Mac OS X vs Linux: Third Party Software and Security
Yesterday’s Mac OS X vs Linux on the iPhone and Mobile Devices presented some of the similarities and common ancestry between Linux and Apple’s Mac OS X.
The biggest difference between Linux and OS X in mobile development is that OS X is only available to Apple. For open source advocates, this raises issues about freedom of control, access to code, and the development potential available to third parties. Foes of both platforms have also raised alarmed concerns about security.
How will the iPhone running OS X compare in a world of mobile phones running established platforms with open, third party support? All panic aside, there are several misconceptions to expose on the subject.
More Absurd iPhone Myths: Third Party Software Panic presented the pitiful state of third party software on other mobile platforms, particularly the aging Palm OS and the joke that is WinCE / Windows Mobile. What about Linux?
The Standard Soup Prepared by Linux Mobile’s Many Chefs
Various mobile phone manufacturers working with Linux have tried to create a standard mobile platform. In June 2006, Motorola announced joint plans with NEC, Panasonic, and Samsung to create a partnership for standardized Linux mobile development.
Motorola's Christy Wyatt explained, "While Linux itself is an open kernel, platforms from handset maker to handset maker vary. And when you look at building an ecosystem of suppliers and developers, it is difficult to support individual Linux implementations. Pulling resources from multiple companies to develop a common platform makes Linux more compelling."
Just last month, the group announced a new Linux mobile group called the LiMo Foundation, along with Japan’s NTT DoCoMo and Vodafone. LiMo intends to maintain a single mobile phone software platform based on the Linux kernel. LiMo’s code won’t necessarily be openly available under the GPL, however.
As is typical in the world of Linux, there are so many standards to choose from. Open Source Development Labs began its own Mobile Linux Initiative in 2005, involving MontaVista, Wind River, and PalmSource.
MontaVista develops the Mobilinux distro that Motorola has been using in its phones. PalmSource maintains its own ACCESS Linux Platform.
The next month, PalmSource and MontaVista introduced LiPS, the Linux Phone Standard, intended to "standardize Linux interfaces so that higher-level software won't have to be customized for each variation of the open-source operating system appearing in different cell phone models."
In August 2006, Trolltech announced its own Greenphone project, which hopes to create interoperable mobile applications for Linux based upon its Qtopia phone platform, launched in May of 2004. Motorola uses Trolltech's Qt platform in its Linux phones, but not Qtopia.
All the standardization on Linux is so diverse.
Even Linus Torvalds, who still manages development the Linux kernel, disagreed with MontaVista on how mobiles should use Linux, particularly in regard to how changes to support mobile use could be accommodated in the Linux kernel.
Today’s rival mobile Linux platforms are starting to look a lot like commercial Unix in the late 80s and early 90s. The Unix Wars between AT&T and Sun’s Unix System V R4, and other vendors aligned behind the OSF, ended up fracturing Unix just as Microsoft was releasing its new Windows NT rival.
How does the array of rival sub-platforms on Linux relate to third party software? So far, neither open community development nor third party development of mobile applications is exactly as free and open as one might expect.
Third Party Software Panic, Linux Style
Motorola, the second largest mobile maker, appears to be the largest Linux mobile developer. In 2003 Motorola announced plans to focus its smartphone development on Linux after leaving the Symbian partnership.
By the middle of 2006, Motorola reported having sold 5 million Linux-based phones. However, most of its Linux phones are targeted for the Chinese market, and are nether open to community development nor are they open to free and unrestricted third party software development.
Motorola's efforts with Linux are similar to Apple's with OS X: for Motorola, Linux is simply code that is already freely available and ready to use. Motorola is not using Linux to participate in a group development effort.
Linux users have reported frustration at both obtaining GPL source code from Motorola, as well as the company's reluctance to incorporate software changes submitted from outside developers. Linux users were also disappointed to find that Motorola has no plans to support native Linux applications on its phones.
The LiMo Foundation that Motorola recently help unveil, while using the Linux kernel, isn’t a GPL-style Linux development effort. Instead, the group says its “contributors may include code under proprietary licenses on the grounds that they offer copyright and patent licensing on non-discriminatory terms.”
Further, LiMo’s intellectual property policy states that “Only members that have completed a self-certification demonstrating the implementation of adequate security mechanisms and procedures, and their contract developers, will be permitted to access the source code licensed and contributed under [a commercial] license."
According to a LinuxDevices interview with Motorola's Chief Architect of Mobile devices Mark VandenBrink, third party application development on Motorola’s Linux phones is limited to the phones’ Java VM environment, "due to carrier concerns about network health, security, and interoperability."
Provider's concerns about ‘unrestricted software running on phones connected to their networks’ was the same reason Apple cited for managing third party development on the iPhone. Apparently, there are security issues related to giving out unfettered access to a networked system. Who would have guessed that?
Apple iPhone Security Panic
Certainly not the analysts who are all dramatically spewing their coffee over Apple's lack of open, unrestricted third party development, while at the same time insisting that the iPhone should be banned for fears of grave security problems that should cause uncertainty and doubt for corporations. Which is it?
Analysts have conjured up Code Orange threats posed by employees--probably religious Apple kooks--who may copy files to an iPhone and then abscond with them, or even wirelessly send them somewhere nefarious using WiFi or possibly telekinesis.
Grand master wizard of Pro-Microsoft advice Rob Enderle, in his Dark Reading column repeatedly referred to the iPhone as damned, suggesting that it’s not just regular crazy-Apple-religion involved this time, but a serious new supernatural antichrist-type threat best solved by blinders and a proactive book burning.
Is security a magical risk that only applies to storage devices made by Apple?
Nobody has alerted the press to the fact that WinCE devices can be used to copy files. What about Hotmail? From inside any top secret corporation, I can connect via the Intarweb, attach a top secret file to my email, and have it whisked through Microsoft's server directly to the Enemy. Should we also ban WinCE and Internet Explorer? Think of the children.
Perhaps self-styled experts like Enderle are all just blowing smoke in the direction they like to blow it.
Code Signing
The simple fact is that community developments such as Linux are good at providing free building blocks for others to use. Community development does not create secure systems when anyone can control and change anything about the system once it is in operation, however.
Motorola's strict limitation of third party apps on its Linux phones is not unparalleled. Since 2005, the Symbian OS has similarly provided a platform security module supporting mandatory code signing.
That's just like Apple's code signing on iPod games, and Microsoft's code signing of games that will play on the Xbox. Essentially, it means that software has to be authenticated with an approved signature before the system will run it.
In the case of the Xbox, signed code is designed to kill any market for Linux or other free software running on Microsoft's loss leader hardware. Use of code signing by Symbian and on the iPhone relate to securing software running on a network client, software that could deliver malware, adware, or other security threats.
If researchers are stumbling all over themselves to find obscure flaws in Mac OS X now, imagine their delight in finding some actual exploitable flaw on the iPhone.
Symbian has already been bitten by a few malware outbreaks, including trojans like the Cabir worm, which tries to propagate itself using Bluetooth and attempts to install itself on other Symbian phones.
Fitness for a Particular Purpose
How does the iPhone compare with real products based on the Palm OS, WinCE, Symbian, and Linux? Previous articles have looked at existing phones, and coming articles will look at more. Got experiences to share with a particular phone, or suggestions on what devices to compare? Send them in!
Next Articles:
This Series
|
|
Del.icio.us |
Technorati |
About RDM :
:
Send Link
Reddit
NewsTrust
Saturday, February 3, 2007
