The parts visible in the video are isolated from the main OS anyway, its done like that for security reasons so its like a minimal OS container that hosts the blockchain stuff
The parts visible in the video are isolated from the main OS anyway, its done like that for security reasons so its like a minimal OS container that hosts the blockchain stuff
Yes, people should read the white paper. The hypervisor is such that the Zipper system is able to take over control of the framebuffer to display it's content and interact with the user, without a rogue app on Sailfish or Android being able to bypass it's security.
Watchmaker has it exactly right above in comment #9.
This is about making blockchain and cryptocurrency easy and straightforward.
It's about (in the future) 5 USD up front devices that provide a out-of-box experience for this.
It's not about pointing pointless crap at people - by far.
The fact of actually getting paid for your data or renting out your hardware is nice, as is the idea of cryptocurrency-made-easy.
But I'm not too keen on the fact that it uses its own token. It looks like yet-another-ICO, and a company of hoping to get at the center of a large economy. I have become wary of companies trying to lock me perpetually into their product, in an all-or-nothing-style, without alternatives. (One of the reasons I'm not using Facebook or any of its products, for example) Open standards are needed, community-driven, for the sake of progress, not profit.
The fact of actually getting paid for your data or renting out your hardware is nice, as is the idea of cryptocurrency-made-easy.
But I'm not too keen on the fact that it uses its own token. It looks like yet-another-ICO, and a company of hoping to get at the center of a large economy. I have become wary of companies trying to lock me perpetually into their product, in an all-or-nothing-style, without alternatives. (One of the reasons I'm not using Facebook or any of its products, for example) Open standards are needed, community-driven, for the sake of progress, not profit.
This is a really valuable point, I would not have any interest in working on something like this if it was not open. I can't speak for Carsten, but his track record speaks for itself as far as openness and community is concerned.
Yes, people should read the white paper. The hypervisor is such that the Zipper system is able to take over control of the framebuffer to display it's content and interact with the user, without a rogue app on Sailfish or Android being able to bypass it's security.
Interesting read.
However, "secure" is difficult to make bullet-proof. I can be very well designed (like it seems in that case), but there are still some non-controlled attack surface.
From what I understand from the Image 2 (page 12 in https://zipperglobal.com/whitepaper.pdf), both are on top of the same linux kernel (I don't see the use of the hypervisor by the way if that is not a mistake in the image).
From talks of Greg Kroah-Hartman himself, we can see how much of the code in Android's linux kernel is out of tree (millions of lines), and never reviewed. Root exploits are well known.
On other platforms, there is said to be 2 and half kernel below the hypervisor in recent talks (the famous Intel ME case), so the hypervisor may not be the lowest level depending on hardware, and a lot can go wrong below it.
A lot of modems integrated in mobile chips have direct RAM access (which give Neo900/Purism solutions a selling point), and probably contain backdoors or at least vulnerabilities.
On another side, this container files are on the same disk as the Android/Sailfish system is, so there can be also exploits in filesystems drivers that can leak things there.
So, it is probably the best solution possible so far, and Stskeeps is someone I could trust on this, but I always take with a pinch of salt all things that are marketed as "secure" (macOS was probably presented with a "secure" login screen a few days ago ).
Nice to see you back, Stskeeps. Good luck with this project !
Interesting read.
However, "secure" is difficult to make bullet-proof. I can be very well designed (like it seems in that case), but there are still some non-controlled attack surface.
From what I understand from the Image 2 (page 12 in https://zipperglobal.com/whitepaper.pdf), both are on top of the same linux kernel (I don't see the use of the hypervisor by the way if that is not a mistake in the image).
From talks of Greg Kroah-Hartman himself, we can see how much of the code in Android's linux kernel is out of tree (millions of lines), and never reviewed. Root exploits are well known.
On other platforms, there is said to be 2 and half kernel below the hypervisor in recent talks (the famous Intel ME case), so the hypervisor may not be the lowest level depending on hardware, and a lot can go wrong below it.
A lot of modems integrated in mobile chips have direct RAM access (which give Neo900/Purism solutions a selling point), and probably contain backdoors or at least vulnerabilities.
On another side, this container files are on the same disk as the Android/Sailfish system is, so there can be also exploits in filesystems drivers that can leak things there.
So, it is probably the best solution possible so far, and Stskeeps is someone I could trust on this, but I always take with a pinch of salt all things that are marketed as "secure" (macOS was probably presented with a "secure" login screen a few days ago ).
Nice to see you back, Stskeeps. Good luck with this project !
It all comes down to the threat model and who's your attacker. You don't necessarily want to have a Swiss Bank like security for most operations. It's not necessarily devices for a cypherpunk. It's meant to be for everybody and get people on a 'secure enough' setup. You want to make sure people don't needlessly lose money in scams, through stolen phones, or through bad actor apps.
As a comparison, contactless credit cards seem totally crazy security wise. But, actually, when I do transactions below some amount, I don't get asked for PIN. And it's very very convenient in shops. Despite the flaws.
The fact of actually getting paid for your data or renting out your hardware is nice, as is the idea of cryptocurrency-made-easy.
But I'm not too keen on the fact that it uses its own token. It looks like yet-another-ICO, and a company of hoping to get at the center of a large economy. I have become wary of companies trying to lock me perpetually into their product, in an all-or-nothing-style, without alternatives. (One of the reasons I'm not using Facebook or any of its products, for example) Open standards are needed, community-driven, for the sake of progress, not profit.
I'd like to say on my part that a major part of the reason I left Jolla back then was to pursue the idea of combining blockchain and mobile. We were toying with IPFS, Ethereum nodes on Android and Sailfish, Qt-based wallets quite early on. My only mistake was not to buy enough ETH back then. I think "ICOs" are terrible.
However. They show that people will finance ideas happily if they get a stake in it. We try to do things a bit more orderly - gauging interest, have people commit funds they have time to withdraw; make people re-confirm the interest; appropriately identify who contributors are, do anti-money laundering checks; be transparent; etc. We aren't even trying to raise 180m+ USD
It is not just about cryptocurrency: Resolving public key distribution dilemma is much more interesting thing.
And if both of you had appropriate devices you'd very easily be able to exchange basic cryptographic identity information through something like Ultrasonic networking in person.
I would only consider a FOSS cryptocurrency app where I could and HAD reviewed the code for phone home of my wallet details as otherwise I would suspect the app of being able to 'rob' me at any time by on command, time delayed, or randomly execute a transfer of my cryptocurrency to a wallet accessible to the devs. Remember that there are no take-backs or appeals with a transfer, it is P2P.
I also want to state for those who have been fed misinformation, the way blockchain works it is even less annon than transferring money bybank transfer, paypal, or or credit card; essentially it is like cash where every transaction and holder is indelibly recorded on the banknote/bill, announced over the radio, and recorded in a public almanac.
I would not be surprised to find that blockchain based pseudocurrencies were designed by an American three letter police or intelligence agency to have a way to track the flow of black money even when transfers were done offline.
Every app should have it's own sub-account of it's own separate from your regular money. You can do P2P or take-back systems if you design them to just fine - it's just another kind of token.
Albeit not that mobile capable yet (too much RAM requirements), https://z.cash/ is quite interesting technology.
So, what does you app do now? I'm pretty sure SFOS handles my identities and private keys very well with the default unix-based tools, thank you very much.
Which "blockchain based services" should I be able to access now? And which benifits do they bring over conventional services, already available today?
I'm sorry but this sounds like another ******** bingo project which only exists because most of the people do not seem to understand the concept behind blockchain-based crypto currencies. The only advantage of crypto currencies like BTC, being able to pay anonymously is long clouded by the many disadvantages like high-risk, unstable prices, transaction fees making daily useage unfeasible and shitty wallet services / softwares losing the funds of their users all the time.
Sure, there are some interesting approaches for the blockchain idea in science, but there still does not exist a single idea for a legit, everyday service based on this technology which convinces me. Instead, this feels more and more like a scam, like its "Dot Com" all over again.
But here is your chance to convince me.
******** bingo is awesome.
This is far from being such a project. I fully agree that the current state of things is crazy and this is part of the reason why we're doing a project to genuinely make it a proper out of box experience. I even get confused with some of the setups needed - I even randomly found 250 EUR worth of Bitcoin I had totally forgotten I had. It's like the amount of manual work to get mobile internet working back in the day.
How about you send me a private message on here and we'll have a more real-time conversation on some medium (Telegram? IRC?); and then gather our thoughts and differing views into a post for the rest?
).