Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Pandora's Box
Pandora's Box

When Pandora was given gifts from the gods, she had many wonderful things, but she also had a box that she was told never to open. The box contained all the bad things in the world, and as long as it stayed closed, the world was a wonderful place full of joy and happiness. But Pandora's curiosity got the better of her, and she couldn't resist opening it just a little to see what was inside. However, the box couldn't be opened "just a little," and all the wrongs in the world flooded out, creating the world we see around us. Just as she snapped the box closed again, one more thing pushed its way out; it was "hope," which the gods had placed to help man cope with all the bad things.

Perhaps if Pandora had been less keen to see what would happen, we'd still be living in that world of perfect serenity, but without hope, the world would be a much less interesting place.

I mention the myth of Pandora as I think it has parallels with the current arguments about mobile telephones. Should we open the box and allow anyone to run applications on our mobile phones? Is it really possible to open the box "just a little," or would we be better off with a closed box and a world we can rely on?

This article seeks to present the arguments on both sides, showing how both approaches have their advantages, and even exploring the idea of opening the box "just a little." Just like Pandora, once we open the box, it will be very hard to get it closed again, so we need to be certain we're doing the right thing.

What Is This Box Anyway?
On our desktop computers we're used to the idea that we can run any programs we wish, assuming we've paid for (or stolen) them. Many authors choose to provide their software free, or for a nominal fee, and it's often a shock when moving to a new desktop to see just how many applications we use every day. In addition to the main applications we all know well, most of us rely on a host of utilities and extensions to the operating system to organize various tasks and provide our working environment.

Some of these we developed ourselves, and are pleased to be able to use and share, while others came with hardware we've fitted. Most of the time they all seem to work together nicely. But the unreliability attributed to desktop computers (particularly those running Windows) can generally be traced to incompatible software, and the freedom we enjoy to develop and run applications is certainly responsible for the viruses and Trojans we now have to be constantly on guard against.

Various plans for stabilizing the desktop have been suggested, including the Trusted Computing Alliance (TCA) and Microsoft's Palladium. These are based on controlling what applications the user can execute. The idea is that only applications that have been digitally signed by some higher authority can be executed; without approval your programs just won't run.

The approval process will cost money, so no more hacked-together utilities, but also no more viruses or Trojans. Something like this can be seen in many office systems, where a locked-down desktop for the users results in greatly reduced support costs - stable desktop computing at the cost of freedom to run what you want.

The technical practicality of bolting such functionality onto the desktop PC platform is very much open to question, but getting the same functionality into a mobile phone is a lot easier. Indeed, most mobile phone platforms already have the capability, if we decide we want to use it.

The Case for a Closed Platform
Mobile phones shouldn't crash. When I've been involved in developing such embedded devices, stability has always been paramount. The accepted logic was that device users wouldn't tolerate their phones crashing on them. It turns out that we were wrong; most of the more advanced phones crash on occasion, and Microsoft has taught users that turning something off and then back on again will fix most problems, so that's what they do. As the phones get more complicated, however, and the applications more functional, more instability is inevitable without someone controlling what users are allowed to do.

Creating an application that crashes a mobile phone isn't difficult. Most of us spend our time trying to stop our applications from doing exactly that! I've written applications that, if used the wrong way, could require a mobile to be rebooted, and those applications have been made available to other users.

When someone is running one of my applications and their phone crashes, are they going to blame me? Or will they conclude that the phone itself is faulty? Of course, every application I've ever written pops up with perfect error messages explaining the problem and accepting full responsibility, but not every programmer is as fastidious as me...

If we allow everyone and their brother to develop applications, then, by definition, the phones will become unstable. There's no point blaming the users for running "unsuitable" applications. Users neither understand nor want to understand the technical questions; they just see a cool game and download it. If their phone then crashes, it's not a good phone. Presenting the users with warnings is next to useless, especially when download sites advise the users to just click "OK." Users don't want to spend time learning the risks, they just want to use their phones.

The alternative, as Orange has done in the UK, is to control completely what applications the user is allowed to install and run. The SPV (Sound, Pictures, Video, apparently) uses Microsoft Smartphone, an interface layer on top of WinCE, and can run a very wide range of software, but only if it's approved by Orange. This is a decision that the network (Orange, in this case) has made, not Microsoft.

Orange doesn't want to have to deal with the technical support issues involved with users, having installed the latest free game, calling for help to get it working. Orange feels that stability is more important to their customers than flexibility. Orange will digitally sign applications they feel are of benefit to their customers, having checked them to make sure they don't contain anything nasty.

Viruses are one of the nightmares of running an Internet-connected PC. Most of us pay a regular fee for some sort of virus protection, and accept a cost in processing power and memory for constantly running a virus scanner. But if every application is digitally signed then there should be no more viruses! Even worse are Trojans, programs hidden in others, sometimes carried by a virus, which infect your system then hang around gathering data such as passwords, banking details, and contacts, before sending the data off and deleting themselves.

Such attacks are increasingly common on desktop machines, with users often unaware that their security has been compromised until someone starts using the data. The potential for such a program on a mobile phone is terrifying. The ability to make calls on your bill, listen in to your communications, and even present you with questions that are indistinguishable from genuine requests, means that every effort should be made to avoid them becoming widespread. We can't rely on every programmer to be trustworthy, but we can rely on our network provider (who has a reputation to protect), and only with digitally signed applications can we be sure what we're running.

The secured mobile phone also provides the perfect environment for Digital Rights Management (DRM). The next generation of mobiles will feature "lock-forward" functionality, where it will be possible to send a message to a phone that cannot be forwarded to other phones. This, combined with a secure platform, has enormous implications for the distribution of copyright content such as music and video. The ability to allow users to download content without fear of them making copies of it, or passing it on to their friends, is a very compelling proposition, and something the copyright owners are crying out for.

Taking this secure DRM further, with careful use of certificates it's possible to consider the mobile phone as a hardware key ring, holding licenses for all sorts of digital content from music to films to desktop computer applications. Using Bluetooth or something similar, a desktop computer could check for the appropriate key on a nearby phone before running.

All the above is possible only as long as the operating system is secured. Attempts to secure content on desktop computers have always been broken, but if the hackers can't run their programs, they can't attack the security of the content.

The Case for Opening the Box
Microsoft has long argued that their close relationship with developers is what has led to the speed of innovation in desktop software, and few would dispute their commitment to providing plenty of flexibility to programmers. The fact that anyone with the ability to use a mouse can churn out a Visual Basic application has certainly led to the availability of a wide range of programs, even if many of them are truly terrible. It also means that new ideas can be exploited very quickly, and while there are hundreds of very strange apps available, one or two of them will be the next paradigm in computing. Closing the mobile phone platforms will close the door on this kind of innovation.

Without an open platform, application development will be limited to large companies with the resources to pay for licenses and testing. The days of the lone programmer changing the world are almost over, but applications like Napster still demonstrate that sometimes the bedroom programmer is better placed to make the real advances than the largest corporate R & D department.

By creating a community of developers, we can make enormous progress. A community limited to employees of competitive development companies will never achieve the same level of advance.

The Slightly Open Box
Given the opportunities of an open platform, and the security of a closed one, it comes as no surprise that many companies are attempting to open the box "just a little." Java is supposed to provide this kind of model, but suffers with all such ideas in that, with security, comes limited functionallity.

Programs created in a secure environment, like Java, are limited to doing things that are explicitly made available. A good example of this is Bluetooth; 100% Java programs still have no access to Bluetooth hardware, making it impossible for the home developer to deploy innovative applications using Bluetooth on secured devices. Meanwhile constant attempts to extend Java are threatening the standard itself. It's very debatable whether platforms limited in this way will ever provide the kind of fast-track innovation seen in the PC market.

What's in the Box?
It seems inevitable that manufacturers will continue to offer network operators whatever they ask for, and in the UK at least, different operators will offer their own ideas of what their customers want. Ultimately it will be the customers who decide what's most important to them - flexibility or stability.

As developers, most of us would prefer an open platform, depending on how much our livelihood is dependent on protecting copyright, but if we want users to accept an open platform then we'll have to be sure our applications don't show up the instability inherent in the system.

Like Pandora, we might regret opening the box when the first GSM worm starts cutting off our phone calls.

About Bill Ray
Bill Ray, former editor-in-chief (and continuing distinguished contributor to) Wireless Business & Technology magazine, has been developing wireless applications for over 20 ears on just about every platform available. Heavily involved in Java since its release, he developed some of the first cryptography applications for Java and was a founder of JCP Computer Services, a company later sold to Sun Microsystems. At Swisscom he was responsible for the first Java-capable DTV set-top box, and currently holds the position of head of Enabling Software at 02, a UK network operator.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Take a look at our work, and give us some feedback or comment, we begun a project 3 years ago, calls Pandora's Box, in order to give the people a Box to grab things into, provided with some sort of magic to keep all up-t-date, We think it deserve's a try to see what is inside.


Your Feedback
Andres Hohendahl wrote: Take a look at our work, and give us some feedback or comment, we begun a project 3 years ago, calls Pandora's Box, in order to give the people a Box to grab things into, provided with some sort of magic to keep all up-t-date, We think it deserve's a try to see what is inside.
Latest Cloud Developer Stories
"ZeroStack is a startup in Silicon Valley. We're solving a very interesting problem around bringing public cloud convenience with private cloud control for enterprises and mid-size companies," explained Kamesh Pemmaraju, VP of Product Management at ZeroStack, in this SYS-CON.tv i...
In his session at 21st Cloud Expo, Carl J. Levine, Senior Technical Evangelist for NS1, will objectively discuss how DNS is used to solve Digital Transformation challenges in large SaaS applications, CDNs, AdTech platforms, and other demanding use cases. Carl J. Levine is the Sen...
"Codigm is based on the cloud and we are here to explore marketing opportunities in America. Our mission is to make an ecosystem of the SW environment that anyone can understand, learn, teach, and develop the SW on the cloud," explained Sung Tae Ryu, CEO of Codigm, in this SYS-CO...
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them ...
"There's plenty of bandwidth out there but it's never in the right place. So what Cedexis does is uses data to work out the best pathways to get data from the origin to the person who wants to get it," explained Simon Jones, Evangelist and Head of Marketing at Cedexis, in this SY...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE