Feeds

back to article Debian Linux, Android share a bed in upcoming distro

A new Linux distribution is looking to overcome the limitations of Debian on ARM, by running both Linux apps and Android apps in native mode. Produced by the group that created the MicroXwin kernel-based X Windows implementation, the VolksPC distribution is designed to give users an ARM-Debian environment that supports Debian's …

Silver badge

"...by running both Linux apps and Android apps in native mode."

If, while they're at it, they also fix the nightmare that is Android permissions and security, they can count me in.

If they don't, well, one of the main reasons for using Linux is security, and adding Android to Linux would totally invalidate this reason.

8
7

android is linux.

It actually appears that they are adding debian compatible libraries to an android distribution.

There, I've bitten.

4
3
Bronze badge
WTF?

what's that?

they also fix the nightmare that is Android permissions and security

Can you specify what this nightmare is? Thanks in advance.

0
1
Silver badge

android is Linux

Yes, but only by strictest definition. Remember that what most people think of as 'Linux' is mostly GNU with a Linux kernel, though most distros fall short of GNU's official standards by letting users choose to run non-free software. You could be forgiven forgetting that considering what a nightmare trying to run GNU without Linux is (good luck making Hurd work for anything more than an interesting side project). Android lacks the GNU part of the normal formula and so is radically different from what most people think of as Linux.

2
0
Silver badge

Re: what's that?

"Can you specify what this nightmare is? Thanks in advance."

From the top of my head:

Lack of fine grained permissions control.

Bugs in some apps allow their data to be accessed/modified by other apps.

Is that enough for you?

2
0
Bronze badge

Who invented permissions transparency?

Is that enough for you?

no, it's not. fine grained permissions How fine do you want those grains to be? Have you heard about SELinux on the latest android?

I mean,

1) apps run under separate uid's

2) (various guid's) permissions that you could see before installing every app. It's been from the day one of Android, it's still unheard of with iOS, which also runs on top of a Unix-like kernel and system. Both Blackberry and WP 8 followed it after Android. Unfortunately, this model have never occurred to Microsoft for the last couple decades, users would have been much safer if it did.

0
0
Silver badge

Re: Who invented permissions transparency?

"2) (various guid's) permissions that you could see before installing"

Apples and oranges, Mr. Eulampios.

The apps you install in Android are -mostly- closed source. The permissions are given in an 'all or nothing' basis, so, e.g. you can't deny an app access to your GPS hardware, your mic or your contacts, even when that particular app doesn't have any conceivable reason to access said elements. Not much transparency here, I'd say.

1) apps run under separate uid's

Which somehow doesn't prevent said apps from leaking data to other apps, as has been already reported in Elreg and other technical forums.

2
0
Silver badge

Re: Who invented permissions transparency?

>>"Both Blackberry and WP 8 followed it after Android. Unfortunately, this model have never occurred to Microsoft for the last couple decades, users would have been much safer if it did."

Who came up with something first is only really relevant to those with a football mentality wanting to show one company is more valid than another, but for what it's worth, this is not comparing like for like. Android was designed as a mobile OS and it's apps overwhelmingly are self-contained. Windows and GNU/Linux are full OSs and it's not really been appropriate to have the same sort of permissions structure. Do we really imagine that a simple structure of "Can access Internet", "Can Send Txt Message", et al. would have worked for UNIX / GNU Linux / Windows / OSX? (Or any other full-blown traditional OS). MS have only introduced this now when it's appropriate with Windows 8 as they broaden the OS to be mobile-device friendly. Also, this is an article about Debian and Android - bringing up Windows just so that you can make some (ill-founded) digs at it is off-topic.

>>"1) apps run under separate uid's"

That's a concession to the UNIX security model. It's not inherently better than proper ACLs and is not a panacea as evidenced by the many security flaws Android has had. From what I have heard, there is a tendency to regard the sandboxing of apps in Android as a strong security measure. It is, but it is also one of the things that means just adding Android support (e.g. Dalvik) directly to GNU/Linux is a very bad idea, because on GNU/Linux you don't have that sandboxing. That's why an approach like the one in this article (Android is essentially a VM in Debian) is a lot more secure than adding the relevant APIs or kernel modules straight into GNU/Linux would be.

>>"no, it's not. fine grained permissions How fine do you want those grains to be? Have you heard about SELinux on the latest android"

We've had this discussion the last time you launched in on this. It would be nice to have a full ACL system that is much more capable such as the one in Windows (Vista onwards). Android is not remotely as capable. To avoid the usual derailment that happens when you pop up in a Linux article and use it as a platform to take pot-shots at Windows, I'll just link to the last time we discussed ACLs on Windows vs. GNU/Linux here. And as Android is less capable* than GNU/Linux, the discussion is doubly true. It's wrong to tout Android as if it's more secure by design. In fact, it's that attitude that leads to poor security: over-reliance on the sandbox model is why you end up with apps leaking data to each other and magnifies the consequences massively when a bug in some Android kernel module punctures the sandbox. And as I wrote - reliance on the sandbox model is the primary reason why you can't (or shouldn't) just drop naked Android support to GNU/Linux.

*Note, when I say that Android security is less capable, that's not a dig, per se, it's less capable because it's more focused. This does not mean there is a problem in its own context, it means it would become one if you, e.g. used it as a model for a full-blown OS as eulampios seems to want to do when they hold it up as superior to the security models on these.

2
0
Anonymous Coward

android is linux

Technically, no. Android's kernel is a fork of linux. The GPL (linux's license) is a non-attribution license. In other words, a fork cannot use the name of its upstream project.

