As other are saying, it's not open source. Ultimately, this means you're not in control. I can tolerate having some binary blobs, since it seems unavoidable in the current mobile landscape. But why would I go with Sailfish OS instead of Android? Why are "partners" the ones that get the "freedom to customize"? That's a big fuck you to users.
Furthermore, the parent company Jolla, did a horrible job with their tablet fundraiser and subsequent crash. This bred a lot of badwill in many like me. For me the biggest issue wasn't even the loss of money, since I understood the risks involved with a hardware fundraiser. It's that they were not transparent or open with the community; infrequent and opaque updates were the norm. Then all of a sudden they ran out of money and we're told maybe if we're lucky we'll get a refund eventually? They'll have to do a lot better to gain my trust.
For comparison, I also funded the Pyra [0], an ultra portable mini computer which runs Debian. Despite having paid more, and having already waited much longer, I have no big complaints. The team posts very detailed updates every 1 or 2 weeks. When anything goes wrong or things get delayed, they include it in the update.
Wow. On the one hand, this is really cool. On the other hand, it's 600 USD for a phone that might be delivered in a year and a half and will not be able to run Signal.
Not running Signal seems like a security feature to me. The official Signal servers, and their stance on requiring a phone number and forbidding 3rd party clients is absurd.
What's the alternative? iOS has a poor story for jabber support, and the network effects for jabber are poor; the gradual network onboarding of signal made it easy to capture new users, but made it federation hostile.
As far as I can tell, that doesn't have a SIM card slot, so it's not quite comparable to a mobile phone. I don't care that much about making calls, but mobile Internet access does matter in discussions about smartphones.
I'm not really that sure of Sailfish's open source status. It seems the launcher, lock-screen, and system apps are closed source, personally I don't mind about those too much, but I do mind if the UI library is closed. Does anyone know the status of that?
> The [Pyra] team posts very detailed updates every 1 or 2 weeks. When anything goes wrong or things get delayed, they include it in the update.
Are these updates available to the public or only pre-orderers? I'd be interested in following if the content is available. Is it the "Pyra News" section of the forum?
I've not been at GamesCom, but EvilDragon said he would have a stall there showing the last prototype devices before production ( https://pyra-handheld.com/boards/threads/open-and-close-and-... ).
The CPU board is designed to be cheaply replaceable, so you'll probably be able to buy one with a new SoC / RAM / internal storage in one or two years …
The "true independent mobile OS" so "private and secure" that even basic things like the calendar and the lock screen are proprietary and closed source.
This brings no advantages over AOSP. And in before people pull the argument of Google Apps, Android is perfectably usable without any of the Google proprietary software.
Yes the AOSP apps are usable, but the way Google has withdrawn development of them so that the proprietary versions available on the Play Store have progressed far ahead of them was not really in line with the whole Android-being-open-source mentality.
And yes they are entitled to keep whatever they like proprietary, as long as they stop trying to pretend they are interested in promoting an open source mobile OS, out side of the AOSP internals. If I'm wrong and they have contributed significantly to the AOSP apps then I take that back.
It's true that the AOSP version of the email app, for example, hasn't been in actual development. But as long as you can replace it with a good solution, like K9-Mail, does it really matter?
K-9 Mail has gone years without significant updates. Last I checked it doesn't work on newer Exchange servers and requires you enable "less secure login" to work with Gmail.
"Less secure login" is just a scare tactic anyway. You're still using a device-specific, highly-random password that's being sent over TLS to their servers. It's at least as secure as any other IMAP/SMTP server on the internet.
But it's not device-specific, which is exactly what makes it less secure. If anybody is able to sniff your password (e.g. due to initially trying to connect without TLS accidentally) or MITM your connection or get privileged access to your device (either locally or remotely), then they get access to your email, even from their machines.
Any mail client in the wild today will support STARTTLS and won't submit any credentials to Gmail until a TLS connection has been established. If your connection is MITM'd and you accept the bad certificate error or your laptop is totally pwnd, you're screwed regardless of how you're authenticating. In those situations an attacker could still hijack sessions, exfil data, act on your behalf, etc regardless of whether you went through their browser auth flow with MFA.
Wasn't open source coined as a way to remove ideals from the discussion? This is why (as annoying as it gets sometimes) it's important to make the distinction between open source and free software. Free software has ideals.
I thought it was primarily to remove the implicit assumption that free software was necessarily non-commercial. Ultimately both terms are problematic, because free software will always have the confusion with "free as in beer" and open source software implies that access to the source is important, when it's more about what the user is allowed to do with the source.
> I thought it was primarily to remove the implicit assumption that free software was necessarily non-commercial.
I've heard Bruce Perens talk about it a few times, and even on the OSI website (https://opensource.org/history) they state...
"The conferees believed the pragmatic, business-case grounds that had motivated Netscape to release their code illustrated a valuable way to engage with potential software users and developers, and convince them to create and improve source code by participating in an engaged community. The conferees also believed that it would be useful to have a single label that identified this approach and distinguished it from the philosophically- and politically-focused label "free software." Brainstorming for this new label eventually converged on the term "open source", originally suggested by Christine Peterson."
You could be right though and some may have seen the non-commercial aspects of the word free as a tertiary benefit, but the primary stated goal was to distance itself from the ideals and politics of free software.
I agree with you though on the last part. Even as someone who uses the term free software, I often use the term open source while using search engines because searching free software brings up sites with freeware/adware/shareware and stuff I don't want. I also think using loan words like "libre" are a stretch for your general public. At work I tend to use "Free and Open Source Software".
"Android is perfectably usable without any of the Google proprietary software."
In a virtual machine maybe, surely not on any phone where most device drivers are closed blobs. H4x0r5 may hide backdoors into compromised play store apps, but governments do it in device drivers, with 100% success rate because a closed source device driver is something 100% of the user base has installed, keeps running 24/7 at maximum privileges and has 0 chances to audit or examine.
Today closed device drivers, binary blobs etc. are places to look for malware; until a device is completely open it cannot call itself safe or secure.
Closed device drivers aren't part of Android, but are part of any working installation of Android. Name one device which can run Android and can call itself 100% open.
Of course Sailfish doesn't solve that problem, neither does Linux, BSD or whatever. I wasn't making a pissing contest between operating system (which is likely what trigger happy downvoters got) but simply stating a sad fact: closed device drivers are the best place to put spyware on and get 100% success, period. They can't be audited, they can't be uninstalled, they always run and they have maximum privileges.
If I'm wrong (and trust me, I hope so) I want facts proving it.
I’ve used Sailfish OS on the original Jolla for a little more than two years from April 2015 through July 2017. Last month, I was finally fed up enough with the horribly slow and limited hardware (couldn’t play music and open OsmAND at the same time) and got a OnePlus 3T with LineageOS.
Tidbits of my personal opinion:
- SailfishOS is much more unixy - getting a shell, setting up a SSH server and syncing files with rsync was no problem at all. I have not yet understood the directory structure of LineageOS
- The permission of apps was a problem, but not more so than on my laptop. Ideally one could solve this by only installing trusted apps, but this was unfortunately not an option (Whatsapp)
- The native e-mail client actually knew about e-mail. On LineageOS, I had to install K9mail to get such simple things as proper treatment of signatures delimited by '-- '
- The user interface on Sailfish was much more usable, in particular the swipe gestures to quickly close apps as well as the tiled view from which you can directly interact with open and running apps. Feels more like a proper computer instead of a single-threaded/single-application-at-a-time thing.
- I actually trusted the team at Jolla with providing decent updates etc. With LineageOS, I am using some unofficial ROM provided by a random guy on a largely random forum which may or may not work with over-the-air updates (it’s claimed to work but I haven’t tried it yet). I definitely trust my phone less now than I did before.
- The hardware is of course much better on the OnePlus -- had Jolla/Sailfish sold something equally good or even only slightly worse, I would have bought that again.
> - The hardware is of course much better on the OnePlus -- had Jolla/Sailfish sold something equally good or even only slightly worse, I would have bought that again
They'll be releasing official SailfishOS images for Xperia X somewhere next month iirc, see https://sailfishos.org/community6/ (scroll down). It'll not be free however, the price they revealed is 50€, and iirc it's yearly.
The default Android client for mail isn't great. Google have developed various clients available on Play but I prefer the Outlook client. K9 is probably the best FOSS client from f-droid that I tried.
> The OnePlus 3T seems to be officially supported by LineageOS[1].
Yes, but everything I have read, anybody who tried only the official ROM had various problems, e.g. with the camera. Hence I settled on an unofficial ROM.
