Risks of open source
 

Correct me if i'm making mistakes in my thinking process.

I was thinking about the N900, and that i am not buying it yet, and that is probably the reason i started to gather negative points about the device to relativate, which led me to a thing that i actually found interesting to see others, maybe more experienced developers or programmers, with a better perspective, comment on.

Which is, what are the consequences of open source for a mobile computer connected to the internet and gsm network?

What if there was some evil developer to create a trojan, maybe covered by an application, that slowly uses your Data for spamming or what not.
Or even makes undercover calls? sends out your contacts or text messages to marketing 'baddies'.

edit: request: norton for maemo :D

Re: Risks of open source
 

Those risks are significantly lower by sheer virtue of the code being open source.

EDIT: maemo shouldn't need Norton. ;)

Re: Risks of open source
 

I would be more worried about an application I can't see the source code of.

Re: Risks of open source
 

The risks you describe are not in open source applications but in closed source ones. Should someone create open source malware, other people could spot the bad stuff in the source code. With closed source you don't know what is going on in there.

Re: Risks of open source
 

No more or less than connecting any other Linux-based platform to the internet. Security is a process, one that many vendors take seriously.

Being closed source provides zero protection, as we have seen time and time again.

You suggest this as a what-if for Maemo, when it is a "case in point" for Windows. Happens daily. The answer is that -you- should know who you are getting applications from and whether or not to trust your sources.

Most people download and install stuff like crazy and wonder why their systems are slow. They also don't install security patches and leave their systems perpetually connected directly to the internet, and suffer exploits. Users are the cause of, and solution to, all of their computing problems (since beer has little positive effect on printed circuit boards!)

Re: Risks of open source
 

the fact that it is open sauce will protect anyone to some degree -even criminals wanting a secure phone-the reaction to this situation could encourage spyware

Re: Risks of open source
 

As pointed out, if you install open source apps from the maemo.org extras repository, the risk of that happening is insignificantly small.

But of course it should go without saying that installing unverifiable apps from random websites is a bad idea.

Re: Risks of open source
 

It depends on where you get your software. Certainly malware can be written for Maemo and the source code may seem clean but may not match the compiled code. On the other hand, legitimate sites check these things.

Re: Risks of open source
 

2 words

community review

Re: Risks of open source
 

communist review vs community review

Re: Risks of open source
 

That's great, in theory, but the published code is what the community can review, not the binaries. I suspect that, even here, few individuals recompile apps after inspecting the source code.

Thus it is not community review but trusted sites that is the key. Open source allows a trusted site to recompile binaries and verify that they match the developer's compiled binaries. They can also review the code and run it past malware scanners. I would hope that sites such as Maemo do this on a regular basis.

Linux is in no way malware free. It's enough of a problem that there's a Wikipedia article on it with many other articles discussing the particular nasties that have been found:

http://en.wikipedia.org/wiki/List_of...mputer_viruses

Re: Risks of open source
 

I think it can be summarized in this way:
Yes, it can happen with an open-source operating system on your phone just as it can with closed-source. Neither inherently provides you with more or less security, as such, but in the current ecosystem, open-source tend to be more secure because there's a more immediate response to exploits and bugs. This doesn't mean open-source always respond immediately because that's at the whim of the maintainers, but that it has a tendency to do so because those with a need and interest in security will often participate in reviewing and patching and releasing secure code, whereas closed-source software prevents an effective means of having a public and massive effort of reviewing and participating.

In short:
If I care about malware and trojans, first and foremost I should protect myself regardless of which type of operating system I'm running, THEN I'd prefer open-source because OTHER like-minded individuals are protecting themselves as well and I can benefit from that.

Re: Risks of open source
 

The former leads irrevocably to the latter - In the case of Linux users who download a source code 'package' of one sort or another, the application is compiled locally. It's not possible to compile a set of source files and have the result be anything other than the binaries derived from that source code.

The big distro makers pre-compile source packages into installable binaries, i.e. RPMs for the RedHat derived distros, PKGs for the Debian derived, etc. This effectively separates the binaries from the compilation process that produced them, so a higher degree of trust is needed on the part of the end user. Most distros demonstrate their trustworthiness by digitally signing their binary packages using GPG or some other key-pair type scheme, making it easy to determine if a binary package has been tampered with or not.

There are a relatively small number of entities such as Adobe (Flash, AdobeAir), CyberLink (PowerDVD for Linux) and some others I can't think of as I type this, who only make binary versions of their software available. They are effectively saying to their end users, "We refuse to show you any evidence that this software is benign in terms of the security of your system and/or data. You'll just have to trust us".

Finally, the security model in Linux is diametrically opposed to that found in many version of other widely used operating systems. The Linux way is that the default user access is always non-administrative, making accidental or deliberate tampering at system level more difficult. The other (OK, I'll say it, the Windows) way is that users by default have free rein over the majority of the operating system. It is this fundamental difference in approach which makes Windows-based malware relatively easy to write. The greater deployment footprint of Windows compared to Linux or MacOS ensures that malware can spread more easily too.

I have spent almost 10 years deploying and maintaining Linux in ISP data centres for both infrastructure and managed/colocated hosting purposes. In my experience, the usual chain of events is that malware gets onto a server as source code, is compiled locally, exploits a vulnerability elsewhere in the operating system or the packages provided with it to gain root access and then begins to do it's dirty work. Particularly for web servers, having /tmp as a file system on its own partition, mounted with noexec, nodev and nosuid flags set, and changing the permissions on the gcc binary to make it executable only by root, will greatly reduce your exposure to most of the more common Linux exploits currently out there.

Re: Risks of open source
 

For me, a risk is lack in polish in applications leading to customer frustration or dis-satisfaction.

Re: Risks of open source
 

People have explained that open source computer environments are much less prone to these things than close source ones. Just look at the number of viruses, trojans, keyloggers etc. for Windows (hundreds of thousands), compared with the number for Linux (very few, but not zero).

That said, I have seen two compromised Linux servers in my career; it does happen.

But the smartphone world is a little different.

Unlike a laptop or desktop, closed source smartphones are quite restrictive about what you can install. So you're not as likely to install malicious software on a closed source smartphone, compared with a Windows desktop, simply because you aren't allowed to: the only things you can install are "approved".

Whereas on Maemo, you have freedom to install any old junk, and the temptation is surely there to install things you haven't compiled yourself...

We rely on the community to check things, and for the most part, it does. We also rely on distributions, in this case Maemo and Maemo-extras, to check things and often to ensure the source matches the binary. Amd, when something is found out, if you are updating regularly, there's a good chance it will be fixed quickly.

The same applies to closed source: with their app-approval processes, that provides a similar kind of checking.

But a major difference has to be on Maemo you can install anything, from anywhere, if you are stupid or if you are tricked into it. With closed source smartphones, that's harder.

It has been said that Linux is inherently more secure than Windows, by design. But it's also been said that Windows has so many malicious programs because of user culture / knowledge / security practices, and simply because it's the more popular platform so it attracts malicious software writers, which combined with the ease of cracking it, tips the balance strongly in its favour.

N900 looks quite a tempting target, if it gets a huge amount of users.
But it is developed by people who are quite security conscious, and a community which is also conscious of such things.

So it remains to be seen which smartphone gets the first virus making premium-rate calls in the background...

Re: Risks of open source
 

Well sure. You're limited inherently in what you can do, but that doesn't in any way make it a good thing. After all, you really only have a handful of options:

- Apple's method, where no apps run without Apple approval
- Symbian's method of tiered access
- Maemo's method, which gives the owner total control

Well yes, if you download and install things blindly like most windows users you will end up with one or more malicious bits of software in your system. That's the price of being irresponsible.

Trust is very important. It's what open source and pretty much every distro is built upon.

Do you know they perform that kind of checking? How do you know that app you just installed isn't subtly snooping on you? The few that have been accused of it were all caught by people -after- it had been on the store for a while.

"With great power comes great responsibility!"

It inherits from 30+ years of UNIX design philosophy. It can't solve the problem of PEBCAK nor should it try. The only way to do so is to strip the user of all power, which is quite nasty and why Stallman started the FSF.

Any software with a large, mostly ignorant user base is open to exploitation. This is why education in technology and modern forms of communication need to be a lot better. Computers are far too powerful to be left as a black box, and far too useful to be turned into a locked black box.

So if you feel that installing everything you see on the internet is a good idea, no matter how questionable the website or dubiously useful the utility, then by all means avoid the N900. If you're prepared to be a little responsible and practice safe computing (it really is a lot like what you're thinking, I know) then you can enjoy a far more powerful device than most without trouble.

Re: Risks of open source
 

With Android users can install applications outside the marketplace.

With the iPhone you can install applications outside the store if you jailbreak it (or go through that weird sharing thingy that you can only distribute to 5 people?). I think there was also recently a thing where a developer of a popular iPhone application was caught taking phone #s or something (I didn't read much into it).

Re: Risks of open source
 

If tomorrow everyone were to wake up and start using Linux instead of Windows, Linux would probably not be up to the task of defending itself against the deluge of hackers that would switch over from exploiting windows.

I quite frankly doubt the internet would survive this period in its current form.

Within a year, though, you would probably find that Linux had fully recovered and was in a slightly better position, security-wise, than Windows, for the sole reason that there would just be more people working on it than Microsoft can afford..

Re: Risks of open source
 

Then you end up with fun incidents like the guy who guessed the default root password on jailbroken iPhones and left all of them a message. Nice little security hole, that one.

They were apparently snatching the numbers from the phones in the free version, and calling them to try and sell the full (paid) version.

Re: Risks of open source
 

It already has enough of an install base that it's under fairly heavy, constant attack. The majority of Windows' problems stem from the user base, which (as I noted before) doesn't install security patches and basically suffers from PEBCAK. Nothing can solve PEBCAK without treating the user as the enemy.

Re: Risks of open source
 

The thing about the ssh hole is that alot of people jailbroke their phones without understanding what the process did. Anyway that knowingly installs ssh usually will realize to change your password (or disable password authentication) and use keys. I believe that's more dangerous then an inherently open system (as long as people are willing to learn.. that seems to be the issue these days).

Re: Risks of open source
 

Linux is already defending itself well, as the arguably dominant operating system behind web servers (and that is more or less true for the entire history of the Internet).

"Forty percent of servers run Windows, 60 percent run Linux," he said. "How are we doing? Forty is less than 60, so I don't like it. ... We have some work to do."

–Steve Ballmer, Microsoft CEO (September 2008)
http://www.pcworld.com/businesscente...to_google.html

Re: Risks of open source
 

Anti Virus software nowadays rather deals with all kind of malware such as spyware and trojan horses. Such tools (both pro and anti) also available for *NIX. The problem is that 1) people misconfigure software 2) install software from dubious sources 3) software is left unpatched.

Problem #1 example: SSH server on iPhone. We can deal with by proofreading our documentation. That is, we proofread our own and each others' information. Our posts on t.m.o, wiki, mailing list, and so on. Already happens btw, but there is no data available how severe this problem is in Maemo community.

Problem #2 example: are many, but cannot think of one. Is harder to deal with because its the user's fault. However because we have signed packages, and because those who upload packages use their real name, the problem is less severe. Because of open source software widely available we don't depend on closed software or warez. More advanced security layers like capability-based security and DRM probably increase quality of this in Maemo 6.

Problem #3 example: Adobe Flash, Gecko. Is less severe when one runs popular open source software although the less popular flies under the radar anyway. A) If this platform is to survive it needs support for the software, and that means bugs in for example Gecko must be patched ASAP by upstream. That means Nokia. In the past they neglected this, but I believe now they will deal with this correct. B) In case of community-based software, like for example OpenSSH, you're entirely dependent on the package maintainer and their upstream provider and this is one of the reasons Nokia provides no warranty on this software. If there is a market for such a third party could provide a software repository for Maemo for a fee, with support contract corporate users (SLA, blah, enterprise). More likely, is that corporations will deal with this in-house/internally. While one is right to describe this as a risk, question is whether commercial support for proprietary applications is better than community support for open source applications. I don't believe either one is better, it just depends very much on involved factors.

Re: Risks of open source
 

Or Debian's OpenSSH key debacle. In both cases it was due to package maintainer's fault instead of upstream. Because when installing the software, the system should by default protect the user and only at their explicit authentication do something Very Stupid (like enable a user account with default username/password; pathetic this still happens TBH!). If the method user uses to do this something Very Stupid is one of the normal pathways it'll warn. Like for example, the user installs the SSH server package. But if the user takes different paths, say compiles and installs their own SSH server or plays with /etc/pam.* then that is their responsibility. The difference between Maemo and Symbian, is that Symbian would only allow signed binaries, and that these binaries have several capabilities defined which a user is reasonably able to understand. Linux, and *BSD, can provide something akin to this but the OSes were not designed from the ground with this design in mind. We have some Brainstorms related to this issue btw, and Nokia has some plans too for Maemo 6. See wiki page Maemo Security.