discourse: why do corporations allow "jailbreaking" and "flashing" at all?

[cowonoid]

What is the philosophy/intention behind this?


I came to this question during a conversation in the Cowon D2 developers thread.

For example:

Cowon obviously doesn't give away the shematics and datasheets for their players. I don't know if someone ever asked them but somehow I doubt, they would just send it per email.
Anyways, what would happen if someone finds the datasheets and even the shematics (or gets the shematics by analyzing the device) and developes a superb "OS" for that player: it has the features of rockbox and the smooth design of the iPod OS and is obviously *much* better than the original one. Besides there is much promotion so that even the last audiophile housewife will use that software!
At this point the Corporation (Cowon) lost part of control over its product. Okay, now they could say: "We don't care, as long as there is no loss in profit". But then someone starts selling his OS somehow.. "It's a general DAP software, enhancing the DAP of your choise!".. Or someone gets much donations.
Even without money making, Cowons headline "digital pride" would become stinky if everyone knows, they just can do half of the product (i.e. the hardware) well.

Another example:

Apple. People hacked their iPhone to put inofficial apps on it.

For both examples the questions: why don't they simply prevent people from putting custom software on their devices? So that the two parts of their products: hard- and software can't be seperated?

Is it so hard to prevent the hacking or is there simply no necessity to do so?

Or do they even like it, when people are hacking their devices? If so: why?

[torne]

Lots of people (most MP3 player manufacturers) simply don't bother because they don't care. Such a tiny number of people will ever do it that it literally is not worth them even thinking about for a second.

When people try and secure devices, if it's an interesting enough device, people will break it anyway; absolute security is extremely hard to implement. The iPhone series has been cracked with over a dozen different exploits over its lifetime, even though Apple have tried very hard to prevent people doing so...

[soap]

why do corporations allow "jailbreaking" and "flashing" at all?

http://www.eff.org/press/archives/2010/07/26

[cowonoid]

why do corporations allow "jailbreaking" and "flashing" at all?

http://www.eff.org/press/archives/2010/07/26

[...] the Copyright Office rejected Apple's claim that copyright law prevents people from installing unapproved programs on iPhones [...]

Strange ways law is going here. If Apple wants his product being used with their own software only, then this should be their good right! If I develop a product, I self-evidently also define it's area of application. Software, hardware; there is no difference. I design the *whole* product and sell it under whatever circumstances I can think of. No one is forced to buy it. Imagine, I would complain about my non-jailbreakable Casio calculator and charge the corporation for that boldness!

On the other hand the whole product (iPhone) was also delivered with the vulnerabilities. From a weird (but not wrong) point of view, it had the built-in feature "jailbreakable", which was just used by the consumer. As well as every heavy steel pan implicitly has the feature to kill attacking dogs - even if it was not foreseen by the pan producer.

Software obviously adds possibilities to a piece of hardware. Like ammunition adds "the possibility of shooting" to a pistol. And as a weapon manufacturer I am responsible for *what* ammunition fits into the pistol. If I drill a big enough hole to hold ammunition, which can kill attacking dogs, I should not wonder if my pistol soon becomes "the dog killer" and people want to deprive me of the right to sell it as a normal pistol.

To get even more rough: Einstein "produced" an insight, which lead to the atom bomb. The great mass found a hidden feature and made use of it. Surely Einstein didn't appreciate that but he couldn't change that anymore. His product was not foolproof enough; in this case it lead to a simple and bad idea.

Like the idea (and possibility) to use the iPhone as playground for jailbreaking and custom apps. The mass wants it, so it's made legal.
So is everything about foolprofness?

When people try and secure devices, if it's an interesting enough device, people will break it anyway; absolute security is extremely hard to implement. The iPhone series has been cracked with over a dozen different exploits over its lifetime, even though Apple have tried very hard to prevent people doing so...

I am not the computer scientist but:
is it so hard to realize an internal memory (containing all the running code), which just can be altered by the vendor? The whole system is running from a memory, which can only be written if a hardware-implemented security check is passed?

[yapper]

I am not the computer scientist but:
is it so hard to realize an internal memory (containing all the running code), which just can be altered by the vendor? The whole system is running from a memory, which can only be written if a hardware-implemented security check is passed?

They strive to achieve that, but flaws in the design allow exploits

[Chronon]

cowonoid: You make a lot of assumptions that I have trouble making for myself.  If I buy a hammer, I do not suppose that the manufacturer can tell me how to use it nor for what purpose.  Some sort of firmware is necessary for the basic operation of a DAP.  This in no way implies to me that I am forbidden from using the device in a way of my choosing.  You seem to operate under an assumption of "that which is not expressly permitted is forbidden" while I would prefer to assume "that which is not expressly forbidden is permitted."

