Steve "CyanogenMod" Kondik Contemplates The Death of Root On Android

c0d3g33k writes "Prompted by the addition of new security features in Android 4.3 that limit the effectiveness of elevated privileges, Steve Kondik wonders which uses really require full root. Most common activities that prompt owners to root their devices (backup/restore tools, firewall/DNS resolver management, kernel tuning), could be accomplished without exposing root, argues Kondik, by providing additional APIs and extensions to the user. This would improve security by limiting the exposure of the system to exploits. Reasonable enough, on the face of it. The title of the post, however, suggests that Kondik believes that eventually all useful activities can be designed into the system so the 'dangerous and insecure' abilities provided by root/administrator privileges aren't needed. This kind of top-down thinking seems a bit troubling because it leads to greater control of the system by the developer at the expense of the owner of the device. It's been said that the best tools are those that lend themselves to uses not anticipated by the creator. Reducing or eliminating the ability of the owner to use a device in ways that are unanticipated ultimately reduces its potential power and usefulness. Perhaps that's what is wanted to prevent an owner from using the device in ways that are inconvenient or contrary to an established business model."

stop phone carriers / oems from slowing down updat

[Joe_Dragon]

stop phone carriers / oems from slowing down updates and force loading software that can't be removed.

also force unlocked sims on all android phones.

CDMA2000

[tepples]

also force unlocked sims on all android phones.

How would that work on a CDMA2000 network, which doesn't use a SIM in the first place?

Re:

[segin]

And what about UMTS? Please don't go "huh, what's that?". It's the 3G upgrade to GSM that came out around the same time as CDMA2000.

Re:

[adolf]

CDMA2000 is on its way out even vzw and sprint are moving to gsm with LTE. At this point you can only do data and only in areas with lte service but eventually lte service will provide voice and will be pretty ubiquitous.

Um. Last I checked (and no, it hasn't always been this way) I can talk on the phone with VZW over LTE: This is the only way that VZW allows voice and data to exist concurrently on the same handset. This works fine. Almost all of the calls I make are over LTE.

And I can also pull down a w

ObXKCD

[Anonymous Coward]

All applicable XKCD [xkcd.com] should just be in tags at top of Slashdot stories.

Fairly Obvious

[Nemyst]

The issue is that those new APIs and extensions are NEVER provided because the hardware manufacturers and software providers don't want to provide them. Providing deeper access to the software and hardware means you can do more things, including circumvent protections and such. They'd rather make it as hard as possible to do this, and rooting is harder than using a sanctioned app.

In an ideal world, we'd have all the functionality we need straight up and "rooting" wouldn't even exist as a term.

Re:

[emblemparade]

Well, CynagonMod specifically has the ability to introduce new CM-specific APIs to allow this functionality.

I know I would feel much better allowing an app to do something specific rather than give it blanket authority via root.

PolicyKit for Android, perhaps?

Re: Fairly Obvious

[LF11]

What timeline do you live in? Here in 2013, iOS is getting absolutely crushed by Android.

In my opinion

[drolli]

Most things which required me to root my phone should be preinstalled

-backup
-firewall
-disable any service *which i do not need*

Your forgot ...

[Skapare]

-remove any app *which i do not want*

Re:

[icebike]

None of those are issues for me.

All I want is to remove pre-installed bloatware so that I have more of what I want.

I've never had a backup issue because there are apps for that, and everything is in the cloud anyway.

Recurring fee

[tepples]

I've never had a backup issue because there are apps for that

Some existing "apps for that" require root to backup or restore because they try to back up private data that belongs to another application.

and everything is in the cloud anyway

If you have more than a couple GB of data to back up, cloud backup becomes an expensive recurring fee compared to backing up to local physical media.

Re:

[Trogre]

Also:

Change the device ID string so I can install some badly-packaged apps from Google Play that don't know about my tablet.

Bad summary

[swillden]

He's not talking about root going away, he's talking about reducing the need for it, in order to have much of the freedom provided by a rooted phone without the associated security risks. Whether or not root is available is a separate, and orthogonal question, and he clearly never wants to lose the ability to root, just the need.

Re:Bad summary

[bmo]

This.

Just like Linus' justifiable rant about having to be root in SuSE to set up a printer.

