10 years on: free software wins, but you have nowhere to install it

10 years on: free software wins, but you have nowhere to install it


I am typing this as I am finally connected in shell to my Android phone. The prompt reminds me that it's based on the Linux kernel (it's free), the Dalvik virtual machine (it's free), and free libraries. Millions of Android devices are shipped every day, each one is a Linux system. Today, it's phone. Soon, it will be tablets: Android 3.0 (coming out at the end of the year) will finally be very suitable for tablets. Apple alone will have to face fierce competition on pretty much every front. Microsoft... who? They are more irrelevant every day. I should be happy, right? Well, sort of. Looking back at how long it took me to get this shell prompt makes me worried. Very worried. We are heading towards a world where we no longer own the hardware we buy -- and there is no point in having free software if you can't own your hardware.

Apollo Project and Contact Management

Drowning in your TODO list? Need some todo list software? Trouble organizing project and contacts? Try Apollo, project and contact management done right.

http://www.apollohq.com

A single-page Ajax application that finally looks and feels like an application.

Upgrading my Hero

This is the long story. In August last year (2009) I bought my HTC Hero. Mind you, I bought it. I didn't get it with a lock-in carrier plan -- I own this little white box, including its funny chin added by engineers who probably drank too much. When I bought it, it came with two things: Android 1.6, and a promise from HTC that the update for Android 2.1 would come out "soon". Just to be exact, my HTC was the "Telus" version -- I paid $100 more for it, because it works on UMTS at 850Mhz, which happens to be the insane, non-standard frequency that ex-monopolist Telstra uses for its 3G data plan.

The 19th USENIX Security Symposium

Join us at the 19th USENIX Security Symposium, August 11–13, 2010, in Washington, D.C.

Whether you're a researcher, a system administrator, or a policy wonk, come to USENIX Security '10 to find out how changes in computer security are going to affect you. The 3-day program includes an innovative technical program, starting with a keynote address by Roger G. Johnston of the Vulnerability Assessment Team at Argonne National Laboratory; invited talks, including "Toward an Open and Secure Platform for Using the Web," by Will Drewry, Google; a refereed papers track, including 30 papers presenting the newest advances; and a Poster session displaying the latest preliminary research. Gain valuable knowledge on a variety of subject areas, including detection of network attacks, privacy, Internet security, Web security, and more.

Register by July 19 and save! Additional discounts available! http://www.usenix.org/sec10/fsm

HTC has historically made smartphones based on Windows Mobile. In order to turn Windows Mobile from a bad joke to something that is actually usable, HTC developed "Sense". Sense can be summed up as a bunch of custom modifications to the phone's user interface. When HTC got their hands on Android, they must have had two pretty scary thoughts: the first one was that Android by default came with a very good UI which didn't need the kind of tweaking Windows Mobile needed. The second one was that they had to come up with something in order to give HTC some competitive advantage. So, they ported "Sense" to Android -- which makes it a little bit sluggish, it's totally not necessary, but it's there and it does improve in several departments (the keyboard being one of them). This has some implications. The main one is that when a new version of the Android system comes out, HTC needs to apply Sense to the new version, test it, and make sure that it works. This takes a lot of time and effort. So, as a result, at this point the Telus HTC Hero still runs on Android 1.6. Yes, that's incredible. HTC and Telus keep on telling customers that it's not their fault, Telus hasn't requested it, HTC hasn't released it yet, and so on.

(And if you thought that Motorola would be any different, you are out of luck: they have "Blur" instead of sense, and they are about as responsive as HTC in terms of upgrading their phones to Android 2.1).

So, here I was: I needed to update to Android 2.0 or 2.1, since I needed to share my Internet connection while travelling. And couldn't. I will say it again: I couldn't. The phone was like Fort Knox. I wasn't "root" on my phone: I was a normal user. The only privilege I had, was that I could use it. I couldn't boot from another operating system. I couldn't see the file system. I couldn't do and see anything other that what HTC decided I could do or see. The story goes on with me spending hours, and hours, and hours getting my phone "rooted". It went more or less like this:

  • Format my SSD flash memory stick, edit it by hand and stick some black magic code at the very beginning of it. This is apparently so that the phone doesn't complain if you downgrade its ROM.