1
0
Bronze badge

Re: Who invented permissions transparency?

Apples and oranges Tangerines and oranges, you want to say, Mr. Mephistro?

Didn't you know that the Android app permissions are simply gids. Those become visible to a user through the Google's API.

you can't deny an app access to your GPS hardware You will be able to with SELinux soon.

However, don't install an app if it requires something you don't wanna give it or it doesn't need it it for what it is supposed to do.

leaking data to other apps

An API bug which was fixed in the latest versions of Android. Bugs happen, can't see the nightmare in that either.

1
0
Bronze badge

Re: Who invented permissions transparency?

Who came up with something first is only really relevant to those with a football mentality wanting to show one company is more valid than another

It is supposed to be so very relevant for some lawyers, at least Microsoft and Apple lawyers. Have you heard about software patents? This paper has a nice list of things MS claim to have come first and hence demand licensing earning a few billion bucks total some people have surmised. So it seems that football or baseball mentality is shared by one particular IT behemoth.

"Can access Internet", "Can Send Txt Message", et al. would have worked for UNIX / GNU Linux / Windows / OSX?

As far as GNU/Linux and *BSD are concerned, this Android model is inferior to their own model, i.e., having mostly free software packaged in the secure repositories by maintainers. Mac OSX has got Mac ports from *BSD, so it's partially there. MS Windows and Android have the same kind of deficiency in that they don't have the secure repos in the strict sense. Trojans have been a plague on Windows for many years. Google came up with this app API permission model to partially solve it. It is a pity for the Windows users to not have something similar for all of these years.

Also, this is an article about Debian and Android - bringing up Windows just so that you can make some (ill-founded) digs at it is off-topic.

Windows was brought up as a comparison to Android to show that security is not a nightmare. I didn't invite your superfluously prolific off-topic either.

It would be nice to have a full ACL system that is much more capable such as the one in Windows (Vista onwards).

Yes, you gave a very informative comment on it stating exactly the same, however it has been rebuffed by Paul Crawford pretty well the and you even agreed with him. It was the same discussion you're linking. Nevertheless, I was not even touching on the differences of file permissions, I suggested that that it's pretty useful when you can't control the apps as much as with *BSD and GNU/Linux repos. MS and RIM have followed it , adding the validity to that argument.

1
1
Silver badge

Re: Who invented permissions transparency?

>>"It is supposed to be so very relevant for some lawyers, at least Microsoft and Apple lawyers. Have you heard about software patents?"

Well we are not lawyers, we're people discussing integration of Debian and Android. When we're holding a competition Bestest Software Company Ever, then your random and unprovoked tangents about Microsoft may be relevant. But not 'till then.

And yes, we've all heard of software patents. It may astonish you to know that I was part of a campaign to get them rejected by the EU some years back. (A successful campaign, as it happens). Hardly of any relevance to a discussion of Android in Debian, is it? It's just a tangent on a tangent on a tangent, all spawned by your random introduction of Microsoft into this discussion.

And though it's already been said by more than one person it obviously needs repeating again - you're not comparing like for like anyway.

>>This paper has a nice list of things MS claim to have come first and hence demand licensing earning a few billion bucks total some people have surmised

Tangent on a tangent on a tangent on a tangent. It's obvious that your main interest here is to use the article as a launching point for attacks on Microsoft. I don't know much about the Android patents but I would say that if they weren't valid, or even contestable, that you wouldn't get giants like Samsung (a company not unknown for challenging *cough*rounded corners*cough* patents) rolling over without complaint.

>>"As far as GNU/Linux and *BSD are concerned, this Android model is inferior to their own model"

Which is what I wrote. As well as Windows included with GNU/Linux and BSD. If you're going to try and argue that Android's security model is as capable as any of these, you're going to have one HELL of a job.

>>"i.e., having mostly free software packaged in the secure repositories by maintainers"

Oh, you missed the point. That's not part of the security model - that's just the way the ecosystem leans. You're now arguing that GNU/Linux is more secure because the userbase is less likely to install malware on it. By all means say that. Has no bearing on anything I wrote.

>>"Windows was brought up as a comparison to Android to show that security is not a nightmare.

It was brought up because you always bring up Windows even when the topic has nothing to do with it. And the above is a post-fact attempt to justify it that doesn't even stand up. How does modern Windows (Vista onwards) show Android security "is not a nightmare"? By comparison? Windows has a much more capable and robust security model than Android. By the amount of malware extant? Yes - that's a great like for like comparison: the world's most popular x86 desktop OS vs. a mobile OS that is locked down by default. Your various attacks on Windows don't show anything about Android security, they're just your usual attacks.

>>"I didn't invite your superfluously prolific off-topic either."

You don't get to complain that someone is "off-topic" if their post is a direct reply to your own off-topic post, instead you ask yourself if you should have used an article for pushing your own agenda in the first place. Furthermore, any factual inaccuracy is an invitation to anyone to read it to correct it.

>>"Yes, you gave a very informative comment on it stating exactly the same, however it has been rebuffed by Paul Crawford pretty well the and you even agreed with him"

It was a funny and accurate post so certainly I agreed with it. That you think it contradicts my own posts in that thread says more on your understanding than it does that post.

And really, an Appeal to Authority argument with random forum opinions as the authority? : /

I'm perfectly willing to defend silly attacks all day long if you want. But let's recognize that it's you that keeps driving the discussion off away from Debian and Android to satisfy your seeming obsession with Windows.

