Security quotes of the week
Containment is the name of the game. Not prevention. The compromise is inevitable and the routes are legion. It is going to happen.
For a while there, it was starting to look like there indeed was a new kind of Microsoft coming into view, one that had evolved beyond the hubris that had so long been Microsoft's single most defining characteristic.
As we can see, any such hopes are now ... Gone with the Win10.
Or, lastly, you can give up, switch to Apple and buy an iPhone.
As much as my old self will hate me, I’m going to choose the last option.
Posted Aug 6, 2015 2:28 UTC (Thu)
by kjp (guest, #39639)
[Link]
Posted Aug 6, 2015 2:33 UTC (Thu)
by sciurus (guest, #58832)
[Link]
http://officialandroid.blogspot.com/2015/08/an-update-to-...
Posted Aug 6, 2015 12:30 UTC (Thu)
by tsr2 (subscriber, #4293)
[Link] (1 responses)
Posted Aug 6, 2015 13:22 UTC (Thu)
by mathstuf (subscriber, #69389)
[Link]
Posted Aug 6, 2015 16:28 UTC (Thu)
by ortalo (guest, #4654)
[Link] (12 responses)
Posted Aug 6, 2015 20:01 UTC (Thu)
by davidstrauss (guest, #85867)
[Link] (2 responses)
I'm primarily a Google user, but I know that Apple's primary revenue comes from their users and device sales. Google primarily profits from advertising. Apple's model definitely provides more incentive to protect end-user interests in terms of privacy and security.
Posted Aug 6, 2015 22:16 UTC (Thu)
by spender (guest, #23067)
[Link] (1 responses)
-Brad
Posted Aug 7, 2015 10:10 UTC (Fri)
by ortalo (guest, #4654)
[Link]
In my opinion, final customers (and market share issues) cannot directly be the incentive, they do not have the knowledge to evaluate their device security.
Posted Aug 6, 2015 23:13 UTC (Thu)
by error27 (subscriber, #8346)
[Link] (8 responses)
Posted Aug 7, 2015 0:12 UTC (Fri)
by sjj (guest, #2020)
[Link] (7 responses)
According to the article, about 2.6% of Android devices are going to get an update for the stagefright vulnerability, ever. Google itself supports a couple of latest Android versions, but OEMs and carriers don't even push those out if they can avoid it. It took Microsoft at least 15 years to get to their current update model. Win10 will force updates. Neither Google, carriers, or Android OEMs have any incentive to make customer data security a priority, they prefer to sell customer data to advertisers and new handsets every two years.
It is a mess and I've found myself browsing for iPhones too lately (which I thought I'd never do). Apple's business model isn't selling customer data (as much?).
Yeah, I could use some hacker friendly ROM on Android, but I have a finite amount of round tuits and I'd rather try to keep my desktop Linux self-flagellation going.
Posted Aug 7, 2015 1:05 UTC (Fri)
by dlang (guest, #313)
[Link] (5 responses)
Google has an incentive to increase security because if Android looses market share they will loose advertising (even if you assume that their intent to keep other companies from getting a stranglehold on user devices is a meaningless goal since you don't see them earning any revenue from it)
Carriers and OEMs don't have a strong incentive to provide updates, but as soon as some start providing updates, the others will either have to follow along or users will start seeing problems that their friends don't se.
This is why the Samsung and google Nexus monthly security updates are so important. Even if they don't last as long as we would like, it still sets the stage for ongoing maintenance and gets people used to the idea that they are owed updates.
There's a chance that having to provide security updates to multiple different versions will provide enough incentive to get carriers/OEMs to upgrade older products to new versions to reduce their maintenance burden.
(yes, I'm an optimistic cynic :-)
Posted Aug 7, 2015 2:46 UTC (Fri)
by sjj (guest, #2020)
[Link] (1 responses)
So this new process is going to go Google > OEM > carriers. Sounds like fun when both OEMs and carriers have their own versions of OS mods. At least there is some pressure now to do the right thing. The majority of devices out in the wild will not get updates AFAICT.
I'm just waiting for Samsung to advertise their new phones with "gets security updates", unlike the one bought six months ago. I'm a pessimist cynic, sorry.
Posted Aug 7, 2015 3:09 UTC (Fri)
by dlang (guest, #313)
[Link]
that's what the old process was as well, just that the OEMs and carriers mostly didn't do any updates (and Google, somewhat understandably, doesn't do many updates to old versions)
Posted Aug 13, 2015 7:56 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (2 responses)
Part of the trouble is that most Android phones (all?) are arm-based. And the arm driver tree needs a massive cleanup. Chances are, your phone (with the exact same chipset as mine) uses a completely different set of drivers to mine.
Once the work sorting that mess out is complete, it will be much easier to roll out updates, because it will be a lot easier to sort out what's going on.
Cheers,
Posted Aug 13, 2015 12:34 UTC (Thu)
by pizza (subscriber, #46)
[Link] (1 responses)
No, it's not that the "arm driver tree needs a massive cleanup" -- it's that the *manufacturers* of the handsets, platforms, and SoCs need to (first) actually release source code and (ideally) put forth the effort necessary to get that code into the mainline kernel. Only then can the mainline kernel be expected to support things sanely.
Posted Aug 13, 2015 22:52 UTC (Thu)
by Wol (subscriber, #4433)
[Link]
Too many companies HAVE released their drivers as open source, by tossing them over the wall. And they are heavily garbled versions of other drivers, which are garbled versions of yet other drivers, and it's turtles all the way down ...
I gather a lot of work has been put in to cleaning this mess up, but I got the impression it's not complete.
And that's why DeviceTree is necessary - unlike on x86 where MS pretty much forced standardisation, on arm there is no way to probe and identify hardware because it's far too easy for a probe for device A to crash device B - not a good idea. Once DeviceTree is in place, I think you will just have to give your linux kernel the tree, and it will know what hardware is where in the memory map, which will make driver management much easier.
Cheers,
Posted Aug 8, 2015 3:12 UTC (Sat)
by ploxiln (subscriber, #58395)
[Link]
Oh, mass market, right...
Posted Aug 7, 2015 5:29 UTC (Fri)
by cstanhop (subscriber, #4740)
[Link] (3 responses)
Posted Aug 8, 2015 13:50 UTC (Sat)
by jospoortvliet (guest, #33164)
[Link]
Posted Aug 8, 2015 15:19 UTC (Sat)
by rahulsundaram (subscriber, #21946)
[Link] (1 responses)
Posted Aug 13, 2015 9:12 UTC (Thu)
by leni536 (guest, #103643)
[Link]
Security quotes of the week
Security quotes of the week
Buy a One Plus phone
Buy a One Plus phone
Security quotes of the week
Note the converse doubt also holds of course. Lack of knowledge does not mean lack of problems.
Security quotes of the week
Security quotes of the week
Security quotes of the week
Security quotes of the week
Security quotes of the week
Security quotes of the week
Security quotes of the week
Security quotes of the week
Security quotes of the week
Wol
Security quotes of the week
Security quotes of the week
Wol
Security quotes of the week
Security quotes of the week
Security quotes of the week
Security quotes of the week
Security quotes of the week