Active Topics

 


Reply
Thread Tools
pichlo's Avatar
Posts: 6,447 | Thanked: 20,981 times | Joined on Sep 2012 @ UK
#391
Originally Posted by MartinK View Post
So is sometimes hard to see the same mistakes that Nokia did to be redone by Jolla
What did you expect? They came from Nokia, at least for the most part. That is where they learned how to do things.

Originally Posted by bluefoot View Post
people have been continually willing to let Jolla and Sailfish get away with murder because of rose tinted spectacles, myself included. were it not for the glory days (well - halcyon days), very few would have even given jolla the time of day, let alone stuck around until now.
You said it, bro

A fellow TMO member once asked me about my Jolla experience to help him decide whether to buy one. Like me, he had an N900 and an N9 before. I just looked up my response, it was sent on 2014-12-17. It is quite long and I am not going to copy it here but I have to say, having re-read it again, it saddens me to see that none of the points I mentioned there have been addressed. For example, the lack of a global copy and paste.

Nevertheless, the gist of that write-up was, "it has some potential but it is not quite there yet", with an implied belief that it would get there eventually. Now, nearly a year on, I would have written a different summary: "The potential was there but has been completely wasted."

Yet I think there is still a chance. But that would require a complete U-turn on Jolla's side. Stop fidgeting with the UI. It is not perfect but it will do as it is. Focus on things people are actually asking for. Fix or implement basic functionality. Fix the truly terrible memory consumption and management. A bare OS, with no Android installed and no apps running, using 69% of the available RAM (gone up to 83% in 1.1.9) is a scandal. Fixing it may take a few months if you put your mind to it but it would be time well spent. That is exactly what Apple (Leopard->Snow Leopard) and Microsoft (Vista->7) did and it worked for them.

Otherwise the future is bleak. More and more peole will move on, leaving behind only those still refusing to accept the reality. As their concentration increases, so will their cognitive dissonance which they will vent by an increasing aggresivity towards the few remaining people with some common sense. Eventually, the only Jolla's users left would be the 1000 or so die-hard yes-men, Jolla will stop receiving any useful feedabck and the system will collapse. A business cannot exist with such a small user base for very long.
 

The Following 7 Users Say Thank You to pichlo For This Useful Post:
Posts: 134 | Thanked: 370 times | Joined on Oct 2012 @ France
#392
Well, I would like to add some words about Nemo and Open Source OS :
Nemo with Glacier is not fully unusable, and working on it is not building an UI from scratch. But yes, because of the lack of developers, it is not ready for an everyday use. however, I used it few days on my N900 (my main phone at this time) for testing purpose and it worked more or less. IMO, there is not so much work required for having an usable OS with the basics functions working well (if I remeber well, SMS were fully working and calls half working).

About the devices : there were working phones with Nemo when nobody talked about Sailfish : the N900 (which is now not maintained because of Wayland) and the N9. So if you have a N9, you have some hardware where you can test Nemo.

And finally, why someone could would like work on Nemo. In first, it's open-source. And there is one think especially great with the open source : diversity. Working on Nemo could provide an other choice of GNU/Linux phone distribution, and will add diversification.

But if you tell me that working on a abandonned OS with (as it seems) nobody working on it is less interresting than a one maintained by a compagny with many users using it, I can only agree but if you want a fully open-source OS, someone have to do the first step. And here, the first step is not to do everything from scratch but to work on existing code.
 

The Following 6 Users Say Thank You to Astaoth For This Useful Post:
ZogG's Avatar
Posts: 1,389 | Thanked: 1,857 times | Joined on Feb 2010 @ Israel
#393
Originally Posted by Stskeeps View Post
Stay tuned.
We are tunned few years already. If there is some information - just give it to us. Because this "soon" thing is not funny anymore.
__________________
IRC nick on freenode — ZogG
imgrup
 

The Following 11 Users Say Thank You to ZogG For This Useful Post:
Feathers McGraw's Avatar
Posts: 654 | Thanked: 2,368 times | Joined on Jul 2014 @ UK
#394
Right... wish me luck, I'm going to try and pull ths in a slightly more constructive direction and talk about something Jolla could change without turning their business model upside-down:

I read somewhere before that a big chunk of Red Hat support contracts are with the US military. If Jolla wants to capture part of the government/military market, they desperately need to improve the security model on Sailfish. There has been some talk of "Sailfish Secure" but as far as I can tell nothing has materialised so far.

