Poll: Did you order a Jolla tablet?
Poll Options
Did you order a Jolla tablet?

Closed Thread
Thread Tools
Posts: 2,076 | Thanked: 3,268 times | Joined on Feb 2011
#331
Originally Posted by MartinK View Post
So maybe they should open source all they can so that also other can check that there are indeed no backdoors ? ;-)
and give NSA head start? they wouldn't need to infiltrate them then, no wai, drivers from samsung&dod are enough of a pain
 
Moderator | Posts: 5,320 | Thanked: 4,464 times | Joined on Oct 2009
#332
Originally Posted by bluefoot View Post
You can see exactly what they're working on at any given time, and what the bugs are (save for stuff that's way upstream), what the devs are thinking, what delays there might be & why, and anyone can jump in and participate, offer fixes or ask questions. It's all done on an open mailing list. You can also test any of the builds (at your own risk), which tend to be spat out every few days (or at least once a week). Granted you can't see the development process for OEMs' work, though you frequently can test their internal builds which are often pushed to the main repos. They're as transparent as it gets.
I'm not deep enough into the Sailfish dev. side of things to comment on how it compares to this (I know enough to suspect that it's probably nowhere near as transparent as this -assuming "this" is 100% correct), I'll let others who are comment in much more detail, ideally they've also had some involvement in UT.
 
Posts: 338 | Thanked: 496 times | Joined on Oct 2010
#333
Originally Posted by MartinK View Post
So maybe they should open source all they can so that also other can check that there are indeed no backdoors ? ;-)
But, but, the Russian guy claimed the process would start in June and it'd all be open by the close of July with the release of 2.0 :-o The usual suspects here jumped in to claim that was the word of god, and non-committal statements (to the contrary) by Saarnio and others at Jolla ("info soon" / "not ready to talk about it") must surely be misunderstandings.

Does this mean we won't have a fully open OS by the end of this month? Some people here must be shocked at this turn of events.

Originally Posted by jalyst View Post
I'm not deep enough into the Sailfish dev. side of things to comment on how it compares to this (I know enough to suspect that it's probably nowhere near as transparent as this -assuming "this" is 100% correct), I'll let others who are comment in much more detail, ideally they've also had some involvement in UT.
I think you know very well what the answer is ...
 
Moderator | Posts: 5,320 | Thanked: 4,464 times | Joined on Oct 2009
#334
Originally Posted by bluefoot View Post
But, but, the Russian guy claimed the process would start in June and it'd all be open by the close of July with the release of 2.0 :-o The usual suspects here jumped in to claim that was the word of god, and non-committal statements (to the contrary) by Saarnio and others at Jolla ("info soon" / "not ready to talk about it") must surely be misunderstandings. Does this mean we won't have a fully open OS by the end of this month? Some people here must be shocked at this turn of events.
That's not what happened, I recall the exchange you had with szopin (IIIRC?), he didn't claim it was coming then, you suggested that's what the official company line was & he clarified what it really was (IIRC you refused to agree despite the interview with a co. rep. -not a gov't official- that he referenced); i.e. there's plans for a time-line, but no plans to release/announce it yet, but they hope to "soon". That's my vague recollection, I'll leave szopin/you to dig-up the actual exchange for the full detail. Yes their statement is -once again- vague as hell, but it's a confirmation at least that there's plans afoot for more opening, something they'd not said anything about for a very long time.

I think you know very well what the answer is ...
Well, I don't, which is why I'm asking for insights from more than just one user, ideally a user who happens to be an active dev in at least 1 of those 2 communities.

Last edited by jalyst; 2015-07-01 at 11:02.
 
Posts: 2,076 | Thanked: 3,268 times | Joined on Feb 2011
#335
on opennes in tizen you can read here:
https://lists.sailfishos.org/piperma...ne/006264.html

maybe some dev can confirm the UT praise, did not see that many praising it so far, some pink glasses?
 