But even if I used the official ROM, there is absolutely nothing on the LineageOS website that makes me trust them. No real names, no GPG keys, nothing. Just "The LineageOS project", a bunch of pseudonyms in the blog entries and apparently some LLC. Even their "Legal" sub-page does not contain anything at all.
> No need for random forums. You should have been able to download an official LineageOS build from https://download.lineageos.org
But even if this worked (from what I have read, others had problems), there still would be nothing to make me trust "LineageOS", as I said in the reply to your sibling - there is no real name associated to the project, no GPG key embedded in the web of trust anywhere that I can find and not even on the download page are actually signed binaries I can verify myself to be trustworthy. Not even the Wikipedia page of the project lists a single individual involved!
A OS not knowing anything about permissions and which lets apps do everything they want by default.. bold statement to say its secure. They do a decent job of patching 3rd party / CVE's though. Open source? Well not anymore than stock Android id say.
To be fair, the permission model of SailfishOS is the same you use on your Linux desktop. Every application has full access to your home directory. Although access to some data needs special privileges by standard UNIX permissions on files like the contacts database.
At least Jolla claims to test and verify behavior of applications offered in their store, but it is up to you to trust any third-party applications you run.
It comes with an Android compatibility layer, which I imagine is similar to running Android without Play Services.
I've tried that in the past, and it worked quite well. There are a lot of good apps on F-Droid, then you can get access to others through APKMirror, or methods of downloading from the Play Store. Of those, I'd say about half work without complaint (including Whatsapp), a quarter complain and still work, and a quarter don't work. I also used (and still use) a few web apps for things like weather.
We need alternatives to Android and iOS; just to have assurance we can exercise free speech in the future ("the right to read"). SailfishOS, even if not fully open sourced, might be a good hedge against big corp overreach and dystopian tendencies (together with Librem).
We had an alternative. It was Maemo (spiritual predecessor to Sailfish) and was on a pretty good first device, the Nokia N900.
This very same "we" engineering community chose to give all its mindshare and attention to Android at the time so this is basically the scenario we deserve.
This is closer to an existing nexus of expertise in FOSS, because it is a Linux distribution, whereas Android is something different, and has only ever been maintained by Google, more or less behind closed doors. A fork of Android would be much more likely to die a death than a functional mobile Linux OS.
Ah, I was trying to distinguish it from Android on the basis of 'Linux', rather than on the basis of 'functional'. Functional was meant to contrast with the existing state of Linux on mobile, i.e. if we could get a full Linux userspace working well on mobile, that would be better than relying on Android.
Yes, I'm looking at supporting that. It's a bit of a pity they seem to be downplaying Android app support. I think they will need that to be functional in the short/medium term. From a user's perspective, it would be good to commit to Anbox support, but perhaps they're already biting off enough for them to chew!
I've got a super computer in my pocket, there's no excuse to be so slow and jittery, it's been 20 years now, it's time to give up on the "java will be as fast as c one day" dream. Most apps are glorified list views yet they still take several seconds to start.
There's a tonne of google crapware that comes with every phone that can't be removed. Google has been promising to split this out of the OS for a quite few years now yet I don't see any progress. This is the only issue that forking would solve (while creating others).
The development story is the worst I've ever encountered. Untestable God-classes that every activity has to inherit from. Awful convoluted build tools that require and IDE to use (they aren't documented). A hideous xml based UI library that pretends it's as simple as HTML but makes things more complicated. The list goes on.
No one does security updates. Even googles flagship phones will only get 3 years of security updates at best. If you buy a mid-range phone you can expect a year if you're lucky.
> No one does security updates. Even googles flagship phones will only get 3 years of security updates at best. If you buy a mid-range phone you can expect a year if you're lucky.
I agree, but I don't see how Sailfish fixes these points. For example I can't buy any phones with Sailfish pre-installed and 3 years of security updates guaranteed.
The best thing to fix the update problem would be open-source drivers IMHO. And Sailfish isn't about that, it uses the same proprietary drivers as Android.
> The development story is the worst I've ever encountered. Untestable God-classes that every activity has to inherit from. [...] A hideous xml based UI library that pretends it's as simple as HTML but makes things more complicated. The list goes on.
I have developed an Android app and agree! It definitely is awful. But due to the large community you could achieve quite a lot, without having tested it I would assume that developing feature-rich apps for Sailfish is harder right now.
> Awful convoluted build tools that require and IDE to use (they aren't documented).