Manufacturers are free to take steps to secure devices that they sell, but users are also free to find creative new ways to use the devices that they own.

[soap]

If this conversation drifts much deeper into Casio watch-wearing, dog shooting Einstein analogies I'm locking it. 

[Confuseling]

cowonoid: You make a lot of assumptions that I have troubling making for myself.  If I buy a hammer, I do not suppose that the manufacturer can tell me how to use it nor for what purpose.  Some sort of firmware is necessary for the basic operation of a DAP.  This in no way implies to me that I am forbidden from using the device in a way of my choosing.  You seem to operate under an assumption of "that which is not expressly permitted is forbidden" while I would prefer to assume "that which is not expressly forbidden is permitted."

Manufacturers are free to take steps to secure devices that they sell, but users are also free to find creative new ways to use the devices that they own.

Well put. It's a legal principle in liberal democracy, the 'jus utendi et abutendi', or the right to use and abuse your own property. There are certain limits, obviously - they might well be justified in making it illegal to modify a radio so you can transmit on police frequencies, for example. But the presumption falls on the side of the right of the owner, not the originator or the authorities. Changing the firmware on an mp3 player shouldn't normally be considered a problem... (although no doubt some have tried to specifically outlaw that, arguing from a DRM point of view, the link from a cursory reading sounds like it's just that firmware has been granted an exemption from wider legislation).

As to the original question, it might be sometimes in part that they have a free advertising and R&D service. As long as modding is sufficiently difficult that people aren't going to enter into it en masse without a clue what they're doing, break stuff, and then demand a warranty repair, the company has a large community of motivated hackers trying to figure out interesting new things they can do with the device. They tend to be early adopters, tech savvy, and able to create a buzz in the online community. They directly increase sales, but they also find interesting new solutions to problems, which the company can then incorporate into newer versions of their code - either legally by rewriting it, or illegally by pinching it, and hoping nobody notices.

Obviously this doesn't really apply as directly to Rockbox, because it's a completely separate codebase - but I suspect it plays a part in the general tolerance some manufacturers seem to show to hackers.

[soap]

VERY well said, Confuseling. 
IMHO case closed.

[Confuseling]

Thanks. 

Another point, I suppose, is that 'hackers vs. Cowon' is probably less of a zero-sum game than 'Cowon vs. Apple'. As far as Cowon are concerned, hackers coming up with a better OS may make them look a tad incompetent or disinterested, but that might be balanced by the greater desirability it gives their hardware over their competitors'.

People removing their software doesn't directly affect their bottom line... People buying their hardware to put different software on it does.


ETA-

Apple is obviously a special case here, because they want to sell applications. It will be interesting to see what security measures they come up with when there is a viable alternative operating system for their phones and tablets - and I presume it's only a matter of time.

[cowonoid]

You seem to operate under an assumption of "that which is not expressly permitted is forbidden" while I would prefer to assume "that which is not expressly forbidden is permitted."

No, that is not my assumption. (but if you've read only the first passage of my last post, you could say that)

Everything you can think of in ways of using a product is allowed! Except it offends generally accepted social or legal guidlines. (it may also change these guidlines or create even new ones. see trendsetting or atom bombs)

If someone finds out, that his new DAP is well suited for using it as throwing weapon (sorry soap!), the creator can hardly be blamed for that. However the user will face social guidlines.
If I like to disassemble my DAP, I can do that all the way. No guidline forbids this ("jus utendi et abutendi").  However, what can be reached (fun, profit, frustration) by disassembling a product lies in the circle of influence of the creator. If he a-posteriori doesn't like the effect, his product has on his customers, he can try to bend the legal guidlines directly (that's what Apple tried) to prohibit it.

Which in the special case of a DAP or an iPhone could mean, that the producer had to design his product atomically, so that it can't be seperated into hard- and software. Or - the much better way - prevent the customer from having the wish of seperating it by for example doing very well.

Some sort of firmware is necessary for the basic operation of a DAP.

I would say: the firmware IS the DAP as well as the hardware. The software is not only a nonbinding suggestion, it should be the last word of the producer!
As soon as I put rockbox on my D2, it's not the D2 anymore. It's the hardware of the D2 plus a kind of artistic interpretation of something.
In my opinion this is the great thing Apple found out: the aesthetic product has to be flawless (MacOS does that, Linux as an opposite is a great toy for technophiles and Windows tries the first and ends up somewhere in the middle)

As to the original question, it might be sometimes in part that they have a free advertising and R&D service. As long as modding is sufficiently difficult that people aren't going to enter into it en masse without a clue what they're doing, break stuff, and then demand a warranty repair, the company has a large community of motivated hackers trying to figure out interesting new things they can do with the device. They tend to be early adopters, tech savvy, and able to create a buzz in the online community. They directly increase sales, but they also find interesting new solutions to problems, which the company can then incorporate into newer versions of their code - either legally by rewriting it, or illegally by pinching it, and hoping nobody notices.

