Sympathy for Sailors
asked 2015-12-02 13:08:45 +0300
Sailfish OS is more important than most people might appreciate. Android is a decaying leper on a park bench and iOS is a guided cage on a prison island.
Jolla as we all well know by now are both in trouble and have not done everything optimally to this point. However it's too early to look for their chalk outline. Out of respect for poor Sailors lets not look for a corpse to poke at just yet.
The one thing I appreciate most from Jolla apart from a fresh approach to mobile computing based on the magnificent N9 heritage, good FOSS code and a very pleasant to use UI is that they patched bugs in a mostly timely manner and documented which bugs they're patching. This is essential.
Each time you see a CVE mentioned in an update think of it as Jolla removing a dog dropping from your lawn. While new features are nice, if you don't patch known bugs in a timely manner you simply cannot have a secure platform, you just have a pile of poo, which attracts flies and worms.
Lets put this claim in context; Most Android phones patched once a year and 87% are exposed to at least one critical vulnerability.
I own a new generic Nexus5-like phone running Lollipop which has never had a single patch offered for its OS. In the same time I've owned it Jolla has patched Sailfish OS 3 times. Running some simple tests on my Android phone shows that I can't even trust the base OS which suffers from Stagefright and too many other critical vulnerabilities. For this reason the phone is not safe to use at all, while my humble Jolla has Sailfish OS patched and is being used.
Vulnerabilities are not theoretical, they get exploited by organised crime, nation states and script kiddies in the real world and make normal people's lives miserable, sometimes in ways that are not obvious.
Security trumps features - this is why I love Jolla and Sailfish OS.
I have various opinions about the lack of WPA2-Enterprise support (saving passwords in a plain text on the filesystem is not acceptable), changed UI, the lack of native apps, and bug reporting clunkyness, etc, but I forgive a lot of this because Jolla released patches with frequency and made a real effort to do the right thing from a security perspective. This needs to continue.
Have some sympathy for the Jolla Sailors, they have done many things very well and may yet craft one of the best mobile operating systems for us to trust and enjoy.
You should have started your post with "Please allow me to introduce myself, I'm a man of wealth and taste". :) You took the words right out of my mouth. Each time I open my android tab, I've got the feeling I'm getting the cancer just by the touch of it, still waiting for the alternative. Sometimes I wonder why everybody is just so indifferent about not having any choice. I think partly because of being cool, belonging to the clique, partly because of a wrong sense of security, namely the same why weak people wish to live in dictatorship and partly simply because it's cheap and offers a lot of gadgets, not aware of having sold their souls to the devil (as a reference to the title again ;) ). Partly also because in fact almost nobody seems to know about SFOS or Jolla out there. On the other hand, the visibility SFOS would have needed hardly would be sustainable due to the lack of hardware. I, for one will keep the faith up, trying to support where ever I can, as I don't want to loose that bit of freedom I've just got my hand on. Sympathy for dante_j!
lakutalo ( 2015-12-02 14:09:58 +0300 )editJolla and Sailfish provide a good step in the implementation of system security. In comparison the other popular phone operating systems are just Trojans exploiting their customers data.
Jolla and Sailfish do need to survive and now would be a great time to enlist all the enthusiasm of all those FOSS programmers by making Jolla and Sailfish fully Open Source. Hopefully FreedomPhone will take up Sailfish and provide fully configurable and owner repairable hardware with a demonstrably secure OS. Richard .
richardski ( 2015-12-02 16:51:57 +0300 )editI don't care much about security but I appreciate Jolla takes care of that, I like they work honestly on their OS, und I like so much the way it looks: Just unlike and beautiful and functional to use every day. (though I liked pre 2.0 a bit more..)
danfin ( 2015-12-02 17:12:08 +0300 )editVery nicely written! One time I read about a situation were they fixed a bug in upstream but had to wait until the fix was commited. I much appreciated that they didn't quickly hack it in but followed the proper way even if it took a bit more time. (This was not a security related bug).
chappi ( 2015-12-02 19:31:45 +0300 )edit