OESF Portal | OESF Forum | OESF Wiki | LinuxPDA | #planetgemini chat on matrix.org | #gemini-pda chat on Freenode | #zaurus and #alarmz chat on Freenode | ELSI (coming soon) | Ibiblio

IPB

Welcome Guest ( Log In | Register )

3 Pages V  < 1 2 3 >  
Reply to this topicStart new topic
> Sailfish on Cosmo - some Information from Jolla ..
Kamikaze Comet
post Mar 19 2020, 12:41 PM
Post #16





Group: Members
Posts: 31
Joined: 10-March 20
Member No.: 866,807



QUOTE(aard @ Mar 18 2020, 09:54 AM) *
Jolla is very thin on resources since late 2015 when they almost went bankrupt, and most of us left. There wasn't that much change since then, and a lot of issues from back then, including a lot of security issues, remain unfixed. I wouldn't recommend running Sailfish on a daily use device, especially if you care about security.


wow, an insider, thank you for sharing the intelligence.

Planet Computers also only have 9 employees. I think only 3 of them are full time developers. I don't know how far they can go. Most of Android/iOS challengers eventually die out, yet I still purchased Cosmo Communicator hoping this community will continue moving forward little by little.

I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?
Go to the top of the page
 
+Quote Post
Vistaus
post Mar 26 2020, 02:53 PM
Post #17





Group: Members
Posts: 104
Joined: 24-June 19
From: Netherlands
Member No.: 850,627



Jolla should first work on refunds. After a couple of years, me and quite a few others are still waiting for the Jolla Tablet refund they promised...
Go to the top of the page
 
+Quote Post
ArchiMark
post Mar 26 2020, 03:02 PM
Post #18





Group: Admin
Posts: 1,728
Joined: 25-June 03
From: Silicon Valley
Member No.: 208



QUOTE(Vistaus @ Mar 26 2020, 03:53 PM) *
Jolla should first work on refunds. After a couple of years, me and quite a few others are still waiting for the Jolla Tablet refund they promised...


Yep, but don't hold your breath waiting for it....

Go to the top of the page
 
+Quote Post
aard
post Mar 28 2020, 08:15 AM
Post #19





Group: Members
Posts: 8
Joined: 6-February 20
Member No.: 865,185



QUOTE(Kamikaze Comet @ Mar 19 2020, 12:41 PM) *
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?


Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.
Go to the top of the page
 
+Quote Post
szopin
post Mar 29 2020, 06:53 AM
Post #20





Group: Members
Posts: 52
Joined: 24-February 19
Member No.: 842,637



QUOTE(aard @ Mar 28 2020, 05:15 PM) *
QUOTE(Kamikaze Comet @ Mar 19 2020, 12:41 PM) *
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?


Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.

The underlying framework (mer) is fully open so can be audited (and I'm sure russians chosing it as their OS for government devices did that and for the UI too, as they have access to all the code) and relying on android drivers+libhybris makes it more secure than normal android device as most android exploits will not work out of the box and would have to target sfos device specifically. But the hype for me is mostly the UI with full linux under the hood, so you end up with a device that is pleasant to use and can hack on it properly without some android-type-bandaids (you can chroot into other distros too if you like I guess)
Go to the top of the page
 
+Quote Post
aard
post Mar 29 2020, 10:02 AM
Post #21





Group: Members
Posts: 8
Joined: 6-February 20
Member No.: 865,185



QUOTE(szopin @ Mar 29 2020, 06:53 AM) *
QUOTE(aard @ Mar 28 2020, 05:15 PM) *
QUOTE(Kamikaze Comet @ Mar 19 2020, 12:41 PM) *
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?


Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.

The underlying framework (mer) is fully open so can be audited (and I'm sure russians chosing it as their OS for government devices did that and for the UI too, as they have access to all the code) and relying on android drivers+libhybris makes it more secure than normal android device as most android exploits will not work out of the box and would have to target sfos device specifically. But the hype for me is mostly the UI with full linux under the hood, so you end up with a device that is pleasant to use and can hack on it properly without some android-type-bandaids (you can chroot into other distros too if you like I guess)


Only last year they started (finally) upgrading core components, until then pretty much everything was ridiculously outdated, with a lot of unpatched security issues. Even though they slowly seem to be catching up now, there still is a lot of outdated middleware on there, some of which may not be updated because of them still trying to avoid GPLv3 software on the device. The browser engine probably also is still pretty old, and a good entrance onto a device.

SailfishOS security is pretty much "it's too obscure to bother", if somebody were to look they'd find quite a few problematic spots.
Go to the top of the page
 
+Quote Post
szopin
post Mar 29 2020, 02:10 PM
Post #22





Group: Members
Posts: 52
Joined: 24-February 19
Member No.: 842,637



QUOTE(aard @ Mar 29 2020, 07:02 PM) *
QUOTE(szopin @ Mar 29 2020, 06:53 AM) *
QUOTE(aard @ Mar 28 2020, 05:15 PM) *
QUOTE(Kamikaze Comet @ Mar 19 2020, 12:41 PM) *
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?


Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.

The underlying framework (mer) is fully open so can be audited (and I'm sure russians chosing it as their OS for government devices did that and for the UI too, as they have access to all the code) and relying on android drivers+libhybris makes it more secure than normal android device as most android exploits will not work out of the box and would have to target sfos device specifically. But the hype for me is mostly the UI with full linux under the hood, so you end up with a device that is pleasant to use and can hack on it properly without some android-type-bandaids (you can chroot into other distros too if you like I guess)


Only last year they started (finally) upgrading core components, until then pretty much everything was ridiculously outdated, with a lot of unpatched security issues. Even though they slowly seem to be catching up now, there still is a lot of outdated middleware on there, some of which may not be updated because of them still trying to avoid GPLv3 software on the device. The browser engine probably also is still pretty old, and a good entrance onto a device.

SailfishOS security is pretty much "it's too obscure to bother", if somebody were to look they'd find quite a few problematic spots.


It's true for every device, but obscurity plus the fact even first jolla phone from 2013 is still getting updates is pretty unique
Go to the top of the page
 
+Quote Post
Pikku-iikka
post Mar 30 2020, 12:01 AM
Post #23





Group: Members
Posts: 21
Joined: 21-June 19
From: Finland
Member No.: 850,492



QUOTE(szopin @ Mar 30 2020, 01:10 AM) *
QUOTE(aard @ Mar 29 2020, 07:02 PM) *

SailfishOS security is pretty much "it's too obscure to bother", if somebody were to look they'd find quite a few problematic spots.

It's true for every device, but obscurity plus the fact even first jolla phone from 2013 is still getting updates is pretty unique

Jolla is having business with Russians - not under 'Sailfish' brand however. I've understood that these businesses bring new things to older Sailfish systems, too. My Jolla phone - ordered 2012 - still gets frequent updates, rocks on and is in daily use. For work calls only, but anyway. Even the battery is original and keeps power well.
Go to the top of the page
 
+Quote Post
aard
post Mar 30 2020, 07:29 AM
Post #24





Group: Members
Posts: 8
Joined: 6-February 20
Member No.: 865,185



QUOTE(szopin @ Mar 29 2020, 02:10 PM) *
QUOTE(aard @ Mar 29 2020, 07:02 PM) *

Only last year they started (finally) upgrading core components, until then pretty much everything was ridiculously outdated, with a lot of unpatched security issues. Even though they slowly seem to be catching up now, there still is a lot of outdated middleware on there, some of which may not be updated because of them still trying to avoid GPLv3 software on the device. The browser engine probably also is still pretty old, and a good entrance onto a device.

SailfishOS security is pretty much "it's too obscure to bother", if somebody were to look they'd find quite a few problematic spots.


It's true for every device, but obscurity plus the fact even first jolla phone from 2013 is still getting updates is pretty unique


You're still getting updates because the way the OS and the build/release process is designed makes it easy to support it. You're not getting updates for the hardware adaptation layer and the android runtime, though - both of which are a security nightmare by now for the original phone.

Making this possible had an initial trade off making a few things harder to implement, especially when additional devices started being introduced, and it was a rather annoying continuous discussion back in 2015 if we shouldn't ease up on requirements and drop the original Jolla.
Go to the top of the page
 
+Quote Post
szopin
post Mar 30 2020, 08:23 AM
Post #25





Group: Members
Posts: 52
Joined: 24-February 19
Member No.: 842,637



QUOTE(aard @ Mar 30 2020, 04:29 PM) *
QUOTE(szopin @ Mar 29 2020, 02:10 PM) *
QUOTE(aard @ Mar 29 2020, 07:02 PM) *

Only last year they started (finally) upgrading core components, until then pretty much everything was ridiculously outdated, with a lot of unpatched security issues. Even though they slowly seem to be catching up now, there still is a lot of outdated middleware on there, some of which may not be updated because of them still trying to avoid GPLv3 software on the device. The browser engine probably also is still pretty old, and a good entrance onto a device.

