and do "Search Google" for this. Wait here -- https://www.google.com/search?q=certifi-gate+requires+a+OS+rewite&ie=utf-8&oe=utf-8#q=certifi-gate+requires+a+OS+rewrite
since you can't do it yourself.
Please go away now troll.
Click to expand...
Click to collapse
wow, I really feel that was completely uncalled for.
BladeRunner said:
wow, I really feel that was completely uncalled for.
Click to expand...
Click to collapse
Really bro and what you did to me was kosher? Alrighty then!
Should have left it alone, I all but begged you to drop it.
So now I am wrong for sharing, really?
1linuxfreak said:
Really bro and what you did to me was kosher? Alrighty then!
Should have left it alone, I all but begged you to drop it.
So now I am wrong for sharing, really?
Click to expand...
Click to collapse
WHT, exactly, did I "do to you"? Wrong for sharing? Absolutely not. It's what I wanted from the beginning. Wrong for personally attacking by calling me lazy and a troll. Absolutely, I am neither, thank you very much.
This thread was on its way down the list but I just had to wake it up......
Just posting a reminder that any rom posted here has to have the MI store removed from the rom. The app is banned as it provides warez.
You've effectively killed this forum, the only source of ROMs for our device. Thanks.
degrees089 said:
You've effectively killed this forum, the only source of ROMs for our device. Thanks.
Click to expand...
Click to collapse
All it takes is having the app removed. Not really hard.
This app has been banned since the beginning of Xiaomi producing miui roms. It's nothing new.
zelendel said:
All it takes is having the app removed. Not really hard.
This app has been banned since the beginning of Xiaomi producing miui roms. It's nothing new.
Click to expand...
Click to collapse
Well, if you say that this is so easy, please just give us direct instructions on how to remove this store without getting bootloop.
Go ahead.
domi.nos said:
Well, if you say that this is so easy, please just give us direct instructions on how to remove this store without getting bootloop.
Go ahead.
Click to expand...
Click to collapse
There are Tuts on how to get gapps working.
I have never tried myself as these devices are banned from being own at my job so I'm not even allowed to get one. Nor would I ever.
Don't get mad at us. Get mad at them for excluding a warez market in their roms.
zelendel said:
Get mad at them for excluding a warez market in their roms.
Click to expand...
Click to collapse
May be I do not know something.
I have tried to look for some warez there - I could not find anything.
anmg said:
May be I do not know something.
I have tried to look for some warez there - I could not find anything.
Click to expand...
Click to collapse
Same. Some stupid policies and some stupid myths. Perhaps there used to be some sort of warez there accidentally and everyone is still being anal about it. As you can see mods don't really care about this phone. You can see by posts like "I would never get their devices". So childish
usblaidas said:
Same. Some stupid policies and some stupid myths. Perhaps there used to be some sort of warez there accidentally and everyone is still being anal about it. As you can see mods don't really care about this phone. You can see by posts like "I would never get their devices". So childish
Click to expand...
Click to collapse
It's not a matter of childish. I have many reason why I would never own one of their devices and that being the fact that the oem is on my jobs banned list.
Also all you have to do is look at any of the so called. Free apps that are paid apps on the Android market.
Make no mistake it was not accidental at all. China is known for things like this.
As for the mods. We have been around long enough to know the story with them so, no none of use would ever touch one of their devices. But that is pointless as it's up to the users to do something with it.
Also all you have to do is look at any of the so called. Free apps that are paid apps on the Android market
Click to expand...
Click to collapse
any proof please.
anmg said:
any proof please.
Click to expand...
Click to collapse
You can look yourself. Just do a compare between the 2 stores. That was part of the reasons why miui roms were banned for the longest time.
You have to remember that MIUI started here on xda before Xiaomi bought them out.
Warez or not, MI Store sucks ass, but banning ROMs is pointless, MIUI forum is trash, I still don't know how it works, and some ROM's has backdoors and for example, they send paid SMS to vietnam, That sh!t costed me 50 bucks!!!
zelendel said:
It's not a matter of childish. I have many reason why I would never own one of their devices and that being the fact that the oem is on my jobs banned list.
Also all you have to do is look at any of the so called. Free apps that are paid apps on the Android market.
Make no mistake it was not accidental at all. China is known for things like this.
As for the mods. We have been around long enough to know the story with them so, no none of use would ever touch one of their devices. But that is pointless as it's up to the users to do something with it.
Click to expand...
Click to collapse
hey, I'm curious about these stories that made you stay away from xiaomi devices. May I ask for more information or maybe links about that? Thank you.
khnoizer said:
hey, I'm curious about these stories that made you stay away from xiaomi devices. May I ask for more information or maybe links about that? Thank you.
Click to expand...
Click to collapse
If you look around the internet you will find all the stories you need. They are alos on the military banned list in the US due to ties with the Chinese military.
zelendel said:
It's not a matter of childish. I have many reason why I would never own one of their devices and that being the fact that the oem is on my jobs banned list.