Sailfish' security model sucks because it doesn't follow the principle of least privilege:
  • Nemo can install packages without authentication (via pkcon)
  • Installed apps run as nemo...
  • ...installed apps could therefore install other things (that run as root) without authentication! I'm not really worried about malicious apps since most Sailfish apps are Free/Open Source, but if you subscribe to the Ubuntu security announcement list you'll see lots of bugs like "potentially allows remote command execution as the user firefox is running as"... I am worried about the fact that exploiting a security flaw in a single app could give you easy root via nemo.
  • all kinds of other important stuff also runs as nemo (like systemd)

I think this is something Jolla could improve quite easily, without affecting their business model. Pretty sure the reason people don't bitch about this more is because they're used to it - n900's security model was pretty awful too, and really shocked me when I picked it up for the first time last year.

I forgave the n900 because it's an old design, but Sailfish is a modern OS and is way behind Android/iOS in this regard!

Why not:
  • Create groups with permissions to read contact data, change network connections etc
  • Require nemo to authenticate when installing applications (otherwise you might as well just run everything as root)
  • Each app runs as its own user
  • Only grant harbour-foo permissions for the groups required to do what it needs

Doesn't seem like a lot of work, we have the tools to do a lot of this already. The difficult bit would be the next step: showing a list of required permissions (groups) before installation, and allowing the user to grant/revoke them.

Does anyone know why this wouldn't work/hasn't been implemented already? Or can you think of any improvements?

Also related, the roadmap says Jolla researched SELinux some time ago, so maybe there's a more elegant way of achieving this using SELinux?
 

The Following 11 Users Say Thank You to Feathers McGraw For This Useful Post:
Posts: 337 | Thanked: 891 times | Joined on Jul 2012 @ Royaume Uni.
#395
Originally Posted by pichlo View Post
A bare OS, with no Android installed and no apps running, using 69% of the available RAM (gone up to 83% in 1.1.9) is a scandal. Fixing it may take a few months if you put your mind to it but it would be time well spent. That is exactly what Apple (Leopard->Snow Leopard) and Microsoft (Vista->7) did and it worked for them.
Agree completely.

Either sort the memory issue out, or else give us a new phone with more memory. It drives me crazy that we have these much vaunted multi-tasking capabilities that we simply can't use because apps have to be continuous recycled like in Android.
 

The Following 2 Users Say Thank You to NokiaFanatic For This Useful Post:
Copernicus's Avatar
Posts: 1,986 | Thanked: 7,698 times | Joined on Dec 2010 @ Dayton, Ohio
#396
I sense a contradiction here:

Originally Posted by dcaliste View Post
The Jolla phone is my only phone. I cannot contribute to something that would stay as a toy on a board, I don't have enough time for that, so everything that is fully Open Source but lacks the capability of being my main phone in mundane life is a no go for me, sadly
and

Originally Posted by dcaliste View Post
I don't simply understand why they are not releasing as Open Source all the small applications of SFOS (calculator, calendar, mail…).
...
The only reasonable explanation that I imagine is a lack of Open Source advantages understanding from the management…
Ok, here's the problem I see: as you say, the fully open mobile devices are still "toys on a board". Only the organizations that have adopted closed-source practices have devices viable for every-day work. So, just what are the advantages of Open Source, then? If, for example, Nemo can never become a viable product, why should anybody at Jolla want to adopt the same strategy as Nemo?

I guess I'm saying, can you really convince Jolla that full open-source is going to help their business? Cause right now, I'm just not seeing it...
 

The Following 2 Users Say Thank You to Copernicus For This Useful Post:
Posts: 702 | Thanked: 2,059 times | Joined on Feb 2011 @ UK
#397
Originally Posted by NokiaFanatic View Post
Either sort the memory issue out, or else give us a new phone with more memory. It drives me crazy that we have these much vaunted multi-tasking capabilities that we simply can't use because apps have to be continuous recycled like in Android.
Absolutely. I'd been through a few Android phones before getting devices with 2GB and 3GB of RAM and on Android it's night and day compared to phones with 1GB or less. On Symbian it was always 'never buy a phone with less than 128MB' of course so it is kind of bonkers we're talking about multi-GB now but chips are a cheap fix.

Jolla expect to run Sailfish AND Android in less than 1GB so they either need to optimise the fudge out of Sailfish or port it to devices with more RAM.

...and fix CalDAV
 
Copernicus's Avatar
Posts: 1,986 | Thanked: 7,698 times | Joined on Dec 2010 @ Dayton, Ohio
#398
Originally Posted by javispedro View Post
Please note that IMHO, in the absence of valid reasons for going closed source, the default should be free software. In this day and age, I'm just no longer entertaining the opposite point of view.
I'd love to share your point of view, but in the absence of viable fully open mobile operating systems, I'm not finding a lot of valid reasons to go open-source either.

Just where is the community support for community-based software? Why is there so much interest in trying to make commercial software open, when open-source alternatives already exist? And, if Jolla did fully open-source Sailfish, would anybody actually work on it, or would they just go to the next piece of commercially-built software and demand that it become open as well?

Originally Posted by javispedro View Post
Mer, Replicant, etc. do not currently ship devices with support and that's something I'm willing to pay for. Note this would be closer to the role I wish Jolla had: selling working Mer devices and supporting them.
Cool! So, I've gotta ask, just where are the fully open Mer-based devices? Jolla doesn't have a patent on Mer or anything; just what is stopping another company from building one?
 

The Following User Says Thank You to Copernicus For This Useful Post:
Posts: 285 | Thanked: 1,900 times | Joined on Feb 2010
#399
Originally Posted by Feathers McGraw View Post
Right... wish me luck, I'm going to try and pull ths in a slightly more constructive direction and talk about something Jolla could change without turning their business model upside-down:
Good luck.

I read somewhere before that a big chunk of Red Hat support contracts are with the US military. If Jolla wants to capture part of the government/military market, they desperately need to improve the security model on Sailfish. There has been some talk of "Sailfish Secure" but as far as I can tell nothing has materialised so far.
This is important notice. Years ago Red Hat effectively ditched consumer market and concentrated on enterprise only. It was sensible and successful choice for them. However, Sailfish doesn't compare to that as it's completely different kind of beast - it cannot succeed without being somewhat successful in the consumer market whereas Red Hat didn't have to give a flying duck about consumer space when working with enterprise/data center related stuff. So, Sailfish secure is definitely needed, but it cannot replace the consumer point of view. And it will take some time to implement, test, certificate etc...

I'd also like to point out that there are numerous endeavors that have ended up in bankruptcy or just ceased operations on FOSS consumer market. Even Canonical is funding their consumer desktop operations using revenue generated from enterprise as the consumer operations income don't really cover the costs. It may be different though within mobile space as it's more difficult to implement those sources into working device.

...installed apps could therefore install other things (that run as root) without authentication!
AFAIK this is not possible, as nemo doesn't have root-privileges and it cannot use those privileges without authentication. It does have more privileges than regular user in regular Linux server or desktop, this is one of those parts that are so because of usability - no regular user is willing to enter password every single time they want to install or update apps.

Another thing is that (if I understand it correctly, please correct me if I'm wrong) root privileges are by default beyond the reach of regular user in Sailfish. You need to enable developer mode and set the password to be able to get root privileges. This IMO is safer than having users with either default passwords or those 123456-style passwords for root in their devices. This doesn't mean that user or malicious software is not able to do harm, as the important stuff (like contacts, other personal data) needs to be accessed by nemo.

Also related, the roadmap says Jolla researched SELinux some time ago, so maybe there's a more elegant way of achieving this using SELinux?
I don't think there is any elegant way of doing things with SELinux.... it's very effective way though, when done correctly.

Last edited by JulmaHerra; 2015-09-16 at 12:37.
 

The Following 4 Users Say Thank You to JulmaHerra For This Useful Post:
Posts: 1,548 | Thanked: 7,510 times | Joined on Apr 2010 @ Czech Republic
#400
Originally Posted by Feathers McGraw View Post
Does anyone know why this wouldn't work/hasn't been implemented already? Or can you think of any improvements?
Check the xdg-app project, it aims to pretty much that - fully sandboxed GUI/desktop applications. Citing:

There are two main goals with this project.

We want to make it possible for 3rd parties to create and distribute applications that works on multiple distributions.
We want to run the applications with as little access as possible to the host. (For example user files or network access)

In the long run the sandboxing aspect is very important as it allow you to trust the applications less, which is important for users of 3rd party applications. It also gives the user some level of protection against things that were historically not handled by the security system on unix (which is primarily focused on protecting the system installation against the user).

The sandboxing is done with a set of technologies, including:

cgroups
namespaces
selinux
kdbus
wayland (because X11 is inherently insecure)

In particular, kdbus is very important as it allows us to have an efficient very expressive IPC mechanism with access-validation by the kernel.
The xdg-app project might not be that easy to run on Sailfish OS as it might need some pretty cutting edge stuff to work (such as kdbus) but is still by far the best and most robust solution I have seen for running graphical apps in a sandbox (if we discount all the horrible platform specific hacks Android uses for this).
__________________
modRana: a flexible GPS navigation system
Mieru: a flexible manga and comic book reader
Universal Components - a solution for native looking yet component set independent QML appliactions (QtQuick Controls 2 & Silica supported as backends)
 

The Following 4 Users Say Thank You to MartinK For This Useful Post:
Reply


 
Forum Jump


All times are GMT. The time now is 15:44.