Reply
Thread Tools
Posts: 1,067 | Thanked: 2,383 times | Joined on Jan 2012 @ Finland
#121
Originally Posted by nieldk View Post
You clearly dont understand the needs that some developers have. This is fine, but not for me.
Yes I was stating what this update was offering. I do understand that kernel developers want to have full oem unlock command available, and we are working on providing solution for that in future updates. Unfortunately there is limited number of fixes and features that can be included per update. We dont have unlimited hours and manpower.
__________________
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.
 

The Following 5 Users Say Thank You to rainisto For This Useful Post:
Guest | Posts: n/a | Thanked: 0 times | Joined on
#122
Originally Posted by rainisto View Post
Yes I was stating what this update was offering. I do understand that kernel developers want to have full oem unlock command available, and we are working on providing solution for that in future updates. Unfortunately there is limited number of fixes and features that can be included per update. We dont have unlimited hours and manpower.
Like I previously wrote. That closeness is up to Jolla. I am not sure how many will appreciate it.
As for security. Honestly, that is a weak argument. I can break that any time as long as developer mode exists.
Protecting company data should be achieved by other means, If this is what you want.
From a company perspective this is understandable, but, considering whom supported the start-up by preorders, and considering other available options for companies. Is this a wise decision. I dont know, and I dont care. It is goodbye Jolla from me.
 

The Following 5 Users Say Thank You to For This Useful Post:
Posts: 1,067 | Thanked: 2,383 times | Joined on Jan 2012 @ Finland
#123
Originally Posted by nieldk View Post
I can break that any time as long as developer mode exists.
And how do you install developer mode on the device that you have stolen from someone which asks you devicelock code on the boot?

We are not even trying to protect the case where user has installed developer mode by himself, as he as dismissed the warranty may void dialogs and such.
__________________
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.
 

The Following User Says Thank You to rainisto For This Useful Post:
Posts: 113 | Thanked: 303 times | Joined on Dec 2013 @ Germany
#124
Let's see, for example an security problem in your old frankenstein android kernel mix?

You can even install rpms as an normal user.

Last edited by djselbeck; 2013-12-27 at 22:19.
 
Posts: 1,067 | Thanked: 2,383 times | Joined on Jan 2012 @ Finland
#125
Originally Posted by djselbeck View Post
Let's see, for example an security problem in your old frankenstein android kernel mix?

It is no higher art required to install local rpms as normal user?
And how do you get to install things as normal user? Settings devicelock code, immediate, 10 attempts, reboot.

True if you quess the lock code with those 10 attemps, you can do anything as normal user. But if you dont happen to quess the code, do you have some trick to bypass the code query with the latest release?

But yes if frankestein kernel has some remote tcp/ip drop to shell exploit, then everything is wide open.
__________________
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.

Last edited by rainisto; 2013-12-27 at 22:21.
 

The Following 3 Users Say Thank You to rainisto For This Useful Post:
Posts: 113 | Thanked: 303 times | Joined on Dec 2013 @ Germany
#126
Even if i had I wouldn't disclose them.

But that is not the point. Everybody who thinks their data is secure if it is not encrypted doesn't know much about computer security.
 

The Following 5 Users Say Thank You to djselbeck For This Useful Post:
Posts: 1,067 | Thanked: 2,383 times | Joined on Jan 2012 @ Finland
#127
Originally Posted by djselbeck View Post
Even if i had I wouldn't disclose them.

But that is not the point. Everybody who thinks their data is secure if it is not encrypted doesn't know much about computer security.
Nobody in right mind would think that their data is secure. Most people know that unix permissions dont give you real data security and that people can just remove microsd card.

It just means that its nice to have locks in your front door, even if burglar can break the window quite easily. And most people in the world keep their front door closed/locked, even when their houses have windows and they know that people can break in at any time.

But I can be wrong of course, some people might not lock their front doors when they go out.
__________________
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.
 

The Following 4 Users Say Thank You to rainisto For This Useful Post:
Posts: 479 | Thanked: 1,284 times | Joined on Jan 2012 @ Enschede, The Netherlands
#128
Correct me if I'm wrong, but all these lock-thingies will be slight bumps in the road for someone really interested in the data on your phone. Direct access to the flash chips is all you need. They only viable solution is encryption. What's the reason the Jolla doesn't use that, ootb?

While I'm not really into flashing custom kernels (my N9 runs stock kernel) I do find it disappointing to see I now have yet another device which is hard to hack, or at least harder to hack for the wrong reasons (i.e. trying to improve security, but ultimately failing at that. Just like my Samsung tv, which encrypts recording but helpfully puts the keys in a companion file.)

It might not affect many, but these kind of changes on a bug-fix update which will seriously hinder owner's ability to hack a supposedly open device should be noted in the release notes of that update.

Last edited by Fuzzillogic; 2013-12-27 at 22:27.
 

The Following 9 Users Say Thank You to Fuzzillogic For This Useful Post:
Posts: 1,067 | Thanked: 2,383 times | Joined on Jan 2012 @ Finland
#129
Its pretty easy to use fuse encryption layer for example on your microsd card or any custom folder/directory/mountpoint, so people who wants to have some of their data encrypted are free to do so (it will have performance impact and battery life is also affected). Some future update might even offer you to have your data encrypted.
__________________
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.

Last edited by rainisto; 2013-12-27 at 22:35.
 

The Following 5 Users Say Thank You to rainisto For This Useful Post:
Naranek's Avatar
Posts: 236 | Thanked: 149 times | Joined on Jul 2007 @ Finland
#130
Well that escalated quickly...
 

The Following 10 Users Say Thank You to Naranek For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 18:19.