Commit 946b4d6d authored by Zev Cooper-bennun's avatar Zev Cooper-bennun
Browse files

proofread with some grammatical changes and word cleanups

parent e2390492
Pipeline #781 passed with stage
in 1 minute and 34 seconds
......@@ -10,46 +10,46 @@ tags:
- Article
---
Phones are amazing things, helping connect us to the people we care about - and those we don't - if it wasn't obvious by now, they enable a great deal of the things that make up modern society, from social media to GPS, wikipedia to music. Without phones we'd be in a very different world.
Phones are amazing things, helping connect us to the people we care about - and those we don't. If it wasn't obvious by now, they enable a great deal of the things that make up modern society, from social media to GPS, and Wikipedia to modern music listening. Without phones we'd be in a very different world.
<!--more-->
Mobile computerised devices have a long and exciting history, from gems like the early brick phones, to nuggets like the Nokia N900, it's been a wild ride. The two biggest players at the minute are Apple and Google (just in case you've been asleep for the last 15 years), with Android and IOS being the dominant players in the mobile OS space. We'll be leaving IOS alone for the purposes of this video, instead focusing on the much more interesting Android story.
Mobile computerised devices have a long and exciting history; from gems like the early brick phones, to nuggets like the Nokia N900, it's been a wild ride. The two biggest players at the minute are Apple and Google (just in case you've been asleep for the last 15 years), with Android and IOS being the dominant players in the mobile OS space. We'll be leaving IOS alone for the purposes of this article, instead focusing on the much more interesting Android story.
Android started out as a comparitively small independant company, but after their initial success were quickly consumed by Google. Since then it's grown into the largest (by user) Mobile OS in the world. And, fortunately for us, it's open source.
Android started out as a comparitively small independant company, but after some initial success they were quickly consumed by Google. Since then it's grown into the largest (by user) Mobile OS in the world. And, fortunately for us, it's open source.
## Open what
For those that don't know, open source software is where the source code is freely available, and usually in a format such that you can go edit and built it yourself. There's a few awesome examples you've probably heard of such as Firefox, VLC media player and more recently Microsofts Visual Studio Code. The open source movement is growing and it's vital to ensure that you can protect your privacy in the digital age.
For those that don't know, open source software has its source code freely available, and usually in a format such that you can go edit and built it yourself. There's a few awesome examples you've probably heard of such as Firefox, VLC media player and more recently Microsoft's Visual Studio Code. The open source movement is growing and, simultaneously, it's vital (and getting harder) to ensure that you can protect your privacy in the digital age.
There's a common myth that open source software is less secure, that I feel I should attempt to put to rest here. When considering the security of your software, you have to consider the attack vectors, and potential for damage, for example a website that processes user input, whether through logic forms, forum posts or even something as simple as the URL, can be attacked. If that website uses a datbase then it may be possible for a malicious user to gain access to the data in the database if they find a way to exploit your website. Lets say this website sees millions of daily users, and would be a pretty appealing target for someone with bad intentions. Lets also assume you're in charge of the development team, and you have the sort of resources you'd expext from any large tech company.
There's a common myth that open source software is less secure, that I feel I should attempt to put to rest here. When considering the security of your software, you have to consider the attack vectors available to attackers, and the potential for damage. For example, a website that processes user input, whether through logic forms, forum posts or even something as simple as the URL, can be attacked. If that website uses a database then it may be possible for a malicious user to gain access to the contained data if they find a way to exploit your website. Lets say this website sees millions of daily users, and would be a pretty appealing target for someone with bad intentions. Let's also assume you're in charge of the development team, and you have the sort of resources you'd expect from any large tech company.
There are a few axioms we must consider before continuing (I'm sorry I just couldn't resist the opportunity to use that word...); firstly, there's ALWAYS someone smarter than you, who has knowledge that you don't. Hiding details about how your system works will certainly make it more difficult for any random person to come along and find exploits, but it merely adds an extra challenge, it doesn't inherently make your system more secure, just more obscure.
There are a few axioms we must consider before continuing (I'm sorry I just couldn't resist the opportunity to use that word...): firstly, there's ALWAYS someone smarter than you, who has knowledge that you don't. Hiding details about how your system works will certainly make it more difficult for any random person to come along and find exploits, but it merely adds an extra challenge it doesn't inherently make your system more secure, just more obscure.
Next, most people have good intentions, there are a lot of terrible people out there who want to take control of your website, but a vast vast majority of the time, if someone finds an exploit, they're going to do there best to report it to you.
Next, there's the fact most people have good intentions. There are a lot of terrible people out there who want to take control of your website, but a vast vast majority of the time, if someone finds an exploit, they're going to do their best to report it to you.
With these two facts in consideration, given the manpower to maintain a good high quality codebase, and interact with the commnunity, when does it make sense NOT to release your source code? You gain free bug fixes and optimisations from interested community members, make it easier for people to find and report issues or exploits, and, if using a license like the GPL, you let other people benefit from your software too, obviously depending on your method of monetisation this may not be a great fit. Furthermore, if you don't have experience maintaining or at least contributing to open source projects, or your company doesn't have a history of good software development practise, it can be really hard to get to the point where you're able to actually make projects open source.
With these two facts in consideration, and given the manpower it takes to maintain a good high quality codebase and interact with the community, when does it make sense NOT to release your source code? You gain free bug fixes and optimisations from interested community members, make it easier for people to find and report issues or exploits, and, if using a license like the GPL, you let other people benefit from your software too — though, depending on your method of monetisation, this may not be a great fit. On the other hand, if you don't have experience maintaining or at least contributing to open source projects, or your company doesn't have a history of good software development practice, it can be really hard to get to the point where you're able to actually make projects open source.
