Author Topic: Sailfish on Cosmo - some Information from Jolla ..  (Read 18445 times)

Kamikaze Comet

  • Newbie
  • *
  • Posts: 28
    • View Profile
Sailfish on Cosmo - some Information from Jolla ..
« Reply #15 on: March 19, 2020, 04:41:55 pm »
Quote from: aard
Jolla is very thin on resources since late 2015 when they almost went bankrupt, and most of us left. There wasn't that much change since then, and a lot of issues from back then, including a lot of security issues, remain unfixed. I wouldn't recommend running Sailfish on a daily use device, especially if you care about security.

wow, an insider, thank you for sharing the intelligence.

Planet Computers also only have 9 employees. I think only 3 of them are full time developers. I don't know how far they can go. Most of Android/iOS challengers eventually die out, yet I still purchased Cosmo Communicator hoping this community will continue moving forward little by little.

I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?

Vistaus

  • Full Member
  • ***
  • Posts: 139
    • View Profile
Sailfish on Cosmo - some Information from Jolla ..
« Reply #16 on: March 26, 2020, 06:53:48 pm »
Jolla should first work on refunds. After a couple of years, me and quite a few others are still waiting for the Jolla Tablet refund they promised...

ArchiMark

  • Administrator
  • Hero Member
  • *****
  • Posts: 1830
    • View Profile
Sailfish on Cosmo - some Information from Jolla ..
« Reply #17 on: March 26, 2020, 07:02:18 pm »
Quote from: Vistaus
Jolla should first work on refunds. After a couple of years, me and quite a few others are still waiting for the Jolla Tablet refund they promised...

Yep, but don't hold your breath waiting for it....
Silicon Valley Digerati - * Please see my Mini Laptops For Sale Listing *
Cosmo Communicator / One-Netbook One Mix Yoga 3S (Win 10/Manjaro 18)
Banana Pi Zero UMPC/Armbian
MacBookPro
Sold: C3200/N900/OQO/N5/Dell Mini9/Netwalker/UMID M1/

aard

  • Newbie
  • *
  • Posts: 9
    • View Profile
Sailfish on Cosmo - some Information from Jolla ..
« Reply #18 on: March 28, 2020, 12:15:12 pm »
Quote from: Kamikaze Comet
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?

Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.

szopin

  • Jr. Member
  • **
  • Posts: 66
    • View Profile
Sailfish on Cosmo - some Information from Jolla ..
« Reply #19 on: March 29, 2020, 10:53:32 am »
Quote from: aard
Quote from: Kamikaze Comet
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?

Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.
The underlying framework (mer) is fully open so can be audited (and I'm sure russians chosing it as their OS for government devices did that and for the UI too, as they have access to all the code) and relying on android drivers+libhybris makes it more secure than normal android device as most android exploits will not work out of the box and would have to target sfos device specifically. But the hype for me is mostly the UI with full linux under the hood, so you end up with a device that is pleasant to use and can hack on it properly without some android-type-bandaids (you can chroot into other distros too if you like I guess)

aard

  • Newbie
  • *
  • Posts: 9
    • View Profile
Sailfish on Cosmo - some Information from Jolla ..
« Reply #20 on: March 29, 2020, 02:02:13 pm »
Quote from: szopin
Quote from: aard
Quote from: Kamikaze Comet
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?

Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.
The underlying framework (mer) is fully open so can be audited (and I'm sure russians chosing it as their OS for government devices did that and for the UI too, as they have access to all the code) and relying on android drivers+libhybris makes it more secure than normal android device as most android exploits will not work out of the box and would have to target sfos device specifically. But the hype for me is mostly the UI with full linux under the hood, so you end up with a device that is pleasant to use and can hack on it properly without some android-type-bandaids (you can chroot into other distros too if you like I guess)

Only last year they started (finally) upgrading core components, until then pretty much everything was ridiculously outdated, with a lot of unpatched security issues. Even though they slowly seem to be catching up now, there still is a lot of outdated middleware on there, some of which may not be updated because of them still trying to avoid GPLv3 software on the device. The browser engine probably also is still pretty old, and a good entrance onto a device.

SailfishOS security is pretty much "it's too obscure to bother", if somebody were to look they'd find quite a few problematic spots.

szopin

  • Jr. Member
  • **
  • Posts: 66
    • View Profile
Sailfish on Cosmo - some Information from Jolla ..
« Reply #21 on: March 29, 2020, 06:10:32 pm »
Quote from: aard
Quote from: szopin
Quote from: aard
Quote from: Kamikaze Comet
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?

Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.
The underlying framework (mer) is fully open so can be audited (and I'm sure russians chosing it as their OS for government devices did that and for the UI too, as they have access to all the code) and relying on android drivers+libhybris makes it more secure than normal android device as most android exploits will not work out of the box and would have to target sfos device specifically. But the hype for me is mostly the UI with full linux under the hood, so you end up with a device that is pleasant to use and can hack on it properly without some android-type-bandaids (you can chroot into other distros too if you like I guess)

Only last year they started (finally) upgrading core components, until then pretty much everything was ridiculously outdated, with a lot of unpatched security issues. Even though they slowly seem to be catching up now, there still is a lot of outdated middleware on there, some of which may not be updated because of them still trying to avoid GPLv3 software on the device. The browser engine probably also is still pretty old, and a good entrance onto a device.

SailfishOS security is pretty much "it's too obscure to bother", if somebody were to look they'd find quite a few problematic spots.

It's true for every device, but obscurity plus the fact even first jolla phone from 2013 is still getting updates is pretty unique

Pikku-iikka

  • Newbie
  • *
  • Posts: 41
    • View Profile
Sailfish on Cosmo - some Information from Jolla ..
« Reply #22 on: March 30, 2020, 04:01:48 am »
Quote from: szopin
Quote from: aard
SailfishOS security is pretty much "it's too obscure to bother", if somebody were to look they'd find quite a few problematic spots.
It's true for every device, but obscurity plus the fact even first jolla phone from 2013 is still getting updates is pretty unique
Jolla is having business with Russians - not under 'Sailfish' brand however. I've understood that these businesses bring new things to older Sailfish systems, too. My Jolla phone - ordered 2012 - still gets frequent updates, rocks on and is in daily use. For work calls only, but anyway. Even the battery is original and keeps power well.
Pikku-iikka (alias Little Ike - 194 cm / 130 kg)
Planet Cosmo Communicator
Samsung Note 8, Jolla Phone (Sailfish), Nokia N9 (Meego)
Raspberry Pi 4B / RetroPie setup emulating Amiga.

aard

  • Newbie
  • *
  • Posts: 9
    • View Profile
Sailfish on Cosmo - some Information from Jolla ..
« Reply #23 on: March 30, 2020, 11:29:18 am »
Quote from: szopin
Quote from: aard
Only last year they started (finally) upgrading core components, until then pretty much everything was ridiculously outdated, with a lot of unpatched security issues. Even though they slowly seem to be catching up now, there still is a lot of outdated middleware on there, some of which may not be updated because of them still trying to avoid GPLv3 software on the device. The browser engine probably also is still pretty old, and a good entrance onto a device.

SailfishOS security is pretty much "it's too obscure to bother", if somebody were to look they'd find quite a few problematic spots.

It's true for every device, but obscurity plus the fact even first jolla phone from 2013 is still getting updates is pretty unique

You're still getting updates because the way the OS and the build/release process is designed makes it easy to support it. You're not getting updates for the hardware adaptation layer and the android runtime, though - both of which are a security nightmare by now for the original phone.

Making this possible had an initial trade off making a few things harder to implement, especially when additional devices started being introduced, and it was a rather annoying continuous discussion back in 2015 if we shouldn't ease up on requirements and drop the original Jolla.

szopin

  • Jr. Member
  • **
  • Posts: 66
    • View Profile
Sailfish on Cosmo - some Information from Jolla ..
« Reply #24 on: March 30, 2020, 12:23:57 pm »
Quote from: aard
Quote from: szopin
Quote from: aard
Only last year they started (finally) upgrading core components, until then pretty much everything was ridiculously outdated, with a lot of unpatched security issues. Even though they slowly seem to be catching up now, there still is a lot of outdated middleware on there, some of which may not be updated because of them still trying to avoid GPLv3 software on the device. The browser engine probably also is still pretty old, and a good entrance onto a device.

SailfishOS security is pretty much "it's too obscure to bother", if somebody were to look they'd find quite a few problematic spots.

