And after all, if someone going to shoot himself to leg, we must not handcuff him and jail him to prevent this (since this will restrict person’s freedom). We only should make sure he is not going to harm others with his gun and punish him if he does (so he do not wants to harm others due to risk of punishment). And that’s up to ISPs to disconnect hacked users, just like police should catch people guilty in a crimes.

P.S. actually, botnets are quite hard to create because repository is still being run by NOKIA and bad thing will have certain problems at this place. And installing bad apps from another sources is a bit harder and gives warnings. If user is determined to play Russian Roulette, we’re not in position to jail him to prevent it. Look, on my PC I can install whatever I like. Why can’t I do the same on my n900? What’s the difference? Both are computers and both are connected to networks.

Actually, n900 is a *computer*. *Real* one. Like, say, notebook. But smaller. With ability to run apps from your Linux desktop. Not a java toy from Google which is a useless brick at the end of day.

Now one question: will you ever buy PC if it’s crippled so you can’t be Administrator (root, or whatever) in your OS and can’t install programs on your own and have to write them on Java only and all from scratch and run them in slow VM machine because PC manufacturer does not trusts you to access your bare metal while it is you are who payed for this metal after all?

That’s what separates useless java toy from a self-sufficient computer.

And yes, if you’re granted full freedom, you’re free to do various things. You can even grab a gun and shoot yourself into the leg if you want to. Or you can do another things if you want. Some of them will even make you appear on DarwinAwards.com – and that’s freedom we all must have.

Jailing you and handcuffing just to prevent chance you can shoot yourself into the leg is a brutal violation of your freedom, after all.

Google tells something equal to this: “We will not allow you to harm yourself! So, we will jail you, handcuff you and policeman will stand near your ass, 24/7. That’s for your own safety. Luke! So, be happy – you’re now totally safe – nobody can harm you in our heavily guarded jail!”.

That’s possibly the most useful thing anyone’s said to me all week! Thank you.

#! /usr/bin/make -f
%:
dh $@

You can use all the standard debhelper-related files in debian/, and if you need to override the behaviour of one of the commands that dh calls, then just add an override_dh_foo target. This saves on a lot of cargo-culted boilerplate without making it unreasonably difficult to figure out where to make customisations when they’re necessary (speaking as a Debian developer who’s been cargo-culting the last debian/rules he wrote each time for the last ten years or so …).

Because given a market where apps are published in, with users not capable of making security decisions, people will publish apps that create bot nets and other undesirables. It will happen.

Android runs each individual application as it’s own uid, and upon installation, you are prompted to allow that application to have access to only some very limited capabilites: “can send SMS messages”, “can read contacts”, etc. The UID is added to a set of groups which express those. And it cannot extend beyond them. Any access to data is done through IPC APIs which can restrict access.

The OS will also terminate the app if it consumes excessive CPU, and a host of other protection features. The last thing you want is random apps installed by users to generate support calls to the carrier… interfere with people’s phone calls. Etc. Both the iPhone and Android have thought this through very well.