  • Downgrade my system to the previous version, which was vulnerable to an exploit that allowed people to become root. This was the hardest thing to do, and was possible thanks to the previous step.

  • Install a program that changed the boot loader into something useful, by exploiting the bug in the ROM I installed

  • Install a new ROM -- my own, finally.

Yes. That is right: I had to hack into my own computer/phone in order to do whatever I liked doing with it.

Where do you go?

I couldn't tell you "don't buy HTC", for two reasons: the first one is that HTC phones are actually painfully good. My HTC Hero is way better than an iPhone, has a long battery life, great reception, its CPU is fast... yes, it's a very good device. The second one is that from what I saw, pretty much every other phone maker is the same. They won't let you access the boot loader, and -- worse -- they won't release software upgrades for their phones because they want you to buy the next model, with the next version of the software.

Google also stopped selling the Nexus One, which came "rooted" (meaning that you could easily install your version of Android on it as you like).

Basically at this point when you buy an Android phone, you have to hope that the very keen Android-hacking community has come up with a way of hacking into your own phone -- or you are royally stuck with whatever the phone came with.

So, right now if you buy a laptop and you want to run GNU/Linux on it, you have to worry about what piece of hardware won't work on it (I have two laptops, on one the Microphone and the fingerprint login won't work, on the other one the external speakers won't work). If you buy an Android phone, on the other hand, you have to hope that it's actually possible to hack into it and install whatever you like on it.

(I am not an Android developer, but I think it's possible to purchase a "Dev" device from HTC, which allows you to flash a ROM. However, that's not good enough. You shouldn't have to spend more money on a developers' device on order to do whatever you like with it).

Free software becoming meaningless

Android is indeed free software. You can get it, download it, run it on an emulator, change it, redestribute it, etc. However, mobile phone makers are locking everything in, so that you can't actually use this software in any useful way -- unless you are willing to spend hours hacking your own device.

I am not sure people ralise the gravity of this. It's as if a company sold you a laptop with GNU/Linux preinstalled, but that hardware didn't have any way to chose which device it will boot from, and you didn't have the root password.

If you think "big deal", think again. For example, being simply a user you cannot:

  • Share your internet connection
  • Use your phone as an access point
  • Use your phone for anything that might possibly displease your carrier
  • Explore your own file system and see how things actually work

The last point might not affect many people, but the other ones definitely will. And I am sure there is plenty more.

My proposed solution

When I write articles like this, I always make sure that I have at least one suggested solution (otherwise I will end up sounding like a grumpy old man who doesn't have anything useful to say). My solution is very simple: forcing hardware producers to sell their phones with a boot loader, in order to install your own custom ROM. This could be done in such a way so that if you do access your boot loader, you lose your warranty (although this would be insane). There could be a per-device password, or whatever way that will basically differentiate you from "common" users who don't feel the need to actually own their own devices.

This should be done forcefully. This means that they shouldn't have a choice. It should be done by law, or by contract (in the software license maybe?).

Otherwise, in the long term, we might end up having this great piece of software, and nowhere to run it. Now, that would be ironic.

Category: 

Comments

Ryan Cartwright's picture

HTC have released an over the air upgrade for the Hero now - apparently. I say apparently because it's only available in certain countries and only if you bought the Hero and didn't get it "free" from a carrier.

If - like me - you got it as part of a carrier bundle then you are stuffed as you have to wait for the carrier to pull their fingers out and further "tweak" the HTC "tweaks" to the Android update. I'm still waiting - have been for a few months now.

Here's how it gets worse though. When HTC released the last upgrade to the Hero (1.5 to 1.6) it was available as a download only and then you had to apply it via a sync on the phone from a desktop PC. Oh did I mention that the HTC Hero only syncs with Windows? Not even Mac, let alone Linux. So I had to borrow someone's Windows box just to upgrade my free software driven phone!

That said, like you I am loathe to say "don't buy one" because it is simply a great piece of kit. They just need to get on board with the people who are using their phones because of it's free software base.

--
Equitas IT Solutions - fairness, quality, freedom
http://www.equitasit.co.uk

gvlx's picture
Submitted by gvlx on

www.geeksphone.com

http://www.androidguys.com/2010/07/21/geeksphones-ccr-program-real-open-source-phone/

"Each time a new Android phone is released, groups of power users will try to improve it by digging into Android source code and by cooking ROMs. The path they choose is not easy: They have to do guesswork or reverse engineering and often they are stopped in their attempts by hardware limitations, closed systems and in some cases by legal matters.

There are not many devices they can work with easily, and manufacturers rarely makes things easy. Wouldn't it be great if there was a true Open Source phone that came with all the source code, drivers, documentation and help from the manufacturer?

Well, one company is going to do exactly that and release a CCR (Certified Community Release) Program. This young Spanish company is Geeks'Phone, whose first device, the ONE, was released in January, only 6 month after the company was created: a huge achievement. While the phone is not available from any carriers, they still have managed to build a good customers base."

admin's picture
Submitted by admin on

Hi Tony,

I am outraged by this restriction of our rights to use free software freely.
This is exactly what R. M. Stallman describes in his book 'Free Sotware, Free
Society', it is also a direct comparison to patented and locked down bios
systems on full blown PC motherboards.

We can only hope that we (the free and open world savvy consumers) are
numerous enough to persuade at least one manufacterer to produce open
hardware.

I personally do not use a mobile device but have experience of SHARP Zaurus
PDAs that were held back by several proprietary kernel 'blobs'. The devices
were way ahead of any MS or Palm based PDAs and were highly usable until major
kernel revisions were neccessary to use the latest software. Sharp did not
actually say their kernel was not free/open in the same way R. M. S. defines
free/open. They did say that their device ran free/open software but they
never said their hardware was free/open!

I try to explain how 'Free Software, Free Society' shows the short comings in
our current impementations and interpretations of copyright and patent laws
impede our rights to use software/hardware and ideas to my friends but they
seem oblivious to the underlyiing problems until they suffer the results (not
being able to open files or not having access to blu-ray content)..

This does not even oprn the 'can of worms' that DRM brings to the arena.

I fear for the technological future and can only hope that my offspring are
smart enough to understand the limitations of proprietary systems and are
clever enough to write their own software/systems.

ALL the best,

Simon (Diesel1).

gnufreex's picture
Submitted by gnufreex on

Hi Tony.

The practice of locking down hardware and disabling it to run modified free software has a name: Tivoization. http://en.wikipedia.org/wiki/Tivoization

It is called that way because TiVo did it first.

When revised the GPL, Free Software Foundation added a clause in GPLv3 that prohibits tivoization.

http://www.gnu.org/licenses/rms-why-gplv3.html

It says that company must provide customer with a way to remove handcuffs, or else company is in violation of GPL.

But unfortunately, Linux kernel developers decided to stick with GPL version 2, mostly because it would be needed to get everybody who ever contributed to agree to license change. Since some of those people work for companies who tivoize, that's hard. Shame because it looks like it going to bite us in the future.

Dennis McCunney's picture

@gnufreex

When they revised the GPL, Free Software Foundation added a clause in GPLv3 that prohibits tivoization.
...
But unfortunately, Linux kernel developers decided to stick with GPL version 2, mostly because it would be needed to get everybody who ever contributed to agree to license change.

If I were in a position to force that change in Linux licensing, and I wanted to bring the spread of Linux to a screeching halt, imposing GPL v3 is exactly how I'd do it.

Way too many outfits using Linux under the hood have good reasons for the handcuffs, and would promptly go to something else that did not put cuffs on them by restricting exactly how they could implement the product.

And even it you do impose that change, how much practical good will it do? The GPL is consensual. While it technically has the force of law, it really works because everyone involved agrees to abide by the rules it sets.

What if someone doesn't? How do you compel them to comply? Especially since the likely miscreant will be an Asian vendor using Linux in their offering. File suit against a Chinese vendor in a mainland Chinese court for violations of the GPL. Tell me how far you get. (And it will take a long time and cost a lot of money, even if by some miracle you win. You might just have to grit your teeth and live with it because you can't afford the time and money needed to fight it out.)
______
Dennis

gnufreex's picture
Submitted by gnufreex on

I don't think it would slow down or stop spread of Linux. And I also don't think there is any good reason for manufacturers to tivoize or. If you look at GPLv3, you would see that it doesn't straight out forbid tivoization. It just says that manufacturer must provide customers with a way to unlock their device. If the user is not interested, he don't need to unlock it, it is not mandatory.

