| *** SpeedEvil is now known as Guest72157 | 02:30 | |
| *** zbenjamin is now known as Guest80047 | 02:32 | |
| *** zbenjamin_ is now known as zbenjamin | 02:32 | |
| artur_0000000 | Hi everyone! Hope you're doing great! | 06:47 |
|---|---|---|
| artur_0000000 | Came to ask what's the current status of SFOS support on Fairphone and/or Shiftphone? | 06:54 |
| ViGe | artur_0000000: You will probably get better results asking in #sailfishos-porters | 06:58 |
| artur_0000000 | Thanks, ViGe! | 06:58 |
| frojnd | Hi there. | 09:14 |
| frojnd | I just got flip case cover (magnetic) but when I close/open case it wont turn on/off display? Any ideas? In settings under Dsiplay I have enabled setting which says use flip cover magnetic case to turn on/off display... | 09:14 |
| frojnd | Sony xperia xa2 plus | 09:15 |
| adantes | frojnd: I can relate to that. You know a trick I do? My phone neer lasts less than 3 days a battery | 09:49 |
| adantes | each time I use it, I activate the services I need; and after I use them , I deactivate them: GPS, network layer, android support, and, guess what: the screen. | 09:50 |
| adantes | Isn't this a smart way to use a smartphone? With sailish battery lasts at least 3 days! Why smart covers? The only smartness existing is the way you use your device :-) | 09:52 |
| adantes | Gemini PDA, since I've migrated it to sailfish as well, battery lasts for one week | 09:52 |
| frojnd | Do you have a script for that so you can map to a button? | 09:54 |
| frojnd | Like press camera shutter button twice and all this happens on/off toffle ;D | 09:54 |
| frojnd | toffle | 09:54 |
| frojnd | toggle* | 09:54 |
| adantes | Sure I use it mainly for SSH, and I do most of my computing via SSH. And tyhat thing shuts the sceen off automatically when you close. But guess what: I open he device, activate network layer, etc., turn on toeterm, connect, fiisconnect toeterm, disconnect network layer, _shut down the screen_, and close the PDA | 09:55 |
| adantes | There a simple trick to use your smartphones and PDA, and compurter in general | 09:55 |
| frojnd | You put it in hibernate after work? | 09:56 |
| frojnd | Supsend? | 09:56 |
| frojnd | :( | 09:56 |
| frojnd | :) | 09:56 |
| adantes | You turn the f* thing off | 09:56 |
| frojnd | Ya.. been doing so lately. I don't even reddit anymore | 09:56 |
| adantes | the only thing is aways on are the servers | 09:56 |
| adantes | I'm sorry buddy, but this is the thing about users: they don't know how to use. | 09:57 |
| adantes | One may buy a 1000$ gadget, and still behave in a dumb way, ike most iPhone users do | 09:58 |
| frojnd | Well others started to complain I'm offline lately but I just told them that if it's serious they can allways reach me in person... | 09:58 |
| adantes | always expecting magic from their devices | 09:58 |
| frojnd | That's just the way things evolved anre are evolving.. I know.. I'm also Android dev | 09:59 |
| adantes | frojnd: there you go, use well your tech, and you wont complain nomore about it ;-) | 09:59 |
| adantes | really? so am I.. and iPhone as well | 09:59 |
| adantes | btw, I must return to XCode :-P | 09:59 |
| frojnd | I love sailfishos :) After using it for personal stuff I am more free | 10:00 |
| frojnd | I started to enjoy other stuff like fresh air :D | 10:00 |
| frojnd | And leaving everything @home while outside | 10:00 |
| frojnd | some would even consider me a criminal becaues I have no gadgets on me sometimes | 10:00 |
| frojnd | haha | 10:00 |
| adantes | may I suggest you write a letter to salfish board on how it changed your life? | 10:01 |
| adantes | :J | 10:01 |
| frojnd | :)) | 10:01 |
| *** frinring_ is now known as frinring | 12:16 | |
| Guest28 | Hi, asked this question last night but didn't get a response. How secure is Sailfish X to government snooping? I take it we've all read about Edward Snowden reveals (if nor https://www.youtube.com/watch?v=Wo9arZs21WI). Thanks. | 15:17 |
| mkolman | Guest28: I would say there are currently not enough users for massive snooping to pay off, as the system is pretty different to the regular snooping targets. :) | 15:29 |
| mkolman | Also the system has a much more introspectable nature by being close to regular Linux distribution, so I guess one has much bigger chance to notice weird activity than in the Android mess. | 15:31 |
| mkolman | That's how I see it. | 15:31 |
| Guest28 | Thanks mkolman. The number of users is a good valid point. | 15:52 |
| x2s | Well, the newer Android devices should be fairly safe, too. But they don't age well | 15:55 |
| x2s | government snooping on the other hand is its own security case. How to deal with an attacker that as almost infinite ressources? | 15:55 |
| x2s | The kernel used by all sailfish os versions is pretty old. That's not a bad thing most of the time, but if there are publicly undiscovered holes they might be known to them. On the other hand those holes could be also in the newest kernel version | 15:58 |
| mkolman | well, Jolla regularly fixes CVEs in the kernels | 15:58 |
| mkolman | IIRC, even on the quite old Jolla 1 | 15:58 |
| x2s | But the updates take month and aren't done on a hotfix basis. | 15:58 |
| x2s | Inbetween you're vulnarable. | 15:58 |
| mkolman | as long as you are on LTS kernel version & are doing your part (updating to new LTS releases or at least backporting the CVE fixes), you should be secure with an older kernel as well | 15:59 |
| mkolman | x2s: yep, that's certainly an issue & I don't like that as well | 15:59 |
| x2s | Then there's always the modem, which is a whole computer itself. We have no direct access to it. Usually a very very old linux is running there | 15:59 |
| mkolman | coming from Fedora/RHEL, where CVE fixes get out of the door as quickly as possible, definitely not waiting for features & non CVE bug fixes | 16:00 |
| x2s | there's no direct access from the modem to the phones cpu itself. But I'm not so sure if the memory isn't shared or something like that | 16:00 |
| mkolman | IIRC memory is sometimes shared, sometimes even the baseband computer boots first | 16:01 |
| x2s | I'm a debian user for most of my life now. I'm used to getting security updates :) | 16:01 |
| mkolman | but that varies based on concrete device | 16:01 |
| mkolman | also afaik the basebands usually run some proprietary RTOS, not Linux | 16:01 |
| x2s | They're running linux by now. | 16:02 |
| mkolman | maybe the separate modem modules/cards/usb stick do | 16:02 |
| mkolman | then I would expect to have more information about them available | 16:02 |
| mkolman | given the GPLv2 requirements of the kernel | 16:02 |
| Guest28 | I am not sure about any Android devices being safe - NSA-GCHQ have broken into Google/Yahoo data centers. https://edwardsnowden.com/revelations/#nsa-and-gchq-break-into-yahoo-and-google-data-centres | 16:04 |
| Guest28 | If it was just terror activity being analysed - thats not too bad. But I think there's corporate espionage going on too. So if you're a non-US company, you risk (I don't know how big) losing company secrets - roadmaps etc to US competitors in advance. | 16:06 |
| x2s | the problem is we don't really know what's running there, because the firmware is encrypted. And as we know, not many people care about the GPL in those companies.. | 16:06 |
| mkolman | well, many modems are done by big name companies with headquarters outside of China | 16:07 |
| mkolman | like Qualcom | 16:07 |
| mkolman | AFAIK those can't really ignore licensing the way many Chinese vendors do | 16:07 |
| mkolman | they might play cheap tricks (user space driver blobs, tivoization, etc.) | 16:08 |
| mkolman | but can hardly ignore GPL while shouting loudly about their precious proprietary IP being violated | 16:08 |
| *** BitEvil is now known as SpeedEvil | 16:08 | |
| x2s | I can't find the article anymore. I really should start saving everything I read and find interesting. Though, I wouldn't find them in the mess of links and articles anymore, too. :) | 16:12 |
| Guest28 | Good points on the modem and security vulnerabilities ( known or otherwise ). I hadn't considered the modem issue. If the memory is shared, then could the modem in real time send out data/packets to multiple locations e.g. authorised and unauthorised? | 16:13 |
| x2s | but back to topic. If the memory is shared between modem and cpu then there's a way to access the memory from the modem, if there's a bug (or backdoor) in the modem firmware itself. | 16:14 |
| x2s | also sfos doesn't let you fully encrypt the device afaik (haven't installed it lately. XA2s seem to be out of stock for good :/ ) so it's possible to just copy the data from your phone | 16:15 |
| x2s | (or to state it otherwise: Embedded device security is a mess when it comes to mass produced things) | 16:16 |
| mkolman | IIRC, the encryption on Xperia 10 only covers the home volume | 16:21 |
| mkolman | rootfs is not encrypted, likely to make unlocking the home LUKS volume easier | 16:22 |
| mkolman | as you have the UI (which lives on the rootfs) available | 16:22 |
| mkolman | in comparison, the default encryption layout on Fedora covers everything outside of /boot | 16:22 |
| mkolman | and initrd/plymouth handle LUKS passphrase entry, resulting in a rather limited environment (such as no way to switch keyboard layouts) | 16:23 |
| Herrie | lbt: ping | 16:24 |
| Herrie | sage: ping | 16:24 |
| mkolman | but in both cases, if someone manipulates the unencrypted stuff that handles your passphrase (on /boot in Fedora, on rootfs on Sailfish OS), it could leak your passphrase | 16:24 |
| mkolman | still, that would need to be likely a targeted attack | 16:25 |
| mkolman | + it might be possible to verify if boot has not been tampered with via secureboot | 16:25 |
| x2s | but then you have to trust secureboot not having backdoors. | 16:26 |
| Herrie | lbt/sage: NEvermind solved it | 16:26 |
| x2s | to be secure from government agencies is hard, really really hard. | 16:27 |
| mkolman | in general, one needs to also care about the government & trying to improve it | 16:29 |
| mkolman | as bad government will can do much worse stuff to you than just spying on you | 16:30 |
| mkolman | & it's not a good idea to rely on just technical means to pretect you from a bad government | 16:30 |
| Guest28 | The reason why I am so concerned about all of this because just recently I put up 70MB PDF file which contained my company plans for a customer to download. The file was uploaded to a US large data file repository. Within 24 hours of the file going on large file repository, I suddenly had 5 or 6 different people contact me asking me questions. Very | 16:32 |
| Guest28 | strange as I don't get so many requests ever. | 16:32 |
| Guest28 | I think its corporate espionage. And if it can happen so easily. Then its only a matter of time before my phone could be used. | 16:33 |
| Guest28 | You put in long long months or even years of work into something, then somehow its rapidly potentially leaked. Its not a nice thought. And it could happen to any non-US or US company for that matter. | 16:34 |
| Guest28 | Its really worth thinking about laptop, phone and network security. | 16:34 |
| Guest28 | Thats why I am so interested in learning about SailfishOS. Plus I am an ex-nokian and wouldn't mind seeing meego in action. | 16:35 |
| tadzik | well, no hardware or software will protect you from your own customer being careless with what you gave them, I'm afraid :/ | 16:40 |
| tadzik | it's like sending a nice, encrypted email to a gmail account ;P | 16:41 |
| Nico[m] | Or storing anything on a windows PC :D | 16:41 |
| Guest28 | The customer is the European Space Agency. I somehow trust that they are very sensible with security. I think the large data repositories are monitored (or keyword searched). Check outXKeyScore - its an example of a keyword search to track individual data over internet https://edwardsnowden.com/revelations/#understanding-xkeyscore | 16:44 |
| Guest28 | Obviously, I need to start using pgp or encryption for big files being sent. But makes sense to ensure my phone is safe. | 16:45 |
| Nico[m] | I don't trust anyone to keep data secure :D | 16:48 |
| Nico[m] | Too many customers, that send me sensible data, secured by a zip file with their company name as the password | 16:49 |
| mkolman | Nico[m]: zip only encrypts file content, but not metadata, right ? so if a file is named after the company, the zip archive might actually even give you the password :) | 17:45 |
| Nico[m] | Well, the file is also pretty obviously names, so yes :D | 17:48 |
| tadzik | passwordispenis.zip | 17:49 |
| paleblueskywithc | hey | 22:24 |
| Nico[m] | Hey, paleblueskywithc :D | 22:26 |
| paleblueskywithc | I am guest28 with a better name. | 22:27 |
| Nico[m] | Well, that is a better name, I admit | 22:27 |
| paleblueskywithc | it was meant to be paleblueskywithcirrus but got truncated. | 22:30 |
Generated by irclog2html.py 2.17.1 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!