[conite]

if you know C and network stacks like the back of your hand, it doesnt really matter what they call the product. QNX devs were the best of the best. i told you about my experience with it in 1997. unbelievable what they could do, and did do with bb10.

'android devs' are basically ryerson grads.

Posted via CBX

A lot of the QNX guys are still around. Lots of development going on there.

[wingnut666]

A lot of the QNX guys are still around. Lots of development going on there.

doesn't benefit us consumers of handhelds..

Posted via CBX

[conite]

doesn't benefit us consumers of handhelds..

Posted via CBX

Not so much.

But maybe BlackBerry will be securing your self-driving car one day.

[wingnut666]

Not so much.

But maybe BlackBerry will be securing your self-driving car one day.

zero chance of that. my 70's mopar does have a computer, however. it's called 'MSD'.

another one i have is called EEC-IV. also excellent.
RTOS FTW.

...no reaction to my Ry High dig? come on, you must get a chuckle out of this sometime??? don't you??

Posted via CBX

[aodash]

tuning is one thing. exploits are another. baked-in intrusion is something else again. i've been pouring over and nit-picking linux kernel configs for 20 years. did that save me from the krack vulnerability? no chance

Posted via CBX

Performance tuning is independent of exploits yes, but I'm not talking performance tuning here. There is plenty of overlap between proper security tuning and exploits. Then there is your patches. I too starting building Linux systems about 20 years ago before I got into the internals and made a career out of it.

Every algorithm can have flaws - the people that write them are imperfect. That is why code is now more peer reviewed than ever in proper software development environments. Still stuff slips through. You're rarely going to have a piece of code that doesn't have bugs of some sort, whether that bug impacts security is the key here. And that is the whole point of limiting attack surface areas - one of the things that BlackBerry is wisely doing, because you don't know if some facet of the kernel may have a yet to be discovered bug.

[conite]

...no reaction to my Ry High dig? come on, you must get a chuckle out of this sometime??? don't you??

Posted via CBX

Hey don't diss Nina Dobrev's alma mater!

[BB-JAM215]

oh yeah...what was the point of niap??

To keep BlackBerry enterprise and government customers on BB10 until they were ready for BlackBerry's NIAP-Certified SecuSUITE for Android and IOS, not to mention BB10.

[anon(10268214)]

As a Linux Systems Engineer by profession, I would have to disagree with you from top to bottom. Linux kernel tuning and configuring has everything to do with security. You can have two people tune the same kernel to entirely different results.

As for Linux Google including BlackBerry's patches it into a Pixel - they don't have to, nor may they want to. There are many downstream Linux patches that never make it into the upstream mainline kernel.

For reference:
https://help.blackberry.com/en/secur...226529665.html

If that's true than what should BlackBerry care about being so up to date with its Google provisioned security patches? Android security is obviously about a lot more than just the kernel. I won't go as far as to call it's custom kernel a gimmick...but I have not seen a single example to date of any Android security exploit that has not affected BlackBerry as much as anyone else.

[anon(10268214)]

Sorry guys. You're 100% wrong.

BlackBerry Android and BlackBerry Secure (BlackBerry Android for non-BB branded devices) are real things, are quite independent of /supplementary to Google.

Ask TCL, PT BB Merah Putih, Optiemus Infracom, Yangzhou New Telecom Science, and NTD why they didn't just use stock vanilla Android.

It's a pretty steep assumption that you think you know the truth, and that all of these players are just being bamboozled.

The brand name means nothing without the hardened-OS. Nothing. That's the entire point of the licencing exercise for the licencees.

"BlackBerry Secure is the most secure and comprehensive platform to connect people, devices, processes and systems. A BlackBerry Secure license provides smartphone, IOT, and other product manufacturers with a deeply embedded security solution that is comprised of BlackBerry's proprietary software and applications. Devices built with components from the BlackBerry Secure software platform will have best-in-class security that helps safeguard end-user privacy and protects enterprises from attackers looking to exploit device vulnerabilities."

They're different yes...but only different insofar as they implement features that are inherent to Android (and Qualcomm hardware). That's Android as in Google's Android. With a capital G. Not BlackBerry's.

[thurask]

If that's true than what should BlackBerry care about being so up to date with its Google provisioned security patches? Android security is obviously about a lot more than just the kernel. I won't go as far as to call it's custom kernel a gimmick...but I have not seen a single example to date of any Android security exploit that has not affected BlackBerry as much as anyone else.

As far as I remember there's a grand total of one: BSRT-2016-007 Vulnerability in Qualcomm kernel driver impacts BlackBerry powered by Android smartphones

[conite]

They're different yes...but only different insofar as they implement features that are inherent to Android (and Qualcomm hardware). That's Android as in Google's Android. With a capital G. Not BlackBerry's.

Of course they leverage Qualcomm's hardware and Google's Android.

But again, why are all of these companies paying money for BlackBerry's specific implementation of kernel hardening, encryption, hardware root of trust, secure bootchain, Integrity Detection, and DTEK if there is no value add?

[wingnut666]

To keep BlackBerry enterprise and government customers on BB10 until they were ready for BlackBerry's NIAP-Certified SecuSUITE for Android and IOS, not to mention BB10.

anyone else get the feeling we've been 'visited'? 8c|

Posted via CBX

[anon(10268214)]

Of course they leverage Qualcomm's hardware and Google's Android.

But again, why are all of these companies paying money for BlackBerry's specific implementation of kernel hardening, encryption, hardware root of trust, secure bootchain, Integrity Detection, and DTEK if there is no value add?

Again, this list of features is mostly inherent to Android. Period. I won't call it smoke and mirrors...but it seems to me it's a lot more about a shopping list of Android features as opposed to a truly unique security solution. The value of the custom kernel is debatable. That leaves the benign app DTEK, and proprietary encryption as the only truly unique features that BlackBerry brings to the Android table.

Clearly BlackBerry is attempting to make a go of it with this approach. But to say BlackBerry's version of Android OS truly unique is just plain not true. And if security really is the play here...why have we not seen a single NIAP certified BlackBerry Android device?

[conite]

Again, this list of features is mostly inherent to Android. Period. I won't call it smoke and mirrors...but it seems to me it's a lot more about a shopping list of Android features as opposed to a truly unique security solution. The value of the custom kernel is debatable. That leaves the benign app DTEK, and proprietary encryption as the only truly unique features that BlackBerry brings to the Android table.

Clearly BlackBerry is attempting to make a go of it with this approach. But to say BlackBerry's version of Android OS truly unique is just plain not true. And if security really is the play here...why have we not seen a single NIAP certified BlackBerry Android device?

I give up.

If you think it's all in vanilla Android, then I guess all of these companies are just stupid to pay extra for BlackBerry's implementation.

I guess Samsung is also just as stupid to pursue Knox device-level security.

[anon(10268214)]

I give up.

If you think it's all in vanilla Android, then I guess all of these companies are just stupid to pay extra for BlackBerry's implementation.

I guess Samsung is also just as stupid to pursue Knox device-level security.

Except Samsung's security solution is for real...it's actually NIAP certified, and maintained as such. BlackBerry Android isn't.

So what exactly are 'all these companies' putting their faith in exactly? A logo as a value added proposition? That's typically what licensing is all about. I'm being facetious of course...I'm not quite that cynical. But I stick to my initial premise - the main selling points of a BlackBerry branded device are the BlackBerry apps and the hardware to run them beautifully. Not the uncertified BlackBerry security sauce with Google provisioned updates.

BlackBerry is doing its part by continuing to develop, improve, and add to its suite of productivity apps. If TCL can't get the hardware right, it's over.

[Invictus0]

As far as I remember there's a grand total of one: BSRT-2016-007 Vulnerability in Qualcomm kernel driver impacts BlackBerry powered by Android smartphones

That's the main one I can recall as well but in theory it should protect against other root exploits to some extent. Whether users actually care about root protection though is a different question.

[bb10adopter111]

This is just plain wrong and you know it. Google is responsible for securing Android, not BlackBerry. Even if BlackBerry has done anything to contribute to Android OS security...and that's a big if...it would be absorbed into stock Android and integrated into a Pixel device long before it saw the light of day on any competing Android.

The only thing BlackBerry has contributed that is truly unique to Android security is DTEK (which does nothing except monitor), and proprietary full disk encryption. Sure you can also look at the managed devices aspect but they are far from the only player in that game...and besides, that means nothing to the consumer.

So what does that leave? The BlackBerry Suite of apps, and the hardware. These are the only two aspects of the BlackBerry brand that really matter. Obviously the apps will run better on higher end hardware. All my BlackBerry apps run faster and smoother on my Essential. BlackBerry calendar for example, easily boots up almost twice as fast as it did on my KEYone. So while TCL can probably pull the wool over some eyes with lower end hardware and a BlackBerry logo, if they don't offer customers a convincing justification to spend a premium for a BlackBerry branded device, they're done. Battery life/size just doesn't cut it for most people.

I'm not sure what you mean by stating that Google provides the security for Android. Naturally Android includes rudimentary security, which is provided by Google. That's the basic security that consumers get with all Android phones, and sure, for the typical consumer, basic Android is probably secure enough. It is like the locks on your house's front door. It will keep out casual bad guys looking for an easy mark.

But BlackBerry Mobile isn't positioned for that segment anyway. For enterprise customers, what Google offers is the additional protection of Android for Work, which is very good, for what it does, but which does not offer full stack security, either. It's the equivalent of the security at a retail store with a metal pull-down gate and basic alarm system. It's adequate for most small businesses that can survive a data breach, either through data breach insurance or because it doesn't hold much sensitive data.

But, Google for Work is not secure enough for sensitive data in the Enterprise. Only Samsung Knox and BlackBerry have full stack security that includes the hardware layer. This is the equivalent of a modern bank vault.

For companies that manage sensitive data in the 16 critical infrastructure sectors, (https://www.dhs.gov/critical-infrastructure-sectors) , generic Android, and even Android for Work, is not considered adequate by most security experts.

So, if you're talking about most consumers, who really don't have significant security requirements, and who regularly sacrifice their privacy and security for convenience anyway, I'll concede that native Android security, provided by Google, is adequate. But, for any application where a compromise of the confidentiality, integrity or availability of information via endpoints would cost millions to billions of dollars, I would not allow any employee to access that information with a generic Android phone.

Posted with my trusty Z10

[Trouveur]

Brands are different. Blackberry is different. The way we perceive and engage with this brand is different so yes, I do think that at least a simple blog post should have been made.

Breaking news : BlackBerry already officially announced they exited hardware business.

There would be no point in announcing further things about devices.


Posted via CB10

[anon(8679041)]

There would be no point in announcing further things about devices.


Posted via CB10

I don't think so.
And BTW, having different opinions is fine. Have a great day

[Trouveur]

I don't think so.
And BTW, having different opinions is fine. Have a great day

Sure, but what would be the benefit for BlackBerry to do so ?


Posted via CB10

[royal_black]

What shareholder (big or small), director, manager, or employee can stay viable after loosing billions and billions of dollars on a failed product?

On a failed marketing,
nothing else.

The product itself was capable to success.

Posted via CB10

[royal_black]

Or another view

Let's say Blackberry would have had the first iPhone.

What would had happened?

Blackberry in a position as Apple today?

Posted via CB10

[conite]

On a failed marketing,
nothing else.

The product itself was capable to success.

Posted via CB10

Or another view

Let's say Blackberry would have had the first iPhone.

What would had happened?

Blackberry in a position as Apple today?

Posted via CB10

It has nothing to do with marketing.

It has to do with owning a time machine and taking BB10 back to 2006

[kvndoom]

On a failed marketing,
nothing else.

The product itself was capable to success.

Posted via CB10

The product had no chance of success. Every single phone OS without a competitive app store, EVERY SINGLE ONE, has failed.

Microsoft spent a ton of money marketing Windows Phone. No apps, it failed.

"Lack of marketing" is total and complete bull.

[Mojarch]

This is just plain wrong and you know it. Google is responsible for securing Android, not BlackBerry. Even if BlackBerry has done anything to contribute to Android OS security...and that's a big if...it would be absorbed into stock Android and integrated into a Pixel device long before it saw the light of day on any competing Android.

The only thing BlackBerry has contributed that is truly unique to Android security is DTEK (which does nothing except monitor), and proprietary full disk encryption. Sure you can also look at the managed devices aspect but they are far from the only player in that game...and besides, that means nothing to the consumer.

So what does that leave? The BlackBerry Suite of apps, and the hardware. These are the only two aspects of the BlackBerry brand that really matter. Obviously the apps will run better on higher end hardware. All my BlackBerry apps run faster and smoother on my Essential. BlackBerry calendar for example, easily boots up almost twice as fast as it did on my KEYone. So while TCL can probably pull the wool over some eyes with lower end hardware and a BlackBerry logo, if they don't offer customers a convincing justification to spend a premium for a BlackBerry branded device, they're done. Battery life/size just doesn't cut it for most people.

Well completely wrong!
As Google allows every company to ad their layer of customisation the black berry can do it in almost HAL and other low level layer of os!
Just check the steps of building os by manufacturers!

Posted via CB10