Slashdot Log In
Debian Running On the T-Mobile G1
Posted by
timothy
on Thu Nov 13, 2008 05:52 PM
from the teaching-the-android-to-fetch-and-sit dept.
from the teaching-the-android-to-fetch-and-sit dept.
chrb writes "Following hot on the heels of the G1 root exploit, Jay Freeman now has Debian ARM running on the G1. The RC30 update has fixed the root hole, but with utilities and images already available to replace the flash image with your own signed code, it looks like the manufacturer-hacker arms race is on."
Related Stories
[+]
Linux: Debian On the Openmoko Neo FreeRunner Phone 167 comments
BrianWCarver writes "It was inevitable. One can now run the entire Debian distribution (ARM port) on the Openmoko Neo Freerunner. We previously discussed the July 4th launch of this GNU/Linux-based smartphone, which is open down to its core, with the company providing CAD files and schematics for the phone. Openmoko released an update to their software stack earlier this month, called Om2008.8, which is still a work in progress. But now one can use these instructions on the Debian wiki to open up the possibility of using apt-get to access Debian's more than 20,000 applications on your phone, which, due to integration with freesmartphone.org efforts, can also actually be used as a phone. There were previous efforts to run Debian on the predecessor product to the Neo FreeRunner, the Neo 1973, but with the wider adoption of the Neo FreeRunner and the hard work of many Debian developers at the ongoing DebConf 8, carrying Debian in your pocket has just gotten a lot easier."
[+]
Mobile: Bug In Android Passes Keystrokes To Root Shell 205 comments
pasokon writes "ZDNet reports on an Android bug in T-Mobile G1s with early versions of the firmware: 'When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. ... open the keyboard tray on your G1, ignore anything you see on the screen, and type these 8 keystrokes: (enter)-r-e-b-o-o-t-(enter). Poof, your phone will reboot.'"
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Isn't that the whole idea of an open platform? (Score:5, Insightful)
i.e., to enable hackers to experiment and thereby improve the platform further.
Re: (Score:3, Insightful)
Well sure, within the context of running applications in a Java sandbox and doing things in emulators.
Once you bring in carriers into the mix, "open" goes out the window because it gives people the ability to step around your nickel and diming.
Re: (Score:3, Insightful)
Re: (Score:3, Funny)
I understand your point, but my fingers still have sympathy blisters and my wrists ache thinking about actually sending a gigabyte's worth of SMS texting....
Re: (Score:3, Interesting)
Not anymore, at least not with such a simple root exploit. I guess we'll have to wait for another exploit to come along... wouldn't it be nice to be given root access to hardware that you own? And if a java sandbox were really all we needed, then why are so many people trying to get (and keep) root access on the G1?
Re: (Score:3, Informative)
You can download Android apps directly from the web to the phone and install, push them to the phone from your computer using the android tool kit or download them from Android Market. In the market you can even find a J2ME installer that lets you install JAR files off the web.
I have an ssh client and terminal emulator that I downloaded directly from the Market, plus a few other apps for rss, meebo for AIM (so it doesn't use up text messages), games, Compare Everywhere for scanning bar-codes and finding dea
Re:Isn't that the whole idea of an open platform? (Score:5, Informative)
"Same thing as the iPhone. You're either in the sandbox or you jailbreak."
No, not same as the iPhone at all. On the iPhone you have to jailbreak if you want to run non-approved apps, even in the sandbox.
OTOH, it is a bit crap, but at least with android we have the source. I have it running on my freerunner now
Parent
Re: (Score:3, Interesting)
OK, I'd say not yet.
Compared to any of the openmoko distributions (There are lots) it looks like it's going to be the best option.