There are legitimate reasons why an end user should need Root/Administrator, but they should be as few as possible. Microsoft has seen the light and has tried to beat developers over the head with UAC to make them see the light. (a game needing admin to run? seriously?)

--
BMO

Re:

[c0d3g33k]

He's not talking about root going away, he's talking about reducing the need for it

Submitter here. I'm probably a little thick, clearly Kondik meant something more subtle by naming his post "The Death of Root" than I was able to discern. Shame on me for taking that as a suggestion of where his thoughts might be turning.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Reminds me of linux without a root prompt

[hibiki_r]

There's a certain well known Linux distro that starts with a disabled su command, because root prompts are evil. You can, however, use sudo, to run one command at a time.

Like, for instance, sudo bash.

You can provide a single API to let your user do what he wants. it's called admin access.

Re:

[maccodemonkey]

You can, however, use sudo, to run one command at a time.

Errr, I use sudo -s all the time to run as many commands as I want as root. I usually use it only because I don't want to actually have to enable a root user on my machine.

Re:

[i.r.id10t]

Yup, and if I remember the post from when I was banned from their forums for giving instructions on how to set a root password to enable su or even direct login they do it for security reasons...

Re:

[Anonymous Coward]

Just use "sudo su" instead..

No no no no no no no no no no no no no no no! If you need to drop into a root shell use "sudo -i".

Re:

[chihowa]

-i simulates an initial login, so it's more like "sudo su -" in that you get a root shell and all of the .profile and such are read. -s doesn't read those files.

Re:Reminds me of linux without a root prompt

[GTRacer]

Phil Collins reportedly uses "sudo su su sudio" for his root calls...

SE/Linux (and SE/Android)

[lkcl]

there's an extremely common mistake made which needs to be pointed out: the clue is in the phrase "This kind of top-down thinking". the fundamental assumption is that there is a concept of "more privilege is required than before" to achieve privileged tasks. people imagine that security is hierarchical - that the further towards "the top" you get, the more access you are permitted. this is simply NOT TRUE. the classic example is "root", which is a drastic binary oversimplification which is simply very convenient.

so, people invent new security systems, but they invent them without actual proper thought towards design, and they invent them thinking that this "top down" hierarchical approach is the only way. thus, new APIs have to be invented.

there is another way: it's called SE/Linux (and there's a variant called SE/Android). SE/Linux follows the FLASK model, which basically says that based on the current context, the current application, that a new executable is given a COMPLETELY new security context, where the new privileges have to be explicitly given. the most important implication of this model is: it absolutely does not matter how "powerful" you were in the previous context - the one that fires up the new executable; the new one is literally a completely and utterly separate security context.

to give an example: take a 5 Star General, and send him to a security base. when he gets there, standard security procedure: they take away his passport and all his credentials, and they give him a security pass (a new context). that security pass has a pre-prepared set of restricted corridors and rooms that the 5 Star General can go to. he can go to the conference room, and the bathroom. if he tries to leave without returning the security pass, he has no passport, and no papers.

this incredibly powerful security model - FLASK basically fits on top of an OS *without* interfering with it. it's particularly fascinating because it can watch which programs exec() other programs, and it can watch what APIs those programs use.... *without* needing to actually modify those programs.

basically what i'm saying is that the problem that cyanogen is trying to solve already has a way in which it can be solved, if the SE/Android team haven't already solved it. and that's because, under SE/Linux and SE/Android, you can operate both the normal "root access" system *in parallel* with SE/Linux. all you need to do is create a FLASK security context which restricts access to only those applications that *should* be accessing the restricted APIs. you don't need to modify the applications, nor do anything special to the underlying OS.

Re:

[Lincolnshire Poacher]

the classic example is "root", which is a drastic binary oversimplification which is simply very convenient.

Indeed, but in the case of SE Linux the Five Star General ( root ) is also the guy who writes the rules about where he is allowed to go and what he is allowed do ( SE Linux config ).

SE Linux doesn't make root go away, it just usefully reduces the need for root day-to-day. But root is still the key capability in configuring the environment.

And Linux distros always have a way for root to disable boot-time or run-time SE Linux.

Re:

[c0d3g33k]

Very insightful. You've hit the nail on the head. Brilliant and concise.

Anyone else have something intelligent to add to this? We're dealing with a security model developed long ago in a context where it no longer applies, but we're forced to deal with it because a big corporation decided to cut corners by exploiting an existing system to save time rather than expending the effort to develop their own solution. So now we have cognitive dissonance.

So what is a better security model for computing systems

AdBlockPlus

[ronmon]

Enough said.

Steve "CyanogenMod" Kondik

[SixGunMojo]

Am I the only one irritated by this? It should be Steve "Cyanogen" Kondik, CyanogenMod is the ROM. FFS

Re:

[c0d3g33k]

My bad. Sorry. You are fully justfied in being irritated. I was in a hurry and given the amount of poorly explained stories, I didn't just want to throw "Steve Kondik" out there and expect people to recognize the name. So I picked his pet project, rather than his nick.

Re:

[segin]

If someone doesn't recognize the name, then they know how to Google, and if they still can't Google, then either the article isn't for them to begin with, or they shouldn't be reading Slashdot to begin with.

Re:

[c0d3g33k]

Nonsense, segin.

Effective communication is the responsibility of the presenter, not the audience. Apart from the very rare instance where the audience is forced to attend, they are indulging the presenter. If the presenter doesn't deliver, the audience goes away. Telling the audience they didn't work hard enough will only make them go away faster.

You must be quite the hit at parties and social gatherings:

"Hey baby, I can light your fire better than Ivar Kreuger. Wanna light *my* matchstick? What? Who

It's needed to remove all the junk pre-installed

[bobjr94]

At least on Windows, it's fairly easy to remove all the preloaded programs. On my last phone (sidekick 4G) had so much preloaded junk and so little ram, it was constantly getting stuck for 10-15 seconds while loading / unloading swap files after exiting apps. I rooted it, got rid of about 10 useless apps and it solved all the phones problems. If they somehow lock down the android phones and remove root access, they need to also require all preloaded apps be removable.

To install linux.

[Robert Frazier]

I have linux installed on my Asus Fonepad side by side with Android, allowing me to turn my phone/tablet into a nifty little netbook (using a bluetooth keybord). I like having a full LaTeX installation available, if I want to do some writing. It isn't clear to me that I could do this without root (especially if I want to run services on privileged ports). If I can't do this with Android 4.3, I will have to rethink upgrading to it, when it becomes available.

Best wishes,
Bob

permissions on Android are frustrating

[stenvar]

Every release, the folks at Google decide that some other capability needs to be restricted, and some useful utility breaks. In 4.2, you don't seem to be able to enable airplane mode from third party widgets anymore, for example. Google really needs to introduce a class of trusted privileged applications that can do stuff like that. If Google doesn't do anything about this, I'm going to switch to something else because it is getting really frustrating and annoying.

Everyone just stay calm and....

[JayRott]

Move along, nothing to see here. https://plus.google.com/100275307499530023476/posts/aYgumDrwA1d [google.com]

We've been here before

[rs79]

Pretend you used unix from the start and the web comes along decades later and you have your stuff set up all nice and lo and behold all seventeen web pages work and nearly 700 people a year look them and next thing you know your buddy wants his bread clip collection to have it's own home page and your girlfriend's friends wants to put an anthology of lesbian vegan poetty online so you go fuckit and cut and paste their stuff up then that want to update it themselves so you show them vi wish them the best of

Re:If no root, no Android. FirefoxOS anyone?

[barlevg]

You missed the point--he's saying that root access might one day no longer be necessary, not that it'll become impossible to root an Android device.

Re:If no root, no Android. FirefoxOS anyone?

[Dracos]

Root will be nesessary until the carriers allow us to freely uninstall their bloatware, and other useless/quasi-hostile junk (for me, that means facebook).

Re:

[Pioto]

Root will be nesessary until the carriers allow us to freely uninstall their bloatware, and other useless/quasi-hostile junk (for me, that means facebook).

Good news! You haven't needed root to do that for a Long Time now. You can just click the "Disable" button in the app's details page, or drag it to the trash can from the apps drawer, and it's disabled. Sure, it's taking up a few MB of space on your system image, but, "oh well." At least, this is certainly true on any Android 4.x device I've owned.

Re:If no root, no Android. FirefoxOS anyone?

