[GTALUG] interesting new approach to forking

Christopher Browne cbbrowne at gmail.com
Wed Feb 18 04:01:16 UTC 2015


On 11 February 2015 at 18:56, Russell Reiter <rreiter91 at gmail.com> wrote:
> On 2/11/15, D. Hugh Redelmeier <hugh at mimosa.com> wrote:
>> | From: Russell Reiter <rreiter91 at gmail.com>
>>
>> | This looks like a false flag operation to me. Skull vs. Bones.
>>
>> Not sure what you mean.  Are you saying that Cyanogen Inc. might be
>> simply a spoiling attack from Microsoft on Google/Android under the
>> Cyanogen Inc. flag?
>
> I think that pretty much sum's up the situation. Abuse of dominance
> seems to be an MS stock in trade, however it's not exclusively theirs.
> I think CM is hedging bets, if not jumping ship. There is profit in
> confusion whether accidental or deliberate.

I'm not quite sure what to think about the "maybe MSFT involved"
part of this tale.

I think the truth won't emerge until later, if ever, as a fair bit of
the meaningful detail lies in contractual arrangements that we'll
not get to review.

>> I always thought that Cyanogen Mod was a real plus for the Android
>> community and hence probably useful for Google.  For one thing, it was
>> a way of keeping the device manufacturers a little in line (if the
>> device manufacturers went too far, their customers would jump ship to
>> CM).  For another, it meant Android had some hacker cred.
>
> I had thought so too and now I'm not so sure. Modularity and
> scalability are seen as plus's by hackers but they are in fact the
> wild wild west of the technology business. Do you trade features for
> security or do you trade security for features. I'd like to think you
> can have both but that doesn't seem very likely in the near future.

Downthread, Evan has made the valid observation that these
systems (CyanogenMod, AOSP, and such) are akin to Linux
distributions, and that we should probably not treat it as being
quite as mysteriously as we are.

If you take a visit to xda-developers.com, you'll find a giant
set of projects building customized "Android distributions", of
which CyanogenMod is merely one, though a rather popular
one, which became sufficiently popular that folk put together
a corporation to try to reap some benefits from it.

That isn't entirely unlike how companies like Red Hat Software,
SuSE, and Caldera grew up surrounding the care and feeding
of Linux distributions.

There are places where the "just a distro" analogy breaks,
but it's a good approximate starting place.

The developers that built the CyanogenMod distribution
got set up alongside a company that seems to have set
its feet a bit badly several times already.  (I seem to
recall Caldera being well-liked before they got into the
litigation business at which point they were Rather Less
Well Liked! :-) )

There's a crucial technical difference between Linux
distributions and Android distributions in that Linux
tends to start its focus with C-based code, whereas
Android distributions put the equivalent focus on Java.
But I'd think that a less essential difference.

The *more* essential difference is that Linux
distributions tend to build up their own sets of add-on
software, managing that themselves.  In contrast,
Android distributions tend to be pretty keen on
maintaining the ability to draw from Google Play
Store, and thus requiring that there be entirely a
lot of proprietary third-party code.  "I want
my GMail client."

There are exceptions to that; see F-Droid for a
set of repositories of FOSS packages.  But there
are rather fewer license purists of the Debian sort
on Android.

Further, there's a deeper layer to worry about.
Radio drivers tend to be opaque binaries, so that
RMS-style purists pretty much need to choose
between compromise (that RMS will go to
massive lengths to reject) and deciding they
don't really need a phone terribly badly anyways.

But back to CyanogenMod...  I have been running their
distribution on my phones for a number of years now,
generally pretty happily.  With the recent escapades,
that points me to start looking at alternatives.

- Google isn't vastly trustworthy in this; I have been
  monitoring a Nexus 4 problem where CM11
  was [weird magicky oddness involved] playing
  badly in conjunction with a November release of
  "Google Play Services" such that some new
  Google APIs were mis-playing and causing
  phone calls to be silenced with CM11+Nexus4+
  recent-GooglePlayServices.

  The nature of the problem seems a mite
  magical; it's remarkable to me that only the one
  phone model was misbehaving in the given way.

  The API portion, something called CheckinService,
  looks suspiciously "surveiling on activity" in nature.
  (I don't want to head down tinfoil hat routes, I'll just
  say "oddly suspicious.")

- The formerly most prominent distribution was
  AOSP (Android Open Source Project) which has
  had some troubles.  The senior guy gave up not
  long ago because of difficulties getting driver
  documentation.

- The next most prominent distribution that I'm
  aware of is called Paranoid Android, and the
  folks at OnePlus seem to have been raiding
  them for developers for their inhouse distribution
  efforts.

There's, in effect, bits of trouble all around, making it
not so easy to figure out what to consider as
alternatives.

> Look at how stuxnet escaped containment. The real question is who
> embedded it in the PLC's in the first place. Note the reports said it
> was spread from the isolated networks not to them.

I hear (haven't seen the details) that the NSA may have gotten code
into disk drive firmware, which puts them pretty deep on any machine
with a disk drive.  But that's a pretty different story.

-- 
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"


More information about the talk mailing list