1. Blindly trust endless vendor blobs
This is true regardless of which device you choose since they all have fundamentally closed source hardware, with the vast majority of the complexity in this regard, along with a lot of closed source firmware.
Conversation
Also, you are blindly trusting the open source code including the Linux kernel code in exactly the same way. The closed source SoC vendor libraries are not black boxes, and in fact the source code is shared under NDA. If you really wanted access I'm sure you could get it.
1
Either way, I don't see you doing any code review / auditing or hardening. It's theoretical that you would be doing something like that with the source code. You blindly trust both open and closed source code. You blindly trust the hardware and firmware. This is universal.
2
I review lots of things as I have time and have a few CVEs to show for it. I can't even begin to review it all, but I only want to use things the community can review so together we might combine our respective small bits of time into deep review.
2
1
What community? Not aware of any community doing anything substantial in that regard. It's not a real thing, and if it was, they could fully review closed source libraries to the same extent and doing it with the same extreme care/depth is not substantially harder at that point.
2
People review the Linux kernel and a lot of the boilerplate of android.
Is it enough? No. We need 1000x but as more people depend on AOSP more eyeballs come with it.
I won't ever give up my right to review and for others to review what they can.
1
1
> People review the Linux kernel
Who reviews Linux kernel in anything but a very shallow and targeted way?
> I won't ever give up my right to review and for others to review what they can.
You have a right to inspect / review closed source software too.
2
And I don't really see what stops inspecting / reviewing in with the same care / depth. It's not even obfuscated in any way.
If you took the alternate approach of getting official access to the sources, you give up your right to publish them, obviously not to review them.
1
But regardless, you're not really reviewing / auditing code, and there is not a community of people doing it. If there was, they wouldn't be blocked by only having compiled, unobfuscated libraries in some cases. As you're well aware there aren't even people interested in building
2
I starter with what I could do which is get a good determinstic build baseline... And I can't even keep up with that. Google closes bugs I file for determinism. They don't care.
AOSP seems too big to review or maintain in the way I want an OS reviewed and maintained. That sucks.
1
The Linux kernel is far beyond doing any kind of serious auditing / review, and there are not people even attempting to do that across it. Even Linus lacks a grasp of it as a whole. Chromium or any other functional browser engine is the same situation. What do you plan to ship?
You are preaching the the choir on these points.
I'll use the Linux kernel today because it is the least bad most audited thing that works.
Once I have an MVP I can try to use a microkernel the community can hope to audit.
I would love a SeL4 feature phone, for instance.
1
1
The truth is, I 100% agree with you. When there are millions of lines of code it is a black box the community will never be able to fully review.
This conversation has made me now double down on wanting get a feature phone with as little code as possible that can be audited.
1
1
Show replies