2007.2 is discontinued and wasn't great anyway
2008.08/09/XX is a royal pain in the butt - it takes ages to boot, periodically doesn't wake up from sleep, has abysmal battery life, has some real design flaws and the developers seem to be working on bells and whistles rather than basic platform stuff. The sound quality is bad and I always got terrible echo. answering a call is a pr
Re: (Score:2)
Re:Isn't that the whole idea of an open platform? (Score:5, Informative)
Once you bring in carriers into the mix, "open" goes out the window because it gives people the ability to step around your nickel and diming.
Yes, but T-Mobile is better than most other US Carriers in this regard. They use GSM phones so just about any phone that takes GSM should work on their network. They don't play games like Verizon does with bluetooth connectivity and ringtones and they gave me the unlock code for my phone three (3) months into the contract. My only real complaints are that their coverage is not as good as Verizon and the prices on their data services are a bit higher, but with all of the restrictions that other US Carriers place on their "unlimited" data plans you have to wonder whether there really is a difference in price relative to what you get.
Parent
Re: (Score:2)
Yeah, I don't see the purpose in trying to lock it out. Trying to lock evil code out, sure, but well, whatever.
No, that's the idea of a free platform (Score:3, Insightful)
The whole "it's your phone you can do what you want with it" paradigm comes from *free software, not an "open source" software.
As for "shut up and show them the code" this G1 is a great example.
"Look, we're an open platform! Look at the code, isn't it neat! Don't TOUCH it!!!"
I'm confused... (Score:5, Interesting)
I thought the whole point of the G1 was that it was an open platform. Why on earth is there a "manufacturer-hacker arms race"?
Re:I'm confused... (Score:5, Insightful)
Why on earth is there a "manufacturer-hacker arms race"?
There isn't, it's BS, and none of the blogs seem to get is. So far as we can tell, google only fixed the root exploit because it was a serious security concern, because of how it worked. I don't think they are going to make a real effort to stop people from hacking their device aside from fixing security flaws. Even if they do, this is so far not an indication of that, contrary to what most sites say.
-Taylor
Parent
Re: (Score:2, Informative)
It's not Google's device. It's T-Mobile's device.
Re: (Score:2)
It's not Google's device. It's T-Mobile's device.
It's Google's OS though.
-Taylor
Re: (Score:3, Insightful)
And that's the problem.
You pay for the "device".
Google OWNS the operating system.
Duetch Telecom OWNS the device.
You only pay for it to rent it while you use it, and then pay a monthly fee for network access on top of that.
And this is open, how?
--Toll_Free
Re:I'm confused... (Score:5, Informative)
And that's the problem.
You pay for the "device".
Google OWNS the operating system.
Duetch Telecom OWNS the device.
You only pay for it to rent it while you use it, and then pay a monthly fee for network access on top of that.
And this is open, how?
--Toll_Free
Umm... it's open because the entire OS is released under the Apache or GLPv3 (depending on which part of the OS) licenses. I'm not well versed in which licenses are or are not "really" open, but i am under the impression that both of those are supposed to be. Android is based on version 2.6 of the linux kernel, and the framework on top of that was written by google, and the source code was released under Apache and heavily documented.
That's way more open than any other successful phone out there.
And I don't know if you're exaggerating or if it's different in your country, but in the U.S. you OWN your cell phone. And i fail to see how paying a monthly fee to access a network has anything to do with whether or not the phone is open - no one is going to let you use their multi-billion dollar network for free, and i'm fine with that.
Why is everyone so bent on hating android, even with no facts to back up what they say? Google fixes a security bug and everyone flips out, but the countless times google and the t-mobile CEO have said they will keep the device open? No one seems to remember or care.
-Taylor
Parent
Re: (Score:3, Insightful)
I guess it's like politicians: don't judge them by what they promise, but by their actions. One thing is not like the other.
Re:I'm confused... (Score:5, Insightful)
No, it was written by Linus Torvalds and thousands of other contributors, and released under the GPL. It's our OS. Google just borrowed it for a while.
Parent
Re: (Score:2)
It's my device, if I could buy it that is.
Re: (Score:2)
It's not Google's device. It's T-Mobile's device.
