Active Topics
-
The N900 is now 15 years old! (9)
to Nokia N900 by Arno_11 - 9 hrs, 7 mins ago -
Sailfish OS for the Motorola Moto G7 Power (XT1955-5) - (ocean) (4)
to SailfishOS by Maemish - 5 days, 21 hrs ago - more...
szopin |
2015-07-01
, 10:29
|
|
Posts: 2,076 |
Thanked: 3,268 times |
Joined on Feb 2011
|
#331
|
Originally Posted by MartinK
and give NSA head start? they wouldn't need to infiltrate them then, no wai, drivers from samsung&dod are enough of a pain
|
|
2015-07-01
, 10:29
|
|
Moderator |
Posts: 5,320 |
Thanked: 4,464 times |
Joined on Oct 2009
|
#332
|
Originally Posted by bluefoot
I'm not deep enough into the Sailfish dev. side of things to comment on how it compares to this (I know enough to suspect that it's probably nowhere near as transparent as this -assuming "this" is 100% correct), I'll let others who are comment in much more detail, ideally they've also had some involvement in UT.
You can see exactly what they're working on at any given time, and what the bugs are (save for stuff that's way upstream), what the devs are thinking, what delays there might be & why, and anyone can jump in and participate, offer fixes or ask questions. It's all done on an open mailing list. You can also test any of the builds (at your own risk), which tend to be spat out every few days (or at least once a week). Granted you can't see the development process for OEMs' work, though you frequently can test their internal builds which are often pushed to the main repos. They're as transparent as it gets.
|
|
2015-07-01
, 10:31
|
|
Posts: 338 |
Thanked: 496 times |
Joined on Oct 2010
|
#333
|
Originally Posted by MartinK
But, but, the Russian guy claimed the process would start in June and it'd all be open by the close of July with the release of 2.0 :-o The usual suspects here jumped in to claim that was the word of god, and non-committal statements (to the contrary) by Saarnio and others at Jolla ("info soon" / "not ready to talk about it") must surely be misunderstandings.
So maybe they should open source all they can so that also other can check that there are indeed no backdoors ? ;-)
Does this mean we won't have a fully open OS by the end of this month? Some people here must be shocked at this turn of events.
Originally Posted by jalyst
I think you know very well what the answer is ...
I'm not deep enough into the Sailfish dev. side of things to comment on how it compares to this (I know enough to suspect that it's probably nowhere near as transparent as this -assuming "this" is 100% correct), I'll let others who are comment in much more detail, ideally they've also had some involvement in UT.
|
|
2015-07-01
, 10:36
|
|
Moderator |
Posts: 5,320 |
Thanked: 4,464 times |
Joined on Oct 2009
|
#334
|
Originally Posted by bluefoot
That's not what happened, I recall the exchange you had with szopin (IIIRC?), he didn't claim it was coming then, you suggested that's what the official company line was & he clarified what it really was (IIRC you refused to agree despite the interview with a co. rep. -not a gov't official- that he referenced); i.e. there's plans for a time-line, but no plans to release/announce it yet, but they hope to "soon". That's my vague recollection, I'll leave szopin/you to dig-up the actual exchange for the full detail. Yes their statement is -once again- vague as hell, but it's a confirmation at least that there's plans afoot for more opening, something they'd not said anything about for a very long time.
But, but, the Russian guy claimed the process would start in June and it'd all be open by the close of July with the release of 2.0 :-o The usual suspects here jumped in to claim that was the word of god, and non-committal statements (to the contrary) by Saarnio and others at Jolla ("info soon" / "not ready to talk about it") must surely be misunderstandings. Does this mean we won't have a fully open OS by the end of this month? Some people here must be shocked at this turn of events.
I think you know very well what the answer is ...
Last edited by jalyst; 2015-07-01 at 11:02.
|
|
2015-07-01
, 10:42
|
|
Posts: 2,076 |
Thanked: 3,268 times |
Joined on Feb 2011
|
#335
|
on opennes in tizen you can read here:
https://lists.sailfishos.org/piperma...ne/006264.html
maybe some dev can confirm the UT praise, did not see that many praising it so far, some pink glasses?
https://lists.sailfishos.org/piperma...ne/006264.html
maybe some dev can confirm the UT praise, did not see that many praising it so far, some pink glasses?
|
|
2015-07-01
, 10:46
|
|
Posts: 1,548 |
Thanked: 7,510 times |
Joined on Apr 2010
@ Czech Republic
|
#336
|
Originally Posted by szopin
You don't know much about security, do you ? ;-)
and give NSA head start? they wouldn't need to infiltrate them then, no wai, drivers from samsung&dod are enough of a pain
(hint: Most security critical algorithms and libraries are public & open source and a target of a very strict pear review. Closed source components, which can't be reviewed in a similar way, are often considered untrusted by default.)
__________________
modRana: a flexible GPS navigation system
Mieru: a flexible manga and comic book reader
Universal Components - a solution for native looking yet component set independent QML appliactions (QtQuick Controls 2 & Silica supported as backends)
modRana: a flexible GPS navigation system
Mieru: a flexible manga and comic book reader
Universal Components - a solution for native looking yet component set independent QML appliactions (QtQuick Controls 2 & Silica supported as backends)
|
|
2015-07-01
, 10:49
|
|
Posts: 338 |
Thanked: 496 times |
Joined on Oct 2010
|
#337
|
Originally Posted by jalyst
MartinK just posted about a small number of issues. Forgotten already? There are many more.
Well, I don't, which is why I'm asking for insights from more than just one user, ideally a user who happens to be an active dev in at least 1 of those 2 communities.
If you choose to believe that's not how UT development works, fine. It's all in the open, though, so if you don't want to go and look, that's your prerogative.
Anyway, we go back to the point of people making excuses for Jolla on the basis that they aren't THAT bad compared with others (they are), but fail to find much defensible about their action / inaction itself.
|
|
2015-07-01
, 10:55
|
|
Posts: 2,076 |
Thanked: 3,268 times |
Joined on Feb 2011
|
#338
|
Originally Posted by MartinK
pear review...
You don't know much about security, do you ? ;-)
(hint: Most security critical algorithms and libraries are public & open source and a target of a very strict pear review. Closed source components, which can't be reviewed in a similar way, are often considered untrusted by default.)
yeah, problem is NSA has a hundred hackers to throw at it the instant it drops, peer review and audit can be performed with GRU help before dropping to the public, want to make those holes available to NSA first?
edit: just to be clear, not promoting security through obscurity, but open sourcing is not a remedy, you need to pay people to make proper audit (see truecrypt audit funding), NSA already has such people and they pay them monthly. Closed source can be secure, most banks use MS solutions and somehow it works, but yeah, once they open source go at it and find all the bugs
Last edited by szopin; 2015-07-01 at 11:07.
|
|
2015-07-01
, 11:09
|
|
Moderator |
Posts: 5,320 |
Thanked: 4,464 times |
Joined on Oct 2009
|
#339
|
Originally Posted by bluefoot
I refer folks back to my most recent posts, they're very straight forward in what they're asking.
MartinK just posted about a small number of issues. Forgotten already? There are many more.
They're not asking for e.g.'s of no comms between active devs & jolla, that point was already addressed by martin.
My most recent posts had a different set of Qns, I'm not sure how that could be unclear to you.
Originally Posted by jalyst
Thanks for some actual examples, so IYO, is this an accurate account/summary of the situation?
<SNIP>
And IYO is SF clearly significantly worse than UT, Tizen, FFOS, or the several forked Android distros?
(i.e. does anyone here actively dev/power-use in one or more of those communities)
Originally Posted by jalyst
I'm not deep enough into the Sailfish dev. side of things to comment on how it compares to this (I know enough to suspect that it's probably nowhere near as transparent as this -assuming "this" is 100% correct), I'll let others who are comment in much more detail, ideally they've also had some involvement in UT.
Originally Posted by jalyst
Well, I don't, which is why I'm asking for insights from more than just one user, ideally a user who happens to be an active dev in at least 1 of those 2 communities.
Originally Posted by szopin
THIS, some insights from those that've actually been heavily involved (ideally SF too), would be great.
maybe some dev can confirm the UT praise, did not see that many praising it so far, some pink glasses?
Last edited by jalyst; 2015-07-01 at 11:21.
 |
|
2015-07-01
, 11:19
|
|
Posts: 6,447 |
Thanked: 20,981 times |
Joined on Sep 2012
@ UK
|
#340
|
Originally Posted by MartinK
You don't know much about business, do you? ;-)
You don't know much about security, do you ? ;-)
(hint: Most security critical algorithms and libraries are public & open source and a target of a very strict pear review. Closed source components, which can't be reviewed in a similar way, are often considered untrusted by default.)
Most businesses do not trust anything "open-sorce" by default. Most businesses prefer other businesses supplying their solutions, including security. Most businesses' security implementation is closed source.
(And when I say "most", I mean, "from all the companies I have worked for in the past 25 years, 100%". Feel free to do the substitution in all cases the word "most" was used in the above paragraph.)
So, when you say "considered untrusted", please do not forget to specify *by whom*.
Also, sorry about the small OT diversion but since you've touched upon the topic of peer review...
 |
| Tags |
| moral hazard, paypal refund |
«
Previous Thread
|
Next Thread
»
|
All times are GMT. The time now is 02:49.