This is my first post to XDA.
I have been asking this question about various OS's in various forums, for past 18 months, and each time I ask it, the person who answers it spends a few iterations with me bending-over-backwards trying to avoid telling me what I want to know. I hope that this does not happen here.
I have a native C++ application. It currently runs on Linux desktop. It does many things that native C++ applications do, including sending raw Ethernet frames (mesh networking).
Obviously, if one of my customers tries to install this application on his/her Android device, there will be problems, and it won't work.
I am aware that a human being has the ability to root his/her phone.
I am aware that a human being has the ability to root his/her phone.
I am aware that a human being has the ability to root his/her phone.
Please do not send me a reply saying, "But your customer has the ability to root his/her phone!" :cyclops:
What I would like, is a smartphone, that is running Linux, that allows my customer to install a 100% Native C++ application, >>>WITHOUT<<< having to go through the process of rooting his/her phone. Ideally, the barrier-to-installation would be roughly equivalent to what s/he would experience on a desktop computer.
I am not concerned about the presence of X or any particular GUI subsystem, but I will definitely need access to all the normal system-level Linux primitives (multi-threading, asynchronous I/O, etc.)
Please do not send me a reply saying, You can ssh into the phone and install the app that way."
I would like to know if Ubuntu on smartphone allows a relatively naive user to install a 100% native C++ application that interfaces with the system-level primitives of Linux.
And finally, please note that I am not interested in finding a work-around to an engineering problem that I am having. I am trying to determine the maximum permissible degree of nativity of Ubuntu Touch applications when the application is to be installed by a naive user.
If Ubuntu touch does allow such native applications to be installed, I would be interested in getting an idea of the steps that a customer would take.
UT apps can be uploaded as a click app to the UbuntuOne store and then can be installed as easy as any Android app. You should be able to "sideload" click apps, but I never tried.
UT apps - that are not a web app - are written in native C++ using QT5/QML for UI.
UT apps are restricted by apparmour profiles, but that should not keep them from using multithreading or asynchronous I/O. You would have to test, if your specific requirements work.
There is only one way to answer all your questions: give it a try!
Sent from my TF300T using Tapatalk
f69m said:
UT apps can be uploaded as a click app to the UbuntuOne store and then can be installed as easy as any Android app. You should be able to "sideload" click apps, but I never tried.
UT apps - that are not a web app - are written in native C++ using QT5/QML for UI.
UT apps are restricted by apparmour profiles, but that should not keep them from using multithreading or asynchronous I/O. You would have to test, if your specific requirements work.
There is only one way to answer all your questions: give it a try!
Sent from my TF300T using Tapatalk
Click to expand...
Click to collapse
:good:
Yes, you would need to change the packaging system from debian archives to click packages but that shouldn't be too difficult. If you run into problems with the Ubuntu SDK in connection with C++, have a look at this bug report and the mentioned fixes: https://bugs.launchpad.net/ubuntu/+source/qtcreator/+bug/1215913
f69m said:
UT apps can be uploaded as a click app to the UbuntuOne store and then can be installed as easy as any Android app. You should be able to "sideload" click apps, but I never tried.
Click to expand...
Click to collapse
Any idea at all what the user would see when trying to sideload a click app. [I am trying to set my expectations before diving in.] Would the user download package to a directory, then click on it, or?
UT apps are restricted by apparmour profiles, but that should not keep them from using multithreading or asynchronous I/O. You would have to test, if your specific requirements work.
There is only one way to answer all your questions: give it a try!
Click to expand...
Click to collapse
OK, apparmour seems to be the focal point. I would be really interested (if any knows), how restrictive apparmour will be with a newly-purchased UT phone, and what control a naive user of that phone will have in allowing native C++ applications to run. I would check this myself, but I cannot do any significant coding (porting) until mid-March.
In particular, my app works with WiFi, and will need to interact with stock WiFi drivers (mac80211/etc.). I would like to know what I, and the user, can expect when s/he:
acquires my app from my web site
does something to install it (what would s/he do at this step?)
attempts to execute it (will apparmour block access to mac80211-like drivers)
RareHare said:
Any idea at all what the user would see when trying to sideload a click app. [I am trying to set my expectations before diving in.] Would the user download package to a directory, then click on it, or?
OK, apparmour seems to be the focal point. I would be really interested (if any knows), how restrictive apparmour will be with a newly-purchased UT phone, and what control a naive user of that phone will have in allowing native C++ applications to run. I would check this myself, but I cannot do any significant coding (porting) until mid-March.
In particular, my app works with WiFi, and will need to interact with stock WiFi drivers (mac80211/etc.). I would like to know what I, and the user, can expect when s/he:
acquires my app from my web site
does something to install it (what would s/he do at this step?)
attempts to execute it (will apparmour block access to mac80211-like drivers)
Click to expand...
Click to collapse
Applications should be installed from the Ubuntu app store. If you've just got the click package, you currently need to use the command line to install it:
Code:
sudo install <path to package>
sudo register --user=phablet <package name> <package version>
I hope that this will change though. (It's name is "click" package. )
RareHare said:
Any idea at all what the user would see when trying to sideload a click app. [I am trying to set my expectations before diving in.] Would the user download package to a directory, then click on it, or?
Click to expand...
Click to collapse
nikwen said:
Applications should be installed from the Ubuntu app store. If you've just got the click package, you currently need to use the command line to install it:
Click to expand...
Click to collapse
Technically it should be possible to install a click package just by clicking on a web link, if the web site serves a specific mime type, but this is not implemented.
Not sure about Canonical's policy on that, they might not like the idea. Otherwise they might implement it or at least accept a patch from a community developer.
RareHare said:
OK, apparmour seems to be the focal point. I would be really interested (if any knows), how restrictive apparmour will be with a newly-purchased UT phone, and what control a naive user of that phone will have in allowing native C++ applications to run. I would check this myself, but I cannot do any significant coding (porting) until mid-March.
Click to expand...
Click to collapse
Sorry, have not looked myself into the apparmour profiles too closely and don't have the time to do that right now.
However you can download a recent UT rootfs using the link below and have a look at the profiles yourself:
https://system-image.ubuntu.com/pool/ubuntu-cd4246419c888397c0d8debbd9f945219f40fc670220b7ac86753dc79eb73707.tar.xz
RareHare said:
In particular, my app works with WiFi, and will need to interact with stock WiFi drivers (mac80211/etc.).
Click to expand...
Click to collapse
I don't think this is possible with any current or future off-the-shelf phone. Any OS will provide an abstract API for WLAN and require root to talk to the drivers directly.
As you say requiring your customers to root the phone is not an option, this seems to leave only one way out: you need to split off the low-level code of your app into a generic and secure API and submit it to Ubuntu Touch. If it is accepted, your app can use the new API.
f69m said:
Technically it should be possible to install a click package just by clicking on a web link, if the web site serves a specific mime type, but this is not implemented.
Not sure about Canonical's policy on that, they might not like the idea. Otherwise they might implement it or at least accept a patch from a community developer.
Click to expand...
Click to collapse
Of course, it would technically be possible. Recently, I read a Google Plus post on that topic. Here's the link. (The interesting part is in the comments. Read all of them. )
They said that they'll offer those options in the future.
f69m said:
Technically it should be possible to install a click package just by clicking on a web link, if the web site serves a specific mime type, but this is not implemented.
Not sure about Canonical's policy on that, they might not like the idea. Otherwise they might implement it or at least accept a patch from a community developer.[
Sorry, have not looked myself into the apparmour profiles too closely and don't have the time to do that right now.
Click to expand...
Click to collapse
I am in the same situation myself - I do not have enough time to experiment with apparmour, so I'm asking Ubuntu so that I do not have to search/guess.:victory:
I don't think this is possible with any current or future off-the-shelf phone.
Click to expand...
Click to collapse
So it would seem.
Any OS will provide an abstract API for WLAN and require root to talk to the drivers directly.
As you say requiring your customers to root the phone is not an option, this seems to leave only one way out: you need to split off the low-level code of your app into a generic and secure API and submit it to Ubuntu Touch. If it is accepted, your app can use the new API.
Click to expand...
Click to collapse
Well, the low-level code, in my case, is the WiFi drivers. Also, I cannot imagine submitting a new API to Ubuntu Touch every-time a new model for accessing system-level primitives arrive. That would essentially loop Canonical into all of our engineering processes.
Your last comment actually is the crux of the issue. It points to a policy question, not a technical one, and one for which the answer is yes or no. I would imagine that, at this point, Canonical already knows the answer...
Principle:
There are numerous situations where it is good for a native application to not be sand-boxed, but have the same access to the Linux subsystems as a user would have on Ubuntu Desktop. There are situations where the owner of the phone would be sophisticated and comfortable enough that s/he can decide for himself/herself whether an application should be allowed root access to the phone. A fellow engineer called this the "welded-hood" principle:
Do people prefer buying cars that have the hoods welded-shut?
Many people might, but there are a significant number who would prefer not. As it turns out, an automobile can dangerous if the person opens the hood and starts working on things that s/he should not be touching (no pun intended). In the case of the fuel and braking system, it can even be lethal. But in the end, it was decided that, since we are all liberated adults, it is better to allow the customer freedom-of-choice.
What we have, right now, is a situation where the "hoods" on all mobile devices are essentially welded shut. I think that is unfortunate, because there is a huge latent demand for mobile devices that "still have their hoods", but if the user chooses to open the hood, with they key word here being easily, that would be his/her prerogative.
By the default, the system should be sand-boxed, but the user should have a facility that allows him/her access to install some native, system-level applications, easily, just as a user is allowed to tap-off her break fluid or bleed the fuel-line if she so desires, even though there are many warnings about what could happen if the application is installed. The "open-the-hood" operation would come with warnings that the user can choose to ignore, with resulting consequences.
Question:
Will Ubuntu Touch allow the owner of an Ubuntu Touch phone to side-load a native C++ application that interfaces with the various existing WiFi drivers in Linux, if the user decides for himself/herself, that it is OK for the application to interface with such drivers?
I have a feeling that the answer is no, but I am asking here to make sure.
RareHare said:
I am in the same situation myself - I do not have enough time to experiment with apparmour, so I'm asking Ubuntu so that I do not have to search/guess.:victory:
So it would seem.
Well, the low-level code, in my case, is the WiFi drivers. Also, I cannot imagine submitting a new API to Ubuntu Touch every-time a new model for accessing system-level primitives arrive. That would essentially loop Canonical into all of our engineering processes.
Your last comment actually is the crux of the issue. It points to a policy question, not a technical one, and one for which the answer is yes or no. I would imagine that, at this point, Canonical already knows the answer...
Principle:
There are numerous situations where it is good for a native application to not be sand-boxed, but have the same access to the Linux subsystems as a user would have on Ubuntu Desktop. There are situations where the owner of the phone would be sophisticated and comfortable enough that s/he can decide for himself/herself whether an application should be allowed root access to the phone. A fellow engineer called this the "welded-hood" principle:
Do people prefer buying cars that have the hoods welded-shut?
Many people might, but there are a significant number who would prefer not. As it turns out, an automobile can dangerous if the person opens the hood and starts working on things that s/he should not be touching (no pun intended). In the case of the fuel and braking system, it can even be lethal. But in the end, it was decided that, since we are all liberated adults, it is better to allow the customer freedom-of-choice.
What we have, right now, is a situation where the "hoods" on all mobile devices are essentially welded shut. I think that is unfortunate, because there is a huge latent demand for mobile devices that "still have their hoods", but if the user chooses to open the hood, with they key word here being easily, that would be his/her prerogative.
By the default, the system should be sand-boxed, but the user should have a facility that allows him/her access to install some native, system-level applications, easily, just as a user is allowed to tap-off her break fluid or bleed the fuel-line if she so desires, even though there are many warnings about what could happen if the application is installed. The "open-the-hood" operation would come with warnings that the user can choose to ignore, with resulting consequences.
Question:
Will Ubuntu Touch allow the owner of an Ubuntu Touch phone to side-load a native C++ application that interfaces with the various existing WiFi drivers in Linux, if the user decides for himself/herself, that it is OK for the application to interface with such drivers?
I have a feeling that the answer is no, but I am asking here to make sure.
Click to expand...
Click to collapse
Well, your comparison is not quite correct. On most phones, there is a way for an educated user to open the hood. This is usually referred to as rooting the phone. Some companies will give you a tool to unlock the bootloader and thus open the hood easily, for others it is a little harder. But any user has the freedom of choice to open the hood or leave it closed.
Now, what you are asking for is something completely different. You are asking for a closed-source "black box" app to get access to what is under the hood, without the user ever opening it. This would mean opening the door for all kinds of malware, and I sure hope this will not be allowed by Ubuntu Touch . Let an educated user open the hood and place the black box there, if he feels comfortable about it, but don't make it too easy. A user that is not willing or not able to open the hood himself should also not be required to understand the consequences of installing a black box app with root privileges.
And there is another thing to consider: Ubuntu is heading for convergence, meaning the same app runs fine on a phone, on a tablet and on a desktop. This means apps must be written against an abstract SDK and not have access to the actual hardware.
Well, I am afraid we have hit a dead end now, unless you are willing to disclose more details on the functionality of your app.
Sent from my TF300T using Tapatalk
83594455 676
And there is another thing to consider: Ubuntu is heading for convergence, meaning the same app runs fine on a phone, on a tablet and on a
desktop. This means apps must be written against an abstract SDK and not have access to the actual hardware.
Click to expand...
Click to collapse
I think my native, system-level app would not only run on all versions of Ubuntu, regardless of device, but most versions of Linux, on 100's of different hardware devices, without changes to my code. So actually, I would be accessing a standard Linux software interface.
Well, I am afraid we have hit a dead end now, unless you are willing to disclose more details on the functionality of your app.
Click to expand...
Click to collapse
Sure. I would like to send and receive raw 802.11 frames from user-space utilizing the various standard Linux 802.11 system-level API's for mesh networking. My application is entirely user-space, and would run on any stock Linux kernel. My field of work is wireless communication, so naturally, if someone were to offer me a mesh-networking packaging as an alternative, I could not use it - my goal is not to have a mesh network for mesh networking sake, but to create a mesh network using my own user-space algorithms. In other words, I really do need access to the 802.11 drivers.
You can run every system command from your app using C++: http://askubuntu.com/questions/288494/run-system-commands-from-qml-app
The sudo password is "phablet". You could also ask the user for it if it was changed. You can pass it like this:
Code:
echo phablet | sudo -S <my command>
That might help you.