No. If I'm paying for it, then it's MY device.
Re: (Score:3, Informative)
Really?
Every major phone company and vendor would argue with you.
The only way it's your device is if you pay FULL retail for it, and get the unlock code, or if you purchase it fully unlocked (legally) at the time of purchase.
Otherwise, you own the plastic. The actual bits of code (I HATE that MS buzzword) is owned by Google, and the network you operate it on is owned by the telco.
Shame, as I would LOVE to agree with you, but the fact of the matter is, I doubt very much most of us actually paid RETAIL cost
That's Android, not G1... (Score:4, Informative)
There isn't, it's BS, and none of the blogs seem to get is. So far as we can tell, google only fixed the root exploit
The root exploit is unrelated to the ability to flash the ROM. The question then is, will there be attempts made to stop user flashing of updates to the device...
I do not think there will be, it's just that Android fixes should not be confused with openness of the device itself.
Parent
Re:That's Android, not G1... (Score:5, Informative)
From what I've heard, you need root access or the T-Mobile private key to flash the ROM.
Err, yes, the head of the Android team at Google has actually confirmed that only the manufacturer or the cell network provider have the cryptographic keys required to flash the G1 (via OTA updates or otherwise).
When root access to the G1 is denied by default, and exploits that allow root access are quickly patched, how would you interpret this? The fact is that you do not get root access to the G1 by default, and as of this moment, there is no known way to get root access, or to flash your own kernel, on a RC30 G1.
Parent
Re: (Score:3, Interesting)
One needs to be aware of where the money is made. The actual phone manufacturer makes money by selling a locked version to a telecom, the telecom makes money by selling the phone and the phone service to retail clients.
If you get a free phone with a low monthly service charge and then you hack it, you could make expensive calls over IP and pay the telecom, nothing more than the monthly rent.
Thus the telecom needs the phone to be locked to make (more) money and the manufacturer has to lock the phone in order
Re: (Score:3, Insightful)
"you could make expensive calls over IP and pay the telecom, nothing more than the monthly rent."
Bullshit. At least in the UK the monthly line rental usually includes more than enough minutes/texts for most people. The vast majority of their income must come from the base line rental (which isn't cheap!).
They're just used to being able to control everything and don't want to give that up. Hopefully it will change eventually.
Re: (Score:3, Interesting)
Re: (Score:2)
Yeah maybe in the past, but these days it is trivial for the average person to download an MP3 ringtone & transfer it to their phone via USB or bluetooth. You can even share them over bluetooth easily.
Re:I'm confused... (Score:4, Interesting)
One needs to be aware of where the money is made. The actual phone manufacturer makes money by selling a locked version to a telecom, the telecom makes money by selling the phone and the phone service to retail clients.
If you get a free phone with a low monthly service charge and then you hack it, you could make expensive calls over IP and pay the telecom, nothing more than the monthly rent.
Thus the telecom needs the phone to be locked to make (more) money and the manufacturer has to lock the phone in order to please the telecom, who is, after all, its client.
Yes, there will be an arms race because its about controlling the money making process.
The CEO of T-Mobile straight up said they will allow VOIP apps, and will do nothing to stop them. That's the entire point of android being open, but everyone keeps assuming it will be more and more locked down.
In that same interview the CEO also said they won't stop unlockers. Why would they anyway? You agreed to a contract and they can charge you an ETF if you leave, so if you want to unlock it and use it on business, there is no reason not to let you.
The _ENTIRE_ point of android is that it is open, and i wholeheartedly believe that google will stick to that.
-Taylor
Parent
Re: (Score:2)
The point of android is to provide a new platform to compete with winmo, that isn't hampered by unstable, limited capability closed code and poor interfaces.
They are concerned with users being able to use google services on mobile devices, not catering to hackers.
Re: (Score:3, Interesting)
Windows mobile is not the target. That platform got an early start and is still at the back of the pack in terms of capability and adoption.
