Forum.ArchosFans.com

Unofficial Archos Support Forum
It is currently Sat Sep 21, 2019 6:29 pm

All times are UTC+01:00




Post new topic  Reply to topic  [ 39 posts ]  Go to page Previous 1 2
Author Message
 Post subject:
PostPosted: Thu Dec 20, 2007 4:54 am 
Offline
Archos User
Archos User

Joined: Thu Dec 13, 2007 10:53 pm
Posts: 77
Would be great to have an open PMP. Make for some interesting customization.

_________________
Yeah Ya


Top
   
 Post subject:
PostPosted: Thu Dec 20, 2007 8:41 am 
Offline
Archos User
Archos User

Joined: Wed Nov 28, 2007 5:48 am
Posts: 94
Not to be argumentative, but that's kinda backwards thinking. Archos needs an SDK/third party apps. to attract new customers. Waiting for more customers in order to release an SDK is suicide.

They can protect their plugin revenue by forcing everyone that downloads the SDK to sign a non-compete contract of some sort. And they can protect their DRM stack through process isolation. Linux already has permissions built right in. The only worry is if the hardware doesn't have an MMU.

ranceramos wrote:
To put things in perspective:

Apple has sold 100 million+ ipods, 2 billion+ itunes, created an entirely new device (iphone) and resurrected itself to become one of biggest tech companies in the world before they even considered an official SDK for one of their embedded platforms (and probably only because the iPhone didn't really add any new features compared to existing smartphones/pdas out there). Considering that Archos has created an almost bulletproof chain of trust in this device, it's highly unlikely you'll see any SDK (or even mention of such) in the near future; and its quite likely that even if a 3rd party hack is obtained, Archos will release a firmware which will invalidate it. There is just not enough of a customer base for them to justify a SDK, let alone enough interest from actual developers who are the only ones thank can use such a toolkit. Plus, it might open up the opportunity for developers to subvert the current plugin schema using freeware codes (ie. VLC media player), which may be the only way Archos actually generates profit. I'd love a SDK (and could probably even code for it) but I doubt you'll see it in the Gen5 or even Gen6 devices.


Top
   
 Post subject:
PostPosted: Thu Dec 20, 2007 3:48 pm 
Offline
Archos Guru
Archos Guru

Joined: Tue Oct 16, 2007 1:33 am
Posts: 684
Location: Brooklyn, NY
I don't think Archos NEEDS a SDK. In its "stock" form, it still does more than just about any other media player out there and well. Not to mention, as I stated before, Apple got very far before ever releasing a SDK. The SDK doesn't necessarily appeal to the mass market (in fact, most people probably don't even know what SDK means) and poses certain risks to Archos and their business; plus they've gotten by until now without any sort of SDK so from their perspective, it's unlikely that the small gain in customers would offset potential problems/costs. They'd be better off using resources to stabilize the current feature set than trying to provide third parties the abilities to make new ones. That being said, I would certainly love a SDK to be freely available, even if it meant signing certain disclaimers pertaining to the use of third party apps. However, you have to realize that third party apps have a big potential of breaking actual hardware components, making your brand new Archos a very expensive brick. I can't forget the time I used third party linux drivers for an old laptop's wifi cardbus; they worked great and were highly customizable (beyond what the manufacturer drivers provided) right up until they fried the circuitry and bricked the card. This was clearly stated in the sourceforge release notes, so I knew it could happen and used them anyway but still set me back some money and time. Most third party apps wouldn't pose this threat, but I have a feeling that the SDK schema currently utilized by Archos developers hasn't been developed to sandbox an outside developer from working the hardware components beyond their normal operating ranges.


Top
   
 Post subject:
PostPosted: Thu Dec 20, 2007 8:33 pm 
Offline
Archos Novice
Archos Novice

Joined: Tue Dec 04, 2007 10:20 pm
Posts: 3
*signed*


Top
   
 Post subject:
PostPosted: Thu Dec 20, 2007 8:57 pm 
Offline
Archos User
Archos User

Joined: Tue Nov 06, 2007 6:57 pm
Posts: 133
Charbax wrote:
..
The point is, Archos right now needs to protect a dozen different types of DRM (WindowsMedia, Dish, music rentals, movie rentals, codec and software licence payments...), Macrovision on the tv-output, secure video-on-demand payments and authentification, stable firmware releases (which won't risk to brick thousands of devices) and protect it's intellectual properties against dozens of competitors who would like to copy these technological innovations which no other company has today. So to provide an open applications platform, perhaps a secured open applications platform and firmware update cryptographic signing (so that Archos keeps responsabillity to provide a stable firmware that doesn't brick devices).


The idea that an 'open' system is an non-secure system is incorrect. The issue with 'security' now a day is that there is a mindset of security by way of obscurity. Hence, a requirement of hidding all the API/SDK from the non-approved parties.

Furthermore, what Archos does is NOT really a technological innovations. Playing MP3, video and recording etc, each of these activities can be done and are being done on different devices/platforms. I believe they did not design chipsset and etc for processing these stuffs on the 605/705. So, in real technological sense, they are not innovator(so 'IP' is somewhat of a stretch'); Archos is doing a good job of putting it all in a small nice portable device. I would give full credit for that.

By the way, should a user downloaded an firmware straight from the Offical Archos website and the firmware bricks the device, would you not agree that Archos should do the right thing(ie. to un-brick the guy's 605/705), regardless whether the firmware is signed or not signed. If you agree than signing the firmware or not irrelevant

anyway rants mode off


Top
   
 Post subject:
PostPosted: Thu Dec 20, 2007 9:37 pm 
Offline
Archos User
Archos User

Joined: Wed Nov 28, 2007 5:48 am
Posts: 94
SDK == Third Party apps. So even if Joe User doesn't know what an SDK is, indirectly he'll want it available if he wants third party apps. The third party apps. are what appeal to the mass market, not the SDK. And an SDK doesn't necessarily mean small user gain. Look at the Halo effect. People might even buy the Archos just for the "killer-app" that they want.

