backtop


Print 38 comment(s) - last by flyingpants1.. on Jun 17 at 5:17 AM

OnePlus and Cyanogen are working to patch the OpenSSL vulnerabilities

The OnePlus One looks to be an ambitious smartphone project. The smartphone boasts impressive specs including a 2.5GHz Snapdragon 801 processor paired with 3GB of RAM, a 5.5” 1080p display, 13MP rear camera, all while running CyanogenMod 11S. Most impressively, the OnePlus One costs just $299 for the 16GB model while the 64GB model will set you back only $349.
 
Unfortunately, it appears that OnePlus has run into a few snags with its worldwide launch of the One (it was originally supposed to debut in mid-May). According to Android Community, the Cyanongen and OnePlus are working to fix a few OpenSSL vulnerabilities before it ships the One.

OnePlus One
OnePlus One
 
Ciwrl, a member of the Cyanongen/CyanogenMod team, took to reddit to explain the delays, stating:
 
As you may be aware, a handful of new issues with OpenSSL were made public on June 5th. We decided to include the correction for those vulnerabilities, in the factory release of the One
 
A new release means the whole firmware needs to be re-certified (including QA time), but we believe the security benefits outweigh the delay. So yes, there was a new build issued at fairly last minute, but it wasn't due to missing set deadlines or expectations.
 
Show stopping issues this late in the game are definitely disappointing, but OnePlus still has time to get things sorted out and get the One into the hands of customers. There are competitors that offer comparable specs (like the HTC One (M8) and Samsung Galaxy S5), those that offer even more impressive screens (like the LG G3), and yet-to-be released models that will surely be top-sellers when they hit the market (we’re looking at you, iPhone 6) — but none will be able to meet the off-contract price point of the OnePlus One.

Sources: Android Community, reddit



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

That's pretty neat
By bug77 on 6/11/2014 10:04:43 AM , Rating: 2
I wonder how many of us, stuck in pre-kitkat era will get an update from manufacturers to correct _any_ of the recent OpenSSL issues (never mind correcting _all_ of them).

And this is why I think the whole "oh, you didn't buy a flagship, you only spent a couple hundred bucks on a mid-ranger, you're not entitled to further support" argument doesn't hold any water.

On a side-note, my bank has been pushing their mobile app lately. But not once have they issued a warning about the dangers of actually using that on a device that's not up to date. This just goes to show that security is an afterthought for everyone who's not a hacker.




RE: That's pretty neat
By Reclaimer77 on 6/11/2014 10:21:56 AM , Rating: 2
You could always buy an iPhone....

http://gizmodo.com/why-apples-huge-security-flaw-i...

I wouldn't worry if I were you. When you actually research the Heartbeat exploit, you'll understand how there's just no way your phone is realistically going to be compromised.


RE: That's pretty neat
By Boze on 6/11/2014 2:58:16 PM , Rating: 5
Pay no heed to this naysayer, the Spirit of Lord Jobs guides us from the Eternal Profit Margin in the Sky.

So sayeth the Book of Tony Swash - 5:19.


RE: That's pretty neat
By retrospooty on 6/11/2014 10:26:10 AM , Rating: 1
"And this is why I think the whole "oh, you didn't buy a flagship, you only spent a couple hundred bucks on a mid-ranger, you're not entitled to further support" argument doesn't hold any water."

Stop being such a victim... If you are overly concerned about security (which it seems you are), then do something about it. There are SOOOO many options.


RE: That's pretty neat
By Nyanyanya on 6/11/2014 10:29:48 AM , Rating: 2
OpenSSL issue a server-side thing, client software has nothing to do with it; your phone won't be vulnerable to attack unless you do run some sort of web server on it.


RE: That's pretty neat
By retrospooty on 6/11/2014 10:31:30 AM , Rating: 1
Agreed, like I said "overly concerned". This is an ongoing issue with Bug


RE: That's pretty neat
By bug77 on 6/11/2014 10:33:33 AM , Rating: 2
There isn't a single issue. Heartbleed was the first one, but a bunch more were uncovered less than a week ago (I think).


RE: That's pretty neat
By Brandon Hill (blog) on 6/11/2014 10:39:20 AM , Rating: 2
Yup, here's the full list (from the reddit link):

http://www.openssl.org/news/secadv_20140605.txt


RE: That's pretty neat
By bug77 on 6/11/2014 10:39:31 AM , Rating: 2
quote:
There are SOOOO many options.


Not if you want to stick with Android, unfortunately.
For Android there's only Cyanogenmod (aka some things will work, some won't, but kiss your warranty and battery life good bye anyway) or buying another phone (aka show the manufacturers that not supporting their devices actually works).

PS I knew you couldn't let this one pass without posting :-D


RE: That's pretty neat
By retrospooty on 6/11/2014 10:55:51 AM , Rating: 2
"PS I knew you couldn't let this one pass without posting :-D"

I am a creature of habit ;). FWIW, I agree. If you are all 3 of the below...

1. Want to buy only low end cheap phones.
2. Want OS/ROM upgrades for 2+ years.
3. Are not willing to take control and put on a custom ROM

Then Android is not the right choice for you. But a serious question, what does support that? Apple is out, as they have no low end cheap models. Even the 5C is Mid--high as far as price. What would you choose that suits your needs?


RE: That's pretty neat
By bug77 on 6/11/2014 11:19:27 AM , Rating: 3
From a technical point of view, you are right. I don't consider a $200 phone low-end (going to get a Moto G 4G shortly) when it packs a quad-core CPU, an 1280x720 screen and 1GB RAM, but this is not that important.

The thing is, these cheap, low-end phones outsell flagships 10:1 if not more. And they are most frequently bought by the least tech savvy users, those that want "a phone that makes phone calls". By not providing fixes to them, manufacturers ensure a perpetual and huge attack vector for anyone willing to dig up vulnerabilities discovered in the past year or so. This is why I think _any_ smartphone should come with some guaranteed level of support.
If you want, you can think about how antivirus makers have come to the conclusion that they need to provide a free version of their product: if they were protecting only the paying customers and let the rest of the internet be taken over by threats, they still weren't providing a good experience to their paying customers. This is a (not entirely) similar situation in my mind.

And you're again right when you say nobody provides this level of service (Cyanogenmod does, only they can't fix device drivers). But I still think someone should. And I'm going to keep blasting manufacturers for that until they do ;-)


RE: That's pretty neat
By retrospooty on 6/11/2014 11:27:53 AM , Rating: 2
"And you're again right when you say nobody provides this level of service "

OK, I see what you are saying. Moro G is a good otion at that. My guess is now that KK is around and supports lower end specs, and is fast at it, we will see better support. But still as we both mentioned, no-one does that today, not a single vendor.


RE: That's pretty neat
By Reclaimer77 on 6/11/2014 11:42:00 AM , Rating: 1
Dude is your phone even running 4.1.1? I highly doubt it. So what are you worried about? Your phone is already patched for Heartbleed and will get patched for future exploits.

I'm so tired of this, really. Why can't you people EVER come out and list what device you own?! Just come out with it, WHAT PHONE DID YOU BUY??

On the off-chance you own an HTC phone, I found this:

“Privacy and security are important to HTC and we are committed to helping safeguard our customers’ devices and data,” said HTC. “We are currently working to implement the security patch issued by Google this week to the small number of older devices that are on Android 4.1.1.”
Read more at http://www.trustedreviews.com/news/android-4-4-1-j...

I'm sorry but the age of people buying an Android phone and being "left out" of updates is a holdover idea from years ago. Even HTC, traditionally one of the worst, is patching old ass 4.1.1 for Heartbleed!


RE: That's pretty neat
By bug77 on 6/11/2014 11:53:04 AM , Rating: 2
HTC Desire S.

And while HTC may be acting on this one (but I suspect only because Google has actually provided the necessary patch), I will say that I never got a patch for this: http://www.extremetech.com/computing/98227-how-htc...
They said they were working on a fix, but they never delivered. And there was one more issue like that or two that HTC never patched either.
Which is why everyone messing with Android has lost a customer. Several actually, because my whole family expects me to tell them which phone to get.


RE: That's pretty neat
By Reclaimer77 on 6/11/2014 11:59:07 AM , Rating: 2
quote:
(but I suspect only because Google has actually provided the necessary patch)


Uhhh of course? That's like complaining that Dell doesn't patch Windows...

quote:
HTC Desire S.


That's like a four year old phone..just wow.


RE: That's pretty neat
By retrospooty on 6/11/2014 12:04:48 PM , Rating: 2
Wow... I just looked it up. Feb 2011. That is nearly 3 1/2 years old.

Bug, seriously upgrade. Just do it. March your ass to the nearest wireless store and bust out the credit card... right now.


RE: That's pretty neat
By Reclaimer77 on 6/11/2014 12:09:28 PM , Rating: 2
Agree.

And this time, I hate saying this, but just don't buy an HTC. Too unstable atm, who knows if they'll even be around in another 4 years.

Why even keep a phone that long? I don't get it. When that 2 year contract is up, you need to jump on those upgrade offers (usually free).


RE: That's pretty neat
By bug77 on 6/11/2014 1:55:55 PM , Rating: 2
I'm not in the US and don't buy phones on contract. Thus, I picked up this nasty habit of keeping a phone for as long as it does its job.