It's true for every device, but obscurity plus the fact even first jolla phone from 2013 is still getting updates is pretty unique

You're still getting updates because the way the OS and the build/release process is designed makes it easy to support it. You're not getting updates for the hardware adaptation layer and the android runtime, though - both of which are a security nightmare by now for the original phone.

Making this possible had an initial trade off making a few things harder to implement, especially when additional devices started being introduced, and it was a rather annoying continuous discussion back in 2015 if we shouldn't ease up on requirements and drop the original Jolla.
On the plus side you can freely compile/install newer and fixed versions of all(most?) packages on device (like openssl from openrepos) without waiting for jolla, hal/android is the same situation as with android devices, you are lucky to get updates for a year at most. It will be interesting to see how purism guys will fare with their rolling release and daily updates, sooner or later bugs or breakages will slip through for sure, then again they are not aiming at corporate or gov clients and that might be acceptable for an enthusiast device/OS

Kamikaze Comet

  • Newbie
  • *
  • Posts: 28
    • View Profile
Sailfish on Cosmo - some Information from Jolla ..
« Reply #25 on: March 31, 2020, 01:35:15 pm »
Quote from: aard
Quote from: Kamikaze Comet
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?

Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.

Thank you for the answer. That explains a lot of things. I'm not so hyped about non-Android linux now.

idc

  • Jr. Member
  • **
  • Posts: 93
    • View Profile
Sailfish on Cosmo - some Information from Jolla ..
« Reply #26 on: April 01, 2020, 03:37:56 pm »
Quote from: Kamikaze Comet
Quote from: aard
Quote from: Kamikaze Comet
I have a question for you. I honestly don't know the answer. Why are people so hyped over Sailfish OS even if it has security issues like you said?

Open source security fallacy. People have heard that open source can be more secure, but don't understand under which conditions this is true, so it just becomes a "it's more secure because most of it is open source". This is helped by early Jolla advertising highlighting privacy - which was true as long as you didn't add any additional services - and people mixing up privacy and security.

Thank you for the answer. That explains a lot of things. I'm not so hyped about non-Android linux now.

But for some of us the privacy issue is a big one. Many, including myself, don't feel happy with Google's slurp, and Sailfish seems to be the only real alternative. I really like it on my Gemini. I wish it would arrive on the Cosmo soon. To be honest a key reason for me in backing both Gemini and Cosmo was the promise they would run OSes other than Android. I hoped that Sailfish would arrive a bit quicker for the Cosmo, as I assumed much of the hard work had been done porting it for the Gemini. It is disappointing to still be waiting for its arrival on the Cosmo — which has been a factor persuading me not to cough up in advance for the proposed new Astro Slide.

idc

  • Jr. Member
  • **
  • Posts: 93
    • View Profile
Sailfish on Cosmo - some Information from Jolla ..
« Reply #27 on: April 04, 2020, 09:58:42 am »
I understand Sailfish OS was updated to version 3.3.0.14 for Early Adopters on 2nd April. It appears from the release notes that support for the Cosmo is not included at this time. I'm disappointed. I've emailed Davide Guidi to aks whether anyone is working on it to his knowledge. I'll post if I get a useful response.
Cheers,
Ian

Vistaus

  • Full Member
  • ***
  • Posts: 139
    • View Profile
Sailfish on Cosmo - some Information from Jolla ..
« Reply #28 on: April 04, 2020, 05:05:46 pm »
I know it's a bit offtopic, but since there's no subforum and it has been kind of ported to the Gemini: does anyone know anything regarding the porting of Lumiri (formerly Ubuntu Touch) to the Cosmo? I'd be very interested in running that on my Cosmo

idc

  • Jr. Member
  • **
  • Posts: 93
    • View Profile
Sailfish on Cosmo - some Information from Jolla ..
« Reply #29 on: April 10, 2020, 11:04:21 am »
Quote from: Vistaus
I know it's a bit offtopic, but since there's no subforum and it has been kind of ported to the Gemini: does anyone know anything regarding the porting of Lumiri (formerly Ubuntu Touch) to the Cosmo? I'd be very interested in running that on my Cosmo
I'm afraid I don't know anything about that, but I'm interested. Can you or anyone point me to where I could find out more?
Thanks,
Ian