Revision history [back]

I am a bit puzzled, since OS 1.0.4.20 strange things happen:

• I could ssh the Jolla even "Remote connection" was disabled.
  Ok, I cannot login, however the Jolla handset sends me the password request (repeatedly – until I enable "Remote connections", then the login is accepted). I think, in previous OS versions, the Jolla device would simply not answer while "Remote connections" was switched off.
• I cannot devel-su without "Remote connection" being enabled.
  A password had been set previously and "Remote connection" disabled again. However, that last password is not acknowledged any longer (as it was with previous OS versions).

If my observations are correct, in my humble opinion the changes to the security system have reduced system security:

• It should not be necessary to allow for remote access while operating locally as devel-su.
  For local devel-su, a rather simple password is sufficient, however while remote access is possible, I should set a password that is rather hard-to-crack.
• Jolla handset should not permanently listen on the ssh port and answer contact requests. Can anybody be sure that there is no bug in the code that can be used to get access to the phone even the last password is not accepted?

I am a bit puzzled, since OS 1.0.4.20 strange things happen:

• I could can ssh the Jolla even "Remote connection" was disabled.
  Ok, I cannot login, however the Jolla handset sends me the password request (repeatedly – until I enable "Remote connections", then the login is accepted). I think, in previous OS versions, the Jolla device would simply not answer while "Remote connections" was switched off.
• I cannot devel-su without "Remote connection" being enabled.
  A password had been set previously and "Remote connection" disabled again. However, that last password is not acknowledged any longer (as it was with previous OS versions).

If my observations are correct, in my humble opinion the changes to the security system have reduced system security:

• It should not be necessary to allow for remote access while operating locally as devel-su.
  For local devel-su, a rather simple password is sufficient, however while remote access is possible, I should set a password that is rather hard-to-crack.
• Jolla handset should not permanently listen on the ssh port and answer contact requests. Can anybody be sure that there is no bug in the code that can be used to get access to the phone even the last password is not accepted?

I am a bit puzzled, since OS 1.0.4.20 strange things happen:

• I can ssh the Jolla even while "Remote connection" was is disabled.
  Ok, I cannot login, however the Jolla handset sends me the password request (repeatedly – until I enable "Remote connections", then the login is accepted). I think, in previous OS versions, the Jolla device would simply not answer while "Remote connections" was switched off.
• I cannot devel-su without "Remote connection" being enabled.
  A password had been set previously and "Remote connection" disabled again. However, that last password is not acknowledged any longer (as it was with previous OS versions).

If my observations are correct, in my humble opinion the changes to the security system have reduced system security:

• It should not be necessary to allow for remote access while operating locally as devel-su.
  For local devel-su, a rather simple password is sufficient, however while remote access is possible, I should set a password that is rather hard-to-crack.
• Jolla handset should not permanently listen on the ssh port and answer contact requests. Can anybody be sure that there is no bug in the code that can be used to get access to the phone even the last password is not accepted?

I am a bit puzzled, since OS 1.0.4.20 strange things happen:

• I can ssh the Jolla while "Remote connection" is disabled.
  Ok, I cannot login, however the Jolla handset sends me the password request (repeatedly – until I enable "Remote connections", then the login is accepted). I think, in previous OS versions, the Jolla device would simply not answer while "Remote connections" was switched off.
• I cannot devel-su without "Remote connection" being enabled.
  A password had been set previously and "Remote connection" disabled again. However, that last password is not acknowledged any longer (as it was with previous OS versions).

If my observations are correct, in my humble opinion the changes to the security system have reduced system security:

• It should not be necessary to allow for remote access while operating locally as devel-su.
  For local devel-su, a rather simple password is sufficient, however while remote access is possible, I should set a password that is rather hard-to-crack.
• Jolla handset should not permanently listen on the ssh port and answer contact requests. Can anybody be sure that there is no bug in the code that can be used to get access to the phone even the last password is not accepted?