You could also ask in the IRC channel for Ubuntu app development (search the internet and you'll find it). Some Canonical people as well as some awesome community members will surely answer your questions. (But tell us the result, please.)
nikwen said:
You can run every system command from your app using C++: http://askubuntu.com/questions/288494/run-system-commands-from-qml-app
The sudo password is "phablet". You could also ask the user for it if it was changed. You can pass it like this:
Code:
echo phablet | sudo -S <my command>
That might help you.
Click to expand...
Click to collapse
That works for the development images and community ports, but I am afraid if you buy a pre-configured UT phone (once they are available), sudo will not work. At least I would be surprised if a company would give full warranty for a device with working sudo.
Sent from my TF300T using Tapatalk
---------- Post added at 11:14 PM ---------- Previous post was at 11:02 PM ----------
RareHare said:
I think my native, system-level app would not only run on all versions of Ubuntu, regardless of device, but most versions of Linux, on 100's of different hardware devices, without changes to my code. So actually, I would be accessing a standard Linux software interface.
Sure. I would like to send and receive raw 802.11 frames from user-space utilizing the various standard Linux 802.11 system-level API's for mesh networking. My application is entirely user-space, and would run on any stock Linux kernel. My field of work is wireless communication, so naturally, if someone were to offer me a mesh-networking packaging as an alternative, I could not use it - my goal is not to have a mesh network for mesh networking sake, but to create a mesh network using my own user-space algorithms. In other words, I really do need access to the 802.11 drivers.
Click to expand...
Click to collapse
Hmm, never really used the user-space network link interface, but I believe it would be possible to grant the required capabilities to a click application.
You would have to figure out, exactly what capabilities your process needs to run this as a non-root user. Then the right place to ask for supporting this would be the Ubuntu Phone mailing list.
Just a Tip: You should present a very strong use case to get this kind of capabilities. The benefits of using your user-space algorithms should be plain, even to someone just scanning over your email.
Sent from my TF300T using Tapatalk
f69m said:
That works for the development images and community ports, but I am afraid if you buy a pre-configured UT phone (once they are available), sudo will not work. At least I would be surprised if a company would give full warranty for a device with working sudo.
Click to expand...
Click to collapse
When nikwen made the suggestion, I was happy for maybe 2-3 seconds, but then caught myself, because I suspected this.
[Notice how I am saving myself enormous amounts of time and frustration by avoiding downloading the SDK, opening my compiler tool-chain, and experimenting., and discovering all the things that you are telling me as we go along (especially about apparmour). Yes, I am very proud of myself for saving myself so much time by asking questions here. :angel:]
So my question still stands:
Under the assumption that my customers (doctors, scientists, etc.) are mature/sophisticated/responsible/whatever enough to know that the application that they are about to install on their smartphone (mine) is potentially very dangerous, but they are still interested in installing my app, and that they are uninterested in going through the manual process of rooting their phone or engaging in any other type of significant manual reconfiguration, what are my options?
Can Ubuntu Phone to be the OS-of-choice for this situation, or am I out-of-luck?
RareHare said:
Under the assumption that my customers (doctors, scientists, etc.) are mature/sophisticated/responsible/whatever enough to know that the application that they are about to install on their smartphone (mine) is potentially very dangerous, but they are still interested in installing my app, and that they are uninterested in going through the manual process of rooting their phone or engaging in any other type of significant manual reconfiguration, what are my options?
Can Ubuntu Phone to be the OS-of-choice for this situation, or am I out-of-luck?
Click to expand...
Click to collapse
Maybe my second answer and your post crossed? But anyhow, here are the steps you can take:
1) Figure out the minimum set of capabilities your process needs to run as a non-root user.
2) Write an email to the Ubuntu Phone mailing list, describing the required capabilities and a convincing use case that motivates the engineers to have a hard look into it.
Honestly, I think the chances are slim, given the kind of capabilities you probably need. But Ubuntu Touch is probably your best bet of all the OSs out there.
EDIT: Mind that Ubuntu Touch uses a read-only rootfs, with only some config files being writable (via bind mount) and apt/dpkg is not supported. Your app must be running as a click package as a non-root user, but I believe it is technically possible to elevate an app process with certain capabilities. It would be your job to convince Canonical to make the policy decision to support it and to make the effort of implementing it.
EDIT2 (you see, I am giving it some thought): Not sure, how your business plan looks like or if your app makes this approach feasible, but another option could be to open-source your basic algorithms and try to have them included into Ubuntu Touch. Then cash in on an app to make the features easily accessible.
f69m said:
That works for the development images and community ports, but I am afraid if you buy a pre-configured UT phone (once they are available), sudo will not work. At least I would be surprised if a company would give full warranty for a device with working sudo.
Sent from my TF300T using Tapatalk
---------- Post added at 11:14 PM ---------- Previous post was at 11:02 PM ----------
Hmm, never really used the user-space network link interface, but I believe it would be possible to grant the required capabilities to a click application.
You would have to figure out, exactly what capabilities your process needs to run this as a non-root user. Then the right place to ask for supporting this would be the Ubuntu Phone mailing list.
Just a Tip: You should present a very strong use case to get this kind of capabilities. The benefits of using your user-space algorithms should be plain, even to someone just scanning over your email.
Sent from my TF300T using Tapatalk
Click to expand...
Click to collapse
Hm...it would be a bit weird for me to justify the benefits my user-space algorithms to Canonical. My app is not an open-source app. I guess I should have mentioned that first. In any case, I can say that I am "experienced" in this field, and my colleagues, at least, are experts in the field, so if the question is whether I am mistaken in thinking I need this capability, the answer is probably no.
However, you do have me intrigued regarding the granting of capability for a click application. My guess is that this would have to happen within the context of Ubuntu Store and not any other way or?
I ask because it is not yet definite that we will choose Ubuntu Phone. That is what I am determining now. I would hate to get into a situation where we have to "work with" Canonical to get access to the Linux API that we need, which is why I was suggesting putting the decision into the hands of the user. I would also like to avoid "lobbying" Canonical for a feature. It would be more efficient for us if Canonical would simply tell us whether they are going to allow it or not, to what extent, and what would be involved.
Again, what we are asking for is pretty straightforward - access to the standard Linux WiFi drivers from user-space.
There's really not much more to it. I was hoping that, based upon the assumption that we actually need this, that Canonical would be able to give us an answer.
[P.S. Yes, our posts got crossed. ]
RareHare said:
Hm...it would be a bit weird for me to justify the benefits my user-space algorithms to Canonical. My app is not an open-source app. I guess I should have mentioned that first.
Click to expand...
Click to collapse
Well, I somehow guessed it would not be open source, and probably my EDIT2 to my last post (crossed again) is not an option. But make sure to read my first EDIT, it might have helpful information.
I think the question is not, if it is a benefit to Canonical directly, but if it is a benefit to potential users of Ubuntu Touch. The API support you need might be helpful for other applications too.
RareHare said:
However, you do have me intrigued regarding the granting of capability for a click application. My guess is that this would have to happen within the context of Ubuntu Store and not any other way or?
I ask because it is not yet definite that we will choose Ubuntu Phone. That is what I am determining now. I would hate to get into a situation where we have to "work with" Canonical to get access to the Linux API that we need, which is why I was suggesting putting the decision into the hands of the user. I would also like to avoid "lobbying" Canonical for a feature. It would be more efficient for us if Canonical would simply tell us whether they are going to allow it or not, to what extent, and what would be involved.