That's totally a red herring. When was the last time anyone installed a PC _application_ and bricked their PC by destroying their hardware? A device driver is not an application. With an MMU, you can do this magically thing called process isolation. Third party apps. shouldn't be able to access the hardware directly. What you're describing is akin to having emacs set your computer on fire.

Archos needs an SDK because if not, they'll have at least one less customer when they release their next generation device.

ranceramos wrote:
I don't think Archos NEEDS a SDK. In its "stock" form, it still does more than just about any other media player out there and well. Not to mention, as I stated before, Apple got very far before ever releasing a SDK. The SDK doesn't necessarily appeal to the mass market (in fact, most people probably don't even know what SDK means) and poses certain risks to Archos and their business; plus they've gotten by until now without any sort of SDK so from their perspective, it's unlikely that the small gain in customers would offset potential problems/costs. They'd be better off using resources to stabilize the current feature set than trying to provide third parties the abilities to make new ones. That being said, I would certainly love a SDK to be freely available, even if it meant signing certain disclaimers pertaining to the use of third party apps. However, you have to realize that third party apps have a big potential of breaking actual hardware components, making your brand new Archos a very expensive brick. I can't forget the time I used third party linux drivers for an old laptop's wifi cardbus; they worked great and were highly customizable (beyond what the manufacturer drivers provided) right up until they fried the circuitry and bricked the card. This was clearly stated in the sourceforge release notes, so I knew it could happen and used them anyway but still set me back some money and time. Most third party apps wouldn't pose this threat, but I have a feeling that the SDK schema currently utilized by Archos developers hasn't been developed to sandbox an outside developer from working the hardware components beyond their normal operating ranges.


Top
   
 Post subject:
PostPosted: Thu Dec 20, 2007 11:13 pm 
Offline
Archos Guru
Archos Guru

Joined: Tue Dec 04, 2007 9:48 pm
Posts: 595
I agree with xengren and cheve :)

I think the SDK should just be a way being able to create some sort of pluginns to enhance the 605. For me it doesn't mean changing the OS or load other firmwares with another OS on the device.



Maurice 8)


Top
   
 Post subject:
PostPosted: Thu Dec 20, 2007 11:22 pm 
Offline
Archos Guru
Archos Guru

Joined: Tue Oct 16, 2007 1:33 am
Posts: 684
Location: Brooklyn, NY
xengren wrote:
SDK == Third Party apps. So even if Joe User doesn't know what an SDK is, indirectly he'll want it available if he wants third party apps. The third party apps. are what appeal to the mass market, not the SDK. And an SDK doesn't necessarily mean small user gain. Look at the Halo effect. People might even buy the Archos just for the "killer-app" that they want.

That's totally a red herring. When was the last time anyone installed a PC _application_ and bricked their PC by destroying their hardware? A device driver is not an application. With an MMU, you can do this magically thing called process isolation. Third party apps. shouldn't be able to access the hardware directly. What you're describing is akin to having emacs set your computer on fire.

Archos needs an SDK because if not, they'll have at least one less customer when they release their next generation device.

ranceramos wrote:
I don't think Archos NEEDS a SDK. In its "stock" form, it still does more than just about any other media player out there and well. Not to mention, as I stated before, Apple got very far before ever releasing a SDK. The SDK doesn't necessarily appeal to the mass market (in fact, most people probably don't even know what SDK means) and poses certain risks to Archos and their business; plus they've gotten by until now without any sort of SDK so from their perspective, it's unlikely that the small gain in customers would offset potential problems/costs. They'd be better off using resources to stabilize the current feature set than trying to provide third parties the abilities to make new ones. That being said, I would certainly love a SDK to be freely available, even if it meant signing certain disclaimers pertaining to the use of third party apps. However, you have to realize that third party apps have a big potential of breaking actual hardware components, making your brand new Archos a very expensive brick. I can't forget the time I used third party linux drivers for an old laptop's wifi cardbus; they worked great and were highly customizable (beyond what the manufacturer drivers provided) right up until they fried the circuitry and bricked the card. This was clearly stated in the sourceforge release notes, so I knew it could happen and used them anyway but still set me back some money and time. Most third party apps wouldn't pose this threat, but I have a feeling that the SDK schema currently utilized by Archos developers hasn't been developed to sandbox an outside developer from working the hardware components beyond their normal operating ranges.


First of all, I KNOW what a SDK is and what it represents. Try explaining it to someone who knows very little about computers in general. He/she won't know what a SDK means or Third Party Apps for that matter. People can barely follow the directions to get the 605 to charge for christ sakes! In fact, he/she won't really even require more than the baseline features (if he/she even uses all of the baseline features). Yes, perhaps the idea will appeal to those of us who already have an Archos, have used all its features, and are looking for more - but we're ALREADY customers. Probably around 95%+ or so of the Archos units sold will be purchased online (so no salesman to fill you in on what is missing but may be later developed) and would at most simply state "SDK for Third Party Developers". If people are complaining about the transparency and description in the advertisement of plugins, I'm quite doubtful they'll know (or care) what this extra feature means.

When's the first time someone bricked a PC by installing software? Well I imagine the first virus written did this and continues to happen today! Once you have an SDK, how hard do you think it would be to say overwrite the boot partition of the HD, or overwrite existing drivers to fry components, or write key loggers to capture passwords on SSL sites, or zombie ping commercial websites or any number of malicious things that can be thought of when you mix together data storage, processor, and internet connectivity? It doesn't have to brick the unit to expose Archos to certain liabilities and costs (but certainly can happen this way as well). No, emacs won't brick your pc, but a virus named "emacs" can do that and much more. It's a big MYTH that Linux is immune to virus or other attacks; the fact is that VIRUSES and other malicious code in a Unix environment, though perhaps rarer, are even harder to detect and stop.

I already said I'm for an SDK. But the fact that the largest media player manufacturer in the world has yet to even release such a kit on their most cutting edge device should tell you a thing or two about how a BUSINESS enterprise values and approaches this idea. And I wouldn't exactly define "suicide" as a company going from being a $20bln company to a $160bln company in 6 years (WITHOUT any SDK)....

It will probably come, but not anytime soon.


Top
   
 Post subject:
PostPosted: Fri Dec 21, 2007 4:36 am 
Offline
Archos User
Archos User

Joined: Wed Nov 28, 2007 5:48 am
Posts: 94
ranceramos wrote:
First of all, I KNOW what a SDK is and what it represents. Try explaining it to someone who knows very little about computers in general.


I don't have to. All they're gonna look at is: does the Archos have cool app. X that the iPod Touch has? No? They'll buy the device that can run cool app. X.

No SDK? No cool app. X. No cool app. X? No customer Y.

ranceramos wrote:
When's the first time someone bricked a PC by installing software? Well I imagine the first virus written did this and continues to happen today! Once you have an SDK, how hard do you think it would be to say overwrite the boot partition of the HD, or overwrite existing drivers to fry components, or write key loggers to capture passwords on SSL sites, or zombie ping commercial websites or any number of malicious things that can be thought of when you mix together data storage, processor, and internet connectivity?


Once again a red herring. We're talking about _applications_ that users will install from trusted sources. (Read as signed.) If a trusted developer signs a virus, it would be a trojan and not a virus and guess what? Legal recourse.

You can have virii with or without an SDK if there's enough user base. I mean you can unlock an iPhone from visiting a web site _without_ an SDK. A SDK doesn't necessarily make your device more or less secure.

And will a virus developer seriously register with Archos to get a valid signing key? I mean one of the features of signing is nonrepudiation.

ranceramos wrote:
It doesn't have to brick the unit to expose Archos to certain liabilities and costs (but certainly can happen this way as well). No, emacs won't brick your pc, but a virus named "emacs" can do that and much more. It's a big MYTH that Linux is immune to virus or other attacks; the fact is that VIRUSES and other malicious code in a Unix environment, though perhaps rarer, are even harder to detect and stop.


Give me one _technical_ reason why virii are "even harder to detect and stop" on Linux. Or better yet, show me an academic paper that supports it with valid research.

A well developed software platform isn't perfect, but it can be near immune to malicious code.

I've been on Linux since 1997 and I've had 0 virii. Maybe I'll get one tomorrow, but 11 years w/o a single virus is still a pretty damned good record.

ranceramos wrote:
And I wouldn't exactly define "suicide" as a company going from being a $20bln company to a $160bln company in 6 years (WITHOUT any SDK)....

It will probably come, but not anytime soon.


You can't rest on your laurels. See the death of Commodore, Digital Research, and Palm(barely alive). The ultimate rule in business is you have to cater to your customers. If you don't, you will lose them no matter how successful you are now. People want third-party apps. and the company that will give it to them will end up being the winner.


Top
   
 Post subject:
PostPosted: Fri Dec 21, 2007 4:48 am 
Offline
Archos User
Archos User

Joined: Tue Nov 06, 2007 6:57 pm
Posts: 133
I think for SDK, it has 'if we build it, they will come' kind of effect.

other random thoughts: 1)it does not matter how much money a company has, money can not buy true innovation; it may come close. Do not get me wrong, I will jump at any chance of getting paid good money by some company while trying to 'innovate'. 2) as far as my understand goes, virus should have close to zero effect on various variants of Linux, worms or other may have some limited effects(you can only do so much, if you insist to give your user the admin power on the machine); 3) Whether SDK will result application that may brick the device, it really depends on the code quality and the coder:-) 4) decision for providing SDK or not, is a matter of whether Archos wants to be the sole provider of applications or not. 5) a lot of discussion/idea on this thread may be over people's head, but it does not mean that the meat of the subject matter is of no use to them.

Anyway, I think most of us do agree that Archos should release a general SDK for anyone.

rant mode off


Top
   
 Post subject:
PostPosted: Fri Dec 21, 2007 7:01 am 
Offline
Archos Guru
Archos Guru

Joined: Tue Oct 16, 2007 1:33 am
Posts: 684
Location: Brooklyn, NY
xengren wrote:

I don't have to. All they're gonna look at is: does the Archos have cool app. X that the iPod Touch has? No? They'll buy the device that can run cool app. X.

No SDK? No cool app. X. No cool app. X? No customer Y.



90% of people who have bought an IPOD never thought of it in terms of "I want cool app X" when purchasing. Instead they thought "I want the gadget from that cool commercial that plays digital music files for me; bonus if it can also play movies too, although I don't even know how that works and probably won't use it anyway". Archos already has cool apps to allow music, movies, pics, and the web that most non-techcentric users can get functioning with minimal understanding. The biggest problems: the bugs and the support. Lack of SDK is NOT considered a bug and will never take priority over fixing existing problems. Moreoever, our own little mini-poll here in Archosfans doesn't even list SDK as one of the requested features, let alone giving it a high ranking among the requests. I would consider most of those visiting this forum to be some of the more tech savy Archos owners/users, so if they don't want it urgently, where's this huge benefit you propose Archos would see?

xengren wrote:
Once again a red herring. We're talking about _applications_ that users will install from trusted sources. (Read as signed.) If a trusted developer signs a virus, it would be a trojan and not a virus and guess what? Legal recourse.

You can have virii with or without an SDK if there's enough user base. I mean you can unlock an iPhone from visiting a web site _without_ an SDK. A SDK doesn't necessarily make your device more or less secure.

And will a virus developer seriously register with Archos to get a valid signing key? I mean one of the features of signing is nonrepudiation.


First of all, when I say "virus" I mean "malicious code", which would include trojans, worms, scripts, etc intended to do something illicit and undesired by a user.

Considering no one has even been able to crack the OS loading procedure since at least the Gen 4 devices, I'd say they've done a pretty good job of securing the system. A SDK would mean any person could write any code which allocates memory or uses wifi or the harddisk. You could simply WRITE a code INTENDED to buffer overflow, to zombie ping, to launch a mini-server, etc. So what if it's not "digitally signed"? Does that mean that people are only going to run Archos Digitally Signed apps??? Do you think the fact that programs like pocketdivxencoder not being windows signed has stopped anyone from running this or any other freeware recoder/ripper listed on this forum? And even if the apps were somehow encrypted with Archos keys, on what basis would apps be judged to be fitting? What moral proof does a developer have to supply in order to be allowed to develop? Despite many hackers being bagged up for their actions, it still hasn't stopped people from developing viruses and getting caught, receiving double digit year prison sentences time and again. Moreover, code could unintentionally leave holes in an otherwise secure OS. Do Archos apps run under a typical user based schema or simply as a root user? Also, you must consider the very real possibility that the TI chip inside is probably reaching the limits of what it can do already. The current SDK and OS probably allow very low level code to be written and optimized so both of these would have to be completely rethought and adapted for public use - a costly and extensive procedure that probably wouldnt get Archos any more customer satisfaction/support than say MKV support or Flash 8 or gapless mp3 playback. Finally, what's to stop a user from skipping the $70 codec fees in favor of free open source versions interfaced to work with the same existing API calls currently used by the apps?


xengren wrote:

Give me one _technical_ reason why virii are "even harder to detect and stop" on Linux. Or better yet, show me an academic paper that supports it with valid research.

A well developed software platform isn't perfect, but it can be near immune to malicious code.

I've been on Linux since 1997 and I've had 0 virii. Maybe I'll get one tomorrow, but 11 years w/o a single virus is still a pretty damned good record.



Hmm let's see; because most linux apps are distributed as source code with makefiles that most linux users don't actually read or understand enough to validate whether or not they contain backdoors and other exploitable sections. And many are compiled and installed via a root user (some, such as servers, require this to be done). Saying that "you have had 0 virii in 11 years" proves almost NOTHING about linux security as a whole, but rather just that YOU MAY NOT have had any virii in this time period (or had some virii/worms/trojans and didn't even know about it). When was the last time any true RATIONAL system admin required an "academic paper" to prove the security vulnerabilities of an OS???? Do you know why the NSA helped develop SELinux? Specifically because so many linux systems have been compromised that exploits didn't need to be very complex (as Linux comes prepackaged with so many networking tools, servers, and functionality that make it very powerful but also very dangerous) and were starting to give cyber attackers massive power in taking down very sophisticated sites. Key loggers, packet sniffers, FTP servers, pingers, etc are all readily attainable and can allow a single compromised system to open up doors to entire networks. Why is it harder to detect? Well there are few realtime anti-virus solutions for linux and the exploits developed for linux can sometimes be very obscure (even embedded within valid source code), but frequently just a result of code flaw (how many times have you seen patches stated to fix "a bug which would a low a hacker to run malcious code on your machine"). Sure, Linux security has come a long way with simple apps, loggers, default user privileges and analyzers like tripwire, bastille, and even core kernel changes like SELinux, but to think it's bullet-proof in and of itself is just plain foolish. The only key to a secure system is a diligent admin who knows how to configure a system and constantly pours over logs, bug reports, and exploit sites. That's why any real company using linux as their core platform will have a dedicated support team staff available 24/7. Linux worms/trojans/virii/exploits are rarer and difficult to create, but they do exist and can do a lot of damage.

Need more "proof", well you're going to have to dig, but start with some of these keywords:
buffer overflow
format string bug
race conditions
port scanner
network fingerprinting
packet sniffer
malicious tar archives
heap-corrupting RPM
The Ramen Worm
Li0n worm
Adore worm
Cheese worm
Slapper worm
etc.

Better yet, pick up one of those Hacking Exposed books. They're a bit dated these days, but still contain very valid information. I remember one day when I enabled the telnetd and in less than 24 hours some clown from china had hacked my system and gained root using some simple POC code and scripts obtained from sites like rootshell.org. I also know someone who failed out of highschool but was a systems genius and actually hacked the second largest electronic trading network in existence at the time (he basically broke in and left a message describing how vulnerable they were; a week later they hired him as security lead and he now runs his own IT security firm). Linux is not bulletproof and a SDK is really like providing a gun and hoping that those using it only require their bullets for target practice. I doubt a SDK will paint a target on the Archos for hackers, but it does open up the possibility, something any corporation would have to include in their risk assessment and planning.

xengren wrote:

You can't rest on your laurels. See the death of Commodore, Digital Research, and Palm(barely alive). The ultimate rule in business is you have to cater to your customers. If you don't, you will lose them no matter how successful you are now. People want third-party apps. and the company that will give it to them will end up being the winner.


Archos is already a winner in my mind. It's an almost forgone conclusion that the latest generation of Archos PMP players released will far exceed the numbers achieved on earlier models without the need of third party developers or apps. I would much rather see time and effort spent on fine tuning the existing apps and adding the user requested features before giving people a tool to create other apps. But frankly, and perhaps sadly, the world works in such a way that Archos would most likely make a much better/well known name for themselves by simply directing the time and effort needed for creating public SDK into a slick ad campaign, like the first U2 campaign that Ipod used to launch apple into the stratosphere! I just had a sweet idea the other day of a great Archos commercial that would start off showing an iTouch commercial with a slow zoom out only to reveal that its a TV commercial recorded on a Archos DVR station and being watched on an Archos 605; User cuts out the commercial and gets back to his TV show (ok, so maybe there may be some legal issues with this one :) ). But seriously, something as simple as this is likely to draw more attention to Archos than a SDK ever would.


Top
   
 Post subject:
PostPosted: Fri Dec 21, 2007 9:11 am 
Offline
Archos User
Archos User

Joined: Sat Dec 15, 2007 5:41 am
Posts: 74
The Archos 605 is a VERY good PMP but it could be so much more unlocked and with a proper SDK. Never underestimate a third-party developer. If any of you have ever tried Rockbox you know what I mean. Of course there are risks, but they are manageable and the pay offs would be enormous for the community and even Archos.


Top
   
 Post subject:
PostPosted: Fri Dec 21, 2007 10:01 am 
Offline
Site Admin
Site Admin

Joined: Sun Nov 27, 2005 2:40 am
Posts: 7052
Location: Copenhagen
cheve wrote:
Furthermore, what Archos does is NOT really a technological innovations. Playing MP3, video and recording etc, each of these activities can be done and are being done on different devices/platforms. I believe they did not design chipsset and etc for processing these stuffs on the 605/705. So, in real technological sense, they are not innovator(so 'IP' is somewhat of a stretch'); Archos is doing a good job of putting it all in a small nice portable device. I would give full credit for that.


Your statement is completely wrong. Go talk in the Competitors forum if you have examples of any other company even close to those Innovations that Archos is doing with these devices. Archos has 100 engineers, firmware developpers, hardware inventors, codec specialists working for them. Those are doing 100% innovation everyday, that is the whole way Archos works. So just walking around saying that Archos is not doing innovation is being blatanly false.

Archos does much more technological innovation than Apple for example. I am talking about technological innovations, not design or marketing innovations.

Archos has exclusive R&D cooperations for many years with Texas Instruments, Opera, Adobe, Dish and many others. You will see those features NO WHERE ELSE.

Open Source does NOT work today for such devices. Cause the market and the regulations are not ready for Open Source. And cause Archos does not have the ressources yet to release the device with an open applications platform. Google has the ressources with Android, Apple seems to do somekind of API with the iPhone. But for now Archos cannot do it. Perhaps if within the next few months the sales of the 605 WiFi go up even further to a million more shipped units, then there will be perhaps the means for Archos to develop some new open software tools for third party developpers to add functionalities more than what could be possible with Widgets.


Top
   
 Post subject:
PostPosted: Fri Dec 21, 2007 5:23 pm 
Offline
Archos User
Archos User

Joined: Tue Nov 06, 2007 6:57 pm
Posts: 133
Charbax wrote:
cheve wrote:
Furthermore, what Archos does is NOT really a technological innovations. Playing MP3, video and recording etc, each of these activities can be done and are being done on different devices/platforms. I believe they did not design chipsset and etc for processing these stuffs on the 605/705. So, in real technological sense, they are not innovator(so 'IP' is somewhat of a stretch'); Archos is doing a good job of putting it all in a small nice portable device. I would give full credit for that.


Your statement is completely wrong. Go talk in the Competitors forum if you have examples of any other company even close to those Innovations that Archos is doing with these devices. Archos has 100 engineers, firmware developpers, hardware inventors, codec specialists working for them. Those are doing 100% innovation everyday, that is the whole way Archos works. So just walking around saying that Archos is not doing innovation is being blatanly false.

Archos does much more technological innovation than Apple for example. I am talking about technological innovations, not design or marketing innovations.

Archos has exclusive R&D cooperations for many years with Texas Instruments, Opera, Adobe, Dish and many others. You will see those features NO WHERE ELSE.

Open Source does NOT work today for such devices. Cause the market and the regulations are not ready for Open Source. And cause Archos does not have the ressources yet to release the device with an open applications platform. Google has the ressources with Android, Apple seems to do somekind of API with the iPhone. But for now Archos cannot do it. Perhaps if within the next few months the sales of the 605 WiFi go up even further to a million more shipped units, then there will be perhaps the means for Archos to develop some new open software tools for third party developpers to add functionalities more than what could be possible with Widgets.


IMHO, my point was that a lot of so call 'IP' and innovation are simply intergation of existing tech. For example, I have CD player that does MP3 about 5yrs ago, and not to mention various portable single purpose MP3 player, my desktop and laptop and etc. Hence, my comment about making a device that is capable of playing MP3 is not tech innovation. It is similar for other functions on 605. As I say I give full mark/credit for Archos to integrate all this useful feature into 1 device so now I do not have to carry 4 different devices with 4 assoicated chargers and etc.

I do not undervalue the effort of Archos, it does take resources and etc to intergate all these and I voted for Archos with my money:-) I repeat that they are truly doing a good integration job, but unfortunately, it is not tech innovation in my book:-(

To open source or not is irrelvant in this thread of discussion, it is only a development methology. In the good old Windows days, if I remember correctly, as long as you are willing to pay to join the MSDN, you are welcome to join(ok it did cost a bit of money in range of $1000). Once you join, you would have SDKs for a wide range of MS products. The point is that all those SDKs were for MS's products(closed source appication). In the end, SDK is a tool for developing applications. Countless number of both open sourced(GPL) appls and closed source appls were built with the SDK. Whether the end result(ie. the appl) is open source or close, the average end-user may not care too much. Now open source does make it easilier for people to modify the code to suit their own need.

just my 2cents, rant mode off


Top
   
 Post subject:
PostPosted: Fri Dec 21, 2007 10:49 pm 
Offline
Archos User
Archos User

Joined: Wed Nov 28, 2007 5:48 am
Posts: 94
ranceramos wrote:
90% of people who have bought an IPOD never thought of it in terms of "I want cool app X" when purchasing. Instead they thought "I want the gadget from that cool commercial that plays digital music files for me; bonus if it can also play movies too, although I don't even know how that works and probably won't use it anyway".


How do you know this? Can you read the minds of 90% of people? You realize there are installable apps. for iPods, right?

http://www.apple.com/games/ipod/

ranceramos wrote:
First of all, when I say "virus" I mean "malicious code", which would include trojans, worms, scripts, etc intended to do something illicit and undesired by a user.


Say what you mean then. You can't blame me for the misunderstanding.

ranceramos wrote:
Considering no one has even been able to crack the OS loading procedure since at least the Gen 4 devices, I'd say they've done a pretty good job of securing the system.


Don't mistake lack of interest with lack of ability. What motivation would anyone have to crack it? Waste of time without return on money. The iPhone crack was motivated by money first and then fame.

ranceramos wrote:
A SDK would mean any person could write any code which allocates memory or uses wifi or the harddisk. You could simply WRITE a code INTENDED to buffer overflow, to zombie ping, to launch a mini-server, etc.


Not any person. Trusted people. Like I said. They have to be registered. Maybe pay Archos a registration fee.

ranceramos wrote:
So what if it's not "digitally signed"? Does that mean that people are only going to run Archos Digitally Signed apps???


Of course it does! The Archos OS should only run signed applications. It should reject any application that doesn't have a proper signature.

ranceramos wrote:
And even if the apps were somehow encrypted with Archos keys, on what basis would apps be judged to be fitting? What moral proof does a developer have to supply in order to be allowed to develop? Despite many hackers being bagged up for their actions, it still hasn't stopped people from developing viruses and getting caught, receiving double digit year prison sentences time and again.


Another red herring. Virii developers are usually anonymous. If you make everyone register, you know who they are! You can sue them immediately.

ranceramos wrote:
Moreover, code could unintentionally leave holes in an otherwise secure OS. Do Archos apps run under a typical user based schema or simply as a root user?


Non-root user, duh.

ranceramos wrote:
Also, you must consider the very real possibility that the TI chip inside is probably reaching the limits of what it can do already. The current SDK and OS probably allow very low level code to be written and optimized so both of these would have to be completely rethought and adapted for public use - a costly and extensive procedure that probably wouldnt get Archos any more customer satisfaction/support than say MKV support or Flash 8 or gapless mp3 playback. Finally, what's to stop a user from skipping the $70 codec fees in favor of free open source versions interfaced to work with the same existing API calls currently used by the apps?


We've been through this before. Non-compete clause.

ranceramos wrote:
Hmm let's see; because most linux apps are distributed as source code with makefiles that most linux users don't actually read or understand enough to validate whether or not they contain backdoors and other exploitable sections.


Wrong. Most are distributed as signed binaries. Get with the times. I haven't compiled a Linux app. in years except on rare occasions.

apt-get update
apt-get upgrade, etc.

Plus even if they build their own apps., they can't install it without a valid signature so they can't infect themselves.

And a Virus scan can still find known viruses it just like on a Windows. So it's not any more difficult to detect.

ranceramos wrote:
And many are compiled and installed via a root user (some, such as servers, require this to be done).


That's irrelevent. You're associating Linux desktop with Linux on Archos. Archos can always __not__ allow root installation.

ranceramos wrote:
Saying that "you have had 0 virii in 11 years" proves almost NOTHING about linux security as a whole, but rather just that YOU MAY NOT have had any virii in this time period (or had some virii/worms/trojans and didn't even know about it).


Ask me how many Windows viruses I've had. Proves a lot.

ranceramos wrote:
When was the last time any true RATIONAL system admin required an "academic paper" to prove the security vulnerabilities of an OS????


Are you kidding me? There are tons of papers on Linux security. The knowledge is out there. It's irrational _not_ to read it.

ranceramos wrote:
Do you know why the NSA helped develop SELinux? Specifically because so many linux systems have been compromised that exploits didn't need to be very complex (as Linux comes prepackaged with so many networking tools, servers, and functionality that make it very powerful but also very dangerous) and were starting to give cyber attackers massive power in taking down very sophisticated sites. Key loggers, packet sniffers, FTP servers, pingers, etc are all readily attainable and can allow a single compromised system to open up doors to entire networks.


Think about scope here. You think my PMP with 5 hours of battery uptime is gonna be a good zombie pinger? Get real. Hackers will hit desktops which are vastly more powerful and easier targets. It's just not economical on this scale. Also, what _sane_ admin is going to let people put their Archos on their Enterprise net? We're talking home users here with a PMP and maybe one or two computers. The computers are an even more likely target than the tiny PMP with barely any processing power.

ranceramos wrote:
Why is it harder to detect? Well there are few realtime anti-virus solutions for linux


I count no fewer than 10 on this page. http://virusall.com/downprodavmac.shtml

Now, I haven't verified them all and personally, I use AVG from Grisoft.

ranceramos wrote:
and the exploits developed for linux can sometimes be very obscure (even embedded within valid source code),


Trojans embedded in open source code are _easier_ to find than Trojans embedded in binary.

ranceramos wrote:
Need more "proof", well you're going to have to dig, but start with some of these keywords:
buffer overflow
format string bug


Use lint. Can happen with or without an SDK.

ranceramos wrote:
race conditions


Good luck finding this with a virus scanner. This DOS attack can be mitigated in the OS.

ranceramos wrote:
port scanner


Port scanner is a diagnostic tool, not malicious code.

ranceramos wrote:
network fingerprinting
packet sniffer


Umm. You can do that now remotely. Irrelevent to a SDK.

ranceramos wrote:
malicious tar archives
heap-corrupting RPM


Irrelevent can't run without being signed.

ranceramos wrote:
The Ramen Worm
Li0n worm
Adore worm
Cheese worm
Slapper worm
etc.


Irrelvent to an SDK. These are _remote_ exploits. Basically, you're saying you got nothing. :)

ranceramos wrote:
Better yet, pick up one of those Hacking Exposed books. They're a bit dated these days, but still contain very valid information. I remember one day when I enabled the telnetd and in less than 24 hours some clown from china had hacked my system and gained root using some simple POC code and scripts obtained from sites like rootshell.org.


Your fault for running telnetd. Use sshd.

ranceramos wrote:
I also know someone who failed out of highschool but was a systems genius and actually hacked the second largest electronic trading network in existence at the time (he basically broke in and left a message describing how vulnerable they were; a week later they hired him as security lead and he now runs his own IT security firm). Linux is not bulletproof and a SDK is really like providing a gun and hoping that those using it only require their bullets for target practice. I doubt a SDK will paint a target on the Archos for hackers, but it does open up the possibility, something any corporation would have to include in their risk assessment and planning.


Oh geez, now we're getting into magical friends. I give up.


Top
   
 Post subject:
PostPosted: Fri Dec 21, 2007 11:29 pm 
Offline
Archos Guru
Archos Guru

Joined: Tue Oct 16, 2007 1:33 am
Posts: 684
Location: Brooklyn, NY
Ok Linus, you're obviously a Linux "guru" and know it all. You don't want to believe TRUTHS which I KNOW to be true, so that's your fault. You missed a lot of points and apparently you're "unhackable". Congratulations on single handedly achieving an automated self contained fort knox OS which no Fortune 500 company has been able to do without teams of expertly trained admins and tens of thousands of dollars. You should go work for the CIA or NASA..... :roll:

Honestly, your arguments are stretches at the very least. So you're trying say that people buy ipods for the POS games out there as opposed to playing music??? I'm not even going to attempt to counter such an absurd comment. No, I can't read the minds of 90% of people, but I can think in rational terms and draw correlations between the growth of the itunes business and ipod sales to justify what I think most would agree upon is the majority reason stated for purchasing an Ipod. Believe what you like, it won't change the truth.

Lack of interest? Have you taken 2 seconds to search any of these forums for threads on hacking? Have you read about any of the developments? Probably not, because there HAS been a pretty concerted effort to crack this thing. Oh, I'm sure that 17 year old kid who cracked the iphone first was counting all the money he'd be making with his cracking procedure while he was soldering internals...

So you're talking about an SDK for just commercial third party developers. Well gee, as soon as the content portal which allows third party providers to post content with no extra effort takes off, I'm sure they'll get right on the SDK bandwagon. Please, there aren't enough people who even know what an Archos is, let alone commercial enterprises willing to develop for it. How long did it take apple to provide an SDK and third party apps? But I guess Archos can somehow do more with less right?

Yes, Virii are usually anonymous, but other exploits (especially unintended ones) are not. Good luck suing some 14 year old kid though, I'm sure the payout will justify the court fees, even if it spans international borders...

Non-root, so I guess you've seen the internals of Archos OS to justify this statement?

You never compile and only install, well that means that you're probably using only standard release apps. I'm sorry but many of the toolkits I used required specific tweaking, especially older apps. I like compiling some things because I'm a coder, so that's the way I went. If you want prepackged binaries and installers from sites you know nothing about, great for you. All this proves is that you trust someone who you dont know to give you exactly what they say they're giving you....I doubt that would ever be a liability...

Read what I said about a research paper and understand it's meaning before commenting. If you are waiting for a research paper to justify a security flaw, you're way behind. Blogs, forums, bug trackers, etc will always list flaws and security holes before any "research paper" is ever published. If you think Linux is bullet proof, you obviously have not read a lot of what's out there.

A PMP is a target just because. Someone trying to hack it won't even necessarily know its a PMP, just a non-firewalled linux installation that may or may not be up today.

Trojans ARE NOT easier to identify in source code if they're byte strings or if you're not actually reading the code. Binaries can be installed under restricted users or in chroot jails. But you're an expert, so you knew that already....

The rest is just dismissive nonsense. If you cant understand that a SOFTWARE DEVELOPMENT KIT allows one to develop and deploy software directly on an OS without having to worry about means of delivery for malicious code, I can't help you there. I proved that worms, virii, and bugs do exist on much more sophisticated platforms than the trimmed down kernel that archos has optimized to run apps WITHOUT having to worry about security issues.


Top
   
 Post subject:
PostPosted: Sat Dec 22, 2007 1:47 am 
Offline
Site Admin
Site Admin

Joined: Sun Nov 27, 2005 2:40 am
Posts: 7052
Location: Copenhagen
cheve wrote:
I repeat that they are truly doing a good integration job, but unfortunately, it is not tech innovation in my book:-(


* 2007 - World 1st WiFi PMP for video streaming in DivX, wmv, qt
* 2007 - World 1st WiFi PMP with Youtube and Dailymotion flash video streaming
* 2007 - World 1st WiFi PMP with one-click content portal
* 2007 - World 1st WiFi PMP with instant-on stand-by mode and 160GB
* 2007 - World 1st WiFi PMP with touch-screen under $200
* 2007 - World 1st WiFi PMP with 800x480 7" touch-screen
* 2006 - World 1st WiFi PMP with 480x272 touch-screen and Samba file sharing
* 2005 - World 1st PMP with direct transfer from DVB DVR from Dish
* 2005 - World 1st MP3 Player with 20 GB and integrated Camera and Camcorder - Gmini 402 Camcorder
* 2005 - World 1st 7" Wide-Screen Portable Video Player and Recorder - AV 700 Mobile DVR
* 2005 - World 1st 3 GB Hard-Drive Based Music Player for $169.95 - Gmini XS 100
* 2005 - World 1st 100-gigabyte Portable Video Player and Recorder - AV4100
* 2005 - World 1st Portable Video Recorder and Player with Linux OS, Wireless and PDA Features - PMA400
* 2004 - World 1st Pocket Video Recorder with TV Cradle - AV400
* 2003 - World 1st Customized MP3 Player with Add-on Modules - Gmini 120
* 2003 - World 1st 20-gigabyte Portable Storage Device at Less Than Three Ounces - ARCDisk
* 2003 - World 1st Pocket Video Recorder 3.3 Mega Pixel camera/camcorder and DVR module - AV300
* 2003 - World 1st Pocket Video Recorder Available - AV100
* 2002 - World 1st Handheld MP3/MP4 Player - Jukebox Multimedia
* 2001 - World 1st Hard Disk-based MP3 Recorder - Jukebox Recorder
* 2000 - World 1st Hard Disk-based MP3 Player - Jukebox 6000
* 1999 - World 1st Miniature CD-RW Drive
* 1998 - World 1st Slimline CD-ROM Drive
* 1997 - World 1st CD-ROM Drive with Micro Power Management
* 1992 - World 1st PCMCIA Memory Card


Just to name a few of the things Archos has done so far. If by being worlds 1st with so many features isn't being an innovator, then I don't know what is. Do you have to invent a new codec, a new storage medium or a new screen technology to be a technology innovator in your book?


Top
   
 Post subject:
PostPosted: Sat Dec 22, 2007 4:13 am 
Offline
Archos User
Archos User

Joined: Tue Nov 06, 2007 6:57 pm
Posts: 133
Charbax wrote:
cheve wrote:
I repeat that they are truly doing a good integration job, but unfortunately, it is not tech innovation in my book:-(


* 2007 - World 1st WiFi PMP for video streaming in DivX, wmv, qt
* 2007 - World 1st WiFi PMP with Youtube and Dailymotion flash video streaming
* 2007 - World 1st WiFi PMP with one-click content portal
* 2007 - World 1st WiFi PMP with instant-on stand-by mode and 160GB
* 2007 - World 1st WiFi PMP with touch-screen under $200
* 2007 - World 1st WiFi PMP with 800x480 7" touch-screen
* 2006 - World 1st WiFi PMP with 480x272 touch-screen and Samba file sharing
* 2005 - World 1st PMP with direct transfer from DVB DVR from Dish
* 2005 - World 1st MP3 Player with 20 GB and integrated Camera and Camcorder - Gmini 402 Camcorder
* 2005 - World 1st 7" Wide-Screen Portable Video Player and Recorder - AV 700 Mobile DVR
* 2005 - World 1st 3 GB Hard-Drive Based Music Player for $169.95 - Gmini XS 100
* 2005 - World 1st 100-gigabyte Portable Video Player and Recorder - AV4100
* 2005 - World 1st Portable Video Recorder and Player with Linux OS, Wireless and PDA Features - PMA400
* 2004 - World 1st Pocket Video Recorder with TV Cradle - AV400
* 2003 - World 1st Customized MP3 Player with Add-on Modules - Gmini 120
* 2003 - World 1st 20-gigabyte Portable Storage Device at Less Than Three Ounces - ARCDisk
* 2003 - World 1st Pocket Video Recorder 3.3 Mega Pixel camera/camcorder and DVR module - AV300
* 2003 - World 1st Pocket Video Recorder Available - AV100
* 2002 - World 1st Handheld MP3/MP4 Player - Jukebox Multimedia
* 2001 - World 1st Hard Disk-based MP3 Recorder - Jukebox Recorder
* 2000 - World 1st Hard Disk-based MP3 Player - Jukebox 6000
* 1999 - World 1st Miniature CD-RW Drive
* 1998 - World 1st Slimline CD-ROM Drive
* 1997 - World 1st CD-ROM Drive with Micro Power Management
* 1992 - World 1st PCMCIA Memory Card


Just to name a few of the things Archos has done so far. If by being worlds 1st with so many features isn't being an innovator, then I don't know what is. Do you have to invent a new codec, a new storage medium or a new screen technology to be a technology innovator in your book?


I have not issue to acknowledge that it is an impress list of Archos achievement. However, in my book, other than one quoted for 1992, 1998, 1999, I would call all other as integration of existing tech. I want to repeat that I have no intention to belittle what Archos has accomplished; but the most of the sited examples do not hit the mark(in the context of tech innovation).

Yes, I would consider an invention of a new codec that needs 10x less storage space, uses 10x less computer power while keeping the same visual quality as the current crop of state-of-the-art codec as true tech. innovation. Real tech innovation is really hard to achieve.

Anyway, thank you for reading mine rants.


Top
   
 Post subject:
PostPosted: Sat Dec 22, 2007 4:47 am 
Offline
Site Admin
Site Admin

Joined: Sun Nov 27, 2005 2:40 am
Posts: 7052
Location: Copenhagen
OK I guess according to your definition of innovation, perhaps we will never see a new innovation. Since the Internet is here, we have storage, screens, and don't expect something much better than Mpeg4. I guess this is it.

Quote:
The classic definitions of innovation include:

1. the act of introducing something new: something newly introduced (The American Heritage Dictionary).
2. the introduction of something new. (Merriam-Webster Online)
3. a new idea, method or device. (Merriam-Webster Online)
4. the successful exploitation of new ideas (Department of Trade and Industry, UK).
5. change that creates a new dimension of performance Peter Drucker (Hesselbein, 2002)
6. the process of making improvements by introducing something new


I can put Archos in all of those 6 definitions. And I expect the rate of innovations to go up with HSDPA enabled Archos devices coming soon, better use of video-on-demand, better integrated streaming video, better widgets, more content and new business models. Lots of innovations are coming up with the current generation and the next.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 39 posts ]  Go to page Previous 1 2

All times are UTC+01:00


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Limited