Re: Jolla - alike, or how Jolla adopted the Google's anti-open-source practices.
 

Says the man to whom Stallman is a god, apparently oblivious to the irony.

To be clear, I do not care much about open or closed. The most important factor is whether it works. Open is an added benefit. And, for the most part, Sailfish does not, which is why I am back to Maemo. But there are purists out there to whom open is the panacea. The fact that they flock to Jolla indicates that they are clutching at straws.


That is one point we both agree on.

Re: Jolla - alike, or how Jolla adopted the Google's anti-open-source practices.
 

It would also be nice if people realized that there won't be a "saviour" without someone with deep pockets and exceptional will to do something without business case. Jolla is just a company trying to build a product to make profit in a way that embraces some parts of open source ideology. If it wasn't, there would not be SailfishOS as FOSS-model doesn't seem to generate much income to startups.

Re: Jolla - alike, or how Jolla adopted the Google's anti-open-source practices.
 

Rostelkom has absolutely nothing to do with it. The Russian interest (especially in the government sector) is to provide an alternative to the CIA/NSA honeypots that come with US agreements and litigation, a la Google/Apple duopoly. The Russian government (and other governments, naturally) don't trust products or services from Google or Apple, and rightfully so.

Meanwhile, run a tcpdump and look for suspect connections. Trace them back to their source and prove that the packets contain any data that violates Jolla's privacy policy, then I'll start to subscribe to your conspiracy theory.

More on the point, though, the vast majority of closed bits on Sailfish are the UX and arbitration using Android device drivers.

If you've a problem with unauditable code or proprietary binary blobs, I have some bad news for you:

Anything you use day-to-day has arbitrary code that isn't open to public scrutiny, unless you have the good fortune to own one of a handful of older Thinkpads (or a select few other notebooks) or some one-off smartphone with a fabled open baseband.

I don't think the bits like Alien Dalvik, Exchange support or XT9 should be counted, as they're licensed from third parties. Jolla open sourcing someone else's work after leasing it from them just doesn't make sense.

If you'd like to develop a completely open binary free handset with an open baseband and a completely open mobile OS, by all means. I'm sure there will be people lined up to pledge their support.

Re: Jolla - alike, or how Jolla adopted the Google's anti-open-source practices.
 

I don't believe in gods.

I admire people with an extraordinary intellect, people who create something excitingly new, people who change the world and other peoples lives for the better. Richard Stallman is one of them. He changed the world. Without the concept of free software and (more importantly) the idea of copyleft, we'd not be here today discussing Sailfish or Maemo.

I admire people who stick to their own ideas more radically than others can. It needs those extreme evangelists for us more pragmatic people to find their place on the axis.

Re: Jolla - alike, or how Jolla adopted the Google's anti-open-source practices.
 

Playing devil's advocate here; do we really have proof of this in the real world?

The majority has since traded security and extensibility for convenience and access. Don't get me wrong, I'm all about options - I still consider Jolla an option - but so far nothing has outright stayed an option and been highly adopted.

Not yet.

Re: Jolla - alike, or how Jolla adopted the Google's anti-open-source practices.
 

Bingo.
What he said ....
(gerbick... that is....)

Re: Jolla - alike, or how Jolla adopted the Google's anti-open-source practices.
 

Playing the devil's advocate a little here for the whole post.

Are you sure that your model covers all computationally-bounded adversaries?

There's a lot of potential scenarios that are not so naive.
Actually, the naive approach is a really stupid one. If the software is sending some data all the time, the user may notice extraordinary consumption of mobile data. Even on wifi this may be relatively easy to track.

A clever adversary will filter the gathered data - based on keywords, on the content. Upload it to the remote side only when there's something really big found.

The adversary may wait for a remote signal to start sending the data gathered. If there's no signal to upload the data, they may even discard it.

If the adversary is the store application - it may disguise the traffic by intertwining it with real, legitimate traffic - e.g. base64 encode it, split into chunks, add to the payload, recover back at the remote side.

The adversary may wait with uploading anything until anything worth uploading, and when the damage done is unrecoverable. E.g. when it finds a bitcoin wallet worth over X BTC.

The only way to prove that this can't be done is to examine the source code - or reverse engineer it. I do not claim this is actually done - but possibly can, and invisible source makes it much easier to hide rogue intentions.

More on the point, though, the vast majority of closed bits on Sailfish are the UX and arbitration using Android device drivers.

IMHO cjk input on Jolla should not depend on proprietary bits, seeing how good the open-source building blocks are. Keyboard is one of the most delicate areas when it comes to security, that's the perfect place to place a keylogger, and from what I've heard, the cjk input bits are binary .so libraries.

You seem to forget one thing. It's much, much more difficult to exploit the firmware without userland support than to do that directly in userland (example, let's stick to the keyboard apps: it's much easier to write a keylogger in the keyboard app than in the CPU firmware)

Re: Jolla - alike, or how Jolla adopted the Google's anti-open-source practices.
 

I'm with you there. I move to what best suits my needs at the time. So far, nothing has nailed it. Not sure it will, either.

Re: Jolla - alike, or how Jolla adopted the Google's anti-open-source practices.
 

Won't lie. I've not been fully happy with any option since Maemo - mind you, I was not enamored with the N900 due to GPS & telephony issues alongside build quality issues (wonky USB port) - and even then, it was mostly the N810 that my happiness was fulfilled the most.

I think it's great to want these things, even applaud those companies that attempt it, but then I always see the bickering that comes after an announcement. Case in point, Purism.

Folks were happy. It was using a chipset that they approved of. Then suddenly... they seem to have folks that are now requesting pretty much outlier stuff and being pushed aside because it's not a device that has an offline pager modem that can be turned off (or something like that).

Huh?

A device to satisfy them all has yet to happen. Probably will never happen because somebody will point out some overlooked item that a very minor slice of potential customers will ever require. But they sure as hell vocally want it.

Until then, I'm forced to use something that I truly do not agree with fully (iOS/Android). I want something that gives me freedom while spying on me less. Or at least let me know WHAT is spying on me because I have access to enough of the source code and can attempt to prepare myself for what is being snooped on. Until then... I'm still wearing my tin foil cap and hoping that helps.

Re: Jolla - alike, or how Jolla adopted the Google's anti-open-source practices.
 

People are free to be unreasonable, and its to be expected in a space started by a guy who refuses to compromise on basically anything at all.

I guess the problem is that there are so few projects targetting the 'free open source' market that they end up being kitchen sink products with everything (eg. neo900) or cast aside for not catering to some rather individual requirements.