Posts: 1,548 | Thanked: 7,510 times | Joined on Apr 2010 @ Czech Republic
#336
Originally Posted by szopin View Post
and give NSA head start? they wouldn't need to infiltrate them then, no wai, drivers from samsung&dod are enough of a pain
You don't know much about security, do you ? ;-)

(hint: Most security critical algorithms and libraries are public & open source and a target of a very strict pear review. Closed source components, which can't be reviewed in a similar way, are often considered untrusted by default.)
__________________
modRana: a flexible GPS navigation system
Mieru: a flexible manga and comic book reader
Universal Components - a solution for native looking yet component set independent QML appliactions (QtQuick Controls 2 & Silica supported as backends)
 
Posts: 338 | Thanked: 496 times | Joined on Oct 2010
#337
Originally Posted by jalyst View Post
Well, I don't, which is why I'm asking for insights from more than just one user, ideally a user who happens to be an active dev in at least 1 of those 2 communities.
MartinK just posted about a small number of issues. Forgotten already? There are many more.

If you choose to believe that's not how UT development works, fine. It's all in the open, though, so if you don't want to go and look, that's your prerogative.

Anyway, we go back to the point of people making excuses for Jolla on the basis that they aren't THAT bad compared with others (they are), but fail to find much defensible about their action / inaction itself.
 
Posts: 2,076 | Thanked: 3,268 times | Joined on Feb 2011
#338
Originally Posted by MartinK View Post
You don't know much about security, do you ? ;-)

(hint: Most security critical algorithms and libraries are public & open source and a target of a very strict pear review. Closed source components, which can't be reviewed in a similar way, are often considered untrusted by default.)
pear review...
yeah, problem is NSA has a hundred hackers to throw at it the instant it drops, peer review and audit can be performed with GRU help before dropping to the public, want to make those holes available to NSA first?

edit: just to be clear, not promoting security through obscurity, but open sourcing is not a remedy, you need to pay people to make proper audit (see truecrypt audit funding), NSA already has such people and they pay them monthly. Closed source can be secure, most banks use MS solutions and somehow it works, but yeah, once they open source go at it and find all the bugs

Last edited by szopin; 2015-07-01 at 11:07.
 
Moderator | Posts: 5,320 | Thanked: 4,464 times | Joined on Oct 2009
#339
Originally Posted by bluefoot View Post
MartinK just posted about a small number of issues. Forgotten already? There are many more.
I refer folks back to my most recent posts, they're very straight forward in what they're asking.
They're not asking for e.g.'s of no comms between active devs & jolla, that point was already addressed by martin.
My most recent posts had a different set of Qns, I'm not sure how that could be unclear to you.

Originally Posted by jalyst View Post
Thanks for some actual examples, so IYO, is this an accurate account/summary of the situation?
<SNIP>
And IYO is SF clearly significantly worse than UT, Tizen, FFOS, or the several forked Android distros?
(i.e. does anyone here actively dev/power-use in one or more of those communities)
Originally Posted by jalyst View Post
I'm not deep enough into the Sailfish dev. side of things to comment on how it compares to this (I know enough to suspect that it's probably nowhere near as transparent as this -assuming "this" is 100% correct), I'll let others who are comment in much more detail, ideally they've also had some involvement in UT.
Originally Posted by jalyst View Post
Well, I don't, which is why I'm asking for insights from more than just one user, ideally a user who happens to be an active dev in at least 1 of those 2 communities.
Originally Posted by szopin View Post
maybe some dev can confirm the UT praise, did not see that many praising it so far, some pink glasses?
THIS, some insights from those that've actually been heavily involved (ideally SF too), would be great.

Last edited by jalyst; 2015-07-01 at 11:21.
 
pichlo's Avatar
Posts: 6,447 | Thanked: 20,981 times | Joined on Sep 2012 @ UK
#340
Originally Posted by MartinK View Post
You don't know much about security, do you ? ;-)

(hint: Most security critical algorithms and libraries are public & open source and a target of a very strict pear review. Closed source components, which can't be reviewed in a similar way, are often considered untrusted by default.)
You don't know much about business, do you? ;-)

Most businesses do not trust anything "open-sorce" by default. Most businesses prefer other businesses supplying their solutions, including security. Most businesses' security implementation is closed source.

(And when I say "most", I mean, "from all the companies I have worked for in the past 25 years, 100%". Feel free to do the substitution in all cases the word "most" was used in the above paragraph.)

So, when you say "considered untrusted", please do not forget to specify *by whom*.

Also, sorry about the small OT diversion but since you've touched upon the topic of peer review...
 
Closed Thread

Tags
moral hazard, paypal refund

Thread Tools

 
Forum Jump


All times are GMT. The time now is 04:32.