2
0

This post has been deleted by its author

Silver badge

Re: Who invented permissions transparency?

"you can't deny an app access to your GPS hardware You will be able to with SELinux soon."

Which has nothing to do with what we're discussing here. Actually, in my first comment, I expressed my hope that this VolksPC distro would fix this particular issue. And that would be a good thing, as Google doesn't seem to have too much interest in fixing it.

However, don't install an app if it requires something you don't wanna give it or it doesn't need it it for what it is supposed to do.

That's precisely what I do. On the other hand, 99.9% of Android users have no idea of what said permissions mean, and just click through the installation notices. And that, added to the fact that most apps are closed source and the review process by Google isn't exactly too thorough, gives a -...wait for it...- security nightmare.

2
0
Silver badge

Re: Who invented permissions transparency?(@ Eulampios)

Oppsss... sorry, I forgot this:

"An API bug which was fixed in the latest versions of Android. Bugs happen, can't see the nightmare in that either."

In the real world, given the way Android updates reach the customer's devices, fighting an uphill battle against the phone makers and the telcos and the crud they both install, I'd be surprised if more than one in ten handsets out there are correctly patched.

Perhaps you're right, and this is not a security nightmare. It's just the frecking Hamburger Hill! ;-)

2
0
Bronze badge

word count

It was a funny and accurate post so certainly I agreed with it.

It was both funny and witty, yet struck to the core of the subject, it was also substantially shorter than your own post.

That you think it contradicts my own posts in that thread says more on your understanding than it does that post.

Yes, it was disagreeing with your idea how Windows ACLs are superior to the Unix permission system in the context of security. Paul tried to explain that this advantage has had very little practical relevance to security. You mentioned that it was the situation of the past. Of course, everyone but you talk here about the days of yore....

--------------------------------------------

Anyhow, I did a wc analysis on our comments, wc's output format is

 #lines #words #chars

Here is it:

my comment: 4 100 565

h4rmony's reply: 5 555 3070

my reply: 4 278 1576

h4rmony's reply: 12 570 3238

The totals are:

mine: [8, 378, 2141]

h4rmony's: [17, 1125, 6308]

---------------------------------------

You're really a winner and I surrender! :)

0
2
Silver badge

Re: word count

>>"Anyhow, I did a wc analysis on our comments"

:D Which just shows what I keep telling you - that you're less interested in factual discussion and more interested in coming up with any criteria you can to "win" an argument. Btw, I've been a touch-typist since I was nineteen and can hit 65 words per minute relatively easily. Sometimes higher. I trust you'll have the intellectual honesty to divide both our results by our typing speeds as I doubt you've ever been a secretary. ;)

>>"Yes, it was disagreeing with your idea how Windows ACLs are superior to the Unix permission system in the context of security"

It was a post talking about the history of Windows in the days of NT. If you can't recognize that the Windows security model changed significantly with Vista then you can't understand there's no contradiction. And one more time - making an Appeal To Authority argument with some off-the-cuff forum post as your authority is beyond silly. Also, what context other than security would one compare Windows ACLs and UNIX permissions, anyway?

>>"Paul tried to explain that this advantage has had very little practical relevance to security"

ACLs have little practical relevance to security? That is jaw droppingly ignorant. Also, I don't know who this poster is that you regard as such an authority on matters, but they didn't say that at all for what it's worth.

>>"You're really a winner and I surrender!"

Yeah, sarcasm. We'll add that to the list of dodgy counter-arguments along with your posts being shorter than mine and this random forum user "disagrees" with me, shall we?

2
0
Silver badge

Re: Who invented permissions transparency?

"You will be able to with SELinux soon."

So when attacking Windows security you base arguments on pre-Vista versions and insist that's relevant, when defending Android you reference versions from the future and consider that fine. So one final question - are you actually aware that you keep applying double standards and if so what rationalization do you use to justify double standards?

2
0
Bronze badge

Re: word count

>>I've been a touch-typist since I was nineteen and can hit 65 words per minute relatively easily

I am from the former Soviet Union, having received a pretty good Math and Science education, however have had no typing courses.

>>If you can't recognize that the Windows security model changed significantly with Vista then you can't understand there's no contradiction.

That's the thing, Paul's post had not as much recognition of that. And BTW, NTFS ACLs were introduced back in 1993 7 years before even XP! Your account of the long evolution from crude to fine is very interesting indeed, however, since the simple and dumb Unix/POSIX file permissions were fine from the get-go, very few people would draw a little different conclusion from that: ACL was too complex for practical security use and hence was a bad substitute for the POSIX file permissions. It's like building a marvelous, super beautiful car out of some platinum-gold alloy that is barely drivable. This is what Paul's post was about.

>>..Appeal To Authority..

"Amicus Plato, sed magis amica est veritas" -- No authorities. Appeal to a well-writ and a witty point, that is it.

>>ACLs have little practical relevance to security? That is jaw droppingly ignorant.

Go ahead pick up that jaw recalculating all the number of years it took from the initial release of NTFS ACLs in 1993 up until the post-Vista era when (according to you) the security got straightened out. If you can measure the "practical relevance" to be tangible or with a positive sign, that would be ignorant.

..dodgy counter-arguments along with your posts being shorter than mine ..

To every one of my word, you'll produce another 3, just can't compete with that typing agility and thus am giving up

0
2
Bronze badge

an erratum

s/very few people would draw a little different conclusion from that: /quite a few people would draw a little different conclusion from that:/

0
0
Bronze badge

Double standards

>>are you actually aware that you keep applying double standards and if so what rationalization do you use to justify double standards?

According to my experience, the one who usually talks more about someone else's application of double standards is either doing just the same or worse. I remember how (our) media in Russia was appealing to the American custom of finding a speck in the imaginative Russian eye through their own log about things in Chechnya. Those speck and log are now exchanged, while the Russian log is substituted by a huge baobab trunk, thanks to the idiotic and hysterical anti-Ukrainian, anti-American and anti-Western propaganda.

0
1
Silver badge
Paris Hilton

Re: Double standards

>>"According to my experience, the one who usually talks more about someone else's application of double standards is either doing just the same or worse. I remember how (our) media in Russia was appealing to the American custom of finding a speck in the imaginative Russian eye through their own log about things in Chechnya. Those speck and log are now exchanged, while the Russian log is substituted by a huge baobab trunk, thanks to the idiotic and hysterical anti-Ukrainian, anti-American and anti-Western propaganda"

All I asked was how you justified condemning Windows security based on things that haven't been true since before Vista whilst defending Android flaws with 'they'll be fixed in a future version'. As far as I can work out from your post, the justification is that Russia used to put out propaganda about the USA.

I'm also deeply unconvinced by your argument that if someone points out hypocrisy it means they're likely a worse hypocrite. Ad hominem too, as it happens.

2
0
Silver badge

Re: word count

>>"ACL was too complex for practical security use and hence was a bad substitute for the POSIX file permissions."

ACLs on Windows are used routinely by programmers and sysadmins alike, daily. I don't even use Windows as a development platform and don't administer it and I understand their usage. So either we're all atypical geniuses or you're wrong. There's no way you can support a position of ACLs on windows being impractical, when they are commonly used.

You also don't understand complexity in practice. A lot of things you can do with Windows ACLs are much more complex to do with traditional UNIX permissions even though the latter is a simpler system. To illustrate, traditional UNIX permissions don't have nested / hierarchical groups. That makes the UNIX system simpler. However, it makes managing access privileges more complicated. If a new member of the programming team should have access to certain technical areas, common office tasks (such as printer access), permission to log in to certain servers, et al., you can structure it so that the programmers group is a member of the printers group, the group that has access to those servers and so on and so forth. They leave, you just remove them from the programmers group and everything is taken care of. And that's a very simple example - hierarchical group memberships are great. Extra functionality can make a system less complex in practice.

You're seriously going to argue that something like being able to make a group a member of another group is too difficult for people to use or that it's not helpful?

>>"Go ahead pick up that jaw recalculating all the number of years it took from the initial release of NTFS ACLs in 1993 up until the post-Vista era when (according to you) the security got straightened out. If you can measure the "practical relevance" to be tangible or with a positive sign, that would be ignorant"

I don't even understand what you're saying here, let alone how it shows "ACLs have little practical relevance to security" which was the thing you claimed.

>>"To every one of my word, you'll produce another 3, just can't compete with that typing agility and thus am giving up"

Giving up on what? "Competing" in what? I'm not "competing" in anything. You came into a thread about Android and Debian and started posting inaccurate attacks on Windows. And then when challenged on it, you start making bizarre comments about my writing more than you. Debate or don't debate, just don't repeatedly make passive aggressive attacks about 'oh, I can't possibly compete with you' or 'clearly you're a winner'. They contribute nothing.

2
0
Bronze badge

Re: word count

You also don't understand complexity in practice

Both you and MS, it seems, underestimate the converse of it, i.e., the importance of simplicity In many types of systems (now I am using a rather mathematical term) complexity should be avoided, things better be simple enough to work, otherwise a system might not be efficient.

>>However, it makes managing access privileges more complicated.

That is the specific tasks in specific environments. *nix systems got various types of acl management tools. MS lacks however, a simplified version of acl unlike the POSIX permissions, according to the history of the long road from 1993 to the more recent times.

>>You're seriously going to argue that something like being able to make a group a member of another group is too difficult for people to use or that it's not helpful?

I seriously think that Windows is overly complex at some points while too simplistic at others, being hard to troubleshoot (or has been when I was using it). However, this doesn't matter, since we live in 2014 now and its' been 21 years of NT, NTFS and ACLs that designed to enhance the security of OS and apps. In practice it was not working as originally thought for MS, not as good as it was with POSIX permissions.

>>...I don't even understand what you're saying here..

So, once again let's see how many years have passed since the original release of NT and NTFS before MS had any security. 2006-1993=13 years until Vista and it's 16 years before the arrival of Windows 7.

0
0
Bronze badge

Re: Double standards

>>All I asked was how you justified condemning Windows security based on things that haven't been true since before Vista whilst defending Android flaws with 'they'll be fixed in a future version'.

you also can't hear me criticizing Microsoft for the fact that you cannot control the apps permissions either.

By the fact when Android came out they were the first to implement the API to manifest the permissions to a user. A few companies (including MS) have followed this approach. I'd praise MS if they had been first to come up with it . It was 6 years ago (and 7 years ago since beta), so I acknowledge Google for that.

People want more now, not only do they wish to see the perms, but also to be able to toggle them. RIM have implemented it first. As by this "In Android 4.3, SELinux was fully permissive. In Android 4.4, SELinux was made enforcing for the domains for several root processes.." The version 4.4.4 is current so it is in the wild, and my bad, I was wrong that it would be coming in the future. It is possible already to use for this purpose (not all manufacturers are guaranteed though, I guess). Cyanogenmod and unlocked, rooted devices, I believe, could allow the enforced mode even before.

To contrast it with things ACLs and NT/Windows security, we have a bad implementation of security since 1993 lasting decade and a half. If you equate these two "failures", your single-standards seem to really bifurcate.

0
0
Bronze badge

windows 8 apps permissions

you also can't hear me criticizing Microsoft for the fact that you cannot control the apps permissions either. On Windows 8 for certain apps, that is.

0
0
Silver badge

Re: word count

>>"Both you and MS, it seems, underestimate the converse of it, i.e., the importance of simplicity In many types of systems (now I am using a rather mathematical term) complexity should be avoided, things better be simple enough to work, otherwise a system might not be efficient."

See, a vague generality saying sometimes simple is better, doesn't say anything about a specific example. And I note that I frequently talk in terms of specifics, and you frequently fall back on unsupported aphorisms like this. Case in point, I said that with Windows ACLs a group can be a member of another group. I don't find that complicated. Nor do the many, many programmers and sysadmins on Windows who deal with ACLs. Are you really trying to make an argument that you do?

Windows ACLs are routinely used effectively by sysadmins and programmers every day. "Sometimes simpler is better" platitudes don't connect with the reality here.

Besides, weren't you touting SELinux earlier? Is SELinux not just Linux's way of adding more sophistication to UNIX permissions? Ergo, SELinux fulfills a need. Why is it okay for Linux to fulfill that need but not okay for Windows to fulfill that need?

>>"That is the specific tasks in specific environments. *nix systems got various types of acl management tools"

I know. Which supports my point that ACLs are relevant. So why are you insisting that ACLs have "little practical relevance to security" (your exact words). It remains a silly thing to say.

>>"MS lacks however, a simplified version of acl unlike the POSIX permissions"

And that is not a problem. Right-click on a file on Windows (Vista onwards). Select properties and open the security tab. Pick a user from the list and change the Modify permission for them. Congratulations - you just used Windows ACLs. Was it difficult? No.

Click on "Special Permissions". Change something more sophisticated, such as clicking on Auditing->Add and select "Read". Congratulations, you just added an ACE (Access Control Entry) that will log whenever that file is read by anyone. Easy, wasn't it? And naturally you can do this with files, directory hierarchies, set the criteria to be file modification, appended to and other things.

Of course typically you might do this from the command line - it's very easy to copy an ACL from one object to another for example. I don't find it difficult. Nor do millions of other people. Nor, in fact, would you, if you actually took the time to learn it.

But you haven't have you? You keep ignoring my questions but have the decency to answer this one, will you? When was the last time you properly used ACLs on Windows? This is another conversation like the Powershell one isn't it, where after many posts insisting on its inferiority you finally admitted you'd never even used it. So go on, have you ever actually sat down and learnt Windows ACLs. You haven't have you? I can tell this because you're confidently asserting that they're over-complicated when in fact they're very easy to learn and use. Easier than trying to juggle permissions for large numbers of users and services with options of user/group/world and the awkward fudge of setuid bits.

>>"you also can't hear me criticizing Microsoft for the fact that you cannot control the apps permissions either"

I replied to that earlier, as did mephistro. We both made the same point that the Android permissions system (can txt, can use the Internet connection, etc.) is not appropriate for a full blown desktop OS such as GNU/Linux, OSX, Windows, et al. And as you're fully aware, Windows 8 does have this, this being the version of Windows that is seeking to be a common platform for desktop and mobile devices. Arguing that full-blown desktop OS's such as these should base their security model around Android's is a very silly argument. I'd love to see you propose that on the Debian forums.

>>"So, once again let's see how many years have passed since the original release of NT and NTFS before MS had any security. 2006-1993=13 years until Vista and it's 16 years before the arrival of Windows 7"

And yet again, you go back to the 1990s to try and score points against Microsoft, still blind to the fact that the football-team mentality is a game that only you are playing. When I talk about modern Windows security models and explicitly state I'm talking about Vista onwards, and you respond with childish comments about what a pity it was Windows didn't have better security in the 1990s, all you are doing is showing you have no interest in modern security comparisons, only in attacking a company. Though I should have realized that seeing as you were the one who raised Windows in this discussion in the first place just so you could attack it.

Here's a hint: when someone makes a comment about Android security and you launch into a bizarre attack on Windows, you're doing the exact same thing many governments do routinely when they try to deflect criticism onto some demonized outside group. It doesn't help clean up a mess at home! Your attitude is exactly the one that would rather attack others than improve things and we in the Open Source community really could do without your attitude, thanks.

2
0
Bronze badge

Re: word count

See, a vague generality saying sometimes simple is better, doesn't say anything about a specific example.

So does the KISS principle, mam. A specific example could be XP where you have to run many userland apps as root, otherwise those wouldn't work.

>>Windows ACLs are routinely used effectively by sysadmins and programmers every day.

I am sure about this, although, a few software developers from my XP experience above seemed not to get it.

>> when someone makes a comment about Android security and you launch into a bizarre attack on Windows,

Here's a hint for you, when I read a comment I find unfair I respond with my opinion. It's a forum, isn't it?

>>..you're doing the exact same thing many governments do routinely when they try to deflect criticism onto some demonized outside group.

Me? Microsoft have and still are doing a much better job in that area than any government would ever be able to: #droidrage, scroogle, "500 Android patents everyone has to pay for", "Linux infringe our 100 patents", hidden APIs, "Get the facts", Java vs J++ and Netscape, to mention just a few. Google haven't done any of that for all those years they operate. Google are demonized because of the privacy concern, which I honestly don't share. (MS do a similar thing, hence their "they read your emails" is hypocritical.) Maybe it's egoistic on my part, say, I use my multiple gmail accounts with IMAP only, so I don't care. If MS threaten Linux community, extort payments for ridiculous patents or impose a Windows Tax, I can't get away from this.

I do keep my technical critique separate from this though.

>>It doesn't help clean up a mess at home! Your attitude is exactly the one that would rather attack others than improve things and we in the Open Source community really could do without your attitude, thanks.

My own attitude is to attack the well-documented attackers (in case of MS, Apple or others). I trust that yours and Miguel de Icaza's to unjustifiably embellish MS is wrong. Again, it's aside from technical area. For a comparison, I speak up whenever this rounded-corner business resurfaces but don't talk about Mac OSX very often though.

0
1
Silver badge

Re: word count

Well, you've yet again ignored a direct question as to whether you've actually used Windows ACLs in any significant way, so from here on I'm going to assume it's the same as our conversation on Powershell - you don't have any real experience and are just making assertions. Do you really not feel that it is wrong to make statements about how they're too complex when you don't actually have experience of them?

>>"So does the KISS principle, mam.

I repeat, a vague aphorism that things should be simple doesn't say anything about a specific example. I could write an OS that just had one user and one permission of do anything to a file or process, can't do anything to a file or process. By your logic in this thread so far, that would be a superior OS because it's even simpler. If you want to show that Windows ACLs are too complex for use, you have to show that, not issue platitudes. Given WIndows ACLs are used routinely and effectively, your argument is shot down.

>>A specific example could be XP where you have to run many userland apps as root, otherwise those wouldn't work"

And once again, you jump back thirteen years proving your only interest here is to attack Microsoft, not discuss modern security.

>>>>Windows ACLs are routinely used effectively by sysadmins and programmers every day.

>>I am sure about this, although, a few software developers from my XP experience above seemed not to get it.

Again, you're attacking an empty battlefield. Who exactly do you think you're arguing against with all your attacks on XP? You're the only one here who still cares about XP. But as you concede that Windows ACLs are routinely used effectively by sysadmins, you're accepting that they are not too complex to be used. So why wont you admit that you were wrong to say "ACLs have little practical impact on security". It was a stupid thing to say. Remove ACLs and the entire Windows security model no longer exists. And you think that has little practical impact. It's like saying bricks have little practical impact for houses. How long are you going to argue this point? Or is your intent just to grab the goal posts and sprint down the pitch with them and avoid ever having to concede a point?

>>"Me? Microsoft have and still are doing a much better job in that area than any government would ever be able to: #droidrage, scroogle, "500 Android patents everyone has to pay for", "Linux infringe our 100 patents", hidden APIs, "Get the facts", Java vs J++ and Netscape, to mention just a few. Google haven't done any of that for all those years they operate. Google are demonized because of the privacy concern, which I honestly don't share. (MS do a similar thing, hence their "they read your emails" is hypocritical.) Maybe it's egoistic on my part, say, I use my multiple gmail accounts with IMAP only, so I don't care. If MS threaten Linux community, extort payments for ridiculous patents or impose a Windows Tax, I can't get away from this."

As I said, your motive here isn't to discuss security, but to attack Microsoft. Trying to attack Windows security is just a vehicle for your dislike. This much is obvious as your attacks on Windows security show so little actual knowledge of it and you keep dodging questions as to how much experience you actually have with ACLs.

It's fine for you to dislike Microsoft. But posting misinformation / rubbish doesn't become okay because you dislike the victim. There are people I don't like - but I don't think it's okay to tell people someone on my team is an incompetent programmer just because I don't get on very well with them.

>>"I do keep my technical critique separate from this though"

You don't. So far in this article alone you have applied gross double-standards between Windows and other OSs, you've continuously based your "technical criticisms" on things that were fixed over eight years ago (whilst remarking that flaws in Android will be fixed in future versions), you've gone from ACLs having no importance and traditional UNIX permissions being sufficient in one post, to saying that Linux has ACLs too and touting the advantages of SELinux's extension of UNIX permissions two posts later.

This entire conversation is taking place because someone said they hoped Android on Debian would improve Android's security and you launched into an attack on Windows.

>>"My own attitude is to attack the well-documented attackers (in case of MS, Apple or others). I trust that yours and Miguel de Icaza's to unjustifiably embellish MS is wrong"

Because you feel attacked by Microsoft, does not mean that my arguments are wrong. You have to show that they are and instead you repeatedly dodge or ignore them.

Besides, are you not aware that in this discussion it is you who is the attacker?

2
0
Bronze badge

@h4rmony

>> ..you don't have any real experience and are just making assertions.

Calm down, I have experience up to Windows 7 when helping neighbors and friends. No I didn't try working with Windows ACL. Again my point was that perhaps because Dave Cutler, the key NT architect, had a Unix phobia, had ended up designing something dissimilar from the Unix stuff. Retrospectively, It should have been something more simple, to not end up a big mess for all those years. Should have been expected though, since it contradicted the simplicity approach. I don't care how long ago that was, I care how long that mess have lasted. "Empty battlefield"? This battlefield had been fought viciously over and over for a long time. So, according to you, history doesn't teach? Do you suggest to forget everything that was in history now? Reputation that is marred should easily be whitewashed, you wish? it's not that easy, mam. By definition, it has a long-term memory of all the black ink it has absorbed in the past, contrary to both you and Miguel.

