OESF Portal | OESF Forum | OESF Wiki | LinuxPDA | #planetgemini chat on matrix.org | #gemini-pda chat on Freenode | #zaurus and #alarmz chat on Freenode | ELSI (coming soon) | Ibiblio

IPB

Welcome Guest ( Log In | Register )

2 Pages V  < 1 2  
Reply to this topicStart new topic
> Sailfish on Cosmo - some Information from Jolla ..
Kamikaze Comet
post Mar 19 2020, 12:41 PM
Post #16





Group: Members
Posts: 24
Joined: 10-March 20
Member No.: 866,807



QUOTE(aard @ Mar 18 2020, 09:54 AM) *
Jolla is very thin on resources since late 2015 when they almost went bankrupt, and most of us left. There wasn't that much change since then, and a lot of issues from back then, including a lot of security issues, remain unfixed. I wouldn't recommend running Sailfish on a daily use device, especially if you care about security.


wow, an insider, thank you for sharing the intelligence.

Planet Computers also only have 9 employees. I think only 3 of them are full time developers. I don't know how far they can go. Most of Android/iOS challengers eventually die out, yet I still purchased Cosmo Communicator hoping this community will continue moving forward little by little.

I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?
Go to the top of the page
 
+Quote Post
Vistaus
post Mar 26 2020, 02:53 PM
Post #17





Group: Members
Posts: 80
Joined: 24-June 19
From: Netherlands
Member No.: 850,627



Jolla should first work on refunds. After a couple of years, me and quite a few others are still waiting for the Jolla Tablet refund they promised...
Go to the top of the page
 
+Quote Post
ArchiMark
post Mar 26 2020, 03:02 PM
Post #18





Group: Admin
Posts: 1,718
Joined: 25-June 03
From: Silicon Valley
Member No.: 208



QUOTE(Vistaus @ Mar 26 2020, 03:53 PM) *
Jolla should first work on refunds. After a couple of years, me and quite a few others are still waiting for the Jolla Tablet refund they promised...


Yep, but don't hold your breath waiting for it....

Go to the top of the page
 
+Quote Post
aard
post Yesterday, 08:15 AM
Post #19





Group: Members
Posts: 6
Joined: 6-February 20
Member No.: 865,185



QUOTE(Kamikaze Comet @ Mar 19 2020, 12:41 PM) *
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?


Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.
Go to the top of the page
 
+Quote Post
szopin
post Today, 06:53 AM
Post #20





Group: Members
Posts: 44
Joined: 24-February 19
Member No.: 842,637



QUOTE(aard @ Mar 28 2020, 05:15 PM) *
QUOTE(Kamikaze Comet @ Mar 19 2020, 12:41 PM) *
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?


Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.

The underlying framework (mer) is fully open so can be audited (and I'm sure russians chosing it as their OS for government devices did that and for the UI too, as they have access to all the code) and relying on android drivers+libhybris makes it more secure than normal android device as most android exploits will not work out of the box and would have to target sfos device specifically. But the hype for me is mostly the UI with full linux under the hood, so you end up with a device that is pleasant to use and can hack on it properly without some android-type-bandaids (you can chroot into other distros too if you like I guess)
Go to the top of the page
 
+Quote Post
aard
post Today, 10:02 AM
Post #21





Group: Members
Posts: 6
Joined: 6-February 20
Member No.: 865,185



QUOTE(szopin @ Mar 29 2020, 06:53 AM) *
QUOTE(aard @ Mar 28 2020, 05:15 PM) *
QUOTE(Kamikaze Comet @ Mar 19 2020, 12:41 PM) *
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?


Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.

The underlying framework (mer) is fully open so can be audited (and I'm sure russians chosing it as their OS for government devices did that and for the UI too, as they have access to all the code) and relying on android drivers+libhybris makes it more secure than normal android device as most android exploits will not work out of the box and would have to target sfos device specifically. But the hype for me is mostly the UI with full linux under the hood, so you end up with a device that is pleasant to use and can hack on it properly without some android-type-bandaids (you can chroot into other distros too if you like I guess)


Only last year they started (finally) upgrading core components, until then pretty much everything was ridiculously outdated, with a lot of unpatched security issues. Even though they slowly seem to be catching up now, there still is a lot of outdated middleware on there, some of which may not be updated because of them still trying to avoid GPLv3 software on the device. The browser engine probably also is still pretty old, and a good entrance onto a device.

SailfishOS security is pretty much "it's too obscure to bother", if somebody were to look they'd find quite a few problematic spots.
Go to the top of the page
 
+Quote Post
szopin
post Today, 02:10 PM
Post #22





Group: Members
Posts: 44
Joined: 24-February 19
Member No.: 842,637



QUOTE(aard @ Mar 29 2020, 07:02 PM) *
QUOTE(szopin @ Mar 29 2020, 06:53 AM) *
QUOTE(aard @ Mar 28 2020, 05:15 PM) *
QUOTE(Kamikaze Comet @ Mar 19 2020, 12:41 PM) *
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?


Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.

The underlying framework (mer) is fully open so can be audited (and I'm sure russians chosing it as their OS for government devices did that and for the UI too, as they have access to all the code) and relying on android drivers+libhybris makes it more secure than normal android device as most android exploits will not work out of the box and would have to target sfos device specifically. But the hype for me is mostly the UI with full linux under the hood, so you end up with a device that is pleasant to use and can hack on it properly without some android-type-bandaids (you can chroot into other distros too if you like I guess)


Only last year they started (finally) upgrading core components, until then pretty much everything was ridiculously outdated, with a lot of unpatched security issues. Even though they slowly seem to be catching up now, there still is a lot of outdated middleware on there, some of which may not be updated because of them still trying to avoid GPLv3 software on the device. The browser engine probably also is still pretty old, and a good entrance onto a device.

SailfishOS security is pretty much "it's too obscure to bother", if somebody were to look they'd find quite a few problematic spots.


It's true for every device, but obscurity plus the fact even first jolla phone from 2013 is still getting updates is pretty unique
Go to the top of the page
 
+Quote Post

2 Pages V  < 1 2
Reply to this topicStart new topic
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 29th March 2020 - 05:18 PM