I'm not familiar with the X-RAY app, but it sounds like you are vulnerable, but not necessarily compromised. As I recall, some of those are vulnerabilities in certain (usually older) Android builds. Could be used nefariously, but as far as I know most require ADB access - commandline access over USB from a computer. At least Zerg is, that's the only one I'm sort of familiar with.

Basically, on phones that are more locked down, sometimes an exploit of the Android platform itself is used to gain temporary root access. It's usually very very finicky root access, and may end if you do the wrong thing, and probably does not last a reboot unless you have something else to exploit once you have temporary root. And that's really all the goal is. Get access to parts of the phone you otherwise wouldn't - system directories, and perhaps a start at the bootloader and other normally write-protected areas. The escalation from temp root to permanent root, and a step towards the ability to flash.

It's really a dirty dirty hack, and should only be needed in cases where the phone manufacturer has decided not to play ball with the community, or has specifically tried to sabotage attempts at modding.

At any rate, what I'm getting at is - from what you say the app reports, you may not be exploited. Yes, Superuser should help if you are rooted - it basically acts as permission control for apps trying to get root access. Not that that is a cure-all, because as far as I know it only works on apps (things in the Android system - there is a Linux environment under that). But I expect it will complain that you don't have root access when you try to install it.

You're correct, I never have. That doesn't change my point, though. At least you have the blob to work with, that's better than some, but obviously not ideal.

Maybe that was a consideration in the OMAP being placed in the Samsung Nexus.

Uh, you should really look into that more. At the very least install SuperUser, if you can.

It all depends on the phone you choose, the developer interest, and your level of patience. Some phones are inherently easier, some phones have more developer support to help, and if you wait long enough usually GUI-based "1-click" programs show up, if feasible.

More than likely it's not a "bug" of CM per se, it's just that they don't have the proprietary bits they need to make it work. The code for the OS is mostly open source, drivers depend on the manufacturers.

It doesn't make it okay, of course, but not all phones are that way. You need to do a little research before you buy (or get a Nexus).

That's not fair. I know plenty of smart people with iPhones, and a quick look at forums will show you many people in far over their head trying to root and install ROMs.

But it's very apparent that what you do rooting etc. is not officially supported, and more than clear that official lines of support are useless if you have issues. Now, if people were calling AT&T to complain about their jailbreaking gone wrong or something, that would be different.

The trouble with CM or any AOSP (Android Open-Source Project - the code that is released publically) based ROM is that they don't have access to the binary blobs they need to make all of the hardware work, unless the companies upstream play along. This is why cameras frequently struggle. I don't know how much of this comes down to the phone manufacturer or the manufacturer of the specific part.

If it's something you care about, you know that going in and choose accordingly. As far as I know HTC tries to play ball; Samsung doesn't do bad; Motorola tries to make everyone's life hell. That isn't only driver support (or lack thereof), but locking down the bootloader and that kind of thing to specifically try to stop third party installs. HTC last I knew even had a "developer" program - all you had to do was sign up, give them some serial numbers and they emailed you a key to unlock everything.

If you need to be sure - buy one of the Google-branded models, the Nexus series. Made to be easily modded, necessary code and everything released. As such, they usually have the best and longest-lasting support from developers.

Well; perhaps I was a little too caustic in my response. I think I understand your reaction better now - you were responding as though the second poster was making a statement of fact.

I think you over-reacted. "Troll" implies intent. You admit in your own post that a little-reported aspect of the case is that the rounded-corners bit was not upheld in the case (and I'm only taking you at your word here as I truly do not know), and yet you seem to assume that the poster knows this and is trying to mislead and deceive. Seems an odd jump on your part to both claim that few people know this aspect of the case, but assume this person does. Then in your second post you seem to imply that the error was understandable. Understandable, yet troll? I think you calling them a troll was what triggered my response.

That said - I don't think whether that person knew it or not actually matters - because I don't think that was the point they were trying to make. As you said:
>> but since apple lost that point I suspect that the Swiss will as well ...this is perhaps exactly what the second poster was getting at.

Even if not, at the very least - in my reading, I figured the first post was not to be taken at face-value, that the meaning was something cynical towards design-related patents. The second post, to me, follows along the same lines - by bringing up another design-related patent, exerted offensively, and found to be frivolous. Disagree with them if you will, and there are very valid reasons to do so - the comparison is weak, for one - but when decrying frivolous design-related patents, the rounded corners thing is very pertinent; perhaps moreso *because* the court agreed they are frivolous. And while I can't say that attacking someone for bringing it up means you seek to absolve Apple, it certainly seemed to me like you meant to defend Apple - and I think it would not have seemed that way but for your second sentence.

Yes, because Apple is totally absolved from trying that idiotic stunt, just because they didn't get away with it.

I always heard that as "scro," not "scrote." The natural progression of "bro."

Good news! Haswell (the GT3 variants of it anyway) should approximately double Intel's IGP performance. For example: they demoed it playing Skyrim on High settings at 1920x1080.

Plus, some other good stuff.

Yeah, if they wanted to game it, they could do a much more transparent job. They are the one tallying the votes and storing the names, after all.

Easy, buy from the Nexus line :)

Otherwise, Googling can tell you, but it can be painful. However note that Samsung did hire Cyanogen himself.

Sorry, but no, not everything the government has should be open for anyone to obtain and peruse. Take this as an example, or several other blunders made by the UK government or its contractors. This has some data and discussion on the US. Personally, I'm more concerned with the general lack of responsibility for these kind of breaches in both the public and the private sector.

Don't get me wrong, I agree with your ideal. But ideals can rarely if ever become reality. And they're not always the blessing that they would seem to be.

Yep, I love pwdhash. It's portable without worrying about leaving a password database on a thumbdrive or in the cloud, it can generate long, site-unique passwords while using the same base password. Pwdhash is pretty nice in that it is sensitive to stupid websites that don't allow special characters, too - if you put a special in the password you supply, it very likely (but not necessarily) include one in the password it generates. If you don't put specials in the user-supplied portion, the output is just alphanumeric. Of course, there are still the stupid websites that want passwords to be 12 characters or less, and/or have to start with a letter, and/or other asinine rules. A downside though is that there is a maximum length for the passwords pwdhash generates, 22 chars if I remember correctly, but at this point, I don't think that's really an issue.

Still don't recommend actually using the same base password for everything, of course.

The other cool thing about pwdhash (and potentially, similar services too) is that they don't have to be used on websites. You can use it to generate passwords for, say, your wireless. Do something like the SSID in place of the website, then supply your part of the password.

Pwdhash