Notices


Reply
Thread Tools
Posts: 282 | Thanked: 259 times | Joined on Jan 2012 @ Milan, Italy
#21
Originally Posted by brunelli View Post
Seriously guys? Let me help you:

- App running in fullscreen (no notification bar or nav icons);
I have plenty of Android apps that run full screen on my tablet, so this is no proof to my eyes.

Originally Posted by brunelli View Post
- Sailfish X default wallpaper visible in the background (~1min mark);
Ok, now I see it but it was not that easy to see and also it is not exactly part of the UI (just to nitpick a bit )

Originally Posted by brunelli View Post
- Sailfish OS default fonts and Silica elements all around (TextField @ 53s).
But at the same time, no "real" Sailfish UI element anywhere (pulleys, glass-effect app background, app navigation by swipes, etc.). I now see that you probably are right, but I still think it is not that crystal clear! Anyway, if so, better.
 

The Following 5 Users Say Thank You to Watchmaker For This Useful Post:
Posts: 253 | Thanked: 1,399 times | Joined on Jul 2014
#22
The parts visible in the video are isolated from the main OS anyway, its done like that for security reasons so its like a minimal OS container that hosts the blockchain stuff
__________________
SirenSong v0.5
Like my work? buy me a beer
 

The Following 8 Users Say Thank You to r0kk3rz For This Useful Post:
Posts: 724 | Thanked: 1,251 times | Joined on Nov 2007 @ Cambridge, UK
#23
Originally Posted by r0kk3rz View Post
The parts visible in the video are isolated from the main OS anyway, its done like that for security reasons so its like a minimal OS container that hosts the blockchain stuff
Yes, people should read the white paper. The hypervisor is such that the Zipper system is able to take over control of the framebuffer to display it's content and interact with the user, without a rogue app on Sailfish or Android being able to bypass it's security.
 

The Following 9 Users Say Thank You to tswindell For This Useful Post:
Posts: 408 | Thanked: 942 times | Joined on Jan 2012 @ Enschede, The Netherlands
#24
Originally Posted by Stskeeps View Post
Watchmaker has it exactly right above in comment #9.

This is about making blockchain and cryptocurrency easy and straightforward.

It's about (in the future) 5 USD up front devices that provide a out-of-box experience for this.

It's not about pointing pointless crap at people - by far.
The fact of actually getting paid for your data or renting out your hardware is nice, as is the idea of cryptocurrency-made-easy.

But I'm not too keen on the fact that it uses its own token. It looks like yet-another-ICO, and a company of hoping to get at the center of a large economy. I have become wary of companies trying to lock me perpetually into their product, in an all-or-nothing-style, without alternatives. (One of the reasons I'm not using Facebook or any of its products, for example) Open standards are needed, community-driven, for the sake of progress, not profit.
 

The Following 9 Users Say Thank You to Fuzzillogic For This Useful Post:
Posts: 724 | Thanked: 1,251 times | Joined on Nov 2007 @ Cambridge, UK
#25
Originally Posted by Fuzzillogic View Post
The fact of actually getting paid for your data or renting out your hardware is nice, as is the idea of cryptocurrency-made-easy.

But I'm not too keen on the fact that it uses its own token. It looks like yet-another-ICO, and a company of hoping to get at the center of a large economy. I have become wary of companies trying to lock me perpetually into their product, in an all-or-nothing-style, without alternatives. (One of the reasons I'm not using Facebook or any of its products, for example) Open standards are needed, community-driven, for the sake of progress, not profit.
This is a really valuable point, I would not have any interest in working on something like this if it was not open. I can't speak for Carsten, but his track record speaks for itself as far as openness and community is concerned.
 

The Following 7 Users Say Thank You to tswindell For This Useful Post:
Posts: 232 | Thanked: 976 times | Joined on Oct 2013 @ France
#26
Originally Posted by tswindell View Post
Yes, people should read the white paper. The hypervisor is such that the Zipper system is able to take over control of the framebuffer to display it's content and interact with the user, without a rogue app on Sailfish or Android being able to bypass it's security.
Interesting read.
However, "secure" is difficult to make bullet-proof. I can be very well designed (like it seems in that case), but there are still some non-controlled attack surface.

From what I understand from the Image 2 (page 12 in https://zipperglobal.com/whitepaper.pdf), both are on top of the same linux kernel (I don't see the use of the hypervisor by the way if that is not a mistake in the image).
From talks of Greg Kroah-Hartman himself, we can see how much of the code in Android's linux kernel is out of tree (millions of lines), and never reviewed. Root exploits are well known.
On other platforms, there is said to be 2 and half kernel below the hypervisor in recent talks (the famous Intel ME case), so the hypervisor may not be the lowest level depending on hardware, and a lot can go wrong below it.
A lot of modems integrated in mobile chips have direct RAM access (which give Neo900/Purism solutions a selling point), and probably contain backdoors or at least vulnerabilities.

On another side, this container files are on the same disk as the Android/Sailfish system is, so there can be also exploits in filesystems drivers that can leak things there.


So, it is probably the best solution possible so far, and Stskeeps is someone I could trust on this, but I always take with a pinch of salt all things that are marketed as "secure" (macOS was probably presented with a "secure" login screen a few days ago ).

Nice to see you back, Stskeeps. Good luck with this project !
 

The Following 5 Users Say Thank You to Zeta For This Useful Post:
Stskeeps's Avatar
Posts: 1,671 | Thanked: 11,469 times | Joined on Jun 2008 @ Warsaw, Poland
#27
Originally Posted by Zeta View Post
Interesting read.
However, "secure" is difficult to make bullet-proof. I can be very well designed (like it seems in that case), but there are still some non-controlled attack surface.

From what I understand from the Image 2 (page 12 in https://zipperglobal.com/whitepaper.pdf), both are on top of the same linux kernel (I don't see the use of the hypervisor by the way if that is not a mistake in the image).
From talks of Greg Kroah-Hartman himself, we can see how much of the code in Android's linux kernel is out of tree (millions of lines), and never reviewed. Root exploits are well known.
On other platforms, there is said to be 2 and half kernel below the hypervisor in recent talks (the famous Intel ME case), so the hypervisor may not be the lowest level depending on hardware, and a lot can go wrong below it.
A lot of modems integrated in mobile chips have direct RAM access (which give Neo900/Purism solutions a selling point), and probably contain backdoors or at least vulnerabilities.

On another side, this container files are on the same disk as the Android/Sailfish system is, so there can be also exploits in filesystems drivers that can leak things there.


So, it is probably the best solution possible so far, and Stskeeps is someone I could trust on this, but I always take with a pinch of salt all things that are marketed as "secure" (macOS was probably presented with a "secure" login screen a few days ago ).

Nice to see you back, Stskeeps. Good luck with this project !
It all comes down to the threat model and who's your attacker. You don't necessarily want to have a Swiss Bank like security for most operations. It's not necessarily devices for a cypherpunk. It's meant to be for everybody and get people on a 'secure enough' setup. You want to make sure people don't needlessly lose money in scams, through stolen phones, or through bad actor apps.

As a comparison, contactless credit cards seem totally crazy security wise. But, actually, when I do transactions below some amount, I don't get asked for PIN. And it's very very convenient in shops. Despite the flaws.
 

The Following 11 Users Say Thank You to Stskeeps For This Useful Post:
Stskeeps's Avatar
Posts: 1,671 | Thanked: 11,469 times | Joined on Jun 2008 @ Warsaw, Poland
#28
Originally Posted by Fuzzillogic View Post
The fact of actually getting paid for your data or renting out your hardware is nice, as is the idea of cryptocurrency-made-easy.

But I'm not too keen on the fact that it uses its own token. It looks like yet-another-ICO, and a company of hoping to get at the center of a large economy. I have become wary of companies trying to lock me perpetually into their product, in an all-or-nothing-style, without alternatives. (One of the reasons I'm not using Facebook or any of its products, for example) Open standards are needed, community-driven, for the sake of progress, not profit.
I'd like to say on my part that a major part of the reason I left Jolla back then was to pursue the idea of combining blockchain and mobile. We were toying with IPFS, Ethereum nodes on Android and Sailfish, Qt-based wallets quite early on. My only mistake was not to buy enough ETH back then. I think "ICOs" are terrible.

However. They show that people will finance ideas happily if they get a stake in it. We try to do things a bit more orderly - gauging interest, have people commit funds they have time to withdraw; make people re-confirm the interest; appropriately identify who contributors are, do anti-money laundering checks; be transparent; etc. We aren't even trying to raise 180m+ USD

If you read the whitepaper ( https://zipperglobal.com/whitepaper.pdf ) the token itself is not a lockup. See this section for example:

Curation market

The purpose of the curation market is to incentivise development of applications for the Zipper store and power discovery for those applications.
 

The Following 10 Users Say Thank You to Stskeeps For This Useful Post:
Stskeeps's Avatar
Posts: 1,671 | Thanked: 11,469 times | Joined on Jun 2008 @ Warsaw, Poland
#29
Originally Posted by Manatus View Post
It is not just about cryptocurrency: Resolving public key distribution dilemma is much more interesting thing.
And if both of you had appropriate devices you'd very easily be able to exchange basic cryptographic identity information through something like Ultrasonic networking in person.

https://www.youtube.com/watch?v=w6lRq5spQmc
 

The Following 5 Users Say Thank You to Stskeeps For This Useful Post:
Stskeeps's Avatar
Posts: 1,671 | Thanked: 11,469 times | Joined on Jun 2008 @ Warsaw, Poland
#30
Originally Posted by biketool View Post
I would only consider a FOSS cryptocurrency app where I could and HAD reviewed the code for phone home of my wallet details as otherwise I would suspect the app of being able to 'rob' me at any time by on command, time delayed, or randomly execute a transfer of my cryptocurrency to a wallet accessible to the devs. Remember that there are no take-backs or appeals with a transfer, it is P2P.
I also want to state for those who have been fed misinformation, the way blockchain works it is even less annon than transferring money bybank transfer, paypal, or or credit card; essentially it is like cash where every transaction and holder is indelibly recorded on the banknote/bill, announced over the radio, and recorded in a public almanac.
I would not be surprised to find that blockchain based pseudocurrencies were designed by an American three letter police or intelligence agency to have a way to track the flow of black money even when transfers were done offline.
Every app should have it's own sub-account of it's own separate from your regular money. You can do P2P or take-back systems if you design them to just fine - it's just another kind of token.

Albeit not that mobile capable yet (too much RAM requirements), https://z.cash/ is quite interesting technology.

Regarding the public ledger; https://en.wikipedia.org/wiki/Rai_stones were a interesting historical precedent.
 

The Following 5 Users Say Thank You to Stskeeps For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 20:48.