All things considered, aiming to open source your stuff where possible sets a good example to the industry, and lets you directly contribute to society by producing useful software that anybody else can come across and use.
All things considered though, aiming to open source your stuff where possible sets a good example to the industry, and lets you directly contribute to society by producing useful software that anybody else can come across and use.
Now, with that cleared up, onto the fun stuff :D
## A great open source project
By far the most well known piece of open source software is the Linux Kernel, not only is it a well loved base for many desktop distributions, it also powers lots of crap you don't even think about, from IP cameras and mcdonalds menu screens, smart cars, etc. Most importantly, it's the foundation for Android, you can see for yourself, if you own an Android phone then grab it out, head to setting, about phone, android version, and look for `Kernel Version`, you'll most likely see something like `4.9`, `4.14` or perhaps something older, these are all Linux kernel versions.
By far the most well known piece of open source software is the Linux Kernel; not only is it a well loved base for many desktop distributions, it also powers lots of crap you don't even think about, from IP cameras and McDonald's menu screens, to smart cars and home media devices. Most importantly, it's the foundation for Android, and you can see this for yourself if you own an Android phone. Simply navigate to settings, about phone, android version, and look for `Kernel Version`. You'll most likely see something like `4.9`, `4.14` or perhaps something older. These are all Linux kernel versions.
To give some context, at the time of writing the latest Linux version is 5.10, released in December of 2020, there's a new Linux release about once every 10 weeks. Linux 4.9 came out in December 2016! That's OLD with a capital D, and leads us to our next and final point, and the purpose for this series.
To add some context to those numbers, at the time of writing the latest Linux version is 5.10, released in December of 2020. There's a new Linux release about once every 10 weeks. Linux 4.9 came out in December 2016! That's OLD with a capital D, and leads us to our next and final point, and the purpose of this article.
I suppose 'problem' is not the most logical term, but anyway, Linux is licensed under GPLv2, according to tldrlegal:
## The problem with Linux
> "*You may copy, distribute and modify the software as long as you track changes/dates in source files. Any modifications to or software including (via compiler) GPL-licensed code must also be made available under the GPL along with build & install instructions.*"
I suppose 'problem' is not the most logical term, but anyway... Linux is licensed under GPLv2, according to tldrlegal:
Essentially, you can use it for anything, including commercial products, but you have to release the source code and instructions for whatever product you eventually ship. Most of you will have realised by now that this means the software on your Android phone is almost entirely open source, and you'd be right you wonderful intelligent human. Except for one small caveat, not all of it is...
> "*You may copy, distribute and modify the software as long as you track changes/dates in source files. Any modifications to or software including (via compiler) GPL-licensed code must also be made available under the GPL along with build & install instructions.*"
## The problem with Linux
Essentially, you can use it for anything, including commercial products, but you have to release the source code and instructions for whatever product you eventually ship. Most of you will have realised by now that this means the software on your Android phone is almost entirely open source, and you'd be right, you wonderful intelligent human. Except for one small caveat: not all of it actually is...
As an operating system, Linux is pretty great, it runs on a large selection of architectures, SOCs and devices, is pretty speedy and offers a great platform to build your product on, hence it's ubiquity. SOC and device manufacturers have to add support for their new devices to the kernel, so that their device can run Android. Which takes us to our next issue...
As an operating system, Linux is pretty great. It runs on a large selection of architectures, SOCs and devices, it's pretty speedy, and it offers a great platform to build your product on (hence its ubiquity). SOC and device manufacturers have to add support for their new devices to the kernel, so that their device can run Android. Which takes us to our next issue...
The issue with SOC and device manufacturers, is that they like to protect their intellectual property, from a basic level this makes sense, until you consider that, like I said earlier, there will always be someone smarter than you. The uh, problem, I referred to previously, is the case of Qualcomms Adreno graphics driver, rather than write the driver in the kernel, where they would be forced to release it as open source code. Qualcomm chose the more complicated approach of writing a minimal kernel driver to initialise the hardware and then simply expose it to userspace as a character device. The majority of the driver then being written to run in userspace as propriatery blobs.
The issue with SOC and device manufacturers is that they like to protect their intellectual property. Intuitively, this makes sense, until you consider that, like I said earlier, there will always be someone smarter than you. The uh, 'problem' I referred to previously, is exemplified in the case of Qualcomm's Adreno graphics driver. Rather than writing the driver in the kernel, where they would be forced to release it as open source code, Qualcomm chose the more complicated approach of writing a minimal kernel driver to initialise the hardware and then simply expose it to userspace as a character device. The majority of the driver is then written to run in userspace as propriatery blobs.
The thing is, despite all the trouble Qualcomm have gone to to protect their Intellectual Property, the Freedreno driver has been, in my opinion, one of the best examples of how pointless it is to keep this kind of software closed source, sure it doesn't perform quite as well as the propratery driver, but considering it's entirely a reverse engineering effort I'd say it's done a damn good job. Without it we wouldn't have Linux booting with full hardware accelerated graphics on devices like the Pocophone F1 and OnePlus 6.
The thing is, despite all the trouble Qualcomm have gone to to protect their Intellectual Property, people simply reverse engineered it. The Freedreno driver has been, in my opinion, one of the best examples of how pointless it is to keep this kind of software closed source; sure it doesn't perform quite as well as the propratery driver, but considering it's entirely a reverse engineering effort by volunteering developers, I'd say it's done a damn good job. Without it we wouldn't have Linux booting with full hardware accelerated graphics on devices like the Pocophone F1 and OnePlus 6.
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment