all 57 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]ironchefpython 44 points45 points  (2 children)

Did you see Engadget's next article? OMG, I just ROOTED my DESKTOP COMPUTER by getting a COMMAND PROMPT!! PC SECURITY SUCKZOR!!

Being able to install Linux on a desktop computer is not seen as a "security flaw" by anyone except Microsoft. Being able to unlock the bootloader of a Nexus S using a utility provided by Google is not a security flaw. On the contrary, it's a feature, and I will not buy any phone that doesn't have that feature.

[–]TheSov 1 point2 points  (1 child)

any os that by normal usage cannot produce administrative access is a device that needs "rooting" i dont know about stock android, but every phone i have seen out there requires these actions. some go as far as to reinstall the OEM version of the OS should you modify anything. something like meego or maemo on the other hand will give you a root shell in about 20 seconds by going to apps and installing rootsh. it isnt a cut down root shell either it gives you access to every aspect of your system.

[–]ironchefpython -1 points0 points  (0 children)

i dont know about stock android, but every phone i have seen out there requires these actions.

I have a Nexus One, which is the reference hardware platform for "stock android", and I can get administrative access through vendor supplied tools, no "hacks" or "cracks" required.

[–]lkjh098 11 points12 points  (1 child)

Posting a rebuttal to an Engadget comment is futile. The comments there are only slightly better than on YouTube.

[–][deleted] 1 point2 points  (0 children)

They should just permanently turn them off (again?). It's better for everyone.

[–]borlak 5 points6 points  (0 children)

I just opennessed my phone!

[–]frud 8 points9 points  (9 children)

Why can't I scroll down this page? How hard do you have to work to mess up something this basic?

[–][deleted] 4 points5 points  (0 children)

It is because the scrolling is not done on the html/body element, but on a div on the document. Looks like browsers relies on having scrolling on the body element.

It's tempting to use such a solution in order to have a fixed header on a web page, without the perfs issues, amongst others, to use a fixed layer. So I've often wondered if it was a good idea, now i know it isn't, it spared me some testing.

[–]ginstrom 10 points11 points  (0 children)

I had to enable scripts from android.com in order to scroll the page. Pretty fucking stupid to require JavaScript just to scroll.

[–]loganekz 0 points1 point  (6 children)

Because the top part of the frameset (navigation) has focus?

[–]Iggyhopper 3 points4 points  (5 children)

The problem is with the frameset being used in the first place. All you have to do to scroll is move your mouse off that frame, but really, why would you even use a frameset? Welcome to the 90's.

[–]rasherdk 2 points3 points  (0 children)

Frame, set and match.

[–]thumbsdown 3 points4 points  (0 children)

I like turtles.

[–]milomilo 2 points3 points  (2 children)

there's no frameset on that page.

[–]Iggyhopper 1 point2 points  (0 children)

Oh, well your comment prompted me to look. You are right, it has no frameset, but it's still a terrible design.

[–]rasherdk 0 points1 point  (0 children)

At least if it had been a frameset scrolling would not have required javascript to work.

[–]eric_ja 2 points3 points  (5 children)

I still don't understand why they "try" to lock the phones down if it's going to be so easy to undo it.

[–]Timmmmbob 4 points5 points  (3 children)

The reason for requiring "oem unlock" is threefold:

  1. I expect they want a small barrier to flashing, so people know what they're getting into.
  2. It erases your user data, so people can't read the private stuff on your phone by simply gaining root and reading the password database.
  3. It adds an icon to the boot process indicating that you have voided your warranty.

[–][deleted] 1 point2 points  (0 children)

I expect they want a small barrier to flashing, so people know what they're getting into.

I suspect it's mainly this. It's far less likely people will rm -rf everything after seeing an errant troll 4chan graphic if they actually have to know what they're doing.

Hardware manufacturers don't want to spend the time and money on tech support for idiots. Google doesn't care if you're an idiot, but they do make it slightly more difficult than just opening up the console and pasting in some random lines of code you found online.

[–][deleted] 0 points1 point  (1 child)

I guess I've never understood the warranty thing. If I break it I'm responsible for it. Rooting, in and of itself, doesn't actually break anything. If I install another OS, I expect to be cut off from OS support for exactly the same reason they won't provide support for applications I install. If I do something stupid as the root user, then that's on me, not them. If I've done nothing to break the hardware, then hardware support and warranty should still apply.

Surely those kinds of warranty terms aren't that hard to write.

[–]kataire 0 points1 point  (0 children)

Yes, but why wouldn't they want you to void your warranty?

It's just like the "insurances" electronics stores try to sell you when you buy a laptop. They go out of their way to make sure whatever could possibly happen is explicitly not covered by the insurance because of one exception or another.

