[adamschuetze]

Hi

I am proposing a certain level of transparency in hybrid construction. Right now, there is no way to tell what the hybrids contain. Ideally I'd like to see a list of CODs included with each hybrid. This list would be a file listing of all the COD files, and distribution they originate from.

Part of this stems from my own curiosity as to how the hybrid is constructed, and part of it stems from a very real concern that hybrids can be used to deliver malicious code.

It might seem like a huge amount of work to generate this documentation. However, I have to assume that hybrid builders maintain such lists internally to track what COD versions they use during their testing phase. I think these lists should be public. In the same way that open source software can be audited, this would allow other people to audit the hybrid contents, and go back to the source distributions obtained from RIM web servers, and compare the files to the hybrid contents.

Hybrid builders who wish to keep their construction proprietary would be free to do so.

I have been thinking about conducting this kind of audit myself, by doing md5sum hashes of CODs from common distributions, building a searchable database, and then dissecting hybrids to determine where the files came from. It would be nice to not have to do this myself, if the hybrid builders would provide this information on their own, for the sake of transparency.

Thoughts?

[wu-wei]

I have many thoughts on this topic. Having built and installed many hybrids, my personal preference would be for 'builders' to simply post the type of list you've proposed. I tend to download most OS installers - leaked or official - so I have the raw resources readily available. The last thing I want/need to do is download another 90+ MB 'installer' filled with files I already have just so I can poke around and see how other folks are building.

I have an extensive spreadsheet (several, actually) which contains system reads for every one of my builds, testing maps and experimental ideas, notes on efficacy, and a few other builds that have been well-reviewed.

Personally I would have no problem disclosing exactly what is in each and every one of my builds so that users can see and decide - before downloading - what I have included.

As for MD5 sums, etc, I know what goes into my builds. I do not have the knowledge (nor do I think it is feasible) to alter existing cod files to insert any malware. The larger concern, in my opinion, is the possibility that someone could craft their own malware app and include that in their hybrid. That is why I have fine-tuned my own personal ALX files and will never use anyone else's.

I'm sure I could add more here, but the short answer for me is that I am willing to provide a complete list of files, including version info, that are in my builds.

[wu-wei]

Quick corollary to my thoughts on malware:

As a theme developer, I would REALLY love to be able to reverse-engineer the stock themes. I have looked for ways of doing so, in fact. While it is not difficult to extract resources like graphics from a cod file, it is practically impossible to retrieve any actual code from those files. The compile process includes an obfuscation, which in turn depends on the OS to decipher at runtime. After all, one of the primary reasons I use a BlackBerry is for security purposes.

Given this compile process, I have a fairly reasonable sense of security when tinkering with cod files and I don't harbor much concern over someone's ability to introduce malicious code at that level. As I said, the primary target, in my opinion, is to include a separate nefarious app that would somehow compromise the device.

[wu-wei]

I will also point out (jeez, I just can't shut up, eh?) that almost every builder from whom I have requested a system read has gladly provided one - either in their threads or via private correspondence. If a builder wouldn't share that, I wouldn't go anywhere near their build.

[Phly_kid]

I doubt it will happen, It's like asking Coca Cola to give ou their secret ingredient, the very same secret that distinguishes them from all other drinks. May I add the secret ingredient that is the mark of their success. What makes hybrid builders different from the rest of us is that they have a certain level of intelligence that we dont. Simply put, they know something we don't. By making that known then we are all on the same playing field and if that knowledge becomes public knowledge then what's the point of it anymore since the assumption will be anyone can do it.
First it will be what cods are different? secondly whats the difference? and the cycle continues. So I wouldnt waste my time and energy requesting for such info. You may be given a bone but not the whole meaty portion if you get what I mean.

[wu-wei]

I doubt it will happen, It's like asking Coca Cola to give ou their secret ingredient, the very same secret that distinguishes them from all other drinks. May I add the secret ingredient that is the mark of their success. What makes hybrid builders different from the rest of us is that they have a certain level of intelligence that we dont. Simply put, they know something we don't. By making that known then we are all on the same playing field and if that knowledge becomes public knowledge then what's the point of it anymore since the assumption will be anyone can do it.
First it will be what cods are different? secondly whats the difference? and the cycle continues. So I wouldnt waste my time and energy requesting for such info. You may be given a bone but not the whole meaty portion if you get what I mean.

Actually, by making any hybrid available, every builder gives up their build details. All you have to do is install the hybrid to a device (or a simulator) and do a system read using BBH-Tool, BBMCP, or BBSAK. Boom. You have the entire list of cods, including version info, for that particular build. Industrious users will then do the same for multiple builds, compare what is changed in each one, and possibly start mixing their own builds.

For anyone to pretend that this is some crazy black magic that is reserved to experts is silly (and I'm not referring to the post I'm quoting). All it takes is perseverance, curiosity, and a few readily-available tools. Personally I always have multiple levels of back-up and I always test on a simulator before even one of my own builds is loaded to my device. I only have one phone, and I depend on it for my livelihood. If an OS won't load on the simulator, it sure as he11 isn't getting loaded to my device.

[wu-wei]

Following on my thoughts, what separates hybrid builders from hybrid users is a willingness to experiment and, if they're halfway intelligent, to keep notes on the outcomes of their experimentation. That is the knowledge that builders have developed - nothing more.

[69goat]

Following on my thoughts, what separates hybrid builders from hybrid users is a willingness to experiment and, if they're halfway intelligent, to keep notes on the outcomes of their experimentation. That is the knowledge that builders have developed - nothing more.

Damn it, now you have taken and revealed all the hybrid builders secrets. Now there will be no "medicine man" or "witch doctor" mystique surrounding hybrids.

[wu-wei]

Damn it, now you have taken and revealed all the hybrid builders secrets. Now there will be no "medicine man" or "witch doctor" mystique surrounding hybrids.

Pay no attention to the man behind the curtain!!!!!

[wu-wei]

Following on my thoughts, what separates hybrid builders from hybrid users is a willingness to experiment and, if they're halfway intelligent, to keep notes on the outcomes of their experimentation. That is the knowledge that builders have developed - nothing more.

Damn it, now you have taken and revealed all the hybrid builders secrets. Now there will be no "medicine man" or "witch doctor" mystique surrounding hybrids.

Pay no attention to the man behind the curtain!!!!!

I really hope I haven't lost my place at the smoldering black java cauldron. I love you guys. (Tear.)

[Legal Eagle]

I really hope I haven't lost my place at the smoldering black java cauldron. I love you guys. (Tear.)

Sure that you haven't, but we know someone who has !!!!!!!

Gotta love the mods on this forum !!!

Keep on cooking.

[maxx71]

I really hope I haven't lost my place at the smoldering black java cauldron. I love you guys. (Tear.)

Certainly Not !!!
You are a much Respected Member here !

[zocster]

I have mistakenly included a cod info reader on one of the builds.

Lucky for those who had gotten their hands on that.

Sorry to those hadn't lol.


Sent from my BlackBerry 9320 powered by
BerryLicio.us

[edibali]

Creating hybrid is art.
Just like a painting ..
There is something there that the results are good and less good.
Creating hybrid which was not as easy as people think.
In the process of building a hybrid will surely get an error message and the results were not maximized.
This is the challenge of building a hybrid. So hybrider will try to give his best result.
And for me personally ..
Sharing os hybrid is a pleasure ..
And of course I do not expect to get paid. Because I enjoy doing it.
My principle ..
If you want to help. Help with good intentions and sincere.

[ochid]

Creating hybrid is art.
Just like a painting ..
There is something there that the results are good and less good.
Creating hybrid which was not as easy as people think.
In the process of building a hybrid will surely get an error message and the results were not maximized.
This is the challenge of building a hybrid. So hybrider will try to give his best result.
And for me personally ..
Sharing os hybrid is a pleasure ..
And of course I do not expect to get paid. Because I enjoy doing it.
My principle ..
If you want to help. Help with good intentions and sincere.

Agree Bro EdiBali, any act of copying or alx module without the knowledge of the creator is cruel and start taking personal advantage of a hybrid work that has been created by hybrider Initially, this may be a concern and our collective consciousness not to.

[zocster]

That is big coming from you, knowing well that you took the alx set from ikhsan when you were building for the 9800.

But we all know it is part of the learning curve.

There are only so many mixes can be made from a handful of OS's.

Let's move forward and keep on learning, help each other to make the best of what is at hand.

Stop playing this stupid blame game.

Agree Bro EdiBali, any act of copying or alx module without the knowledge of the creator is cruel and start taking personal advantage of a hybrid work that has been created by hybrider Initially, this may be a concern and our collective consciousness not to.

Sent from my BlackBerry 9320 powered by
BerryLicio.us

[phatmaan]

Come on guyz , stop harassing the hybrid makers , dont anger them or they'll stop releasing their awesome work !

[edibali]

That is big coming from you, knowing well that you took the alx set from ikhsan when you were building for the 9800.

But we all know it is part of the learning curve.

There are only so many mixes can be made from a handful of OS's.

Let's move forward and keep on learning, help each other to make the best of what is at hand.

Stop playing this stupid blame game.






Sent from my BlackBerry 9320 powered by
BerryLicio.us

we all must learn from existing ones.
Alx jg we learn from the default os or have others.
so in my opinion it is a natural thing ..

I always make a hybrid using 1alx.
I also learned to look alx os innate and belongs to others.
no one is perfect, including me.

but when you begin to unlock the secrets of a person.
then I could also open up what you have done for my hybrid ..

but never mind. the pass let pass.
just remind it ..

[SCrid2000]

1. Hybrids aren't hard work and aren't rocket science (they do take some time and trial/error).
2. The "Best" hybrids, in general, include as many fully working new .cods as possible as newer cods logically have fewer bugs and better performance (full number revisions, ie 6.9 to 7.0, excluded of course).

Anyone who wants a file read for any hybrid I build is more than welcome to one, and anyone interested in helping make hybrids and keep them free is more than welcome to help do so by joining OpenSourceBB, provided they can work as a team and not as an individual.

3. Anyone who wants to know what's in a hybrid, here's a tool called Cod Info made by some members of the bbbluezone (attached to this post). This tool is also in the Hybrid Tools .zip that is linked to with most OSBB hybrids.

[SCrid2000]

And as far as "stealing" and "glory" and all that crap, they're hybrids. If you're doing it for fame or attention, you really need to reconsider your life.

[bimmerdriver]

Come on guyz , stop harassing the hybrid makers , dont anger them or they'll stop releasing their awesome work !

Who is harrassing hybrid makers? If it bothers a hybrid maker that someone is asking questions about their work, maybe they should reconsider what they are doing.

[ochid]

That is big coming from you, knowing well that you took the alx set from ikhsan when you were building for the 9800.

But we all know it is part of the learning curve.

There are only so many mixes can be made from a handful of OS's.

Let's move forward and keep on learning, help each other to make the best of what is at hand.

Stop playing this stupid blame game.






Sent from my BlackBerry 9320 powered by
BerryLicio.us

yes you are right indeed the accused, and I learned from it for the better, all human no one is perfect and that is why I had to learn to be better, not to be perfect

[edibali]

And as far as "stealing" and "glory" and all that crap, they're hybrids. If you're doing it for fame or attention, you really need to reconsider your life.

That's right bro..
I like it..
It was very stupid people who do that. Transparency and honesty are the main ones ..
For sure we have to respect other people's work and do not do stupid things to other people's work.

[Kimberly Boals]

I think this is a pointless idea. Unless you are a hybrid builder or have knowledge of that sort of thing yourself, a list of cod files would be completely useless. To a non-hybrid builder such as myself, I wouldn't get any valuable information from a list of cods, nor would I be able to tell if it contained any "malicious code." It would be completely meaningless. Besides that, people know and trust famous hybrid builders like Berrylicious and we know they don't put any bullsh@# "malicious code" in their hybrids.

[SCrid2000]

I believe the idea was to make it easier for hybrid builders to make better builds, and to stop pretending hybrids are some sort of magically, mysterious thing.
Anyone can make a hybrid. Yourself included.