
On 11 February 2015 at 18:56, Russell Reiter <rreiter91@gmail.com> wrote:
On 2/11/15, D. Hugh Redelmeier <hugh@mimosa.com> wrote:
| From: Russell Reiter <rreiter91@gmail.com>
| This looks like a false flag operation to me. Skull vs. Bones.
Not sure what you mean. Are you saying that Cyanogen Inc. might be simply a spoiling attack from Microsoft on Google/Android under the Cyanogen Inc. flag?
I think that pretty much sum's up the situation. Abuse of dominance seems to be an MS stock in trade, however it's not exclusively theirs. I think CM is hedging bets, if not jumping ship. There is profit in confusion whether accidental or deliberate.
I'm not quite sure what to think about the "maybe MSFT involved" part of this tale. I think the truth won't emerge until later, if ever, as a fair bit of the meaningful detail lies in contractual arrangements that we'll not get to review.
I always thought that Cyanogen Mod was a real plus for the Android community and hence probably useful for Google. For one thing, it was a way of keeping the device manufacturers a little in line (if the device manufacturers went too far, their customers would jump ship to CM). For another, it meant Android had some hacker cred.
I had thought so too and now I'm not so sure. Modularity and scalability are seen as plus's by hackers but they are in fact the wild wild west of the technology business. Do you trade features for security or do you trade security for features. I'd like to think you can have both but that doesn't seem very likely in the near future.
Downthread, Evan has made the valid observation that these systems (CyanogenMod, AOSP, and such) are akin to Linux distributions, and that we should probably not treat it as being quite as mysteriously as we are. If you take a visit to xda-developers.com, you'll find a giant set of projects building customized "Android distributions", of which CyanogenMod is merely one, though a rather popular one, which became sufficiently popular that folk put together a corporation to try to reap some benefits from it. That isn't entirely unlike how companies like Red Hat Software, SuSE, and Caldera grew up surrounding the care and feeding of Linux distributions. There are places where the "just a distro" analogy breaks, but it's a good approximate starting place. The developers that built the CyanogenMod distribution got set up alongside a company that seems to have set its feet a bit badly several times already. (I seem to recall Caldera being well-liked before they got into the litigation business at which point they were Rather Less Well Liked! :-) ) There's a crucial technical difference between Linux distributions and Android distributions in that Linux tends to start its focus with C-based code, whereas Android distributions put the equivalent focus on Java. But I'd think that a less essential difference. The *more* essential difference is that Linux distributions tend to build up their own sets of add-on software, managing that themselves. In contrast, Android distributions tend to be pretty keen on maintaining the ability to draw from Google Play Store, and thus requiring that there be entirely a lot of proprietary third-party code. "I want my GMail client." There are exceptions to that; see F-Droid for a set of repositories of FOSS packages. But there are rather fewer license purists of the Debian sort on Android. Further, there's a deeper layer to worry about. Radio drivers tend to be opaque binaries, so that RMS-style purists pretty much need to choose between compromise (that RMS will go to massive lengths to reject) and deciding they don't really need a phone terribly badly anyways. But back to CyanogenMod... I have been running their distribution on my phones for a number of years now, generally pretty happily. With the recent escapades, that points me to start looking at alternatives. - Google isn't vastly trustworthy in this; I have been monitoring a Nexus 4 problem where CM11 was [weird magicky oddness involved] playing badly in conjunction with a November release of "Google Play Services" such that some new Google APIs were mis-playing and causing phone calls to be silenced with CM11+Nexus4+ recent-GooglePlayServices. The nature of the problem seems a mite magical; it's remarkable to me that only the one phone model was misbehaving in the given way. The API portion, something called CheckinService, looks suspiciously "surveiling on activity" in nature. (I don't want to head down tinfoil hat routes, I'll just say "oddly suspicious.") - The formerly most prominent distribution was AOSP (Android Open Source Project) which has had some troubles. The senior guy gave up not long ago because of difficulties getting driver documentation. - The next most prominent distribution that I'm aware of is called Paranoid Android, and the folks at OnePlus seem to have been raiding them for developers for their inhouse distribution efforts. There's, in effect, bits of trouble all around, making it not so easy to figure out what to consider as alternatives.
Look at how stuxnet escaped containment. The real question is who embedded it in the PLC's in the first place. Note the reports said it was spread from the isolated networks not to them.
I hear (haven't seen the details) that the NSA may have gotten code into disk drive firmware, which puts them pretty deep on any machine with a disk drive. But that's a pretty different story. -- When confronted by a difficult problem, solve it by reducing it to the question, "How would the Lone Ranger handle this?"