AFAIK Sailfish uses Qmake and QtCreator which are even worse IMHO. Regarding the documentation Android has lots of StackOverflow answers going for it.
Would be interesting to know the opinion of someone who has developed an app for both systems though.
> For example I can't buy any phones with Sailfish pre-installed and 3 years of security updates guaranteed.
Jolla has been releasing Sailfish OS updates every few months for the last three and a half years. I imagine that they would keep doing that as long as they stay alive. But my imagination is no guarantee. Especially since I can also imagine their hardware vendor partners not wanting to have to work on regularly updating their modifications to changing versions of the base system.
As far as I know, Jolla has completely stopped selling their hardware. I don't know if you would be able to buy a used one. A quick eBay search didn't bring up anything.
Partnering is probably better than trying to crowdfund another device - at least one can easily flash the phone back to Android if Jolla can no longer support it.
I've been using for past couple of months, and I can't say I miss anything from Google play services. I highly recommend if you happen to have one of the (few) supported devices.
ELI5: Why would a team of developers and investors work on something with such a small chance of becoming a viable market?
Honest question. Not intending to be snarky. Reminds me of the many Chrome knock-offs that focused on a particular aspect of browsing. Any advancement/advantage would be quickly adopted by the mainstream market leaders.
There are a bunch of native Sailfish OS apps. As far as I can tell, people work on them for fun, not for the expectation of making money off of them. For users, the result is not necessarily bad: Unlike many free Android apps, there are no annoying ads. And there are actual OpenStreetMap apps that simply use the online map data, unlike OsmAnd, which makes you pay for access to maps they didn't create.
An enormous amount of open source development on Linux is not driven by a "market" in the sense of making money either. This doesn't answer your question directly, but maybe the question is ill-posed. Do we want or need a "viable market" that looks like crappy ad-infested Android bloatware?
(Just to be clear, no, I am not saying that all Android apps are alike.)
While I'm very interested in mobile operating systems, I'm not a big fan of gesture-based interfaces. They just never work well for me; I often accidentally rotate and zoom and do other weird stuff when I enable them (on the touchpad on my laptop).
Looks like they've dropped Android compatibility from the list of advertised features. Last time I checked, the latest supported version was still Jelly Bean 4.1 -- mostly because Alien Dalvik from Myriad doesn't support anything newer.
The Jolla tablet, the Intex Aqua Fish, and Jolla C have compatibility with Android 4.4. Although that is also quite out of date, it is still supported by app developers.
Oh, and note that Android support is a commercial feature. You will not get it with any third-party device.
Could the Firefox OS become a viable true open source alternative? I know Mozilla abandoned the project two years ago etc, but some fork can continue the work. I simply do not see how it can be done
Funny you should mention that. I just watched Brian Lunduke's latest show talking about the Librem 5, which will include a hardware switch for the separate baseband chip which will be physically isolated from the rest of the system. Not here yet but it's good to see the awareness building: https://www.youtube.com/watch?v=4SwE9W8JasA
Baseband processor is the magical chip that lives on its own, even if you "switch off" your phone and you are not allowed to tamper with it by most developed countries legislation (i.e. you can only take what is offered to you, sanctioned by government but will be punished if you make any modifications to it). See Neo 900 developers talking about it. So separating it off should allow better sleep to all paranoid users that might think they are being monitored.
However any mobile OS advertising itself as 'private and secure' is just lying if it is installed on a handset that hasn't dealt with the baseband issue - and none of them have or likely will.
Why not use Raspberry pi with Sleepy Pi 2 hardware addon, powerbank and a 3g modem? You need a smartphone for the internet, right? I always carry a dumbphone with 2 month battery life for calls + smartphone for Internet.
Furthermore, the parent company Jolla, did a horrible job with their tablet fundraiser and subsequent crash. This bred a lot of badwill in many like me. For me the biggest issue wasn't even the loss of money, since I understood the risks involved with a hardware fundraiser. It's that they were not transparent or open with the community; infrequent and opaque updates were the norm. Then all of a sudden they ran out of money and we're told maybe if we're lucky we'll get a refund eventually? They'll have to do a lot better to gain my trust.
For comparison, I also funded the Pyra [0], an ultra portable mini computer which runs Debian. Despite having paid more, and having already waited much longer, I have no big complaints. The team posts very detailed updates every 1 or 2 weeks. When anything goes wrong or things get delayed, they include it in the update.
[0] https://pyra-handheld.com/boards/pages/pyra/