Symbian Signed Followup

Bruce Carney from Symbian was nice enough to comment on my earlier “Why Symbian Signed must die” post.

There is no intent to prevent long term access. The Symbian Signed infrastructure hit a step change in demand. In periods of overload we have a policy to prioritize the service to ensure professional users can continue their work.

— The problem is shown in this link (i.e. a massive spike)
— The underlying reason was posted in our developers forums here
— Free Developer Certificates *already* downloaded over the past years are valid for 3 years, There are millions and millions of developers who *are* not being impacted by this outage.
— We have been trying to contact the developer of RotateMe to get the app signed (for free) and awaiting response?

If anything, this underscores
(1) How Symbian OS is around an order of magnitude more popular than iPhone or any other mobile OS.
(2) As the smartphone OS market leader, Symbian OS is solving real world mobile developer problems every day, not preaching to the faithful on podiums with powerpoint.

We just ask our developer community to be a little patient

Bruce Carney
Director, Developer Programs & Services

Thanks for posting, Bruce.

I’m sorry I missed your call and I hope you are able to call back.

It’s great news that Symbian intends to restore the ability of people to get devcerts. And I understand and have read all the reasons and reported causes for the Open Signed outages.

I also agree that the volume of certs does suggest the popularity of the platform.

However, all that misses the point. The Symbian Signed server being down is just a symptom, as is the load on that server caused by the volume of developer cert requests. People are requesting so many certs because the signing restrictions are broken. The problem isn’t that the Symbian Signed site is down – the problem is that people have to use it in the first place. The problem is that apps need to be signed to be installed and the mechansm for freeware developers, or even small-time corporate or in-house developers, to get certs and manage getting apps signed (and tested and “approved” by Symbian) is defective. It’s untenable.

This is how we end up in the situation where developers release the apps “unsigned” and have the users themselves sign them (and thus, the high volume of “developer” certs). The arguments in favor of the signing requirement are about making phones “safe” and ensuring users can “trust” the apps. However that trust model is antiquated 20th century thinking. Look what they have to go through now to try to get freeware installed (getting a “devcert” and signing the freeware apps themselves). If they are willing to sign it themselves, it suggests that they “trust” the app, even though it has not been “blessed” by Nokia or Symbian. Why? The reason people trust these apps is not because some authority in the sky, like Symbian Signed, gives it a “thumbs up” but because the community provides a powerful degree of trust. Applications that jack around with people would be immediately discredited by the Symbian freeware community – everyone would know about it, and people would avoid the app like the plague. This works with things like Linux and Firefox and it would also work with Symbian freeware.

The current Symbian Signed process creates the opposite effect of its stated objectives. I’d suggest that Symbian Signed apps are actually less trustworthy, in the true sense of the term – it’s more likely for “official” apps that have been “approved and tested” to have bugs than the freeware ones because it takes months to get an app tested and approved (and it cost $$$) so bugs never get fixed; whereas problems with freeware get reported all over the place and they tend to get fixed quickly.

The solution is to release a version of S60 3rd edition that lets those users that are willing to take the risks install unsignd apps and grant the features, privledges, capabilities they wish to the apps, even if this is a “unsupported” “hacker” version of Symbian with “forfeit all rights to support” restrictions or some such – that would still be vastly better than the situation those people have today, where the only officially supported options are to not install the apps at all, ever or switch platforms/phones – and the “unofficial” solution is to overload the Symbian Signed site with “developer” cert requests.

So save yourself some money on upgrading the Symbian Signed server crypto hardware and instead release a simple version of S60 3rd edition. You’ll be happy, I’ll be happy, and users will be happy. And your phone manufacturer customers like Nokia will be happy too, happy that they don’t lose their customers to Windows Mobile, the iPhone, or other alternative platforms.

5 comments for “Symbian Signed Followup

  1. Honestly, i just want rotateme so i can have the god damn functionality that this phone should have already….

    When symbian decided they wanted to only let people do what they wanted with their own property if they asked nicely and dicked around for half an hour instead of being able to use their machines without symbian holding their hand they should have bloody well prepared for people who, having no other choice, decided to go ahead and ask nicely.

    tl;dr: Get some more fucking bandwidth symbian or start letting people install what they want.

  2. The developer of RotateMe2.0 is the only one that can and should have the application signed. This must happen before its distribution so that the problem is not simply transferred to the end-user.

  3. John Doe, your argument is specious. It assumes that the signing overhead is worth the cost. RotateMe2.0 is a perfect counter-example. The available signing options are clearly not adequate for such application developers. And yet, the application is wanted enough that users will actually endure some of the hassle. When the best option as determined by both LEGITIMATE end-users and LEGITIMATE developers is to "abuse" the process, then the process is obviously BROKEN.

    Symbian came up with a bad idea and now it isn’t working – so that’s the fault of developers and end-users? No. Developers and end-users are the CUSTOMERS, the market, and the market decides what’s right, not Symbian. It’s time to fix the process, not fix the developers and end-users.

    If anybody is transferring the blame, it is Symbian, blaming their broken process on developers and end-users instead of providing solutions that satisfy their most important constituency – CUSTOMERS.

  4. I’m surprised this big symbian lock-up is happening with so little media attention.

    Even though ten thousands of people are struggling with this problem there is little (public) effort to convince Symbian or Nokia to change their tactics.

    Btw, Symbian is deleting negative posts about symbian signed from their forums.

  5. I just know one thing .. the customers needs is the only thing that drive the business to a certain points .. i.e i cant put something in the market that has no need & push the people to take it !!!

    all the buyers & customers for s60 enjoy & need the applications to be installed in their cellphones .. & a huge % from them buy the s60 to use these applications it’s like install Windows XP .. why not Linux … so what symbian end to .. is just for it’s sake not for ppl sake .. if they talk about the harmfull applications .. why not make something like system repair like in windows xp .. ??? or just they don need to put the easy solutions & complicate every thing to gain more money .. it’s clear that they felt so powerful .. so they start to control .. but beware symbian .. this is the first step to the end .. to maintain the success is the goal .. not to be only successful .

Comments are closed.