Active Topics
-
Maemo repository (8)
to Community by Maemish - 1 day, 11 hrs ago -
Porting apps to Leste (44)
to Maemo 7 / Leste by norayr - 1 day, 15 hrs ago -
List of well performing apps on Leste (35)
to Maemo 7 / Leste by smatkovi - 4 days, 13 hrs ago -
Sailfish OS for the Motorola Moto G7 Power (XT1955-5) - (ocean) (13)
to SailfishOS by edp17 - 5 days, 11 hrs ago -
Sailfish OS for the Samsung Galaxy Note 4 (SM-N910C) - (treltexx) (79)
to SailfishOS by edp17 - 5 days, 11 hrs ago -
U-Boot for Nokia RX-51 with BootMenu (updated version 2012.10-rc3-1) (843)
to Alternatives by Arno_11 - 5 days, 16 hrs ago - more...
|
2013-12-15
, 09:49
|
|
Posts: 594 |
Thanked: 1,094 times |
Joined on Aug 2012
@ Rhine
|
#12
|
i future, some kind of ACL for Anroid apps would be great. meaning, you can allow apps individual access outside of the VM.
e.g.
app1 can access internet, location
app2 can access media
app3 can access contacts
... and so on
e.g.
app1 can access internet, location
app2 can access media
app3 can access contacts
... and so on
 |
|
2013-12-24
, 14:57
|
|
Posts: 1,625 |
Thanked: 998 times |
Joined on Aug 2010
|
#13
|
Originally Posted by szopin
yeah, big brother...
[...]
To a hacker, yeah, to an organization that makes its living by spying, early access or early backdoor implementation could be considered a key asset. Think about it, new device, all Snowdens of the world are gonna use it because it is new and from outside of US. Very hot cake
but big brother doesn't need to access your device to get pretty much ALL the info they are interested in, which does, afawk NOT inlcude your CC credentials and what not...
well, correct that... they use CC & all to track your plane, train, bus, ship (did i forget anything... rocket, maybe?) ticket purchases, of course!
they get those informations from Google, Yahoo!, m$, ATT & Co. don't they?
or if that is not available (in savage uncivilized countries where Consumerism doesn't reign almighty (yet)) they simply plug into the cell towers & all directly, from satellites...
no escaping big brother.... John Connor, maybe?
__________________
information is a necessary though no sufficient condition to rationality...
information is a necessary though no sufficient condition to rationality...
|
|
2014-01-31
, 06:35
|
|
Posts: 3 |
Thanked: 1 time |
Joined on Jan 2014
|
#14
|
Originally Posted by rainisto
You can't really be that naive? Sure, I love security as a layer, but that's because I'm a security consultant and I make some really good money when people **** up with security (in my line of work, security as a layer and **** up isn't even separate phrases). On a device I'm supposed to use for mostly everything, though, security needs to have a central role during development, not when **** hits the fan. Please tell me that you are at least utilizing the linux built in group permission separation. Some kind of control where I have to confirm that app X is allowed to be part of the "phonebook" group, the "read_home_directory" or the "internet" group. I've had such great hopes for Jolla, but this thread was a complete beat down on any interest I had, so please help me build that interest again.
And if some day someone releases 1st Sailfish specific malware application, then we will react to it and tighten the holes if need be. Untill that this all is just specilative ranting.
| The Following User Says Thank You to PolyTicks For This Useful Post: | ||
|
|
2014-01-31
, 09:40
|
|
Posts: 1,067 |
Thanked: 2,383 times |
Joined on Jan 2012
@ Finland
|
#15
|
Originally Posted by PolyTicks
Normal unix security is in place, group gid are used to protect privileged dirs that only Jolla applications can access, system has iptables installed, so you can configure firewalls and control incoming and outgoing tcp/udp packets in fine-grained fashion.
You can't really be that naive? Sure, I love security as a layer, but that's because I'm a security consultant and I make some really good money when people **** up with security (in my line of work, security as a layer and **** up isn't even separate phrases). On a device I'm supposed to use for mostly everything, though, security needs to have a central role during development, not when **** hits the fan. Please tell me that you are at least utilizing the linux built in group permission separation. Some kind of control where I have to confirm that app X is allowed to be part of the "phonebook" group, the "read_home_directory" or the "internet" group. I've had such great hopes for Jolla, but this thread was a complete beat down on any interest I had, so please help me build that interest again.
Your business is security consultation, if you think that Unix uid's, gids, and cgroups are not interesting, then I suggest you going back to Android as you can make your earnings in there.
We are improving security on each update, but we are trying to keep the improvements as invisible to end users as possible. As imho if you ever need to ask end user a single security question in dialog, then you have already failed in usability.
So in short we are NOT waiting for stuff hitting the fan, but we are constantly making new improvements and enablers that will hopefully avoid that ever happening.
In some possible update there might even be some settings GUI for turning nagging dialogs on, but there will always be a setting not to nag the end user for question that they dont understand (unless they are system specialists).
__________________
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.
|
|
2014-01-31
, 20:10
|
|
Posts: 144 |
Thanked: 242 times |
Joined on Nov 2007
@ Finland
|
#16
|
There are Qualcomm chipset, modem software, and security enablers in Jolla. There are also NSA backboors and security disablers in the Qualcomm hw&sw in Jolla like in all other Qualcomm based devices.
| The Following User Says Thank You to Penguin For This Useful Post: | ||
|
|
2014-02-01
, 08:44
|
|
Posts: 3 |
Thanked: 1 time |
Joined on Jan 2014
|
#17
|
Originally Posted by rainisto
Thanks for a great answer. It still leaves me wondering about one thing though, which android solves with its permission system for users who understands the permissions. I do agree with you observation, though, that it leaves the standard user in the dark.
Normal unix security is in place, group gid are used to protect privileged dirs that only Jolla applications can access, system has iptables installed, so you can configure firewalls and control incoming and outgoing tcp/udp packets in fine-grained fashion.
Your business is security consultation, if you think that Unix uid's, gids, and cgroups are not interesting, then I suggest you going back to Android as you can make your earnings in there.
We are improving security on each update, but we are trying to keep the improvements as invisible to end users as possible. As imho if you ever need to ask end user a single security question in dialog, then you have already failed in usability.
So in short we are NOT waiting for stuff hitting the fan, but we are constantly making new improvements and enablers that will hopefully avoid that ever happening.
In some possible update there might even be some settings GUI for turning nagging dialogs on, but there will always be a setting not to nag the end user for question that they dont understand (unless they are system specialists).
How do you decide if it's an app that should be able to do actual administrative changes or is simply a game that should have no access to anything in the system if you can't ask the user? Simply put, how do you handle usability vs security if you can't ask the user what kind of app is running? Are all apps equal in system permissions and group belongings?
|
|
2014-03-18
, 05:41
|
|
Posts: 3 |
Thanked: 1 time |
Joined on Jan 2014
|
#18
|
I'm about to choose my next phone, and I would really appreciate an answer to my security concern.
|
|
2014-03-18
, 12:01
|
|
Posts: 1,067 |
Thanked: 2,383 times |
Joined on Jan 2012
@ Finland
|
#19
|
As already answered its handled by unix group security and harbour QA. Store applications doesnt have access to read nor edit privileged group data.
In addition to harbour apps (which has QA), there are openrepos where community pressure takes care the 'security' or 'insecurity'. And Jolla and 2nd party applications can have exceptions to normal gid rules.
In the future there might be more improvements coming.
In addition to harbour apps (which has QA), there are openrepos where community pressure takes care the 'security' or 'insecurity'. And Jolla and 2nd party applications can have exceptions to normal gid rules.
In the future there might be more improvements coming.
__________________
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.
| The Following 2 Users Say Thank You to rainisto For This Useful Post: | ||
I think you've misunderstood what szopin was referring to with regards the button. As for mer/nemo I don't think you fully understand what each is.
Mer is the core distribution on which the nemo middleware and then the Sailfish UI sits. Whilst the nemo that you may have tried (with the nemo ui) on the n900/n9 might not seem complete, the fact that Jolla have launched their device shows that mer & the nemo middleware is at a pretty well developed stage.
I've read posts of yours in the CSSU thread about how you believe that it's not working for you, but denigrating the efforts of a community is poor form and judgement when unmerited.
Community 'crap' clearly works as shown by the millions if not billions of devices running Linux everywhere you look.
Sticking Sailfish on their device makes sense for those that do, because it's what THEY WANT TO DO.
The point about getting used to a ui applies equally to those buying their first smartphone after years of using a 'dumbphone' or people buying their first tablet.