We have moved to a new Sailfish OS Forum. Please start new discussions there.
35

Discovering sailfish through the fairphone 2

asked 2016-03-30 22:32:08 +0200

nicop91 gravatar image

updated 2016-03-31 09:50:25 +0200

Hello all,

just wanted to give my 2 cents about what I am discovering of sailfish os.

I am coming from the android world and installed the 1st community build of sailfish os on my new Fairphone 2 because, as I felt like a lot of the fairphone community was talking about it, it made me curious.

I have to say after a few minutes of not-knowing-how to do things, it feels quite nice to use.

a few things that I noted:

  • Please, android support; the jolla store is just far too small, only one email app or 2 browsers feels very limited (+no small local apps). I would even think that if you offer sailfish to fairphone users without it, most of them won't use it more than a few days... I still haven't found a decent gps app.

  • No app permissions ? I don't see much about this, but... am I giving access to all my data to all the apps I install through the store, most of them being developped by an individual and not knowing if they are open source or not ? is everyone ok with this ?

  • How do you select text in an email or on a web page to copy paste it ? Is it possible ?

I feel like sailfish has a lot of potential and really enjoy using it, but a nice UI might not be enough for me to stay considering the points above (especially privacy...)

edit retag flag offensive close delete

Comments

10

Hi @nicop91 It's great to have you here. Be welcome. The SFOS for FP2 is a community port. That not only means that the porting work has been exercised by community members rather than by Jolla staff (even though they are helpful where they can); it also means that only those parts of the OS can be integrated that are either FOSS (e.g. the MeeGo parts) or under full possession of Jolla (e.g. the UI). Those parts that require 3rd party licensing cannot be legally provided in a community port. This is in particular: Exchange server support, Here maps and Android support.

But this is not the end of the story: We have heard from Jolla at the MFC2016 that they are working with CircularPhones (the FairPhone crowd) towards a cooperation aiming at fully commercial Jolla support based on the community port. So you can expect seamless Android support to come to the FP2 as we, the owners of the original Jolla Phone, experience it for years already. Furthermore there are community efforts towards an OpenSource solution to support Android apps (or a full fledged Android environment) in community ports.

So we will all need some patience, but two or more solutions are on the horizon.

DieUnwucht ( 2016-03-30 23:00:00 +0200 )edit
4

Welcome to Sailfish OS. I suggest you install the Warehouse app (https://openrepos.net/content/basil/warehouse-sailfishos) that will allow you to easily access lots of apps that are not qualified for Jolla store. About copy and paste, you are right. It's a PITA. I hope that will be fixed soon. About android support, you are right again. It's the only reason for which I am still using the original Jolla phone rather than e. g. a Nexus 5 or even Fairphone.

Giacomo Di Giacomo ( 2016-03-30 23:01:58 +0200 )edit
5

I am not sure if it is wise to suggest installing OpenRepos' Warehouse to the OP. He expresses privacy concerns with regards to the permissions of the applications. If he sticks to applications from the Jolla store, then all the many restrictions imposed by the store's rules are guaranteed. That should be sufficient for his ease of mind. Quite the contrary with the warehouse. You have to first allow untrusted software to be installed. Then it is up to you how much you trust the software provider. But it appears that he is not really prepared to trust untrusted sources.

hubat ( 2016-03-31 08:06:25 +0200 )edit
1

@hubat: You are right, until you stick to the Jolla store you are pretty safe concerning privacy, but also limited about what you can do. On the other hand, all OpenRepos apps are open and therefore should not be able to steal your data without being spotted by someone.

Giacomo Di Giacomo ( 2016-03-31 10:08:26 +0200 )edit
7

@Giacomo Di Giacomo, that's not entirely correct.

There is no requirement for apps on Open Repos to be Open Source. Also there is no QA on Open Repos and so there is zero guarantee that the binaries match the posted sources (if any). Anyone can sign up and upload anything they like and so it should be treated with caution.

r0kk3rz ( 2016-03-31 10:54:40 +0200 )edit

6 Answers

Sort by » oldest newest most voted
8

answered 2016-04-01 12:30:31 +0200

hoschi gravatar image

updated 2016-04-01 12:32:32 +0200

No app permissions ?