[Anonymous Coward]

Good news! You haven't needed root to do that for a Long Time now. You can just click the "Disable" button in the app's details page, or drag it to the trash can from the apps drawer, and it's disabled.

Bad news! You can only disable apps that your carrier has decided that they want to allow you to disable.

Re: If no root, no Android. FirefoxOS anyone?

[corychristison]

Don't "buy" your phone subsidized through your carrier? I just bought two Nexus 4's right from Google and switched carriers. No contract _and_ got a 10% discount on my bill each month by bringing my own device.

To be clear I live in Canada, and just switched to Telus.

Re:

[gagol]

Telus... I hope your billing will be more fair than mine. After signing up for 85$ monthly plan, it quickly jumped to around 300$ a month...

Re: If no root, no Android. FirefoxOS anyone?

[GigaplexNZ]

It's not just carrier bloatware. The Galaxy S4 comes with some Samsung junk that can't be disabled either, for example.

Disabled does not mean forgotten

[thegarbz]

Disabled does not mean forgotten. I had heaps of apps disabled on my phone. Yet once or twice a week I would get a Google Play notification to update [insert disabled and unused app].

I would be happy if they were just taking up space on my phone but as it is they annoyed me every other day.

Re:

[TheRaven64]

You can disable automatic updates for these as well. It isn't done automatically, which is a piss-poor UI from the perspective of the end user, but understandable given the layering of Android. App stores are not part of the base Android install, but the system preferences UI (where you disable applications) is. It is not aware that the app store that you are using will automatically try to update apps that are installed, because that is a higher layer in the stack (it is typically Google Play, but it mi

Re:If no root, no Android. FirefoxOS anyone?

[Anonymous Coward]

Good news! You haven't needed root to do that for a Long Time now. You can just click the "Disable" button in the app's details page, or drag it to the trash can from the apps drawer, and it's disabled. Sure, it's taking up a few MB of space on your system image, but, "oh well."

Good news, I just took a dump on your doorstep! Don't worry though, you can just throw your doormat over it. It will still stink, but "oh well"

Re:

[L4m3rthanyou]

It's kind of a moot point. If the system is that badly "infected", you should probably replace the rom anyway.

On my aging Gingerbread phone, I used root to delete the OEM bloatware- Facebook, Amazon, NFL Mobile, etc. A few months later, an OTA update rolled out, and it threw a shit fit because the pre-installed crap was missing. Fortunately I had backups. Now I use Titanium Backup's "freeze" feature to disable (and prevent execution of) apps while still keeping them installed/updated.

Re: If no root, no Android. FirefoxOS anyone?

[corychristison]

You don't need root to image a new ROM. You need an UNLOCKED BOOTLOADER. Two completely different things.

Re:

[TheRaven64]

There are several reasons for wanting to uninstall stock bloatware:

• To free up the flash space it takes.
• To avoid the UI clutter of having it visible.
• To reduce the attack surface by reducing the amount of executable code available.

The current Android model does not address the first of these, but it does address the next two. None of these applications installs shared libraries (Android applications can't install shared libraries that are visible to other apps) and they can only be launched either expl

Re:

[aztracker1]

For me, the killer feature for rooting early on was wifi tethering.. in my G1 it was necessary to root for a lot of functionality... my N4, I haven't felt the need to root at all, and it includes tethering (though I tether to my laptop via bluetooth, the same rules apply)

That's the #1 item on the list

[raymorris]

That seems to be the #1 item on his list of "things that need APIs before root is unnecessary.

Re:

[Inda]

I've had some sucess with installing Go Launcher, using that to uninstall bloat, then uninstalling Go Launcher.

No CSIM in USA

[tepples]

Or you could try supporting the concept of non-carrier devices by purchasing Nexus devices at "full price".

Good luck doing that in the United States if you happen to live where T-Mobile has poor coverage. CDMA2000 carriers in the United States don't use CSIM.

Re:

[lowlymarine]

AT&T does though, as do a number of MVNOs and a couple of local carriers like Cincinnati Bell. Yes, AT&T is stupidly evil, but I'd argue no more so than Verizon, and at least they're GSM/UMTS.

Re:If no root, no Android. FirefoxOS anyone?

[dc29A]

I don't care if I don't root my phone until I can write to the hosts file.

Re:If no root, no Android. FirefoxOS anyone?

[icebike]

You missed the point--he's saying that root access might one day no longer be necessary, not that it'll become impossible to root an Android device.

Exactly.
The reason people root phones is to get around arbitrary restrictions imposed by the carriers or the manufacturers.
Remove those restrictions, by providing APIs that allow users to do every legal thing, and virtually all reason to root disappear.

When you can remove bloatware, change carriers, bypass carrier restrictions, change the UI, and maybe even change the OS, all without requiring root, what would be the point of rooting?

There will still be those who will root simply because they can. These are the same kids that always ran their Linux machines at root because they were so 133t.

Re:

[kangsterizer]

Yeah using linux on your machine makes zero sense!
Having the freedom to use any os on the hardware you own makes zero sense!

Nice thinking there.

Re:

[Dog-Cow]

At least he's thinking. You apparently have decided to forego the process.

Re:

[polyp2000]

I think he was referring to kids who run their linux machine as root as oppose to badmouthing linux in some way. We've all done it at some point and learned the pitfalls in the process. N.

Re:

[TheRaven64]

If you expose every single thing that requires root to non-root users, then there is no distinction between root and non-root and so root is unnecessary. Very few people, for example, feel the need to enable root on OS X, but since normal users in the administrator group can sudo with their password there is no need because they can do anything that a root user can.

If, however, you expose some subset of what root can do to normal users, then you are always going to find some users who need to do some of

Re:If no root, no Android. FirefoxOS anyone?

[Pioto]

You missed the point--he's saying that root access might one day no longer be necessary, not that it'll become impossible to root an Android device.

Yes, this. You shouldn't root your device "just because you can", which seems to be the mentality some people have. It greatly increases your attack surface for security vulnerabilities. I'm certain that the ability to root will stick around "forever", but for most people having a well thought out API which allows separation of privileges is going to lead to better results.

Re:

[aztracker1]

What bugs me, is the likes of Twitter and Pandora asking for every privilege under the sun. I'm sticking with a prior version of twitter for that reason.. it will suck when I have to change out phones again. I don't use most games for the same reasons... it's wrong on so many levels. I wish I could remove privileges from installed apps, like you can with facebook "apps" (setting their posts to only visible to you, etc)... at least then you could work around the crap/spyware.

Re:

[gnoshi]

Check out XPrivacy [github.com]. Of course, it requires the Xposed Framework [xda-developers.com] to be installed. Which requires root.
Or, of course, the Privacy Guard on the new CyanogenMod 10.1 builds, but which requires CyanogenMod.
Or OpenPDroid, but that requires patching your rom.

Re:

[andydread]

It looks like that problem is solved [techcrunch.com] in Android 4.3

Re:

[dinfinity]

It greatly increases your attack surface for security vulnerabilities.

As far as I understand, 'rooting your Android phone' generally allows elevation to root privileges, access to which is handled by an SU-application. That means that if you never allow anything to have root privileges, you face no increased risk at all.

on purpose, or the system, or a rogue app

[raymorris]

If nobody and NOTHING ever calls sudo, yeah.
Don't assume that all calls to sudo are you doing it on purpose. The risk is that malware could use sudo.

By way of comparison, Windows is somewhat similarly "secure unless you allow something to have elevated privileges". Compare that with a write-once DVD live system, where there is no such thing as altering the system.

Re:

[dinfinity]

You obviously have no experience whatsoever with a rooted Android phone. Even if malware were to call the su-application, the su-application would still prompt the user asking for privilege elevation. Now if that su-application is exploitable and the prompt can be avoided by malware, then that would be a pretty bad security risk.

Re:

[raymorris]

Presumably if you root your phone, you'll at least check to see if it works. So at that moment you're expecting the prompt. When sudo is launched, that's when the malware requests root. That's one method. Another method is to use a video overlay to put a benign looking button on top of the prompt. As an overlay, the benign thing isn't clickable, the user is actually clicking on the hidden sudo prompt underneath.

Before assuming I have no experience, Google my name. Note you're also implying Steve Kondrick

Re:

[dinfinity]

You have no idea what you are talking about, do you?

Re:

[fuzzyfuzzyfungus]

You missed the point--he's saying that root access might one day no longer be necessary, not that it'll become impossible to root an Android device.

