On Sun, 2003-03-23 at 12:06, Dean Michael Berris wrote: > On Sat, 2003-03-22 at 20:12, Jared Odulio (From Home) wrote: > > On Sat, 2003-03-22 at 14:34, Danny wrote: > > > > > Motorola grabbed a lot of headlines when it announced the world's first mobile > > > phone that runs Linux, however, developers won't be able to create Linux > > > applications and run those on the phone because Linux is not secure enough. > > > > > > > > > If am in the manufacturer's position I could have said the same thing. > > Well, first we have to coin some few terms, in Java 2 Micro > > Edition(J2ME) mobile apps are called midlets. What are we going to call > > our Linux mobile apps? kernlets? scriptlets? chiclets? GTicKlets? > > KMoblets? what? It's so diverse the mobile market it's not ready for > > that confusion and confusion breeds false sense of insecurity. > > > > I think everyone who holds a Linux mobile phone is assumed a "superuser" > > since it doesnt act and it's not designed to be a server. :) > > > > this could easily be offset by using the fundamental idea of > 'protection' by defining user space memory and kernel space memory.
that's currently the problem this embedded developers have. Where to put the line between user space memory and kernel space memory. That's is why the Sharp Zaurus team stresses also the use of J2ME more favorably than have other apps to be written in Linux natively (even though it is not also discouraged). > > Let's have a scary use case scenario of putting a linux mobile app into > > linux mobile phone: > > > > 1. Unlike J2ME, A Linux mobile app is native to the Linux mobile device. > > Therefore it could access native resources like phonebook, power > > management, time, calendar, bluetooth, sms, telephony etc. > > > > but J2ME must run on a host OS, AFAIK. it runs in its own runtime > environment which is just another process in the operating system. true, and this is where the first level of security in J2ME happens. > > the security is offered by the virtual machine, and not the OS. in java, > it doesn't have to matter what OS you're running it in unless you > specifically use native system calls via CORBA or some other mechanism. Nope, you can't do native system calls in J2ME you have to use a JINI-based(at least, on the server-side) surrogate application to handle that(this is outside the device's context). Unless we're talking within the context of a local device, CORBA does not fit in a mobile phone. AFAIK, it is impossible to do native calls via CORBA as long we're in the same context ha. But the JCP(Java Community Process) members involved in MIDP and CDC specs are still debating whether to allow native calls in J2ME. > > > 2. If someone has an OTA(over-the-air)hosting for Linux mobile apps that > > operates the same way as www.midlet.org. Someone could develop a > > malicious linux mobile app that pretends to be a game or a serious > > application but underneath it's accessing your phonebook sending some > > "F&#* YOU" messages to your associates while you are brandishing your > > cool phone in public. Nobody wants that to happen. > > > > this is if you will be running everything it in superuser mode. example, > if you ran the hypothetical app as a superuser, and all it does is > thrash the system then you're doomed because it can access the devices > and the resources at will. but if the linux system put on the phone > added measures to say that every app run is run by a user (that is not > root, and has limited privileges) then it would be harder for the app to > just do everything it wants at will. > > of course, that would be hard for the developer also. ;) > > <snip> > > That's a big score for J2ME (it's unarguably, secured.), unless someone > > could develop a standard SDK for Linux mobile apps that assures > > security(oooppps i am giving away a fundable idea). Take note that > > mobile application development is a whole new ball game it's no way the > > same with desktop and server application that you are used to > </snip> > > true, but linux could still be the host OS of the java runtime > environment. now sure, there are other OSes out there, but for the sake > of conversation, i think linux is stable and extensible enough to be put > on not only phones but planes alike. > as i said it's a whole new ball game, stability on the servers and desktops does not translate easily to stability on a limited space such as mobile phones and PDAs with bunch of applications. > _ > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > > Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL > PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