The competition is Symbian, RIM, and Apple.
And hopefully what Google is doing with Android will make the platform less and less relevant, and make the content and capabilities really shine.
All the same, I'm hanging on to my Nokia candy-bar at least until the second generation of Android, or unt
Re: (Score:2)
With Android being an open platform, though, there's an extra wrinkle. Google isn't making (much, if any) money from HTC installing Android on their phone. So T-Mobile isn't really Google's client. Google has to sorta play ball so they can keep wireless vendors from blacklisting android, but they have a lot more leeway.
Also, there's another reason: regulatory. With a certain level of access to the phone hardware, you can change signal strength and frequency and do things that the FCC doesn't like. So e
Re: (Score:3, Insightful)
We'll see. The fact is that the only root exploit discovered thus far was closed within a few days. I really don't think Google has that much to do with it - let's look at what they actually do: provide an open source software stack to the telcos. T-Mobile control their network and the devices using it, they control the cryptographic keys for the G1, so if an OTA update is rolled out that fixes some issue, obviously T-Mobile didn't like that issue. What power does Google actually have in this arrangement? They're just an upstream provider of source code.
Bottom line: if Google wanted the G1 to ship with root access, and they had the power to do so, they it would've happened already.
It was closed because it was a huge security hole! Did you never read the description of the issue? EVERYTHING that was EVER typed on the device also went to a command line as root. That is not good. Just because google closed that has nothing to do with whether or not they *want* you to have root. The point of being open is not to give you everything, but just to make it possible for you to do anything. They don't need to ship the device with root, but everything that runs Android has source code published
Re:I'm confused... (Score:5, Interesting)
It depends on your definition of "platform," I believe.
Android is open software platform in that you can do whatever you want within Android. But that doesn't make the G1 an open hardware platform, where you could install a different operating system.
OpenMoko is an open hardware platform.
Now, personally, I see no reason why T-Mobile would care whether you're running Android or Debian. Google might care because they want you running those nice Android apps which interface with Google because that's how they're paying for Android development. But I'm not sure that they have any kind of agreement which would require the makers of the G1 to make sure that the phones are tamper-proof.
Parent
Re:I'm confused... (Score:5, Insightful)
Now, personally, I see no reason why T-Mobile would care whether you're running Android or Debian. Google might care because they want you running those nice Android apps which interface with Google because that's how they're paying for Android development. But I'm not sure that they have any kind of agreement which would require the makers of the G1 to make sure that the phones are tamper-proof.
I doubt even Google will care. How many people will actually install Debian on a G1? How many people will actually install it and keep it on there? I doubt even 0.1% of users will do either. But these are also the people who will praise Google for an open platform and for not locking it up like the iPhone. They're also the people who'll probably create apps for Android that bypass Google. Will Google notice the drop in revenue? Probably not, and certainly not enough to offset the bad PR.
Parent
Re: (Score:3, Insightful)
They probably don't. What they do care about is support calls and returns because someone bricked their G1 whilst trying to flash some fancy new OS image. They may even think that installing a new OS allows users to use other networks, or VOIP applications, more easily. Basically, if you can imagine a revenue stream that might be possible on the G1, and imagine a way in which a completely open platform might re
Re: (Score:2)
I'm surprised this comes as a surprise to people:
http://digg.com/apple/T_Mobile_sets_stage_for_Android_iPhone_showd?t=18888103#c18889920 [digg.com]
So? (Score:2)
Re:So? (Score:5, Informative)
Parent
Damn Shame (Score:2)
It's a damn shame and should probably even be a crime that manufacturers at the whim of the telcos (all of whom have bribed their way to gaining an unfair government enforced monopoly on communications) go around trying to make it hard for people to install what they like ON THEIR OWN DEVICE.