SailfishOS security is pretty much "it's too obscure to bother", if somebody were to look they'd find quite a few problematic spots.


It's true for every device, but obscurity plus the fact even first jolla phone from 2013 is still getting updates is pretty unique


You're still getting updates because the way the OS and the build/release process is designed makes it easy to support it. You're not getting updates for the hardware adaptation layer and the android runtime, though - both of which are a security nightmare by now for the original phone.

Making this possible had an initial trade off making a few things harder to implement, especially when additional devices started being introduced, and it was a rather annoying continuous discussion back in 2015 if we shouldn't ease up on requirements and drop the original Jolla.

On the plus side you can freely compile/install newer and fixed versions of all(most?) packages on device (like openssl from openrepos) without waiting for jolla, hal/android is the same situation as with android devices, you are lucky to get updates for a year at most. It will be interesting to see how purism guys will fare with their rolling release and daily updates, sooner or later bugs or breakages will slip through for sure, then again they are not aiming at corporate or gov clients and that might be acceptable for an enthusiast device/OS
Go to the top of the page
 
+Quote Post
Kamikaze Comet
post Mar 31 2020, 09:35 AM
Post #26





Group: Members
Posts: 31
Joined: 10-March 20
Member No.: 866,807



QUOTE(aard @ Mar 28 2020, 11:15 AM) *
QUOTE(Kamikaze Comet @ Mar 19 2020, 12:41 PM) *
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?


Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.


Thank you for the answer. That explains a lot of things. I'm not so hyped about non-Android linux now.
Go to the top of the page
 
+Quote Post
idc
post Apr 1 2020, 11:37 AM
Post #27





Group: Members
Posts: 54
Joined: 22-June 18
Member No.: 824,860



QUOTE(Kamikaze Comet @ Mar 31 2020, 05:35 PM) *
QUOTE(aard @ Mar 28 2020, 11:15 AM) *
QUOTE(Kamikaze Comet @ Mar 19 2020, 12:41 PM) *
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?


Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.


Thank you for the answer. That explains a lot of things. I'm not so hyped about non-Android linux now.


But for some of us the privacy issue is a big one. Many, including myself, don't feel happy with Google's slurp, and Sailfish seems to be the only real alternative. I really like it on my Gemini. I wish it would arrive on the Cosmo soon. To be honest a key reason for me in backing both Gemini and Cosmo was the promise they would run OSes other than Android. I hoped that Sailfish would arrive a bit quicker for the Cosmo, as I assumed much of the hard work had been done porting it for the Gemini. It is disappointing to still be waiting for its arrival on the Cosmo — which has been a factor persuading me not to cough up in advance for the proposed new Astro Slide.
Go to the top of the page
 
+Quote Post
idc
post Apr 4 2020, 05:58 AM
Post #28





Group: Members
Posts: 54
Joined: 22-June 18
Member No.: 824,860



I understand Sailfish OS was updated to version 3.3.0.14 for Early Adopters on 2nd April. It appears from the release notes that support for the Cosmo is not included at this time. I'm disappointed. I've emailed Davide Guidi to aks whether anyone is working on it to his knowledge. I'll post if I get a useful response.
Cheers,
Ian
Go to the top of the page
 
+Quote Post
Vistaus
post Apr 4 2020, 01:05 PM
Post #29





Group: Members
Posts: 104
Joined: 24-June 19
From: Netherlands
Member No.: 850,627



I know it's a bit offtopic, but since there's no subforum and it has been kind of ported to the Gemini: does anyone know anything regarding the porting of Lumiri (formerly Ubuntu Touch) to the Cosmo? I'd be very interested in running that on my Cosmo smile.gif
Go to the top of the page
 
+Quote Post
idc
post Apr 10 2020, 07:04 AM
Post #30





Group: Members
Posts: 54
Joined: 22-June 18
Member No.: 824,860



QUOTE(Vistaus @ Apr 4 2020, 09:05 PM) *
I know it's a bit offtopic, but since there's no subforum and it has been kind of ported to the Gemini: does anyone know anything regarding the porting of Lumiri (formerly Ubuntu Touch) to the Cosmo? I'd be very interested in running that on my Cosmo smile.gif

I'm afraid I don't know anything about that, but I'm interested. Can you or anyone point me to where I could find out more?
Thanks,
Ian
Go to the top of the page
 
+Quote Post

3 Pages V  < 1 2 3 >
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 4th June 2020 - 07:34 PM