Manufacturer should not have power over the user who bought the device. When I buy the device I want to own it, hence I expect manufacturer to document how I can root it.

"Way too many outfits using Linux under the hood have good reasons for the handcuffs, and would promptly go to something else that did not put cuffs on them by restricting exactly how they could implement the product."

Tell me one situation where there is a good reason to tivoize? Voting machines don't count because voters never get the right under GPL since they don't get to own the machine. Things like pacemakers don't count either because it is not "User Product" so the tivoization clause don't apply(look at GPLv3 to see what is defined "User Product"). Using GPLv3 don't put handcuffs on them, it only prevents them to put handcuffs on users. And if they drop Linux, what they will use? BSD? That even don't support ARM.

"And even it you do impose that change, how much practical good will it do? The GPL is consensual. While it technically has the force of law, it really works because everyone involved agrees to abide by the rules it sets."

You obviously don't know much about GPL. GPL is based on copyright law and has been enforced many times. In fact, there was one win just recently http://www.theregister.co.uk/2010/08/04/gpl_violation_westinghouse/

That is GPLv2, but v3 has also been enforced. Violators usually settle and decide to comply with the license when they see they can't win, but sometimes (like on linked case) they foolishly go to the end and lose miserably. There is a organization called SFLC (Software Freedom Law Center http://www.softwarefreedom.org/) which does the suing in the name of developers so you don't need to pay legal expenses to get GPL violator to comply.

Home country of violator doesn't matter. GPL has been enforced in Europe, Japan, and all over the world. I don't know about China and their regime, but if company does business in US, they get sued there and they must either comply or get their violating product of the market. US revenues are usually big and important to companies, so they will comply.

ricegf's picture
Submitted by ricegf on

Have you considered (also) supporting Nokia? My N900 came with xterm on the default menu, with simple instructions on their website for rooting the device (I happily rooted my N770 and N800 tablets, but I've been more cautious with my phone).

Nokia also sponsors events such as PUSH (http://blogs.nokia.com/pushn900/) to *encourage* hacking their phones. MeeGo, the next-gen iteration, is a fairly standard Linux product (even if it does use rpm ;-) that is quite rootable as well. Of course, the first MeeGo phone probably won't be on the market until the fourth quarter, but the N900 runs the QT4-based apps written for MeeGo, and its hardware specs are still comparable to most Android phones even 8 months after the ship date.

Imperfect as it is, Nokia does seem to be lightyears ahead of the Android crowd in terms of respecting the user's freedom. (Disclaimer: I have an N900, but the rest of my family uses Android phones.)

zman58's picture
Submitted by zman58 on

If having the freedom to use the hardware the way you want is important to you, then do not buy products that prevent use in this way. When you send the vendor money with a purchase, in other words pay for the product, you basically tell them with money that it is OK to carry on in the restrictive way they are managing their product. Just say NO and tell them why. If enough people did this, we would get exactly what we want as consumers.

If freedom to choose the software and manage the system as you wish is important to you, then only buy products that allow you to do this. If you are not getting what you really want, then resist the urge to have the cool, but restrictive, technology. Purchase technology only from vendors who provide products that meet your needs and provide what you really want. Reward the vendors who understand you needs and deliver products that meet your requirements of freedom.

admin's picture
Submitted by admin on

Hi,

What if there weren't ANY phones you could buy that allowed you to install anything you like?

This is NEARLY the case now.

Merc.

Terry Hancock's picture

The technology is such that, if you're willing to pay more for freedom, you can get it. This is outrageously expensive to literally produce just one, but runs of 100 or so are do-able for only a little more per unit (plus some effort -- it might actually be a kit).

Of course, then someone will be selling an open platform. In reality, though, a company will probably fill this market before this becomes necessary.

Dennis McCunney's picture

In the ongoing OS wars, Linux is winning. Versions of Linux are now available for just about everything, and Linux is showing up in places most folks aren't even aware of. For instance, my wireless router uses an embedded Linux 2.4 kernel. Most folks buying devices with embedded Linux probably won't even be aware Linux is under the hood, and if the device is correctly designed, there's no reason they should be.

Google Android is based on Linux, and getting a lot of traction in the marketplace. The Motorola Droid, for example, put Motorola back into the cellphone race. And because it's Android, it has a coolness factor. How many folks with an Android powered phone do you think are aware that there's a Linux kernel underneath? I'd guess, a minority, and possibly a small minority.

But Android is compelling for manufacturers. It's designed for embedded and handheld use. It does multitasking and multi-threading out of the box. It's modular, and OEMs can build images including only the parts supporting their hardware and use cases. It's well developed with a large number of developers working on it and apps to run on it.

And best of all, Android is free as in beer. Anyone can pick it up and build systems powered by it, and there are no licensing fees, as there would be with things like Windows.

This popularity has consequences. One is that Linux winds up being under the hood in huge numbers of devices where the user has no normal reason to pop the hood, and you probably don't want them to in any case. Cell phones are a really good example.

"They won’t let you access the boot loader, and — worse — they won’t release software upgrades for their phones because they want you to buy the next model, with the next version of the software."

Guess what? That's what the users will do in any case. These days, a cell phone is primarily a fashion accessory, and most users buy the one they think is coolest that does what they want it to do. They are likely to upgrade to a new devices whenever their cell phone contract runs out, and there's almost certain to be a newer sexier model they'll covet.

They want the latest and greatest to "keep up with the Joneses" in their social circle, and look down upon those behind the curve. The HTC Hero? That's so last year...

And bear in mind that HTC is an OEM. For the most part, they don't sell the phone to you. Your carrier does. The carrier will chose to pick up models they think they can sell to their customer base, but what they're selling isn't hardware, it's service contracts. The hardware is the shiny to get you to sign a contract with them. UIs are one way in which vendors differentiate their phones, so no surprise HTC doesn't use the stock Android UI.

The vast majority of folks buying Android powered phones will have no desire to get root, or even know what it is. The phone will do what they want it to do out of the box, and if it doesn't, "there's an app for that!". And if you're the vendor, exactly how thrilled will you be at the idea that it's easy for people to get root? If you are the vendor, you'll probably cringe in horror at the potential support nightmare. You had to go to great lengths to get root on your Android device, but if you break it in the process, it's your problem. Neither HTC nor Telstra are under any obligation to assist you.

If getting root on your Linux device is that important to you, it becomes to item on your checklist when you are looking to buy. "Can I get root on this? No? Next choice..." In the stated use case, look at the Nokia N900, the first of their Internet Tablet line to be a cell phone as well. Nokia's Maemo environment will allow you to get root. (An old friend got Android phones for wife and daughter, but an N900 for himself so he could get root.)

I don't have an Android phone. My current cell phone is probably the the smallest, cheapest model Nokia makes. It places and receives calls and SMS and has voice mail, and that's about all it does. Fine by me - that's all I want it to do. I may get an Android phone down the road, but I probably won't care if I can get root on it. I'll only care that it does what I want it to do, and it's on me to pick the right one. If I find myself needing to get root, it will be a good bet I made the wrong choice when I bought it.
______
Dennis

ian_m's picture
Submitted by ian_m on

Dennis,
You missed the point. I don't look at the engine of my car any more than I have to, and usually have little idea what's in there when I do; I still wouldn't buy one with the bonnet welded shut. A few years back it was OpenDarwin, now it's Android.

I'm an N900 owner, and while I know just enough to get myself into trouble, I did manage to Flash the ROM in desperation, and don't have a problem with that- it was a very expensive brick, and I'm very grateful to the manufacturer for letting me both play enough to break it and download the tools to rescue it.

The attitude of "it works now" is part of the reason millions of businesses are sitting on PC's with XP, wondering how they're going to port all their internal documents to another proprietary format, and that after upgrading a ton of hardware. And then having to rinse and repeat again in 3 years. Just because you can't think of any reason to have an open standard today on your phone doesn't mean that in a few years you won't be wanting to move away from Android and wondering how long it'll take to type in 5000 contacts... or wishing that you could hack it, install the new video app and bluetooth it through your 42 inch screen like your friend does.

A proprietary attitude locks us into yesterday's technology. Open Source is about giving us the keys to tomorrow as well.

Author information

Tony Mobily's picture

Biography

Tony is the founder and the Editor In Chief of Free Software Magazine