Re: (Score:3, Interesting)
You shouldn't judge the world-wide telecom market by the US "standard". T-Mobile is a german company, and part of the old government-owned telecommunications monopoly, so no need for bribery there. However, the german telecom market is very different from the US one, and there are no local monopolies. T-Com is still the largest player, but they other telcos don't have monopolies and most likely didn't make bribes.
Re: (Score:2, Interesting)
We go around this issue on a pretty regular basis on /. and it isn't changing.
If you buy a phone and a contract, and you know the terms and conditions, please don't think I'm interested in your 'it oughta be...' complaints. If you didn't read/grok the deal, sorry. This is why I do not consider Verizon when I look at carriers. And why I resist AT&T and Sprint. T-Mobile is the least offensive of the bunch IMHO. Heck, My BlackBerry will run Google Maps, even if it does leak memory worse than a sieve.
I
Re: (Score:2)
U.S. users shouldn't complain about the lock-in that they face, yet you're facing the same challenges they are, you say your only option really is T-Mobile but even that
Re: (Score:3, Insightful)
It's whiny and pointless to complain about contract terms in an open market where you can negotiate.
Alas, the US cell phone market is not such a market. There are a grand total of four nationwide companies, and a small handful of smaller ones. They have largely identical policies and pricing in nearly every respect. If I want to buy my own unlocked phone separately so I can avoid paying the "phone subsidy" fee written into every carrier's subscription plans... nope! There is basically no choice in the marke
Re: (Score:2)
Well Tom, I admire your confidence.
But having worked with these guys, I'm not so sure.
other telcos don't have monopolies and most likely didn't make bribes.
If you're not a monopoly, all the more reason to use 'alternative' tactics to beat the incumbent.
There's bribes, then there's 'old boys networks' (traditionally the most powerful of all, especially in Germany), then there's lobbyists...
Brussels is thick with them.
Remind me, what job did the former German Chancellor get when he left office?
Re: (Score:2)
But having worked with these guys, I'm not so sure.
I should've added a disclaimer. I do work with these guys, and I'm talking CEO level.
There's bribes, then there's 'old boys networks' (traditionally the most powerful of all, especially in Germany), then there's lobbyists...
Brussels is thick with them.
Berlin too (we were talking about Germany), and my company owns one of them. But last I checked, lobby work wasn't the same thing as bribes. I dislike the amount of influence lobbyists have as much as the next guy, but it isn't the same thing as bribery. But yes, there's lobbyists.
Remind me, what job did the former German Chancellor get when he left office?
Something in the energy industry. What's that got to do with the current argument?
Re: (Score:2)
Something in the energy industry. What's that got to do with the current argument?
Something in the energy industry? C'mon. Let me refresh your memory. When in power, (well, just before losing it) Schroder massively subsidised the Gazprom 'Nord Stream' project. After leaving Government, he then took a major post with...Nord Stream! No corruption there, then...
What's that got to do with the current argument? Well, I was just suggesting that corruption has many faces, and 'bribes' come in many colours...
Is it OK for lobbyists to pay for prostitues for MEPs? By their twisted definition
FWIW (Score:2)
but with utilities and images already available to replace the flash image with your own signed code, it looks like the manufacturer-hacker arms race is on."
For what it may be worth, there's a page set up with succinct instructions [android-dls.com] for flashing the modded RC-30 that preserves root.
Also, for those who have RC19 or RC29 and simply want to delay/avoid an over-the-air (OTA) update, there are also instructions [android-dls.com] for a simple change that will keep the RC30 from installing in the first place. This will not address
Re:WTF? Open platform that you must sign code to u (Score:3, Informative)
"Google G1 / Android / HTC / TMobile have been telling us this is going to be an open platform."
It is, to some extent. The source is open and you can install whatever you like.
"Someone already "broke" the phone (which isn't a problem on an open platform)"
Yeah, google broke it. For some reason (poor QA) they left a terminal running under the GUI, at root, and getting all the keystrokes.
"Someone is already working on getting unsigned code working? I thought it was an open platform?"
There are two parts to this