Linked by Thom Holwerda on Tue 4th Apr 2017 21:42 UTC
OSNews, Generic OSes

But the operating system is riddled with serious security vulnerabilities that make it easy for a hacker to take control of Tizen-powered devices, according to Israeli researcher Amihai Neiderman.

"It may be the worst code I've ever seen," he told Motherboard in advance of a talk about his research that he is scheduled to deliver at Kaspersky Lab's Security Analyst Summit on the island of St. Maarten on Monday. "Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software."

Raise your hand if you're surprised.

Thread beginning with comment 642753
To read all comments associated with this story, please click here.
Well, duh...
by boudewijn on Wed 5th Apr 2017 12:20 UTC
boudewijn
Member since:
2006-03-05

Only 40? Tizen is build on EFL, and that really is the most unsurprisingly notorious codebase ever. Every object is the same type, and string comparisons everywhere to distinguish between the objects. But I guess that Samsung couldn't anything else, after it left Maemo/MeeGo. Intel and Nokia had already used GTK and Qt for that, so they simply _had_ to use something else, of course. And for the same reason -- something else was already using it -- Java was out of the question, too.

Reply Score: 6

RE: Well, duh...
by Nadir on Wed 5th Apr 2017 12:56 in reply to "Well, duh..."
Nadir Member since:
2007-05-09

You just reminded me of

https://what.thedailywtf.com/topic/15001/enlightened/5

where Rasterman himself pitches in and goes on a rant. EFL is indeed horrible.

Reply Parent Score: 3

RE: Well, duh...
by moondevil on Wed 5th Apr 2017 17:23 in reply to "Well, duh..."
moondevil Member since:
2005-07-08

It is worse than that.

You skipped the part where Samsung integrated the Bada OS SDK into Tizen, thus bringing in its Symbian C++ flavour, followed by a rewrite with a more standards compliant C++, only to drop everything and use EFL instead, with the promise that the new C++ API on top of EFL would come.

Now it appears that instead of doing that, they are adding support for .NET Core, Xamarin Forms and Tizen specific APIs for .NET Core apps.

Tizen is a joke, apparently they want to beat the number of times Microsoft has redone their mobile SDK.

Reply Parent Score: 4

RE[2]: Well, duh...
by boudewijn on Wed 5th Apr 2017 17:57 in reply to "RE: Well, duh..."
boudewijn Member since:
2006-03-05

Yeah, well, brevity's sake and so on.

Gosh, I do miss the days of Maemo and Meego, when my company was working with Nokia and doing great stuff.

Reply Parent Score: 2

RE: Well, duh...
by acobar on Thu 6th Apr 2017 21:18 in reply to "Well, duh..."
acobar Member since:
2005-11-15

Really, nuff said.

Granted, I'm not familiar with the state of EFL current iteration but, when I was digging window managers to see what I would like more years ago, Enlightenment was awful, security wise. They kind of wanted to put all effort on performance over almost everything else.

Not the security experts are not known to overstate the risks many times, though.

Reply Parent Score: 2