>> Trying to attack Windows security is just a vehicle for your dislike.

No it is not, I mentioned Apple and Mac OSX, which I primarily happen to criticize from the moral point of view. Did you hear me say "Mac OSX,/Darwin/GNU Bash/Cocoa sucks"? No, it's their immoral behaviour with Samsung, DRM, GNU-phobia etc, usually nothing technical.

You mentioned the fact that MS is being demonized, that is why I brought up the moral aspect of it. And it almost never demonized due to the fact that people think that "Windows sucks". It is you not me that changed that subject here.

>> on things that were fixed over eight years ago (whilst remarking that flaws in Android will be fixed in future versions),

You are marvelous in the art of bouncing opponents' argument to things they were never addressed at, h4rmony! It is "fixed" in the current version, btw.

ACL is proven to be a poor sub for the POSIX permission, because for a decade it failed to do what it was supposed to for the security of the OS! The fact that you cannot control the Android apps permissions had not done as much harm to a user, vice versa, a user can be warned about a possible malicious nature of an app before installation, plus, this app is guaranteed to run under a separate uid and it might access/thwart only those services and apps that share the groups this uid has access to (the so called permissions). MS borrowed this idea, good for them! I only regret they didn't it do earlier, it would be so handy in fighting the trojans that have been a Windows plague for a long time! The fact that Windows has been a full-blown OS doesn't change this fact.

It's your double standards that block this huge piece of facts from your view. My own double standards have nothing to do with that.

>>someone said they hoped Android on Debian would improve Android's security

For the Christ's sake! Not true, if it were that, I'd not say anything. Someone called the Android security a "nightmare", I just mentioned, that this "nightmare" would have been a bliss for MS Windows at circa 1993-2007.

>>saying that Linux has ACLs too and touting the advantages of SELinux's

Are you kidding me? NT did not have a more simple and practical construct like POSIX file permissions, it remained undigested by MS themselves and Windows software developers for the purposes where POSIX permissions worked quite good. SELinux, AppArmor, ACL, trustedBSD are extensions of this model on *BSD and GNU/Linux. There are no standards of those from the POSIX point of view. Again, it's not the existence of ACL on Windows that was a bad idea, it's the lack of more simple mechanism to fill in the role of POSIX permissions, the history of NT have demonstrated it. It's like, having feet to move, and having a car, bike, or an airplane for a similar purpose, yet an airplane is not a substitute for the human's feet, do you get it now?

>>You have to show that they are and instead you repeatedly dodge or ignore them.

I try dodging your ridiculous accusation and not dodging but trying to point at your changing the subject (governmental contempt of MS), your switching the priorities (like the systematic history and reputation don't matter), your changing the statement to which I originally replied. It was the suggestion that "Android is a nightmare", not how you reformulated it be "hoped Android on Debian would improve Android's security". Do you see the difference between "he is a freaking moron!" and "I hope he improves his behaviour"? I hope you do.

0
1
Silver badge

Re: @h4rmony

>>"Calm down, I have experience up to Windows 7 when helping neighbors and friends."

Right - so after repeated questioning, you finally admit that you don't have any real experience of ACLs on Windows. Unless you're proposing that these neighbours were asking you to pop round and help them set up active directory or design security for the software they're writing. And yet you base arguments on your assertion that ACLs 'compexity' interferes with their usage. Despite countless people using them all the time.

>>"No I didn't try working with Windows ACL"

Yet all your arguments are arguments by assertion, based on your opinions on what is difficult. The best you've come to an objective argument is to say that traditional UNIX permissions are simpler than Windows ACLs, but that doesn't matter because Windows ACLs are not hard to use. They're pretty easy. Not that you'd know because you have no experience with them.

>>"Again my point was that perhaps because Dave Cutler, the key NT architect, had a Unix phobia, had ended up designing something dissimilar from the Unix stuff. Retrospectively, It should have been something more simple, to not end up a big mess for all those years. Should have been expected though, since it contradicted the simplicity approach."

And again, instead of addressing actual specific examples about Windows ACLs and their supposed deficiencies, we off into a psychological assessment of early OS architects (very clever ones who you're insulting, actually). All supposedly explaining why Windows ACLs are bad, but entirely dependent on your own assumption that they are.

>>"I don't care how long ago that was, I care how long that mess have lasted. "Empty battlefield"? This battlefield had been fought viciously over and over for a long time"

The problem isn't whether you care about NT security or not. The problem is that every time someone makes a comment about modern Windows security, you post an attack on ancient versions as if that is undermines what they say. It is irrelevant. No-one is arguing with you on this and no-one cares. Your words don't have any relevance to what I say, but you try to present them as if they do. I don't care. No-one else cares. It's just you.

>>"So, according to you, history doesn't teach? Do you suggest to forget everything that was in history now?"

Well no, learning from history is why the modern Windows security model is pretty good since Vista. It appears to be you who insists that history cannot teach by refusing to acknowledge that Windows is no longer the insecure monster it used to be.

>>"Do you suggest to forget everything that was in history now? Reputation that is marred should easily be whitewashed, you wish? it's not that easy, mam. By definition, it has a long-term memory of all the black ink it has absorbed in the past, contrary to both you and Miguel."

Again, says nothing about modern Windows security and just concedes the point I keep making - your attacks are motivated by your hate of Microsoft, not technical weaknesses. I defend facts, you take that as "whitewashing" and defending an opposing team. You're in this thread to attack Microsoft, not to learn or discuss technical matters: they're just a vehicle to you. And you seem not to consider that wrong presumably because you think you're the Goodies and MS (or myself) are the Baddies, and thus your behaviour is justified by the victim.

