Besides warranty and service costs, what else are they so worried about that they feel it necessary to add these protection measures?
Surely the percent of customers that root/mod a phone is so small that it's not worth the man-power and engineering to try to "fix" the problem. It seems there must be some other concern they are trying to resolve that escapes me.
Remember from their perspective, 99% of all the feedback they get back (that they don't have to pay for) is negative. Therefore, they are solely concentrated on reducing that negative feedback by preventing failure in the first place. They view these protections as a way of doing that. It reduces the need for a larger support department and therefore their bottom line.
Of course, this ignores the fact that by making the methods for circumventing these protections more complex, they are creating a more error-prone process, and therefore a large support volume. But whatever, I didn't say it had to make sense.
So why are mobile phones different?
(My guess: "because we can". Nobody has figured out how to make a bookshelf that I can't put something too heavy on. But people have figured out how to ensure I can only run Verizon's adware on my phone, so they don't cripple my bookshelf but they do cripple my phone. Follow up question: why does the market allow this? Nobody would buy a crippled bookshelf with an EULA.)
Perhaps if it were something consequential instead of something to click through it would actually affect peoples habits.
The people making these products probably don't want them heavily enforced either. If things actually got to that point nobody would buy their products.
I think they like the current status: you technically owe them your first born but still buy their products. If you do anything they don't like, they can stop you. But people still buy their stuff. Its the best of both worlds for them.
That's exactly my point. There currently isn't anything that forces the consumer realize what they are getting themselves into. If they did, they probably wouldn't be buying the products.
You'll note it only hit jailbroken iPhones.
You can't expect a non technical person to understand the importance of strong, unique passwords. Most people can't remember more than one (and a simple one, at that).
Is there some part of the story missing here? The only vulnerability I see is that foolish people are allowed to run SSH servers on their phone.
I just got off the phone to HTC Australia, and apparently they'll be getting in touch. If everyone did that ...
That said HTC played some mean tricks here, such as releasing the souce for the HTC magic with bits and pieces of the vision source clearly removed. At the same time while we were trying to reverse engineer this code and the binary we saw major inconsistencies even though the disks are the same model and spec.
They(HTC & TMO) really made it hard this time but once we figure out how this works once it will likely be just as easy to hack as before.
Maybe this tactic has something to do with product life cycle though I can't think what. Surely a phone has a longer shelf life than 3 months . .
That said, I'm almost certain that the linux kernel is released under a modified form of the GPL, or at least Linus refuses to enforce parts of the GPL. Binary modules and blobs are a clear violation of GPL, but they exist in the Linux kernel to a great extent. There has been some fighting over the issue in the past.
At any rate, I know that Linus is not as adamant about freedom as RMS. He's using the GPL as a tool and not a principal. There was the whole Tivo-ization argument, where Linus supported the hardware manufacturer and RMS released GPLv3 explicitly forbidding that type of stuff.
Nope, it's standard stock GPLv2-only. There's a clarification included in the COPYING file that reminds people that userspace binaries that use the documented system call interface are not considered derived works, but that's not a modification of the license; it's just included for clarity reasons.
or at least Linus refuses to enforce parts of the GPL.
Not entirely. He's stated that he doesn't believe that a kernel module is automatically a derived work of the kernel. For example, he's of the opinion that the nvidia binary driver is not a derived work of Linux because the driver core was first designed and written for a completely different OS.
Regardless, Linus Torvalds is not the last word on this: just about any kernel contributor with copyright ownership could file suit.
There is no preparing. They don't own the code. They need to release it in exactly the same state it was in when deployed as binary. Otherwise, they are violating copyright (often referred to as pirates).
The first comment on the post has a pretty relevant paragraph, which I think sounds plausible: Section 3(b) allows you to provide a written offer for source. I think HTC is interpreting this to mean that if you respond to their written offer for source, there's obviously going to be a delay for them to get your written request, put together the source code and send it back to you, and they've decided that 90 to 120 days is a reasonable amount of time for that.
The commenter also says it seems this is pushing it, and I agree - but HTC's lawyers clearly think it's worth the risk.
And the more time passes, the better manufacturers and carriers get acquainted with the platform, the least common Android devices will be open as far as the user is concerned.
This is not an implementation detail for the GPL.