Debian Running On the T-Mobile G1 127
chrb writes "Following hot on the heels of the G1 root exploit, Jay Freeman now has Debian ARM running on the G1. The RC30 update has fixed the root hole, but with utilities and images already available to replace the flash image with your own signed code, it looks like the manufacturer-hacker arms race is on."
Isn't that the whole idea of an open platform? (Score:5, Insightful)
i.e., to enable hackers to experiment and thereby improve the platform further.
Re:Isn't that the whole idea of an open platform? (Score:3, Insightful)
Well sure, within the context of running applications in a Java sandbox and doing things in emulators.
Once you bring in carriers into the mix, "open" goes out the window because it gives people the ability to step around your nickel and diming.
Re:I'm confused... (Score:5, Insightful)
Why on earth is there a "manufacturer-hacker arms race"?
There isn't, it's BS, and none of the blogs seem to get is. So far as we can tell, google only fixed the root exploit because it was a serious security concern, because of how it worked. I don't think they are going to make a real effort to stop people from hacking their device aside from fixing security flaws. Even if they do, this is so far not an indication of that, contrary to what most sites say.
-Taylor
Re:I'm confused... (Score:3, Insightful)
"you could make expensive calls over IP and pay the telecom, nothing more than the monthly rent."
Bullshit. At least in the UK the monthly line rental usually includes more than enough minutes/texts for most people. The vast majority of their income must come from the base line rental (which isn't cheap!).
They're just used to being able to control everything and don't want to give that up. Hopefully it will change eventually.
Re:Isn't that the whole idea of an open platform? (Score:3, Insightful)
Re:Isn't that the whole idea of an open platform? (Score:1, Insightful)
Technically you can, so long as it's a Java app that runs in the Android VM. Native app, or some ruby/perl/python script that runs in the shell? Time to jailbreak.
Same thing as the iPhone. You're either in the sandbox or you jailbreak.
Re:I'm confused... (Score:5, Insightful)
Now, personally, I see no reason why T-Mobile would care whether you're running Android or Debian. Google might care because they want you running those nice Android apps which interface with Google because that's how they're paying for Android development. But I'm not sure that they have any kind of agreement which would require the makers of the G1 to make sure that the phones are tamper-proof.
I doubt even Google will care. How many people will actually install Debian on a G1? How many people will actually install it and keep it on there? I doubt even 0.1% of users will do either. But these are also the people who will praise Google for an open platform and for not locking it up like the iPhone. They're also the people who'll probably create apps for Android that bypass Google. Will Google notice the drop in revenue? Probably not, and certainly not enough to offset the bad PR.
Re:I'm confused... (Score:3, Insightful)
And that's the problem.
You pay for the "device".
Google OWNS the operating system.
Duetch Telecom OWNS the device.
You only pay for it to rent it while you use it, and then pay a monthly fee for network access on top of that.
And this is open, how?
--Toll_Free
Re:I'm confused... (Score:3, Insightful)
They probably don't. What they do care about is support calls and returns because someone bricked their G1 whilst trying to flash some fancy new OS image. They may even think that installing a new OS allows users to use other networks, or VOIP applications, more easily. Basically, if you can imagine a revenue stream that might be possible on the G1, and imagine a way in which a completely open platform might remove that revenue stream, then that is a reason (in the view of T-Mobile) for T-Mobile to worry.
Re:I'm confused... (Score:5, Insightful)
No, it was written by Linus Torvalds and thousands of other contributors, and released under the GPL. It's our OS. Google just borrowed it for a while.
Re:I'm confused... (Score:3, Insightful)
I guess it's like politicians: don't judge them by what they promise, but by their actions. One thing is not like the other.
Re:Isn't that the whole idea of an open platform? (Score:2, Insightful)
Well I told people so, also here on Slashdot, when the media was all abuzz about Android and how it would revolutionize phone software hacking.
At great risk of sounding like a broken record and repeating myself over and over again:
Much better than carrying your carrier's ball-and-chain around your neck always, anxiously waiting for the next OTA provisioning download that CALEA-stricken providers stuff in your phone's guts at some ungodly hour in the middle of the night, to have them turn on your phone's mic or camera to big-brother you on a whim, or is it?
Re:Damn Shame (Score:3, Insightful)
It's whiny and pointless to complain about contract terms in an open market where you can negotiate.
Alas, the US cell phone market is not such a market. There are a grand total of four nationwide companies, and a small handful of smaller ones. They have largely identical policies and pricing in nearly every respect. If I want to buy my own unlocked phone separately so I can avoid paying the "phone subsidy" fee written into every carrier's subscription plans... nope! There is basically no choice in the market. It's an oligopoly which means that we, the customers, lose out.
Re:I'm confused... (Score:3, Insightful)
We'll see. The fact is that the only root exploit discovered thus far was closed within a few days. I really don't think Google has that much to do with it - let's look at what they actually do: provide an open source software stack to the telcos. T-Mobile control their network and the devices using it, they control the cryptographic keys for the G1, so if an OTA update is rolled out that fixes some issue, obviously T-Mobile didn't like that issue. What power does Google actually have in this arrangement? They're just an upstream provider of source code.
Bottom line: if Google wanted the G1 to ship with root access, and they had the power to do so, they it would've happened already.
It was closed because it was a huge security hole! Did you never read the description of the issue? EVERYTHING that was EVER typed on the device also went to a command line as root. That is not good. Just because google closed that has nothing to do with whether or not they *want* you to have root. The point of being open is not to give you everything, but just to make it possible for you to do anything. They don't need to ship the device with root, but everything that runs Android has source code published for it, so anyone with sufficient knowledge of code should be able to make it happen.
Google and T-Mobile have said over and over that they won't stop people from doing non-malicious things, yet no one believes them. I have a feeling that if it hadn't been for Steve Jobs holding every iphone user by the balls for the last year and a half, people would be more inclined to believe them, but the point is Google is NOT Apple, and they said they will keep it open. Why is a security fix making everyone freak out?
Most articles fail to mention HOW the root exploit was a problem, and i think that is the real issue here - people read the article and don't realize it was an honest issue that needed to be fixed, they think google is fighting back against the hackers and they just arent.
-Taylor
No, that's the idea of a free platform (Score:3, Insightful)
The whole "it's your phone you can do what you want with it" paradigm comes from *free software, not an "open source" software.
As for "shut up and show them the code" this G1 is a great example.
"Look, we're an open platform! Look at the code, isn't it neat! Don't TOUCH it!!!"