RE: That's pretty neat
By bug77 on 6/11/2014 1:20:34 PM , Rating: 2
Just placed an order for a couple Moto G 4Gs on Amazon.
But seriously, the Desire S does all that I need and it doesn't even have data (unless I hook it up to WiFi and that's usually at home).
It's just that the battery starts to fail (easily fixed, since it's user replaceable) and that it tends to loose signal in the middle of some calls (not easily fixable, once it even told me there was no SIM installed). But the feeling of metal is something I'm going to miss. A metal body on a mid-range device is something you don't even imagine these days.


I may be alone in this...
By quiksilvr on 6/11/2014 9:26:09 AM , Rating: 2
But I feel that a 5.5" screen is overkill. I would have preffered if they kept it at 5" and make the battery replaceable.




RE: I may be alone in this...
By Brandon Hill (blog) on 6/11/2014 9:28:14 AM , Rating: 1
For $300, you just keep your mouth shut and take what you get ;)


RE: I may be alone in this...
By Newspapercrane on 6/11/2014 9:53:55 AM , Rating: 2
Funny, your mother told me something similar last week...


By Brandon Hill (blog) on 6/11/2014 9:58:40 AM , Rating: 2
RE: I may be alone in this...
By bug77 on 6/11/2014 10:08:19 AM , Rating: 2
One man's "overkill" is the next man's "just right", you should have learned that by now.

But I find it funny that they don't have a user replaceable battery or a card slot, but still they went with the "never settle" slogan.


RE: I may be alone in this...
By flyingpants1 on 6/17/2014 5:15:59 AM , Rating: 2
Or front speakers. Or waterproofing. Or wireless charging.

The Sony Xperia Z2 has all these things, minus the battery.


RE: I may be alone in this...
By flyingpants1 on 6/17/2014 5:13:07 AM , Rating: 2
N5: 5.0"
M8: 5.0"
S5: 5.1"
G2: 5.2"
Z2: 5.2"
G3: 5.5"
Note 2: 5.5"
Note 3: 5.7"

5" is just small now IMO. 5.5" is about as high as you can reasonably go on a one-handed phone for the moment, until we get even smaller bezels, wrap-around screens, etc.


Looks neat
By synapse46 on 6/11/2014 9:20:12 AM , Rating: 2
Curious if this has root out of the box? Looks like a nice phone, can't argue with the price.




RE: Looks neat
By synapse46 on 6/11/2014 9:25:26 AM , Rating: 2
Need an invite to buy one? Wonder if this will go away after release?


RE: Looks neat
By Reclaimer77 on 6/11/2014 9:44:52 AM , Rating: 2
Just temporary until they get production numbers up.

All I can say is, I'm on the list for one of these. Those specs, the design, for that price? Running my favorite Android flavor?

No brainer.


RE: Looks neat
By Brandon Hill (blog) on 6/11/2014 9:46:42 AM , Rating: 2
You'll have to tell us how you like it. It's definitely a lot of kit for the money.


RE: Looks neat
By Reclaimer77 on 6/11/2014 9:56:41 AM , Rating: 2
Will do.

Maybe it's time Reclaimer became a contributor, eh? Review incoming! :P


RE: Looks neat
By teldar on 6/11/2014 10:54:15 AM , Rating: 2
I'm looking forward to an unlocked phone and dumping exorbitant Verizon pricing.


Europe price?
By Nyanyanya on 6/11/2014 10:02:49 AM , Rating: 2
Will it cost the same in Europe or will they rip us off like the rest of the big brands where they do 1/1 ratio and $300 ends up being $400+?




RE: Europe price?
By teldar on 6/11/2014 10:53:03 AM , Rating: 2
Does that include vat?


RE: Europe price?
By bug77 on 6/11/2014 11:02:09 AM , Rating: 2
Does it really matter? If battery life measures up, that phone is a steal even at $400.
And nobody's ripping us off in Europe, but our governments. In the EU, VAT is 20% and up (with a few exceptions). In the US a state tax of 10% is on the high side. And that's just one tax. You didn't think all that healthcare was actually free, did you? ;-)


RE: Europe price?
By Nyanyanya on 6/11/2014 12:52:15 PM , Rating: 2
Free healthcare is a myth.


Another delaying tactic
By rocketbuddha on 6/11/2014 1:38:59 PM , Rating: 2
Another friggin excuse to delay a product after generating hype. Man, they have played the community for a song. And get free publicity and marketing that would have been impossible in the crowded Android world.
And we are all falling for it.

Too bad Oppo.




RE: Another delaying tactic
By flyingpants1 on 6/17/2014 5:17:37 AM , Rating: 2
Blah, blah, blah, blah, blah, blah, blah.

Shut up and wait for the release.


"Spreading the rumors, it's very easy because the people who write about Apple want that story, and you can claim its credible because you spoke to someone at Apple." -- Investment guru Jim Cramer














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki