Am I the only techie who DOESN'T want another totally open device? I have a mac, a windows pc, another mac laptop, my girlfriend's computer, my girlfriend's mom's linux system, etc. I already provide tech support to some degree or another for all of them.
I don't want another device I have to understand to the core in order to avoid viruses, trojan apps, and other mundane problems.
I want a damn phone that runs a few apps. I like that I can outsource most of my worries to Apple, and let them worry about it, and the price is that I don't have root.
I wonder how we can make both sides happy: both my side of "I know what I'm doing, but I don't want to do it.", and "It's my toy, let me do what I want". I see the merits of both, but I worry even about putting a "unlock me please" button in the settings panes somewhere, since it will end up with phones trojaned, dialing 1-900 numbers so the owner could have a cute animated cat on their unlock screen.
Pardon my confusion, but I fail to see how the openness of the device has anything to do with your experience with it. An open device merely ensures that you have the freedom to do with it what you want, not that you have to do anything with it, or that you even need to understand it.
Consider the browser I'm using right now: Chrome. I don't understand how V8 or Webkit works, but my experience on Chrome isn't complicated, nor is it necessary that I understand these components. However, should I choose, I can educate myself and take control of my browser.
Turn that around, and you get a system like windows, where I can install, run, change anything (with the right permissions), and you end up with a mass of trojan software that installs itself at a low level, resists removal, and such. I like the fact I can hand an iphone (or ipad) to my mom, my grandma, or whatever, and be confident that they won't be "tricked" into installing malware that looks attractive.
Don't get me wrong, I understand the appeal of an open system to us techies, but I like that I never have to worry, or manage the system myself. I do enough of it already.
I think it's important that we draw a clear point about what you're talking about when you say "open". I must confess that I thought you were talking about open as in F/OSS. You're clearly talking about "Maury Povitch" open ("You don't know me! I'll do what I want!"). My guess is that you're pro the former, if even you have not stated it yet. I think it's pretty obvious to all involved that phones be moron proof by default. Phones after all, for the vast majority of the populace, are simply an appliance (off-on, simple functionality).
This view of the phone as an appliance is not accurate any more. Whether or not the public realizes it, they're holding a computing device. In 5 years time, I expect one to be able to use their phone with an external monitor and keyboard and use it much like you would a Netbook today.
So where does that leave us? We're headed towards a highly portable and compact computing device, that is currently a transitory species (if you will). I think this is an exciting time for computing. This is a bold challenge! How do you provide something that is safe by default, simple to use, and doesn't encumber the tinkerers that have been proven to time and again generate wonderful arenas of opportunity, wealth and societal change?
Personally, I think a sort of middle solution is best. An opt-in for tinkering, perhaps. I think closing tinkering is just plain foolish. It's proven to be valuable and shouldn't be stopped.
I agree with most everything you say (open source is awesome, phones == next gen computers, and opt-in tinkering would be cool).
But that last point is what I'm worried about. Windows is opt-in now sorta, but it still gets malware. The Android appstore has already let financial related trojans into it.
So figuring out the balance is hard if you account for people willing to click "yes" to anything. I do in fact like the idea of an open system, but I want people to explain why I should also be required to be as defensive about my phone as I am with my Windows computer. (viruses, latest updates, dangerous applications).
Honestly, I'm not arguing that walled gardens are the best thing ever, I'm arguing that there are advantages that get ignored in the "OMG, it's my device" arguments. I want a nice middleground, and not another device that's totally open, and total a pain in the ass to manage and defend.
OK, but that's not relevant. You know why Outlook is vulnerable? Because it's openly scriptable. If you can convince someone to run your script, they can do whatever they like, so name it AnnaKournikovaNekkid.exe and many, many people were convinced. And that's the key: an open device in the hands of someone who doesn't thoroughly understand it merely creates problems for those that do.
The problem Outlook had a few years ago was exactly the opposite. A completely closed system, set up with insecure settings by default. It would run the scripts inside an email when you viewed it, and did not require the user to click on anything. The idea was to make things easier for the user. How's that for ironic? :)
But Windows is open, and that virus .exe runs with no "authorization" from Microsoft. Your argument of insecure by default is a red-herring in the current discussion.
So you have to be defensive in your use of more open systems, because anybody could have written malicious code for you, and you're lacking the walls of the walled garden to protect you.
As I've been stating through the thread, I am taking this stance because I want to be lazy and safe when using my phone. I don't need or want another full-blown computer to take care of, update, and defend. The trick will be getting the right "jailbreak" switch that's easy for technical people to flip, but very difficult for lay-people to get tricked into.
Of course you're right. They couldn't have done full code reviews on every app. But they do review every app to some degree. Combine that with the locked-down nature of the phone, and you get a reasonable amount of security.
You know why Outlook is vulnerable? Because it's openly scriptable. If you can convince someone to run your script, they can do whatever they like, so name it AnnaKournikovaNekkid.exe and many, many people were convinced.
That's possibly the stupidest argument I've heard all day.
Outlook is nowhere near open. Popular open source mail clients have a much better security record than Outlook. Security failings of Microsoft are a ridiculous way to argue against openness.
With Outlook, with a few lines of VBscript, you can iterate over the addressbook, for example. With Pine, you, umm, can't. Outlook is vulnerable because it exposes features that can be easily abused. Pine isn't because it does less.
Now if you are a corporate software developer and you want to build some sort of workflow application (remember this is in the days before the web was ubiquitous) you could very easily do it with just Outlook and Exchange, which you had. Chances are someone in your department could do it, you wouldn't even need to involve your IT department.
Microsoft were naive to think that the features they included wouldn't be abused, I'm not excusing them there. Of course software can be more secure if it does less. Like the very best firewall is the AirGap(tm).
Beyond that, there's another article on HN front page that talks about the painfulness of upgrades to the android OS, and how various phones run different versions.
My basic thing was that yes, I can understand it, but I don't want to worry. I just want a phone, that runs some chunk of apps. The lack of management capability is a feature, as well as a handcuff.
A quick google corraborates his argument, as long as you stick to a strict definition of virus (there was that SMS one for the iphone, none came up on google for the android), although the android has had trojan software in its marketplace.
I don't want another device I have to understand to the core in order to avoid viruses, trojan apps, and other mundane problems.
I want a damn phone that runs a few apps. I like that I can outsource most of my worries to Apple, and let them worry about it, and the price is that I don't have root.
I wonder how we can make both sides happy: both my side of "I know what I'm doing, but I don't want to do it.", and "It's my toy, let me do what I want". I see the merits of both, but I worry even about putting a "unlock me please" button in the settings panes somewhere, since it will end up with phones trojaned, dialing 1-900 numbers so the owner could have a cute animated cat on their unlock screen.