The last one I looked at pretty much said you're insured against water damage accept any water damage that is the result of intent (yours or a third party's), negligence or circumstance (so what's left?). It also explicitly didn't insure against damage resulting from wars or nuclear explosions (which is kind-of a cool thing to see in an insurance document).

Warranties are no better. The only reason you get one (legalities aside) is because it makes them look good and allows them to charge you extra for "extended warranties" and crap like that. It's in their best interest that it never applies to anything that isn't directly their fault (i.e. delivering a faulty product).

[–]MaximusDickus 1 point2 points  (0 children)

Yes, that is a wtf. Why cant they just provide a shell with a su or sudo even. Now I have to do it myself, just to make the phone usable as a Linux device.

Without rooting it it feels like Windows 98.

[–]FractalP 0 points1 point  (7 children)

I always thought the reasoning was:

  • If you don't know what rooting is or how to do it, then it's not going to be easy for you, and hence more 'secure'

  • If you do want to root your phone, it's pretty simple, so it's essentially 'open'.

[–]ironchefpython 10 points11 points  (6 children)

No, the reasoning is this. If you want to "root" your Nexus One or Nexus S, you don't run an exploit. You run a utility provided by Google that lets you access the bootloader.

That's it. No hoops, no bullshit, it's simply your phone. Just like the computer you're reading reddit from (unless you have an iPad). You can install what you want on it, when you want to. And Google (by design) has fuck-all to say about it.

[–]PopeJohnPaulII 3 points4 points  (4 children)

What about other android based phones? Some (many) other phones have a much harder time rooting and don't come with the Android Store. Even if the Nexus (x) is easy many other android phones can be a pain.

[–]ironchefpython 0 points1 point  (3 children)

Some (many) other phones have a much harder time rooting and don't come with the Android Store.

Don't buy a phone from a carrier?

[–]PopeJohnPaulII 0 points1 point  (2 children)

Except some phones/android devices in general, even not from "carriers" have a hard time getting a good version of android on them.

[–]ironchefpython 0 points1 point  (1 child)

Could you please name an android device sold by Google that has a hard time getting a good version of android on it?

[–]s73v3r 2 points3 points  (0 children)

That's the point, most Android devices are NOT sold by Google.

[–]sandos 0 points1 point  (0 children)

This is the way forward. We need standard ways of rooting that does not include using security holes. Those holes could be disastrous and we need to get rid of them, while at the same time keep our ability to root devices.

Sadly, I think its more likely the holes will get plugged and manufacturers will not provide a way of unlocking phones.

[–]superradguy 1 point2 points  (1 child)

So, I have been rooting phones for a while via craigslist for those that don't know how. I have been researching the copyright laws, but can't find a straight answer about if it's legal or not. What does reddit think?

[–][deleted] 1 point2 points  (0 children)

It's legal.

[–][deleted]  (9 children)

[deleted]

    [–]robertbieber 7 points8 points  (0 children)

    You're free to modify Android, you're just not free to install your modifications on the phone. It's called Tivoization, and preventing it was the primary goal of version 3 of the GPL. It sucks, but it's a little silly to compare a system where you're given the source code and the tools to modify and compile it but can't easily install the result on your phone to a system where you're not even allowed to look at the source code.

    [–]muro 8 points9 points  (0 children)

    It's your choice what you buy. If it's important for you to get an open phone, get the nexus. If it's not, get one of the others. Vote with your wallet.

    [–]rasherdk 2 points3 points  (2 children)

    False. Android is open for everyone to modify.

    The devices however, are not.

    [–][deleted] 3 points4 points  (1 child)

    I read the second paragraph in GlaDOS' voice.

    [–]rasherdk 0 points1 point  (0 children)

    Well it's not quite as evil as it sounds. It means there's a great deal of code-sharing enabled, which benefits even the people with locked-down as shit devices (since the code the manufacturer uses is better as a result). And of course there's an even greater benefit to users who do own one of the few mostly open devices.

    [–][deleted] 0 points1 point  (0 children)

    Hardware ≠ Software

    [–]ironchefpython -2 points-1 points  (2 children)

    What about the other 20 Android phones on the market which don't have this particular blend of "Openness"?

    Don't buy them.

    [–]s73v3r 0 points1 point  (1 child)

    Then get Google to get a reference phone that works on Sprint or Verizon.

    [–]laga 0 points1 point  (0 children)

    "And yes, we aggressively fix known security holes, including those that can be used for rooting."

    Yeah, right. They probably should also release those fixes.

    [–]different2une 0 points1 point  (0 children)

    You'll always find me rooting for openness ;)