That sounds reasonable. Probably with a mixture of "we don't care at all" this is what's going on.

They strive to achieve that, but flaws in the design allow exploits

I had an idea how to foolproofly secure the D2 and this idea is not very hard to implement, nor is it connected to much effort during the product lifecycle. If I would develop a DAP like the iPod, I would for sure implement this little security feature.
The only conclusion for me is, like Confuseling said, that the corporations somehow want the devices to be hacked.

Or I really didn't understand the hacking thing.

[soap]

EDIT:  Heavily revised as I think I understand your point better...

If he a-posteriori doesn't like the effect, his product has on his customers, he can try to bend the legal guidlines directly (that's what Apple tried) to prohibit it.

I'm not sure where Apple tried to change the law.  I'd like to be informed.
 

Which in the special case of a DAP or an iPhone could mean...

One can not simply wave their hand and call them a "special case" and make it so.  They are physical objects which have been sold, outright, to individuals.  EDIT:  I think you're saying they are a "special case" in that they are integrated products with the hardware and the software (firmware) tied together.  I say they are not.  They are general-purpose computers shipped with a custom operating system.

I would say: the firmware IS the DAP as well as the hardware. The software is not only a nonbinding suggestion, it should be the last word of the producer!

You have no firm footing for this line of argumentation outside personal belief.  Neither logical nor legal.

I'd like it very much if I could sell a spoon which, with full protection of the law, is only allowed to be used to eat Cheerios, and then sell another which is only allowed to be used to eat Wheaties.  This, of course, is ludicrous.  It is just as ludicrous for Steve Jobs to tell me what I can do with my iPod as it for me to tell him what he can do with his spoon.  Confuseling already addressed this, and while you appear to acknowledge his words, it appears to me you're dodging around them on the other hand.

I had an idea how to foolproofly secure the D2 and this idea is not very hard to implement, nor is it connected to much effort during the product lifecycle. If I would develop a DAP like the iPod, I would for sure implement this little security feature.

EDIT:  I think this is the thrust of your query?  Can I paraphrase what I think you're driving at:
"Apple / Cowon / et al could 100% lock down the hardware they sell if they choose to, therefore the fact they do not implies they are "allowing" jailbreaking / flashing / hacking."

Again, I believe this premise is mistaken.  The problem is much harder that it appears to me you believe.

If you have a foolproof way to insure secure loading of firmware onto hardware which allows for firmware updating and a modicum of error robustness (real world needs) which is easy and does involve much effort (or money) there is a very well paying job waiting for you at your employer of choice.

[Confuseling]

Well - I'm not trying to suggest outright that they 'want them to be hacked'.

I'll defer to the coders here (I'm not one); if they say it is to all intents and purposes impossible to make a device that can have firmware updated, can install new software, and at the same time can not be hacked, I'll believe them.

All I'm suggesting is that there are interests pushing a company to want a hacker community to develop around their product - you rightly assert that a company wants to control the perception of their product in its totality, but sometimes that image might include it being a hackable, 'geek chic' device.

Corporations aren't monolithic entities - especially not the large ones. I suspect the engineers mostly want to create an interface not unlike Rockbox. The marketers tell them where to stick it, because they want a maximum of five menu options, "So your granny could use it". Some of the board want to lock down the device completely because what they know about hackers they've gleaned from Sandra Bullock films, some of them don't want to pay for the expense of trying to lock down the device when it's probably futile, and some of them have been persuaded by the engineers' argument that actually, having a few "unofficial updates" to your firmware isn't always such a bad thing...

A consensus is formed, often somewhere in the middle, and if the hackers are interested, they'll probably hack it.

[Bagder]

I'll defer to the coders here (I'm not one); if they say it is to all intents and purposes impossible to make a device that can have firmware updated, can install new software, and at the same time can not be hacked, I'll believe them.

If they can get their firmware updated, they can get hacked. I believe that has been proven a million times if you look at other devices as well as DAPs.

In fact, in many times they can get hacked even without having a firmware update feature.

[Confuseling]

I think you're probably right - Apple seems to be the acid test for me. Being traditionally a 'software company that also sells hardware', and having a culture of creating tightly controlled ecosystems, I suspect they make enough money from selling applications to override other interests. Yet their devices still fall, one by one.

But I have my suspicions that a lot of companies simply don't try as hard as they might - partly because it's expensive, and they'll lose in the end anyway, but also partly for some of the reasons mentioned above. Speculation on the interwebs... Whodathunkit?