Also all you have to do is look at any of the so called. Free apps that are paid apps on the Android market.
Make no mistake it was not accidental at all. China is known for things like this.
As for the mods. We have been around long enough to know the story with them so, no none of use would ever touch one of their devices. But that is pointless as it's up to the users to do something with it.
Click to expand...
Click to collapse
zelendel said:
If you look around the internet you will find all the stories you need. They are alos on the military banned list in the US due to ties with the Chinese military.
Click to expand...
Click to collapse
Thank you, but I suppose if we use non MIUI rom such as cm, then these risk of using xiaomi devices is gone right? also, what do you think of Mokee Rom? As it's also made by chinese people, and you said that china is known for "something", is it might also poses similar risks?
khnoizer said:
Thank you, but I suppose if we use non MIUI rom such as cm, then these risk of using xiaomi devices is gone right? also, what do you think of Mokee Rom? As it's also made by chinese people, and you said that china is known for "something", is it might also poses similar risks?
Click to expand...
Click to collapse
First let me make one thing very clear. I have nothing against Chinese people that make software. You have to understand the Government that runs the country there, to have a small understanding. You see In china they have the right to monitor everything their citizens are doing on the internet. This is part of the reason for the great firewall of china. So spyware, malware and other software that helps in this are normally sponsered by the Military to help in doing just this.
I have never used it myself but as it is an open source based OS it should be good. You can see just what it is doing. The hard part will be the coding translations, as things dont always translate right.
Any non MIUI based rom should be ok. The problem with that is CM is normally buggy and all the roms use the patch rom setup which is never really stable nor is it something I would trust as that is injecting stuff into a rom that I cant VET.
In this day and age one has to be careful with all these new toys that are coming to many markets across the world.
Remember, You get what you pay for. So if something is too good to be true then you have to find the catch.
zelendel said:
First let me make one thing very clear. I have nothing against Chinese people that make software. You have to understand the Government that runs the country there, to have a small understanding. You see In china they have the right to monitor everything their citizens are doing on the internet. This is part of the reason for the great firewall of china. So spyware, malware and other software that helps in this are normally sponsered by the Military to help in doing just this.
I have never used it myself but as it is an open source based OS it should be good. You can see just what it is doing. The hard part will be the coding translations, as things dont always translate right.
Any non MIUI based rom should be ok. The problem with that is CM is normally buggy and all the roms use the patch rom setup which is never really stable nor is it something I would trust as that is injecting stuff into a rom that I cant VET.
In this day and age one has to be careful with all these new toys that are coming to many markets across the world.
Remember, You get what you pay for. So if something is too good to be true then you have to find the catch.
Click to expand...
Click to collapse
Great explanation, Thank you, sir.
Um, sorry.. may i know what's happen here and why miui store shouldn't be here?
zelendel said:
First let me make one thing very clear. I have nothing against Chinese people that make software. You have to understand the Government that runs the country there, to have a small understanding. You see In china they have the right to monitor everything their citizens are doing on the internet. [ ... ] .
Click to expand...
Click to collapse
You are right about the store, i was quite surprised when i found paid apps there. This is correct.
But i'm not sure if this is still the case, i saw them a year ago, now i couldn't find the apps,
maybe they've cleaned the store in meantime.
And a script removing apps isn't hard, just search for "updater-script remove apps".
BUT i've tried such script on Sony Xperia P, not in MIUI, i don't know if deleting Mi Store (com.xiaomi.mipicks) would cause bootloop or not.
I know that Mi Store enabled/disabled is region dependent, you can disable it when switching to another region in Beta rom.
But deleting? I know that when i've deleted Updater apk, or changed its permissions, it caused bootloop. Needs to be confirmed.
But with government spying - if you want to be honest - maybe we should ban all ROMs tied with Google, which means all Androids?
Remember about PRISM and Edward Snowden?
American's NSA (National Security Agency) ?
I have nothing to American people, just sayin.
But according to former CIA employee, Edward Snowden, Google joined to the NSA spying program in 14 Jan 2009.
I think that you simply have a choice - either give your personal data to American or to Chinese people. (or both).
You can minimize the risk by disabling for ex. Analytics app... etc.
But saying that chinese are spying... USA govt does the same
And better not looking for Echelon project...
But - the main topic here - yes, it's a good idea to remove Mi Store from roms.
One can always add it himself/herself, there are also other stores, F-droid, Aptoid, there is a choice
American companies aren't communist nor are they guilty of some of the most sever human rights violations in the world.
khnoizer said:
hey, I'm curious about these stories that made you stay away from xiaomi devices. May I ask for more information or maybe links about that? Thank you.
Click to expand...
Click to collapse
kocak juga doi.. ditanyak suru kasi bukti malah ngeyel muluk.. emang koplak kalik.. pdhal amrik sama parahnya.. huehuehue..