Click to expand...
Click to collapse
Any decision taken by the user must first be implemented by Canonical, or there is no way for the user to make that decision. Unfortunately, I am not an expert on UT app development and the UT SDK, working mostly on low-level things like porting UT to my own device. But, as an example, it should be possible to have an API that creates a sub-process with elevated capabilities (there might be a more elegant solution). Still Canonical will have to implement that and to do this, they need some kind of motivation. The motivation could be a good use case that shows potential for other applications or indeed "lobbying" them directly (which probably means to send them some money).
RareHare said:
Again, what we are asking for is pretty straightforward - access to the standard Linux WiFi drivers from user-space.
There's really not much more to it. I was hoping that, based upon the assumption that we actually need this, that Canonical would be able to give us an answer.
Click to expand...
Click to collapse
I have not really used those APIs, but I assume that the kernel capabilities needed for this are usually granted to the root user only. I am pretty certain that UT will not allow you to run a process as root, but as mentioned above, it should be possible to create a subprocess with certain elevated capabilities.
f69m said:
Well, I somehow guessed it would not be open source, and probably my EDIT2 to my last post (crossed again) is not an option. But make sure to read my first EDIT, it might have helpful information.
Click to expand...
Click to collapse
OK.
f69m said:
I think the question is not, if it is a benefit to Canonical directly, but if it is a benefit to potential users of Ubuntu Touch. The API support you need might be helpful for other applications too.
Click to expand...
Click to collapse
Well, the API that I need is definitely helpful for other applications. Namely, it is helpful to any application that already uses it. And there are many such applications that use the 802.11 WiFi drivers that come with Linux.
Any decision taken by the user must first be implemented by Canonical, or there is no way for the user to make that decision. Unfortunately, I am not an expert on UT app development and the UT SDK, working mostly on low-level things like porting UT to my own device. But, as an example, it should be possible to have an API that creates a sub-process with elevated capabilities (there might be a more elegant solution). Still Canonical will have to implement that and to do this, they need some kind of motivation. The motivation could be a good use case that shows potential for other applications or indeed "lobbying" them directly (which probably means to send them some money).
I have not really used those APIs, but I assume that the kernel capabilities needed for this are usually granted to the root user only. I am pretty certain that UT will not allow you to run a process as root, but as mentioned above, it should be possible to create a sub-process with certain elevated capabilities.
Click to expand...
Click to collapse
OK.
I am going to send an email to Canonical asking if they could articulate, clearly, in a manner that a Linux C/C++ software engineer can understand, their policy on native application development. Here's what it currently says on their Wiki:
Which applications do run on Ubuntu Touch?
Ubuntu Touch is primarily designed to support web apps, and native apps programmed in qml and javascript or C++. As it is a real linux, of course all non graphical applications run equally as on any other linux system. You can ssh to Ubuntu Touch and run any console based application.
X11 is not supported (so far) so all GUI standard applications will not run.
This is slightly confusing, because it gives the impression that, with the exception of X11, the run-time environment on Ubuntu Touch is equal to the run-time environment on Ubuntu Desktop.
Obviously, that is not true. Native applications on Ubuntu Touch are sand-boxed. My customer can run a console app on Ubuntu Desktop just fine, but on Ubuntu Touch, she cannot not - I guess she could if she rooted or re-flashed her phone, but that is not practical.
I think Canonical should make it clear that native C/C++ applications on Ubuntu Touch will be sand-boxed. Then they should articulate, clearly on their web site, just how that works, at least the part that they know so far.
The reason I feel this is necessary is that there are a lot of developers who read the press releases and see the words open source native C/C++, more open than Android, etc...and they get the impression that it is basically Ubuntu Desktop for small form-factor, but that is not quite true.
Spelling-out, explicitly, Canonical's native C/C++ strategy would save such developers a lot of time and hacking trying to figure out what is feasible and what is not.
To be fair, I just received feedback from a competitor to Ubuntu Touch, giving me assurances that the competing OS will allow the user/owner of the phone to determine whether any software should have root access, etc - basically, like the desktop version of the OS. I will send them an email asking them if they could make public what they have assured me in private.
These are things that should be crystal clear to C/C++ software developers long in advance before committing to a platform. I can only imagine the time that would have been lost if I had misinterpreted what Canonical wrote above, only to find out that there is nothing practical that my customer can do to install my application as easily as they would on Ubuntu Desktop because of the sandbox that cannot be easily turned-off.
RareHare said:
I think Canonical should make it clear that native C/C++ applications on Ubuntu Touch will be sand-boxed. Then they should articulate, clearly on their web site, just how that works, at least the part that they know so far.
Click to expand...
Click to collapse
Of course I can't speak for Canonical and I might be wrong, but I would really be surprised, if it was possibly to run applications as root on an off-the-shelf Ubuntu Touch device.
RareHare said:
To be fair, I just received feedback from a competitor to Ubuntu Touch, giving me assurances that the competing OS will allow the user/owner of the phone to determine whether any software should have root access, etc - basically, like the desktop version of the OS. I will send them an email asking them if they could make public what they have assured me in private.
Click to expand...
Click to collapse
Interesting, but then it might be a difference between the "reference" implementation and what is being delivered on an out-of-the-shelf phone. I can't belive a device vendor to take the risk of allowing root access and still providing full warranty. Most likely the user will have to accept a "no warranty" waiver to get root access, if that feature is not completly disabled by the device vendor. The same kind of holds for UT, as sudo works on the development images as mentioned previously.
EDIT: Make sure the feedback you received does refer to an actual device that is/will be available for sale and not to a development platform. Marketing wording can be tricky about simple issues like that,
RareHare said:
These are things that should be crystal clear to C/C++ software developers long in advance before committing to a platform. I can only imagine the time that would have been lost if I had misinterpreted what Canonical wrote above, only to find out that there is nothing practical that my customer can do to install my application as easily as they would on Ubuntu Desktop because of the sandbox that cannot be easily turned-off.
Click to expand...
Click to collapse
Agreed, but the same holds for any other platform.
f69m said:
Of course I can't speak for Canonical and I might be wrong, but I would really be surprised, if it was possibly to run applications as root on an off-the-shelf Ubuntu Touch device.
Interesting, but then it might be a difference between the "reference" implementation and what is being delivered on an out-of-the-shelf phone. I can't belive a device vendor to take the risk of allowing root access and still providing full warranty. Most likely the user will have to accept a "no warranty" waiver to get root access, if that feature is not completly disabled by the device vendor. The same kind of holds for UT, as sudo works on the development images as mentioned previously.
Agreed, but the same holds for any other platform.
Click to expand...
Click to collapse
I was very careful in asking the UT-competitor what their policy would be with regard to the subject of this thread, and they assured me that, when they say open, they really do mean open, as in open-like-the-desktop. However, just now, I found clues on the Internet what they said might not be quite true. So I just sent a grab-me-by-the-ears-while-you-are-speaking email asking them to be clear.
However, they have committed to allowing the user to install my application. They know that my application will open a device driver, and they said that it should work fine, that they would allow the user to do it, and that they had already intended to create a feature where the user gets to decide, after a WARNING, though they are not yet certain what this feature will be called. Note that they are not doing this for me alone. They are doing it, in general. In other words, they are doing what I proposed earlier: give the user the choice of whether to "use metal chainsaw".
As far as voiding the warranty goes...honestly, I do not think that will be a problem. As you know, I can write software that will wipe my hard disk clean on Windows, right now, put it up on my web site, and anyone in the world can download that software, and the most that will happen before they install my application is that they will get a brief warning. So the model for allowing the user to do foolish things has been with us for a while, and companies are still very profitable with this model, and despite viruses (I developed anti-virus algorithm that some of you use, btw), most people are happy with the level-of-control they get with their desktop devices. When Windows Vista tried to remove some of it, even moderate users were very angry, as you know.
I think that, especially for cell-phone carriers in the USA (Verizon, AT&T, Sprint)...the reason is not so much to protect the consumer, but to make sure that the user is not able...for example...to remove the bloatware that they put on the phone. It is more about controlling the customer experience for profit than for protection or being liable for damages.
The UT-competitor has probably figured out that there is a market for a truly open mobile platform, one where the decision of what happens to the device reverts to the owner of the device. They are probably counting on all the pent-up demand of C/C++/etc. native software developers who have been trying to escape the Android/Java iOS/* Sandbox, and not only that, the developers who are able to create revolutionary innovations if they had more access to the Linux API. My guess is that, once one OEM takes this path, the others will not have any choice but to follow, because there will be a free-for-all (no pun intended) in the development market. It will be messy, perhaps, but there will no longer be any restrictions on getting the most out of the device.
It will definitely be more efficient to decouple development from deliverance.
Well, sounds good, just hope that they will find an OEM that shares their views. I think Desktop/Windows is not a relevant reference, as nobody will send their PC back to Microsoft, if it is not working. And if you want to use official MS support you are paying dearly. On the other hand support/warranty is a huge concern for phone and tablet vendors.
Again, not being able to run a process as root on a UT device is my personal opinion and I am not speaking for Canonical or their partners.
EDIT: Do the "bad" operations you mentioned work on Windows 8 phone? I suppose not.
Sent from my TF300T using Tapatalk
Related
Just a question, not really to the Vibrant but it's the phone I have.
Anyways, at school (tech dept) we use a program that we use for job requests. We can use the client or a web based version. but the Web Based requires IE to work properly. I tried loading it on the Dolphin but it doesn't seem to work on that or the Default browser. Is there anyway to get this to work on Andy?
We are looking to get Android Tablets for the techs and would like to use it.
Really biggest question is... is the site coded in asp (.Net derivative or otherwise)...
Second would be, are you ALLOWED to edit the source to comment out the IE requirement. (Assuming the site does browser detection).
Honestly, doubt you could make it work easily.... Unless the webclient doesnt do browser detection and its just on paper "IE only".
I'm in the same boat, IE only webapp (.net and ajax). I use PocketCloud vnc app to remote into a windows box and run it that way. Works well for me.
Sent from my SGH-T959 using XDA App
Haxel said:
Really biggest question is... is the site coded in asp (.Net derivative or otherwise)...
Click to expand...
Click to collapse
How is that a factor?
ASP, ASP.NET, et. al .NET back-end frameworks, don't require IE.
lol
Teamviewer is another app that works awesome as well. Just install Teamveiwer android app and teamviewer on your computer and you will be able to remote in without much difficulty.
Basically what we want to do is have the tablets and be able to use the web based version of the app to push things out to comptuers/look up work orders. The program is called Altiris. So third party apps like Teamviewer wouldn't be needed.
From Altiris we can push updates, programs via scripts to all computers on the domain, and apparently the app requires IE.. I don't have the exact details. I have emailed our lead guy working with Altiris to see if we can edit the tag for IE requirement or changing the browser check, havent' heard anything yet.
EDIT: Sorry for being kind of vague and short on the OP.
We use Alteris at my company as well and from a user perspective it is one painful app to have to deal with. When it scans the computer it slows down the user computer like nothing else.
presence06 said:
Basically what we want to do is have the tablets and be able to use the web based version of the app to push things out to comptuers/look up work orders. The program is called Altiris. So third party apps like Teamviewer wouldn't be needed.
From Altiris we can push updates, programs via scripts to all computers on the domain, and apparently the app requires IE.. I don't have the exact details. I have emailed our lead guy working with Altiris to see if we can edit the tag for IE requirement or changing the browser check, havent' heard anything yet.
EDIT: Sorry for being kind of vague and short on the OP.
Click to expand...
Click to collapse
Sounds like it's using active directory roles to do various things via built-in windows mechanisms.
A start would be to authenticate your device on the domain. No idea where to begin with that, though.
What mrxela was probably trying to say is that it could be using ActiveX. Do you know if this is the case?
Ian
It's kind a pain, esepeically when it goes down. But it is useful.
ipugh said:
How is that a factor?
ASP, ASP.NET, et. al .NET back-end frameworks, don't require IE.
lol
Click to expand...
Click to collapse
... oh lol your telling me a joke right? Your giving me a question then guessing answer to it... that must be your intent.
Based on coding, Firefox for various reasons does not acknowledge the "shortcuts" in code (usually the main reason asp sites do not work in FF, or "undocumented" microsoft api calls). Other browsers have similar issues, or may have a different issue with the same piece of code. Any more detail than that serves no purpose. So yes, ASP, ASP.NET and the framework can REQUIRE/ONLY work in IE. Thats why it is a factor.
I'll report back with hopefully some answers to these questions
Haxel said:
... oh lol your telling me a joke right? Your giving me a question then guessing answer to it... that must be your intent.
Based on coding, Firefox for various reasons does not acknowledge the "shortcuts" in code (usually the main reason asp sites do not work in FF, or "undocumented" microsoft api calls). Other browsers have similar issues, or may have a different issue with the same piece of code. Any more detail than that serves no purpose. So yes, ASP, ASP.NET and the framework can REQUIRE/ONLY work in IE. Thats why it is a factor.
Click to expand...
Click to collapse
You are unequivocally incorrect.
To say that IE is more lenient on various standards is one thing, but to describe it in such a fashion that you have is completely wrong.
A browser is not making "api" calls to "undocumented" Microsoft libraries. lol.. Further, a browser is interpreting markup that is controlled by the developer. As far as I know, there are no back-end frameworks that limit or control what markup you generate.
This has zero to do with Microsoft, and a lot to do with browser-specific javascript or markup, etc.
But really, you're incorrect and to purport your answer as being a solution or a reason is not only wrong, but could potentially derail his efforts.
Ian
I wish I had more info on altiris, we reviewed it about 2 years ago and went with Landesk and SCCM combo. I dont remember much about it, if its AD integrated you may have other issues to add on to your plate along with the browser detection.
I might be able to find the old install CD on our share and see, but wouldnt be until Monday that I could go to the office to find it.
ipugh said:
You are unequivocally incorrect.
To say that IE is more lenient on various standards is one thing, but to describe it in such a fashion that you have is completely wrong.
A browser is not making "api" calls to "undocumented" Microsoft libraries. lol
This has zero to do with Microsoft, and a lot to do with browser-specific javascript or markup, etc.
But really, you're incorrect and to purport your answer as being a solution or a reason is not only wrong, but could potentially derail his efforts.
Ian
Click to expand...
Click to collapse
oooh you must be a programmer, thats great. Over thinking is a programmers strong point. I have to fix that kind of stuff all the time. Up until later in the posting you didnt even know the software he was using.
As far as "undocumented api", you can embed .NET applications into the site (as you should know)... along with vbscript ect ect. Which with proprietary software they can/have added such in and gone OOPSIE DONT APPLY PATCH X OR IT WILL BREAK. (Which BTW is why some calls remain "undocumented" as microsoft is not sure they wish to keep it in the current form for whatever reason.) This can and does involve microsoft, or am I mistaken C# and the like is microsoft engineered and is using their own proprietary interpreter (.NET). Even if it is server side, the client side matters. Not to mention if it uses ActiveX...
I was giving the poor soul warning on speed bumps he MAY run across. Take it as you will. This wasnt an epeen contest.
Haxel said:
oooh you must be a programmer, thats great. Over thinking is a programmers strong point. I have to fix that kind of stuff all the time.
Click to expand...
Click to collapse
Engineer. And I correct people who are incorrect on a regular basis.
Ian
Just to clarify, I have the pleasure of having to use a web based in-house app built in CF, app was coded with to specifically check for firefox client and disallow any other clients. Yes, it can be changed fairly easy to work with other browsers, but that's on infinite back-burner...
Another set of web apps is built in .NET with third party ajax modules. It does not run a client check, but no browser except IE6 and above is able to even load these applications. .vb code behind does not exist so no one can even begin to touch anything without messing up another process.
VNC and desktop clients are your ray of hope when you are knee deep in doo doo!
The Web Address/website needs Active X and has a .cab file that gets installed to use the Altiris web client..
Bump.
So if this site requires Active X to run properly is there a way to run it on a different browser or in Stock Android Browser?
presence06 said:
Bump.
So if this site requires Active X to run properly is there a way to run it on a different browser or in Stock Android Browser?
Click to expand...
Click to collapse
Active X is a Microsoft only technology and IE is the only browser that supports it. There are ways to do most things that can be done with Active X using other client side technologies and in some cases plug-ins, but it requires more work and a larger support footprint on the part of the developer. If the developer does not support or provide a plug-in for your browser or have an alternate page that will do the same thing in javascript then you are going to be stuck with IE.
On the Android mobile platform having add-on or plug-in ability means either using Dophin HD, or Firefox Mobile (used to be Fennec). However, this is a moot point since it sounds like the developers have chosen not to support the platform.
This is where pressure from clients that have purchased their software comes in. With the right pressure they may add the ability or at least put it in the roadmap for a future version, but for right now you are most likely stuck with Internet Exploder.
Hi all
Does anyone know if I can run kde-based software on the developer alpha of Ubuntu for tablets yet please? Not expecting reliability, just want to do some child user testing of the edubuntu suite on tablets.
Thanks
Chris
Currently you can't and probably neither in the near futur 'cause you need an X Server for that.
And there is no X server on ubuntu touch.
Huge thanks, that is really useful
Hempe said:
Currently you can't and probably neither in the near futur 'cause you need an X Server for that.
And there is no X server on ubuntu touch.
Click to expand...
Click to collapse
After some research on your reply I've a couple questions. Does it mean the Unity interface doesn't need X-server? Or are they just using a temporary workaround until X-server is implemented?
And does this apply to both Ubuntu for Android, and Ubuntu for tablets?
Huge thanks
Having done some further research I've made my decision - thanks hugely for providing the missing link in my knowledge. What follows is my best interpretation of the rumours.
Currently in place of X-server is SurfaceFlinger, ("because X-server uses 30 yr old code" - Canonical). Canonical publicly dabbled with using Wayland until mid-Feb, then decided to create their own revamped display server from scratch, called Mir, which they seem to have been working on since mid last year, and are trying to get GPU vendors to support, written to run across all devices and to meet the needs of the Unity interface, and written in Qt/QML which is what they want native apps written in.
Bottom line for me, is that the technology is still right up there in the clouds and nowhere near decided enough to base my business strategy on. Also, Ubuntu for tablets seems a pretty thin version of Ubuntu anyway, so Edubuntu was never an option and I'm unlikely to be able to leverage much from Ubuntu's Open Source libraries anyway.
Like others, (see the comment on jonobacon.org below), I find it frustrating that the wealth of code written for Ubuntu is no longer usable, but I reckon this is probably necessary to squeeze the most out of every single CPU cycle and milliamp. Ubuntu for tablet is dead in the water if it kills the battery and performs worse than the established competitors.
Therefore all indications are I need to write for Android, keeping my options as open as possible to migrate. So it is now Titanium/UnityIDE versus HTML5, particularly assessing relative performance.
http://www.omgubuntu.co.uk/2013/03/canonical-announce-custom-display-server-mir-not-wayland-not-x
http://www.jonobacon.org/2013/02/21/five-ubuntu-touch-facts/ -- not the article but the comment starting "In that case, wouldn't it be better to port existing apps instead of...."
http://www.omgubuntu.co.uk/2013/02/canonical-working-on-new-display-server
http://www.phoronix.com/scan.php?page=news_item&px=MTMwOTM
Just to clarify.
1. There are plans to make a X-Mir compatibility layer that will allow you to run programs that require an X-Server to work with mir.
2. Not all is lost at the moment it just looks that way.
Only Graphical Userinterfaces are affected. Your commandline tools and libraries don't need to be changed.
3. If you are looking for platform to write apps for, well there is worke being done to let you run your QML apps (intended for ubuntu touch) on android.
So if you choose to make QML apps they can be or will be able to run on linux, mac, windows and android
Wow, huge thanks, I missed that.
Does this mean EVERYTHING Ubuntu without a GUI will work? I want to run a NodeJS server. How likely is it that it will work perfectly now? How likely is it that it will work perfectly in the (nominally October 2013) release? (Sorry, just give me a keyword and I'll go off and do my research.)
Is Canonical planning to get X-Mir into the next ~Oct release?
My other query was whether QML on Android would perform as well. For others interested, it looks like it works directly with the Android SurfaceFlinger, bypassing the Dalvik VM, so performance should compare with native Java code.
Huge thanks once again
Chris
Sources:
http://www.youtube.com/watch?v=TEkubKZaUt8
http://victorpalau.net/2013/01/25/ubuntu-qml-todo-android-vs-ubuntu/
Hi all,
I'd like to share great news. Sicher, our free secure messenger finally comes to Windows Phone.
Sicher features true end-to-end encryption of both text messages and file attachments. With anonymous push notifications and the ability to set a timer for when messages will self-destruct, Sicher also includes password protection for the app itself.
Please try Sicher and share your feedback in this post.
FairyMary
Sicher Team
App is free, store link is here: EDIT: Removed because this thing looks like a scam and its description is a lie
I haven't been able to find a lot of info about how the app works (I'm talking about at a very technical level). My general advice regarding crypto code is to open it up for review, either publicly or by a professional security assessment firm (disclaimer: I work at one of those). If the code is already open for review somewhere, that would be awesome; if not, I recommend getting in touch with some external security experts (same disclaimer, but I can provide contact info if you want). The Internet is full of things that the developer claimed (and often even sincerely believed) were secure.
Aaaand just for fun, I decided to take a look at the app and see if there was anything obviously wrong. Let's start with the presence of no fewer than *three* advertisement networks, shall we? Begun Advertising is Russian and Google-owned, Google AdMob is self-explanatory, as is Microsoft Advertising Mobile. Your store description claims you
don’t use any advertising engines
Click to expand...
Click to collapse
. Did you really think nobody would check this?
WTF are you trying to pull here?!? I can't think of any way to faster burn trust in a "secure" app than to make a claim that is trivially disprovable in a way that benefits nobody except you.
I'll come right out and say it: Sicher looks like a scam!
Oh look, a Facebook library as well. Totally expected to see that, given that you
don’t integrate social network SDKs
Click to expand...
Click to collapse
Oh, and before anybody asks about responsible disclosure, that's for when there's an unintentional bug in somebody's code. This just looks like pure exploitation of your users! (I say "looks like" because I haven't actually decompiled the code to see if those libraries are being used, but it's hard to imagine why you'd have them otherwise...). The only responsible way to disclose malware is to do it publicly, and this looks malicious.
EDIT: I'll give you 24 hours to give me a good argument why I shouldn't report my findings to the stores themselves.
Time's up. You actually got over 48 hours because I was busy yesterday. Hope not too many people got scammed and tracked by your "secure" and "private" app...
Hey @GoodDayToDie, unfortunately I don't know where else to ask this, since you seem to be really interested (and skilled) in this topic, what messengers do you consider secure? WhatsApp is obvious, the only ones on Windows Phone I know of that come to my mind are Telegram and (soon) Threema.
What do you think about the two? I have basically no knowledge, but what seems odd to me about Threema is their faqs answer to "what about MITM?" they just say they use certs, hardcoded in the app. Aren't they with their servers in control then? How I understand this, the Threema servers could perfectly perform a MITM attack.
And Telegram has a completely confusing protocol.. So please share your thoughts!
I have no personal knowledge of one, sadly. Take anything I say here with a huge grain of salt (including the fact that Sicher looks like a scam; I haven't actually verified that it *uses* all those ad networks + Facebook that it integrates, just that it has them) as I'm not spending the time & effort for a full security review of these apps at this time.
Threema actually looks quite good.
Pros:
They don't try to implement the crypto themselves (they use NaCl, which is both written by people who know what they're doing, and well-reviewed).
The design of their end-to-end solution makes sense (it connects through the server since phone networks won't allow incoming/direct connections, but the messages are encrypted to only the recipient and doesn't require that the recipient be online to receive the message).
They are relatively open about how things work (although those *could* be lies; I haven't pulled the app apart).
It is possible for the user to verify the key of another user.
Cons:
They don't have Perfect Forward Secrecy on messages. PFS would require that the intended recipient be online at the start of any given conversation (to negotiate the ephemeral keys) so this isn't terribly surprising, but it is disappointing. An attacker (including a government agency) who gets access to your private key could decrypt historical traffic to you if they'd recorded it.
The app is proprietary; there's nothing stopping them from pushing a malicious update.
The server supplies the public keys of users; until such time as the user validates the other party's key (which is difficult to do except in person) the server could have sent a public key that the server has the private key for (instead of the user's own public key) and then MitM the user's traffic. This would break down when verified though, unless the app lied about the result of the verification process (you don't actually see the key itself).
To address your concern about MitM, the app says they use certificate pinning (a standard and very smart security measure, assuming they did it right) for app-to-server communication, so nobody (including third-party security engineers) can MitM the app traffic. They also claim to use PFS. However, if the server itself is untrusted (i.e. some government thugs show up to demand access, although bear in mind that apparently the servers are all in Switzerland) then the server could give you the wrong public key for a user you try and add, allowing the server to MitM you. Also, the company could push an update that is malicious.
The only protection against the server-sends-wrong-key threat is to either require that the user manually import all keys (think PGP minus keyservers and assuming trustworthy key exchanges) or exactly verify the key (i.e. personally ensure that it matches the other user's key by actually checking the bytes or at least the hash). The only protection against the malicious update is to make the source code available and have a method by which users can either compile it themselves (though see "Reflections on Trusting Trust") and/or have a way to verify the application binaries.
I'll look at Telegram later. For the moment, though, I would loosely recommend Threema once it's available. There's also Skype, of course, but while it was decompiled once long ago (and found to use secure encryption, although some non-crypto vulns were found) that was many versions ago (and, in particular, was before Microsoft bought them).
how secure is Remix-os and Android-X86?
can I, for example, run my bank-app on it?
Thats a good question...
Do you trust google?
Would you trust ex-google employees? (Remix developer team)
Do you trust.. all your apps, that you installed?
The RemixOs M comes pre-Rooted and has therefore a higher chance for malware takeovers
So... how knows
Ps... installing a firewall.. is adviced (like netguard,you can select what apps can connect to the web)
capoeiraES said:
how secure is Remix-os and Android-X86?
can I, for example, run my bank-app on it?
Click to expand...
Click to collapse
That sort of thing depends on the bank app. Most have set conditions that have nothing or very little to do with Android version but rather the hardware used [where they can ensure the OS is exactly the same and unaltered on the same device]. Bank apps may report things like 'altered OS detected' or 'you're device has been rooted' and refuse to work; but most of the time the issue is that the device itself is blacklisted by the app.
mitchell4you said:
Thats a good question...
Do you trust google?
Would you trust ex-google employees? (Remix developer team)
Do you trust.. all your apps, that you installed?
The RemixOs M comes pre-Rooted and has therefore a higher chance for malware takeovers
So... how knows
Ps... installing a firewall.. is adviced (like netguard,you can select what apps can connect to the web)
Click to expand...
Click to collapse
This is false having a rooted device can actually increase security if you know what your doing.
Sent from my DROID Turbo using XDA-Developers mobile app
gangrenius said:
This is false having a rooted device can actually increase security if you know what your doing.
Sent from my DROID Turbo using XDA-Developers mobile app
Click to expand...
Click to collapse
Man I know Linux (Arch) very well, but I still don't understand Android.
can I do things like compile Linux packages in terminal? or does Android only execute APK?
I have the same concern as OP. I understand computer security but I can't say the same about phones/tablets.
My concern is, would it be possible for the OS to log your key entries and have access to those data? Or keep a log in the system that contains sensitive data? I know, I sound paranoid but it's better to be safe than sorry. I just installed RemixOS on my old Nexus 10 and I'm really impressed with the performance.
I always have these types of concerns when installing custom roms. If someone can help me understand the situation better, I'd appreciate it. Thank you.
hooman64 said:
I have the same concern as OP. I understand computer security but I can't say the same about phones/tablets.
My concern is, would it be possible for the OS to log your key entries and have access to those data? Or keep a log in the system that contains sensitive data? I know, I sound paranoid but it's better to be safe than sorry. I just installed RemixOS on my old Nexus 10 and I'm really impressed with the performance.
I always have these types of concerns when installing custom roms. If someone can help me understand the situation better, I'd appreciate it. Thank you.
Click to expand...
Click to collapse
NO. I don't recommend sensitive data running Windows 10, Ubuntu based distro's, android, or IOS
the way how Jide is displaying ads in the OS is a definite IDGAFF about security.
as for android-x86
http://www.android-x86.org/documents/analytics-program
WIndows 10
adobe flash built-in. if you remove it you lose system updates.
good luck disabling cortana. if you actually manage system updates will enable it again
Ubuntu
12.04.1 LTS user updated to try newer LTS's. WTF did canonical do?
Maromi said:
NO. I don't recommend sensitive data running Windows 10, Ubuntu based distro's, android, or IOS
the way how Jide is displaying ads in the OS is a definite IDGAFF about security.
as for android-x86
http://www.android-x86.org/documents/analytics-program
WIndows 10
adobe flash built-in. if you remove it you lose system updates.
good luck disabling cortana. if you actually manage system updates will enable it again
Ubuntu
12.04.1 LTS user updated to try newer LTS's. WTF did canonical do?
Click to expand...
Click to collapse
Well I see your point, what I mostly am concerned about is that RemixOS is closed source, so I don't know if users data could be abused or used in a way that is not ethical. Again, I am not saying it is. I just am curious to know if there is evidence proof that it's not. I'm just trying to be more educated in this regard. Thank you.
hooman64 said:
Well I see your point, what I mostly am concerned about is that RemixOS is closed source, so I don't know if users data could be abused or used in a way that is not ethical. Again, I am not saying it is. I just am curious to know if there is evidence proof that it's not. I'm just trying to be more educated in this regard. Thank you.
Click to expand...
Click to collapse
closed source is the problem. we don't realy know what is in the code at all.
capoeiraES said:
closed source is the problem. we don't realy know what is in the code at all.
Click to expand...
Click to collapse
True!
Does anybody know if there is a tool to monitor OS activities?
To monitor data.. android tuner by 3c (you can also manage startup apps)
To manage data.. netguard.. firewall, seems a to be a good app
Cheers
mitchell4you said:
To monitor data.. android tuner by 3c (you can also manage startup apps)
To manage data.. netguard.. firewall, seems a to be a good app
Cheers
Click to expand...
Click to collapse
Thanks buddy.
If you really want to find out exactly what it's doing set it up with a wired Ethernet connection through a trusted device (device would need two Ethernet ports.) Run wireshark or similar on trusted device. Leave it in this configuration for days, not hours. As for security in android your best bet, as with all modern electronics, is to invest in a hardware firewall to put it behind. Untangle NG or the like can even be run on an old computer. Failing that, root plus a firewall that writes to IPtables, which is what protects most of the internet anyway. AFWall+ is an example of that.
tjmidnight420 said:
If you really want to find out exactly what it's doing set it up with a wired Ethernet connection through a trusted device (device would need two Ethernet ports.) Run wireshark or similar on trusted device. Leave it in this configuration for days, not hours. As for security in android your best bet, as with all modern electronics, is to invest in a hardware firewall to put it behind. Untangle NG or the like can even be run on an old computer. Failing that, root plus a firewall that writes to IPtables, which is what protects most of the internet anyway. AFWall+ is an example of that.
Click to expand...
Click to collapse
This is great info. I m gonna try this and see if I get anywhere. Thank you very much for the info.
I'm not a developer but I have knowledge about Linux and how PCs in general work. Is there any book/course that explains how android works on a deeper level? I'm not interested in apps or user UIs, I want to know the deeper levels like how partitioning works, how the OS is loaded, why some bootloaders are locked by default, what a custom recovery is or what is the first thing to load when you power on your phone/tablet (do phones have a BIOS like PCs or anything equivalent?). Thanks in advance.
I'm also interested in this, but I think the answer is it's a bunch of undocumented proprietary baseband processor junk nobody will share for the boot, then the rest is basically a Linux distro made by 1000 monkeys on 1000 typewriters copy/pasting stuff provided by their hardware vendors together, and the components of that also probably have no documentation or incorrect documentation.
Just browsing through directory structures on a rooted phone there's so much unused and inaccessible junk like config files for really old versions of android, random vendor apks that aren't configured, and firmware for other processors strewn all over, sometimes multiple copies of the same structure, that it makes no sense. It looks like a bunch of vendors gave their support libraries to manufacturers with the intent they'd delete the unused parts and copy the used parts in, but the manufacturers don't understand how to do that so they just paste the same full directory structure several different places until it starts working.
If it made any sense, some people would just learn it and rooting new phones wouldn't be hard.
dan2525 said:
I'm not a developer but I have knowledge about Linux and how PCs in general work. Is there any book/course that explains how android works on a deeper level? I'm not interested in apps or user UIs, I want to know the deeper levels like how partitioning works, how the OS is loaded, why some bootloaders are locked by default, what a custom recovery is or what is the first thing to load when you power on your phone/tablet (do phones have a BIOS like PCs or anything equivalent?). Thanks in advance.
Click to expand...
Click to collapse
The rabbit hole goes as deep as you want it to. I have plenty of information to get you started. Happy digging!
*A general overview of the android boot process, thanks to the Lineage OS developers.
*An old, but good read on reverse engineering aboot.
*And a much more recent article on reverse engineering android. It gets very detailed in this one. It also goes into the low level processes of android. Like; What loads the bootloader? That kind of stuff. I think this is what you're after. Hope it helps.
About the bios question. The short answer is, "kind of". They have a very simple and proprietary one that's not easy to access. It also does not function in the same ways that a PC bios does. It's more like a motherboard programmer. It's hard to explain. The last article goes into some of that.
Spaceminer said:
The rabbit hole goes as deep as you want it to. I have plenty of information to get you started. Happy digging!
*A general overview of the android boot process, thanks to the Lineage OS developers.
*An old, but good read on reverse engineering aboot.
*And a much more recent article on reverse engineering android. It gets very detailed in this one. It also goes into the low level processes of android. Like; What loads the bootloader? That kind of stuff. I think this is what you're after. Hope it helps.
About the bios question. The short answer is, "kind of". They have a very simple and proprietary one that's not easy to access. It also does not function in the same ways that a PC bios does. It's more like a motherboard programmer. It's hard to explain. The last article goes into some of that.
Click to expand...
Click to collapse
Do you know if there is any tool that lists all the various initscripts and settings in use on a running system? I'd like to remove Google entirely from my phone, but there are so many firmwares and initscripts all over the place that I can't even figure out which ones are actually used to run the system. Half of the settings files, properties, and commands return 0 results or 3-4 useless results when searching for them on the internet.
ZHNN said:
Do you know if there is any tool that lists all the various initscripts and settings in use on a running system? I'd like to remove Google entirely from my phone, but there are so many firmwares and initscripts all over the place that I can't even figure out which ones are actually used to run the system. Half of the settings files, properties, and commands return 0 results or 3-4 useless results when searching for them on the internet.
Click to expand...
Click to collapse
The best way to remove google entirely is to flash a custom ROM or GSI if your device supports it. You really only need to look in system/app and system/priv-app for google stuff. Some phones use stock Google apps for things like the Calendar or MMS. So, to run google-less you may need to replace some system apps as well. Just a warning, even if you already know this. Removing certain apps, even google apps, may cause problems for normal operation. Definitely make a backup before deleting anything in the system.
ZHNN said:
Do you know if there is any tool that lists all the various initscripts and settings in use on a running system? I'd like to remove Google entirely from my phone, but there are so many firmwares and initscripts all over the place that I can't even figure out which ones are actually used to run the system. Half of the settings files, properties, and commands return 0 results or 3-4 useless results when searching for them on the internet.
Click to expand...
Click to collapse
I'm no expert but have been running lineageos 14.1 for some time now. It is a version of android 7.1 in which everything google has been removed. I use it with microG which replaces google play services.
You may wish to look into it instead of re-inventing the wheel.
I use it with a firewall (AFWall +), and Xprivacylua for additional privacy.