It sounds like Android is busy reinventing the wheel. "Root", in ye-olde-user-account-whose-powers-are-above-all-others-and-limitless, is something that (at least optionally), UNIXlikes have been picking away at (precisely because it is a big, gaping, unbelievably-non-granular, security problem) for years. You've got your conceptually simple mechanisms like OpenBSD security levels (once you elevate, suitably marked files are immutable, period, until the system is brought down) and your fairly-seriously-hair

Re:

[maccodemonkey]

You missed the point--he's saying that root access might one day no longer be necessary, not that it'll become impossible to root an Android device.

Well, it sounds like he's saying a bit of both...

"Prompted by the addition of new security features in Android 4.3 that limit the effectiveness of elevated privileges..."

Obviously it doesn't sound like root is dead right now, but it does seem Google is taking measures that could lead one to think they might lock it down more completely in the future.

Re:

[kangsterizer]

Yes/No.
It's a classic argument. Next one will be "nobody uses root so lets make sure its never possible to root the device"... and bang, that's the point.

Expect thats the current defacto way to get full device access. The APIs that "replace" what "root is used for" give you only very specific access, not full access like root currently does.

Wi-Fi-only devices

[tepples]

So the only people who will need it will be the carriers and NSA.

Wi-Fi carriers such as cable and DSL ISPs typically don't provide a subsidized tablet. Nor do cellular carriers outside North America and maybe Japan. So what do "carriers" necessarily have to do with rooting, especially with rooting a Wi-Fi-only device?

Re:If no root, no Android. FirefoxOS anyone?

[citizenr]

what hardware? there is NO HARDWARE - thats why its on igg and not kickstarter (rules prevent vaporware)

Re:

[GNious]

Perhaps get a Jolla instead?
http://www.jolla.com/ [jolla.com]
Yeah, I've already pre-ordered mine...

Re:

[SuricouRaven]

The site doesn't actually say what a Jolla *is*. Some sort of compact tablet?

Re:

[Nerdfest]

The first thing I noticed when upgrading to 4.3 was that my ad-blocker that works by altering the hosts file no longer works. That's one thing I'm sure Google would love to see people stop doing. I'm sure it's fixable with some new SELinux rules, but I haven't looked into it yet.

You said hosts file. Are you trying to summon him?

[tepples]

The first thing I noticed when upgrading to 4.3 was that my ad-blocker that works by altering the hosts file no longer works.

So Google is blocking one sort of APK, namely use of the hosts file as a crude DNS blacklist. Does this means we're soon going to lose another sort of APK, namely loading applications from unknown sources? Or am I clanging [wikipedia.org] again?

Re:

[CastrTroy]

I can't believe that ad networks haven't figured this stuff out yet. Instead of serving up ads using a domain name, just serve them up by pointing to an IP address. Sure you could start blocking whole addresses, but then you risk blocking a useful service as well, especially if you plan on blocking Google's ads. Or you could proxy them through a script on the actual website so you can't tell the difference between the actual content from the webpage and the ads shown on the web page. It would be pretty ea

Re:

[segin]

AdBlock Plus on Android can function as a system-wide HTTP proxy on non-rooted devices, or as a 'iptables' front-end on rooted devices. And I believe it's use of iptables is rather advanced.

Re:

[oreaq]

Adaway works fine on my rooted 4.3 galaxy nexus.

Joystick API

[tepples]

According to how I understand the summary, Google or an Android distributor would be responsible for "providing additional APIs and extensions to the user", such as adding Dual Shock 3 support to Android's existing joystick API.

Re:

[Skapare]

Warning: SPAM link in parent.

Re:

[gagol]

If it was not for you replying to his post, I would not have seen it. Comment is no substitution for moderation.

Re:

[icebike]

be gone spammer.

Re:

[tepples]

You could always test on a few hardware versions representative of the range of devices you're targeting, including one stuck on 2.x, along with the official emulator.

Nexus: Collect all four

[tepples]

You can build a representative sample from a used Nexus One, Nexus S, Galaxy Nexus, and Nexus 4 for fairly cheap. Or you can take advantage of the device diversity of your team of beta testers who brought their own devices.

Re:

[Tr3vin]

As an Android developer I can tell you that switching versions on a device is not provided by root access. Root gives you access to all of the system while the phone is running. Getting a different version running requires an unlocked bootloader. For example, on my Nexus devices I first do a "fastboot oem unlock" to unlock the bootloader, then I can use fastboot to send any version of the OS I want to the device. It gets tricky on more locked down devices, but the same basic idea still applies. You need to

Re:

[Tr3vin]

Since when does flashing a new image actually require root? We have several devices at work that are used for testing. None of them are rooted and yet we can upgrade / downgrade because the bootloaders are unlocked.

Re:

[segin]

On a number of devices, you cannot flash a new recovery from 'fastboot'. You must use a special OEM flashing program to flash partitons (which then leaves an god-awful reminder of your "sin" of non-OEM software every power up in the form of an annoying yellow warning triangle on your firmware splash) or you must manually flash the firmware with 'dd'. If you don't want your device reminding you that you've voided your warranty on every power up, then root access is needed to 'dd' the recovery.img to the corr

Re:

[tepples]

If given the mutually exclusive options of A. full control of their own hardware or B. access to major studio movies, what will most home users choose?

Re:

[segin]

B needs to have "legal access" or "officially sanctioned access", not just "access". There's plenty of illegal and/or unsanctioned access to major studio movies available with option A. (If you are wondering how that's an "and/or", consider the point of ripping one's own DVDs to a DRM-free, neutral format to play back on their phone. Legal, but unsanctioned.)

Re:

[c0d3g33k]

Steve Kondik said what he said - we shouldn't put words into his mouth. You're talking about my speculation about what this kind of approach ultimately means.

You're missing the big picture. In order to design API's or extensions that remove the need for elevated privileges for certain use cases, you need to know what those uses cases are. So you can, you know, design for them. This is the antithesis of unanticipated.

The point of administrator privileges on a system you own isn't to facilitate a set of s

Re:

[c0d3g33k]

Sorry, but you're not making much sense and don't quite seem to understand how operating systems work. If this mythical "totally safe because it limits root privileges but not really limited because you can do all the same things as you used to do with root" API you describe existed, it would be functionally the same as what currently exists. Wrapping the system in an API that allows you to do officially sanctioned 'useful' things (things that have been designed into the API) but protects you from all the

Re:

[c0d3g33k]

lesuth? Oh, you troll, is that you, you forked tongued devil? I applaud your efforts. I fed you once - are you still hungry? Sorry, other than this small treat, I have no more because your comments are devoid of meaningful content, and I require meaningful content to justify fetching you more treats. Dorothy and Toto would undoubtedly agree with me. Toto totally wants your treats. He'll be coming around to collect them when he's finished traveling to 1984 in his time machine to deal with Big Brother

Re:

[c0d3g33k]

Dude (or Dudette), you are so much fun!

Oh, Slashdot, how many years I have read thee... How many poignant articles I have digested!

Not very many, based on your ginormous UID, n00b. :-)

Thanks for that last reply of nonsense - ranks right up there with the theory. :^)

You're quite welcome. This place is too much fun to take seriously. But you're still borderline incoherent. You need to elevate your troll-fu. Or ease up on the ethanol a bit, clever lad. Your trolling will be much more effective if you can simulate a serious commentor. Your babbling is much less clever than you realize. But kudos for hanging in there and giving it the old college try.

If you were actually serio

Re:

[c0d3g33k]

Thank you for the entertainment. Why settle for a concise argument on the topic at hand when a flurry of semi-relevant sentences will do. You, sir, are the master of trolls. Or lawyers. Blessed be you and your kin.
I must leave you now. Good night.

If Google plays fair with Android

[nurb432]

I don't think its a Google problem, its the carriers.

Re:

[techno-vampire]

Do you not know just how crap open-source drivers prove to be, when a manufacturer provides enough technical info to allow such to be created?

Yes, as a matter of fact I do. I have a Toshiba laptop with integrated Intel graphics that runs Fedora 19 with Xfce and Compiz. It works very well, TYVM, with no need for proprietary video drivers.

My desktop has nVidia graphics, and uses the same desktop and Compiz. I use the binary drivers as re-packaged for Fedora only because the OSS nouveau driver isn't qu