>>"No it is not, I mentioned Apple and Mac OSX, which I primarily happen to criticize from the moral point of view"

Doesn't matter if you also hate other non-Linux OSs or companies, the relevance is your hate for MS as well as it's affected (driven) your arguments.

>>"You are marvelous in the art of bouncing opponents' argument to things they were never addressed at, h4rmony! It is "fixed" in the current version, btw"

>>"ACL is proven to be a poor sub for the POSIX permission, because for a decade it failed to do what it was supposed to for the security of the OS!"

As I keep pointing out, I'm telling you about modern Windows security. Up until Vista you didn't have to use them in remotely the same way. They also changed then as well. You don't know what you're talking about and if you were honest, you were accept that (by your own admission) you have no experience of modern usage and should therefore stop arguing with people who have experience of both UNIX and Windows and are informed on this matter.

Pointing out that you condemn one OS based on how things used to be and excuse another based on things that "will be fixed in the future" is not any "marvellous art" on my part. That's just you trying to dodge the fact you're using a double-standard by attacking the other person for calling you out on it. Do you genuinely think double-standards are okay so long as you don't like the person you're condemning with them?

As to it being fixed in the current version, I was only quoting you when you said it was future versions. It's now in the latest releases but it will be a some time before it makes its way out into the real world (i.e. most users) with Android being what it is. Besides, doesn't change that you're using a massive double-standard (again).

>>MS borrowed this idea, good for them! I only regret they didn't it do earlier,

As people keep pointing out to you, you're not comparing like for like. You cannot expect a full OS such as Windows or GNU/Linux or OSX to have a permissions system like Android's "allow this app to send txts", "allow this app to access the Internet". It's an argument that is only matched in its ridiculousness by your other one that "ACLS have little practical relevance to security". Which has been shown false several times but you don't have the decency to admit to that because you see this discussion as a "competition" and your posts as "competing" with mine. (your words).

>>"It's your double standards that block this huge piece of facts from your view. My own double standards have nothing to do with that."

I'm glad you finally admit you have double-standards. Now if we can just get you to admit that double-standards are wrong even if a company you hate is the victim, we can hopefully get you to stop using them. Now point out anywhere in this thread that I have applied a double standard, assessed one company's products by one criteria and the same thing from another company with different. I haven't. It's just more argument by assertion. Well, ad hominem by assertion, really.

>>"Again, it's not the existence of ACL on Windows that was a bad idea, it's the lack of more simple mechanism to fill in the role of POSIX permissions, the history of NT have demonstrated it. It's like, having feet to move, and having a car, bike, or an airplane for a similar purpose, yet an airplane is not a substitute for the human's feet, do you get it now?"

I take it back about the earlier two - this is the worst argument from you I have heard. You want to bolt on an extra security model to Windows, one that overlaps and conflicts with the existing ACL system - you think it should have both UNIX permissions and ACLs! And you have the gall to argue that this would make things simpler! The reason ACLs on GNU/Linux are fiddly is not because their designers are unintelligent (anything but!), but because they have to work with and around the existing UNIX system. That's not to say ACLs on GNU/Linux aren't usable / shouldn't be used. But it makes it clear that bolting on a super layer of UNIX permissions on Windows would be a terrible, terrible idea. I can't believe you would even suggest such a thing and it shows what knots you're tying yourself up into in trying to maintain your position that this becomes something you have to argue to try and reconcile all your contradictions.

This is astonishingly bad. I would love to see you seriously propose this somewhere with professionals just to see the reaction.

1
0
Silver badge

Dalvik

Does this mean that they have Dalvik running correctly or have they managed to remove it and run the Apps is some other kind of sandbox ?

3
1
Silver badge

Re: Dalvik

Don't know why I got the thumbs down as this was simply a question ? If there is something wrong with the question at least have the decency to point out my error.

9
2
Silver badge

Re: Dalvik

I have no idea why you got the thumbs down here, other than that there are some very partisan and not very bright people around here who leap on anything they think is a criticism.

Anyway, as best as I can answer your very reasonable question (I welcome corrections), this is just Android in a VM with shared file system / directories (not sure if it's all or just parts of the file system). In the video, you see that he swaps between the Android and Debian environments and at one point he actually stops "Android" and then restarts it.

Furthermore, if this depends on MicroXwin, that's closed source. (Not sure if it does or not). Anyway, I hope that answers your question - it's Android in a VM so far as I can see. Handy if you're using ARM Debian and want to watch YouTube or want to use Android apps, so pretty handy. But it's not integration of GNU/Linux and Android in any deep way.

5
0
Bronze badge
Boffin

Re: Dalvik

I thought that was what Sailfish was....

I did some digging on this a few years back, and the android kernel was "special" due to big lock patches that clashed the normal linux locks.

There was an effort to get googles patches into the mainstream.

In principle, I thought it should be possible to run Dalvik as "just another application", preferably embedded in a KVM to "keep it honest"....

Anyone here know why this is not currently possible?

P.

3
0
Bronze badge

Re: Dalvik

Not sure about Android on Linux, however, I am using Android apps on my QNX derivative for quite some months now (almost a year) and it seems quite good. Good thing is they fixed a BIG hole in the sieve by not allowing google services - you cannot logon to google servers.

BTW, the QNX derivative is better known as BB10.

They did not go as far as fix the permission flaws, so you really have to watch out what you install....

2
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon