|
|
Subscribe / Log in / New account

Horn: Mitigations are attack surface, too

Horn: Mitigations are attack surface, too

Posted Feb 12, 2020 18:10 UTC (Wed) by Deleted user 129183 (guest, #129183)
Parent article: Horn: Mitigations are attack surface, too

Google heroically solving problems that they caused themselves, I see.

to post comments

Horn: Mitigations are attack surface, too

Posted Feb 12, 2020 18:48 UTC (Wed) by pkern (subscriber, #32883) [Link] (12 responses)

How so? After all this seems to have been an out of tree patch by Samsung?

Horn: Mitigations are attack surface, too

Posted Feb 12, 2020 20:12 UTC (Wed) by clugstj (subscriber, #4020) [Link]

Just generic Google bashing

Horn: Mitigations are attack surface, too

Posted Feb 12, 2020 23:39 UTC (Wed) by Deleted user 129183 (guest, #129183) [Link] (10 responses)

> How so?

They encouraged, or at least didn’t try to prevent, the Android fragmentation. They had the tools to discourage it: for example, they could have not allowed to use Android trademark by vendors who tried to add ‘device-specific code’ without contributing it to the upstream. So we ended with completely dysfunctional “ecosystem” where there’s no one “Android” system: instead, we have millions of incompatible forks, with all its implications, including security implications, as described in the article.

Horn: Mitigations are attack surface, too

Posted Feb 13, 2020 1:23 UTC (Thu) by pizza (subscriber, #46) [Link] (7 responses)

Allowing "fragmentation" (aka "proprietary value add") is the primary reason Android succeeded.

As for upstream contribution, remember this is the same Google that replaced every GPL userspace with a more permissively licensed one. Meanwhile, they're working on doing that for the Linux kernel too.

Meanwhile, when Google attempts to attach conditions to the use of its trademarks have them up on antitrust charges in multiple jurisdictions.

Horn: Mitigations are attack surface, too

Posted Feb 13, 2020 4:30 UTC (Thu) by pj (subscriber, #4506) [Link] (4 responses)

> Allowing "fragmentation" (aka "proprietary value add") is the primary reason Android succeeded.

IMO "proprietary value add" belongs as apps or as a HAL with a standardized API (ala Project Treble), not in Android core. Requiring non-software companies to maintain their own fork of an OS is just insane.

Horn: Mitigations are attack surface, too

Posted Feb 13, 2020 8:06 UTC (Thu) by tuna (guest, #44480) [Link] (3 responses)

If you want to do new unique hardware (like little.Big cores, double screens, other stuff) you will need to change the core system. It is actually about freedom for manufacturers which makes it possible to have freedom for end users as well.

Horn: Mitigations are attack surface, too

Posted Feb 15, 2020 10:23 UTC (Sat) by oldtomas (guest, #72579) [Link] (1 responses)

" [...] freedom for manufacturers which makes it possible to have freedom for end users as well"

Now this is one bold claim.

Based on experience, I'd say the results are very mixed, in both directions?

Horn: Mitigations are attack surface, too

Posted Feb 15, 2020 11:50 UTC (Sat) by tuna (guest, #44480) [Link]

You can compare how much freedom end users had on Windows phones. On some of Android phones (like Sony XPeria Z3) it is possible to run a fully free operating system (with the need for some blobs for certain hardware enablement).

Horn: Mitigations are attack surface, too

Posted Feb 18, 2020 10:24 UTC (Tue) by immibis (subscriber, #105511) [Link]

And then they can contribute that code upstream, to comply.

Horn: Mitigations are attack surface, too

Posted Feb 13, 2020 8:01 UTC (Thu) by ILMostro (guest, #105083) [Link] (1 responses)

The question then becomes, did Linux succeed in-spite of GPL or because of it? And, where does it go through Google's vision?

Horn: Mitigations are attack surface, too

Posted Feb 14, 2020 9:24 UTC (Fri) by dvdeug (guest, #10998) [Link]

I don't think there's any claim that Linux could have succeeded without being Free Software. I doubt going semi-free would have worked; a lot of early distribution was done on commercial CD-ROMs, that couldn't have been done with a NC license, and many commercial companies kicked in over the years. We can debate whether the BSD license would have worked; I think GPL is better, but the AT&T lawsuit made the legal status of BSD between 1992 and 1994 confusing, which gave Linux some time to grab market and mind share.

I think it's clear that Linux and the BSDs smoked commercial Unixes, and I think it's clear that's because they were open systems that both individual hackers and various companies could use and distribute. MacOS X is the major commercial Unix left, and they're playing a game that only Apple really successfully plays. The rest is legacy systems and possibly certain huge or specialized systems.

Horn: Mitigations are attack surface, too

Posted Feb 13, 2020 13:32 UTC (Thu) by tuna (guest, #44480) [Link] (1 responses)

What would happen if upstream would not accept the contributed code? It would be pretty crazy for Google to have their trademark policy depend on Linus Thorvalds and others.

Horn: Mitigations are attack surface, too

Posted Feb 18, 2020 10:23 UTC (Tue) by immibis (subscriber, #105511) [Link]

Upstream from Samsung is Google.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds