When software updates go bad(ly)
I received an email overnight that has me re-evaluating what my smart phone will be. But the email also raised a number of other questions in my mind that are more diverse and apply to more than just the decision of what smart phone to upgrade to.
But first, here is the email, with the names changed to protect the guilty:
[Phone company], in their infinite-but-incompetent wisdom, pushed an OS upgrade to [their] Android [model] phones last night that wipes out your contact lists. Of course, [phone company]'s answer is to sync your contact with Google, which I do not do because I have numbers that have to be kept in confidence. This means that the last decade of contacts are gone and I now have to rebuild from scratch.
Clearly, we have all been there before. Some well intentioned software update has wiped out our critical data. It is one of the many reasons we all back up our data, especially our important, critical data. As an IT professional, I could say Too bad, you didn’t back up your data, tough luck. In fact I suspect that many of you are thinking exactly that and why does it matter. In fact, I think it does matter and in many ways that we as open source professionals need to be aware of.
Let me take you back to my article in May where I was discussing my thoughts on migrating to a new phone. One of my important issues was being able to load and back up my important contacts. And based on the email I guess I should add in a secure manner. I too have a number of phone numbers that should never see the outside world. These are not classified numbers, but they are numbers that are considered close hold – backdoor numbers, home numbers for people that would rather not just have anyone call them at home, numbers for access to certain facilities that the public in general just should not have. That sort of thing. So I can appreciate the idea of backing up to Google as being a bad idea. And I am sure I am not alone. Clearly, there has to be another way.
And this is the rub. As an IT professional, I am sure I can cobble up an alternative solution, but my friend is not. In fact, the phone in question is probably the most technologically advanced device they own. And in a number of cases, these devices are the most complicated devices that most people have in their possession and they are being marketed as a phone, rather than the computer they really are. Further, these devices are being marketed as an alternative to that other palm based computing device but with the Open Source moniker writ large across them – and poor PR will affect us, regardless of whether it is our fault or not.
But what really bothers me most is this happened at all. I would like to blame [phone company] for this but I have to wonder, in 2010, why we are still having OS updates that overwrite the data on the device? This is not 1990. We know how to update devices without overwriting personal data, every operating system today does it quite well. So what happened? Is this an Android issue? Or a [phone company issue]? I have not seen a wide spread hue and cry about Androids being overwritten, but if it only started last night, it might take a day or so for the yelling to start – we will have to keep an eye out.
The point here is this. There needs to be provided as a point-of-sale item a simple solution for (securely) backing up user data. There also needs to be a way of ensuring that code flashes do not destroy personal data and pressure needs to be brought to bear on the phone companies and other resellers to educate their customers that these are not your parent’s telephone. They are complex computing devices and need to be treated as such.
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
|diff -u: What's New in Kernel Development||Aug 20, 2014|
|Security Hardening with Ansible||Aug 18, 2014|
|Monitoring Android Traffic with Wireshark||Aug 14, 2014|
|IndieBox: for Gamers Who Miss Boxes!||Aug 13, 2014|
|Non-Linux FOSS: a Virtualized Cisco Infrastructure?||Aug 11, 2014|
|Linux Security Threats on the Rise||Aug 08, 2014|
- Security Hardening with Ansible
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- Monitoring Android Traffic with Wireshark
- Readers' Choice Awards 2013
- Tech Tip: Really Simple HTTP Server with Python
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- RSS Feeds
- Returning Values from Bash Functions
- IndieBox: for Gamers Who Miss Boxes!
- Linux Security Threats on the Rise