16 April 2011

The other day I'd gotten sufficiently comfortable with my cellphone (an HTC Hero) to take the next step and root it (which is to say, I used the z4root exploit to get admin privileges). I mentioned it in passing to Lyssa last night and she made an observation that caught me off guard: "If you had to jailbreak your phone," she said, "how can you call Android 'open'?"

How indeed.

Let's set up an example. The Android OS is based on the open source Linux kernel as well as a suite of applications and systemware different from those of your workaday Linux distribution, most of which has been released under the Apache Software License. In theory, you can download the source code, tinker with it, recompile it into a executable, upload it to your phone, and start using the new application. That is, if the license forced the release of the source code in the first place. While working with the Linux kernel requires you to release the modified source code under the same terms, there are no clauses that require it to be done in a timely manner - a company can easily sit on the the source code for years until everyone's forgotten about it and then place it on an obscure part of their website for nobody to find. In fact, some vendors are doing just this. So, what happened to Android being open?

This is where you have to read the fine print of the announcements that were made back in 2007: they didn't say anywhere that Android would be "free as in beer" or "free as in speech" (here is the canonical definition of free software in case you'd like to read the source text), it was announced by the Open Handset Alliance that they would be hammering out and publishing open standards for manufacturers to ensure interoperability. What they didn't tell you is what definition of the term open standard they were using. Legally speaking (and for something to be enforcable law has to be involved), the definition of 'open standard' varies from country to country, industry to industry, and organization to organization.

In the final analysis, I think Android is about as open as Apple's iOS, which is to say that it isn't. Yes, you can download the source code (most of the time). Yes, you can modify it and distribute your patches or even the modified software as a whole. You can even develop something that works like it but is very different (like CyanogenMod, an alternative Android firmware). You can't call it Android even if it's based on the 'canonical' Android source code because the license requires it to pass a certification review first. You also can't just load it onto your mobile device because the hardware vendors don't explicitly make it possible unless you have root access (note that you don't need root to develop applications for Android). No one is obligated to give you root on your machine (as a system administrator, having root access without having a clue of how to use it safely can be disasterous, I've seen it way too many times), but it's my considered opinion that you should at least have the option, and we don't have it unless jiggery-pokery is involved. "If you can't open it, you don't own it," the Maker's Bill of Rights says, and if you shelled out cold, hard cash for something it damned well is your property even if you never intend to tinker with it.

To play devil's advocate for a moment there are good reasons that a vendor might not be in a position to release their source code. Manufacturers of portable devices do not design each and every component of their hardware. They buy CPUs from one company, graphics controllers from another, cellular transmitters from another, touchscreens from somebody else, and wi-fi chipsets from yet another corporation. The hardware manufacturer then designs circuitry that ties all of those functional modules into a shiny new product. What isn't intuitively obvious is that some of those modules aren't self-contained. Some of those chipsets (wireless are famous for this) require that blobs of microcode (technically this is firmware but they call it microcode to differentiate it from the OS of the overall product) be loaded into them before they'll do anything. While this seems like a dodgy practice there are actually good engineering reasons to do it this way (it cuts development time from years down to months, plus it makes for an easier to maintain product). When your phone manufacturer enters into an agreement to buy X thousand wi-fi chips at Y dollars each to use in a phone, the chip manufacturer often requires that a license agreement be signed that prevents the phone manufacturer from reverse engineering their chips or firmware and redistributing it (or publishing their internal documentation of same). Sometimes patent law is involved, sometimes copyright law is involved, but usually some unholy combination of the above as well as other aspects of international law are involved. Long story short, the manufacturer couldn't open their source code without leaving themselves open to multi-million dollar lawsuits. While we, as users and hackers might think this is stupid, companies exist to make money and anything which might impact their bottom line they avoid like the plague. This has the unfortunate side effect of letting sufficiently motivated people into the guts of their equipment to explore.

The downside of this is that the same laws that protect the manufacturers of those chipsets can and sometimes do screw sufficiently motivated people who just wanted to see how something worked - the Digital Millennium Copyright Act of 1998 is too easily abused. Case in point, back in 2009 CyanogenMod was hit with a cease and desist order from Google which wound up being over five applications bundled with Android that are not licensed for redistribution by an open source project. It's an easy fix - take them out of the source tree and publish a new release. That incident was relatively easy to clear up, but some aren't. While it would be easy to paint the issue with broad strokes in terms of us versus them (which my generation, raised on a steady diet of cyberpunk media and mistrust for authority is all too ready to do) it would be incorrect to do so because that would require oversimplifying the situation unto complete departure from reality.

So, now that you've seen the smoke and mirrors surrounding so-called open products, what exactly do we have working in our favor? What really is open?

First, we have open source hardware (which has finally settled on a logo), for which the designs, documentation, and layout data are published under an open source license like OSHW or the Lesser GPL. The idea is that you can buy something as a fully assembled product or a kit, or you can fabricate it yourself and sell it if you want, and if you make any modifications to the design you have to make them available to everyone else (most of the time, it depends on the terms of license of that which your work extends). It also means that you could tinker until your hearts are content with the hardware and software and you wouldn't have to worry about getting smacked with a DMCA takedown or a cease and desist order (which suck, let me tell you). You also would have a better chance of fixing something if it broke because you wouldn't have to reverse engineer the device, you'd have access to the documentation as well as the braintrust of the hacker and maker communities (which you have anyway as long as you don't act like a jerk).

But, what does it matter to everyone else? What does it mean to everyone who isn't a hacker, isn't a maker, or who just wants to buy something that works?

Ultimately, that's the $64kus question. In the grand scheme of things, hardware hackers comprise only a small percentage of the market and products are planned, manufactured, and marketed based upon the number of people in a particular region (usually a country) that are likely to buy them. There are lots of smaller companies out there that cater primarily to makers, like Adafruit Industries and Sparkfun but not many large commercial enterprises have really tried yet. The closest we've come so far was the Linksys WRT54G wireless access point that ran an embedded distribution of Linux right out of the box for the first couple of revisions and the first generation of netbook computers from Asus and Dell that ran Linux. It pains me to say it but I don't think that marketing things to everyone as "open hardware" is going to do much good. Hackers aside, people want things that "just work". They don't want to have to fiddle with them, they don't want to have to track releases of firmware, they don't want to have to worry about this firmware image's developers refusing to package this library or that application for ideological reasons.

People want their phones to make and receive phone calls and text messages, check their e-mail, and browse the web sometimes. They want their BluRay players to show movies. They want their televisions to display moving images with associated sound. They want their watches to tell time and their computers to run applications that do what they want. One of the reasons that iOS took off the way it did was the App Store - if you have an iPhone or an iPod you can install thousands of programs that do everything from keep track of your bank account balance to letting you pretend that you have a light saber. Android took off the way it did in part due to the Android Market, which also contains thousands of applications. Applications mean things that you can do with your device without going to a whole lot of effort. Applications make devices practical and useful. The more things you can do with a device, the more attractive it is.

Of course, it really doesn't hurt that iOS and Android are visually pleasing to the user. Let's face it, pretty sells.

The more I think about it, if open hardware is going to take off it's going to have to build on top of everything that isn't open in a subversive fashion. In the best of all possible worlds (and this is me being an idealist) your phone/MP3 player/ebook reader would be sold in the store or online just as they are now. They'd do exactly what you wanted, just as they do now. However, if you went to the website for the product or read the documentation there would be a link to a developers' site, where there would be forums for discussion, wikis for documentation (along with descriptions of those pesky legal pitfalls), links to download development kits, and maybe even a full software forge so people could take that technology in brand-new directions. For a change - and this is a stretch - they'd make their source trees available the way they're supposed to if they're building on top of F/OSS. A sufficiently enlightened manufacturer would make available to sufficiently motivated individuals everything they needed to develop and publish code for that platform. In the best of all possible worlds they wouldn't use the DMCA to scare people out of experimenting with things they bought, nor would they force us to jailbreak our phones to play around with them (a simple "Here's root - if you break your phone you're on your own." message would suffice). Playing cat-and-mouse with exploits to get and keep full access to our tech toys gets old fast.

In other words, treat us like responsible adults and we'll want to do business with you. We can do things that you've never dreamed of because we do it for fun and not a paycheque. By letting us do that, other people will think your products are nifty, awesome, and desirable and will want to give you lots of money for the privilege of owning (not leasing, not licensing, and not borrowing) that device. People who want their kit to "just work" could have it, but at the same time we could have technology that we could experiment with, and everybody would benefit because the state of the art will have been advanced.