| |||||||||||||
Tasting the Ice Cream SandwichTasting the Ice Cream SandwichPosted May 16, 2012 13:03 UTC (Wed) by drag (subscriber, #31333)In reply to: Tasting the Ice Cream Sandwich by cmccabe Parent article: Tasting the Ice Cream Sandwich
> Can we just accept that traditional Linux desktops and servers have different goals and philosophies than Android,
The primary purpose of a desktop is twofold:
Primary function: To be used by people to run applications for whatever goal they have in mind.
That is _IT_. That's everything in a nutshell. The OS exists for no other purpose but to do that. It's easy to get hand wavy about 'goals are different', but they really are not that different at all. You can say "Oh well Linux desktop is all about free software". Well... generally speaking Android is ever bit as open source/free software as Linux.
Anything that makes it difficult to write applications, distribute applications, use and install applications is a distinct and significant failure on the part of the platform.
Android has a very significant number of differences to how it's made and how repositories are managed that Linux desktop should adopt. To believe otherwise is a height of arrogance.
> or are we going to have another breathless debate about how everything is converging and OMG, the twitters!
Hardly.
A example:
Each application has a restricted set of APIs that they use. Each application runs under their own user account in a sandbox. Android uses group membership of that user account to restrict access to system resources.
This is very similar to how people traditionally restrict internet-facing servers to limit damage if one of them has a flaw. Each service is restricted by the functions it can execute in a chroot environment. User and group permissions are used to reduce the OS exposure to the application as much as possible. MAC is used by some systems to restrict it further.
In comparison the Linux desktop any application has full access to all user resources. Applications can intercept and read key presses. They can examine and modify the memory contents of any other application. Any application can download and execute any code it wants with the same permissions as the user. And since all important and sensitive user information is stored in user-accessable places then Linux desktop security is roughly on par with Windows 98. There is some effort to improve this, of course. Ubuntu has some good stuff with their Apparmor.
This isn't perfect on Androids part, of course. But it's massively better. It's more secure, it's easier to try out and play around with different applications, and if applications are malicious or just buggy then at least you have a fighting chance with Android.
This is a example of how Android makes it much easier to run applications then Linux desktop.
There are quite a few other examples. Android success didn't happen by accident and didn't happen just because Google was involved. There are very significant design choices that matter a lot. Combine what I said above with a lot of other things and writing applications for Android, distributing applications for Android, installing applications for Android, and using applications for Android is in a lot of ways much easier and simpler then it is for Linux desktop. This sort of thing is at the core as to why we have the desktop OS. It is it's reason for existing in the first place.
(Log in to post comments)
Tasting the Ice Cream Sandwich Posted May 16, 2012 15:02 UTC (Wed) by ewan (subscriber, #5533) [Link]
"Each application has a restricted set of APIs that they use"
Which is fine when all of your devices are phones or tablets (i.e. big phones) and you can require the hardware to be fitted to the requirements of the OS. If you want to run general purpose computing on general purpose computers you just can't do that.
Tasting the Ice Cream Sandwich Posted May 17, 2012 6:46 UTC (Thu) by Los__D (guest, #15263) [Link]
That doesn't really make any sense today. Phones are more or less general purpose computing now. Tablets even more so.
CapDesk Posted May 17, 2012 7:13 UTC (Thu) by gmatht (guest, #58961) [Link] Even for Android some popular programs need root. Most desktop applications should be easy to implement in a CapDesk like environment, where e.g. documents cannot be opened except via a trusted file open dialog box. Even some existing GTK applications may be able to be partially limited this way by Plash. For those rare applications that really do require bypassing these security measures, maybe requiring them to either be packaged by engineers with 2+ years experience, or only be run on devices that have been explicitly "rooted", isn't such a bad thing. Also, when I think of "general computation" I usually think of Turing completeness. Running a Turing machine is as safe or safer than loading a webpage.
Tasting the Ice Cream Sandwich Posted May 21, 2012 1:53 UTC (Mon) by dvdeug (subscriber, #10998) [Link]
I'm not sure how well "Each application has a restricted set of APIs that they use" works; lots, maybe most, applications have more power on my Android phone then I'm comfortable with. Frankly, I'm more comfortable with Debian's security, because I believe that the program author and the packaging developer are on my side as opposed to most apps where the developer is wasting my bandwidth and CPU time downloading ads, and we're hoping that's all he's doing.
Tasting the Ice Cream Sandwich Posted May 23, 2012 21:54 UTC (Wed) by njwhite (subscriber, #51848) [Link]
> I'm more comfortable with Debian's security, because I believe that the program author and the packaging developer are on my side as opposed to most apps where the developer is wasting my bandwidth and CPU time downloading ads, and we're hoping that's all he's doing.
Exactly. The relationship between developer and user is a very important factor indeed, and one that is far too often undervalued.
|
|||||||||||||