Executing any code which is malicious and you are lost, app-permissions cannot save you. Especially users of Android are more or less becoming reckless and install any random app, like regular users of Windows. Google* doesn't check the apps (anymore), just scan them. So it make sense to possibly restrict data gathering apps, but that is the problem - you shouldn't ever install such an application. I've seen people installing personal-firewalls and virus-scanners on their phones and I asked them why. The answer - they want block advertisments and prevent communication of pirated applications. That is not clever! And even worse, even their so called "security stuff" is pirated or even itself considerd untrustworthy (SNAKE OIL).

What makes more sense is to get a complete image of what an application should do and what not, so you can stop the app if it runs mad by accident or intention. For this purpose SELinux (Fedora is using it since years) and Control-Groups (Dockers builds up on this) exist. I would recommend the later one, Control-Groups are a more generic and low-level layer to control running applications absolutely (Main-Memory, CPU-Utilization, Network-Access, File-System-Access and so on).

Thinking in virtual permissions for categories like data, wifi, contacts or images doesn't make much sense to me. And how many categories would you create? If you can get access the file-system you can get access to everything. I would instead deliver META-Information (from the person which manages the repository, by request of the developer) inside the package and restrict the application on this given information. Don't ask user for categories, the user already decided to trust the application anyway. How many permissions does WhatsApp want, all?

Currently Jolla doesn't need this (but it would be good), because only a small number of native apps is available and most are free/libre/open-source (developers) and the customers are hopefully using the common-sense (users). In the future Control-Groups and/or XDG-Apps could provide a good base for permissions.

*By the way:
The AppStore and PlayStore a restricted and perverted versions of packet-management. Basically all important features (version-selection, dependencies, config-management, online/offline installation, downgrade, repositories, license) are removed, while account-requirement, advertisements and in app-purchases are added.

edit flag offensive delete publish link more

Comments

1

What do you think is wrong with the categories defined in android ? while I agree that android is not going far enough to enforce app permissions, I don't see why they would not work... just see what the xprivacy app allows to do on android, to me that is a quite valid protection against malicious apps. Yes I don't read the 3 pages permissions list, but if I see that a cat videos app requires my location, I can block it, uninstall it or choose to keep it without the location feature (no, I would not install a cat videos app).

I would be interested to have your sources about Google lowering their security verifications in the play store. Were there checks they did that could not be made automatically by improving their scan ?

Finally, I don't fully agree with what you are saying about "perverted" package management; some of the "important features" you cite would never be of use for most users... I can understand why a linux user would want to download the previous version of a compiler to build sources depending on it, but I really don't see a normal user downgrading their version of the gmail or facebook app on their phone...

nicop91 ( 2016-04-03 01:47:38 +0200 )edit
3

answered 2016-03-31 10:52:12 +0200

r0kk3rz gravatar image

No app permissions ? I don't see much about this, but... am I giving access to all my data to all the apps I install through the store, most of them being developped by an individual and not knowing if they are open source or not ? is everyone ok with this ?

Correct, all apps run under the same user with the same permissions (ie. everything).

I'm ok with this, personally I think the idea of wanting to run untrusted apps (or worse, known untrustworthy apps) is a very strange idea indeed, and hoping that an app security model saves you is perhaps a bit naive.

edit flag offensive delete publish link more

Comments

2

Not naive, perhaps, but an interesting alternatve viewpount from somebody coming to SF from an OS like Android. Perhaps folk 'brought up on' Android, coming to Sailfish, will think that the unix security model (which I assume SF has - I've still not seen it) is seriously insecure. Just as I, coming to Android from Linux, think Android is seriously inconvenient. But then, I too don't install random stuff on my computers. Perhaps, for people who do, the Linux security model really isn't good enough!

DaveRo ( 2016-03-31 14:08:37 +0200 )edit
2

I get the idea behind having action based permissions, and It would be nice to have a user friendly way to verify what the app does and doesn't access.

But the problem is what you see in Android world is that apps start asking for quite a lot of permissions, and people still want to use them anyway.

r0kk3rz ( 2016-03-31 17:29:38 +0200 )edit
3

Well, to me both linux and android default behavior regarding apps is not what I think it should be.

As a user, what I think would be a very good model is what I have using XPrivacy on Android (also possible using the cyanogenmod rom I believe): you are aware of the permission requested by an app when it first request it. You can allow or reject, once or permanently.

When you reject a permission, you are aware that the app might not work as expected (but hey, you just refused it a resource it needs so don't blame the app !).

The linux model does not seem right for smartphones to me because:

  • I don't have as much personal information locally in my computer as I do in my phone (mostly using cloud-based services while I have my contacts, location, sms messages etc in my phone).

  • I don't install on my computer a lot of software, for example I don't install a travel app or an offline gps app when I travel.

    • Installing apps from untrusted sources in linux is quite uncommon and even not so easy to do (add a repo etc), while on a smartphone it is always 2 clicks away.

On Sailfish OS, for now I feel like I have to install untrusted apps for what I consider daily usage tools, so not having a strong way to control what they do is a problem...

nicop91 ( 2016-03-31 18:09:19 +0200 )edit
1

I think we should no longer differentiate between phones, tablet, laptops, etc. all too much. In the end they are all computers and actually I expect from all my devices more or less the same. Of course another display size and usage scenario requires a different UI, but the phones and tablets are powerful enough to just attach a bigger screen, keyboard and mouse and you'll practically get a regular office PC (see the Ubuntu tablet).

That said, I agree that there should still be modern permissions concept; just have a look at the large amount of ransom ware these days..! But the concept should be developed for Linux in general and then used by Sailfish OS. I don't think that Jolla should develop their own concept and I also don't think they would have the resources for that.

Mario ( 2016-03-31 19:10:41 +0200 )edit
1

wow, I had not think about it this way, you have a very interesting point ! Could indeed be very interesting to have software permissions control in any linux system. And I can imagine the work related to implementing that on top of the existing...

However, while I don't feel the need to install untrusted software on my desktop, I really do on sailfish currently.

It feels a bit "irresponsible" (the word is too strong) to let users put their privacy and security at risk just by clicking "install from untrusted sources" when your official software offer is so small (you basically push the user to do it), and when anyone can so easily push fake apps to a store and be a click away.

I think the linux communities might not consider that kind of work as the official "stores" seem to have everything...

PS: so I understand the sailfish community is made of linux users ? interesting !

nicop91 ( 2016-03-31 21:52:48 +0200 )edit
1

answered 2016-04-04 23:57:07 +0200

nicop91 gravatar image

updated 2016-04-11 23:14:12 +0200

Well, now that I know the whatsapp client is not working correctly... I think I will end up going back to android... That is just a lot of missing functionnalities for a phone (not talking only about WhatsApp, but also good GPS, copy paste...)

Looks nice and everything, but it is a bit inconvenient that I can find a clock giving me the time as hexa colors or a base64 encoder but not services used by 1/7th of the planet, or a decent gps... As I cannot really contribute (yet !), I will probably come back when it is more grown up !

Have a good day Keep up the good work

edit flag offensive delete publish link more

Comments

5

whatsapp not working isn't a jolla problem or sailfish problem. -even though there is an unofficial client- Its basically your problem that you are using a proprietary service which controls where it is installed.

ApB ( 2016-04-05 00:10:22 +0200 )edit
6

yes it is really unfortunate that Whatsapp likes to ban our third-party clients, and threaten the developers with legal action, without contributing one of their own.

r0kk3rz ( 2016-04-05 00:11:21 +0200 )edit
1

well, I agree with you, but when you have conversations on it you cannot that easily tell everyone to use something else (and what ?) and suddenly don't answer because you are not aware for a week that you don't get all the messages..

Or maybe you know another good messaging service to use both with sailfish and android ?

(this is one point, but there are others issues that make me a bit unconfident about keeping sailfish without android support)

nicop91 ( 2016-04-05 00:35:49 +0200 )edit
6

XMPP. WebRTC is where things should move ASAP.

ApB ( 2016-04-05 00:38:46 +0200 )edit
3

A fair opinion. When stuck with FB owned services (Facebook/Whatsapp/Instagram), it's not easy to drop out from them. I use only xmpp, while my friends are on fb/wa. A native client would be great, and even essential for Sailfish OS without Android support to gain popularity in the mainstream. So... I guess this is the answer we could just accept, and Sailor's Board at Jolla should take a good note of it. Let's have Jolla first decide the path between the mainstream and privacy, as fb will surely not publish or support clients preventing sharing the data they want. (Ad: check Diaspora*)

reviewjolla ( 2016-04-05 01:10:46 +0200 )edit
1

answered 2016-04-05 21:55:30 +0200

nicop91 gravatar image

Honest question linked to my last comment on the previous response: do you know how Jolla makes money ?

I think I saw that they are not going to sell devices anymore, that they are broke and that they want to focus on their OS, Sailfish. But anyone knows how focusing on their OS is going to save the company ? Are they selling it to partners like Fairphone maybe ?

Because they promote openness and independancy, but if they need money and distribute the OS for free, how can we know they are not going to sacrifice users privacy for example ?

edit flag offensive delete publish link more

Comments

1

Until now they have been running on venture capital. Their current business plan is to get revenue from a fraction of the sales made through the phones running SailfishOS using the Super Apps, that are custom-made apps sticking in the screens carousel (they are not available in the Jolla phone version and in the community ports of SailfishOS).

Giacomo Di Giacomo ( 2016-04-05 22:19:58 +0200 )edit
4

Hey @nicop91. Great you tried Sailfish OS on your Fairphone and thanks for your honest oppinion. As a longtime Sailfish OS user I agree with what you said.

Jolla is financed mainly through venture capital and private investors from Finland and abroad (Russia, China). I think it will take a while until Jolla reaches their economic break-even point and until then, the company won't be independent in my opinion. Also open-source efforts of the user interface and apps depend on decisions of investors (according to information in an IRC community meeting).

I don't know how Jolla plans to become a profitable company, since even Microsoft and Google don't make money from their mobile OS, but through their "services" and advertisement platforms - something many Jolla users understandably don't want to have on Sailfish OS. Of course there are plans and ideas how to make money in the future ("Super Apps", custom-built privacy features for commercial clients, software licencing), but as of now, Jolla is dependant from their money givers.

I hope we'll learn more from the Jolla management about this topic in the near future. Btw, what I wrote above could be wrong and if someone knows more, please correct me :-)

molan ( 2016-04-05 22:34:01 +0200 )edit
2

Their latest announced business model can be found here: http://reviewjolla.blogspot.com/2015/07/partnerspace-exclusive-zone-for-partners.html, but as an older post that doesn't cover it fully any more. Later, there's been some talks on profiting also by tailoring the OS for privacy oriented political and business customers, which might mean that we will see some different versions of Sailfish OS distributed in the future.

reviewjolla ( 2016-04-05 22:34:59 +0200 )edit
1

answered 2016-04-12 03:07:14 +0200

bennypr0fane gravatar image

About copy/paste from browser and e-mail: It's not working, and yeah, that's ridiculous. Top-voted request by users. In Webpirate and Webcat, you can copy and paste, for e-mail there's only the option to use webmail in a browser that has copy/paste capability.

edit flag offensive delete publish link more

Comments

2

Yes, it's ridiculous. And almost every OS had this problem in the beginning. iOS had it in early version. Meego had it in first version and even Android had it in an early version AFAIK. Unfortunately it was not implemented yet. But you can always copy from a mail within the client by using "forward" or "reply" on the message and then copy from there.

There has been a patch for stack browser that enabled copy but that's not working anymore with SFOS 2.0, the patch must be "repatched".

naytsyrhc ( 2016-04-12 18:15:55 +0200 )edit

It's just that I regard the present situation as not being the beginning anymore. What's ridiculous is not that the feature was missing in the beginning (also applies to Windows Phone, and probably more others), but that it hasn't been fixed in two years of existence of the OS. 'Thanks for the hint with reply/forwarding e-mail tho.

bennypr0fane ( 2016-04-13 20:06:34 +0200 )edit
1

yes, that´s true of course, but there have been quite a few strange decisions lately. And Jolla seem to have lost focus or lack a focused roadmap now. Maybe it has been caued by their financial struggles due to the tablet disaster, but maybe they are just too small for this kind of business. Microsoft or Google both have many more developers and even more resources, it´s hard to keep up with. Anyway, that shouldn´t be an excuse, just an explanation. IMHO a focused roadmap and a "trueee north" could help.

naytsyrhc ( 2016-04-13 22:29:38 +0200 )edit
0

answered 2016-04-13 11:18:01 +0200

pawel gravatar image

you have to foward a message, then it is in edit mode and you can copy paste

somewhen later you can delete the draft.

you can get webcat and webpirate from openrepos

edit flag offensive delete publish link more
Login/Signup to Answer

Question tools

Follow
7 followers

Stats

Asked: 2016-03-30 22:32:08 +0200

Seen: 4,993 times

Last updated: Apr 13 '16