What do you think? Use only Lomiri as poweruser?

poVoq

Based on last weeks Q&A session and the upcoming Manjaro Lomiri Version, I have been thinking about my own actual need for the UT base system...

Specifically the read only file system, app confinement, and some of the content hub stuff (that prevents video chat for example right now).

I get why Canocial developed these, as they were really aiming for a Android competition with a commercial app store and so on. And Delta image updates are nice, however I regular Arch/Deb updates are working fine as well 99.9% of the time and I as a power user can easily fix issues in case it doesn't.

So maybe I am just not the real target user of UT, other than that I like the Lomiri UI and the gesture based input (and in theory convergence), but I wonder who might be...

Because lets face it, UT is never going to be an Android replacement for your mom and pop. It was a nice idea while it had the backing of Canocial, but even then it was a bit unrealistic to be honest.

And for most current and likely future (power)users of UT, a lot of the above stuff feels more like a hassle than a real advantage. Further more one of the reasons to use UT is to avoid some of these (for a power-user) anti features from Android.

I currently don't have a Pinephone, but if I ever get one it will be mainly for convergence with a real Linux base. So why bother with crutches like Libertine?

Sorry for being a bit ranty on this topic... but I do wonder who else feels like this?
It just doesn't feel worth the effort to drag along a lot of the Android like features if most users are seeing them more like small inconveniences than actual features...

Looking forward to your thoughts and maybe you can change my mind

dobey

@poVoq said in What do you think? Use only Lomiri as poweruser?:

Because lets face it, UT is never going to be an Android replacement for your mom and pop. It was a nice idea while it had the backing of Canocial, but even then it was a bit unrealistic to be honest.

It was never meant to be an "Android replacement." It was always meant to be an alternative system. No, it isn't for everyone, and that is just fine.

@poVoq said in What do you think? Use only Lomiri as poweruser?:

And for most current and likely future (power)users of UT, a lot of the above stuff feels more like a hassle than a real advantage. Further more one of the reasons to use UT is to avoid some of these (for a power-user) anti features from Android.

"Power" user is a misnomer. Assuming that UT is just going to be like every other traditional PC Linux distro is the problem you are facing, and not the fact that UT is different from traditional PC Linux distros. If you want something that is less secure and lets you do whatever you want, feel free to go use that instead. UT is not for everyone, and that's fine.

@poVoq said in What do you think? Use only Lomiri as poweruser?:

I currently don't have a Pinephone, but if I ever get one it will be mainly for convergence with a real Linux base. So why bother with crutches like Libertine?

Because people like you think running legacy things that aren't designed for phones, on phones, is what makes something a real Linux. It doesn't. It's just people trying to be gatekeepers for others. Android is just as much a real Linux as Debian or Arch are. UT is no less a real Linux simply because it has a readonly rootfs. Stop trying to be a gatekeeper,and forcing others trying to build a nice phone system into regressing into shipping something as a traditional Linux distro instead. If the traditional Linux distro is what you want, that's fine, but it's not UT.

@poVoq said in What do you think? Use only Lomiri as poweruser?:

It just doesn't feel worth the effort to drag along a lot of the Android like features if most users are seeing them more like small inconveniences than actual features...

A very vocal small minority does not a majority make.

poVoq

I think from my original post it is should have been clear that I am not trying to gatekeep anything. But yeah maybe I should rather say "traditional" rather than "real" Linux. Point taken

As for vocal minorities and such... I am not sure who is the majority in this community. Hence this post

What I see is that every time someone brings up this or a related point, a very vocal minority(?) repeats like a mantra that UT isn't like "traditional" Linux and doesn't try to be that. I know that viewpoint.

But what I am rather wondering about: is there really a demand for such a non-traditional mobile Linux? And if not, wouldn't the limited developer resources not better spend on what (I think) there is a demand for: a nice mobile (but also convergent) UI and well integrated telephone apps for it, i.e. Lomiri.

dobey

Again, individually, it comes down to what you actually want out of your phone and what suffering you're willing to go through to have it work.

For example, if you are OK with having no power management, apps being able to use all CPU all the time in the background, apps being able to read/write all your data for other apps, or having to manually configure things to do otherwise, then sure maybe a traditional Linux distro is good enough for you.

But, that is not UT. The few of us keep stating that it is not whenever someone comes in with the "what about apt" and "real linux" nonsense, because as the UBports Foundation mission statement says:

Establish and support an Open Source and collaborative community for the development and promotion of open source "perfect personal phone operative system", with respect for freedom and privacy, is developer friendly and secure, and preferable convergence.

Therefore, we need to prevent apps running in the background, have application confinement, trust store, and a readonly rootfs, in order to be able to approach these goals, and provide a phone OS which enhances privacy and security.

poVoq

You make it sound like all those features are exclusive to UT or necessary for reaching that rather broad mission statement. Which I don't see at all.

Traditional Linux has been used in the mobile space (laptops etc.) for a long time and does have a lot of power-saving features for example. Looking at the current battery usage of the PinePhone it also seems much more important to properly manage the LTE modem and a few other general system parameters than having a strict app background suspension like UT does. At least for now the traditional Linux OS on the PinePhone seem to have similar or better battery life than UT.

But I don't want to start a big fight here over individual details... but rather challenge people to think a bit out of the box.

dobey

Laptops traditionally do not have great battery life and power management either. Partly because traditional OS vendors didn't do much to make any significant gains, and partly because some of the features which exist in ARM SoCs in phones/tablets did not traditionally exist in x86 systems.

The PinePhone is one specific device, and it's a struggle with power management there specifically because it's not an Android based device, and so power saving features implemented in the Android HAL are things we're having to get implemented otherwise. To say that app suspension and such shouldn't be bothered with because one device has some extenuating circumstances regarding power management, is quite a stretch.

Frankly, I want all those power management and privacy/security features on my PC too. I'm tired of traditional Linux distros where app developers automatically have root on your system simply through the package management, can read all your files, record your screen, and use the microphone without any permission requests whatsoever. Imagine having a laptop with battery life measured in days instead of hours.

@poVoq said in What do you think? Use only Lomiri as poweruser?:

but rather challenge people to think a bit out of the box.

I have trouble seeing how you can do that, when you're doing the opposite by proclaiming what UT does to be the box, though it's the one that's different, and the traditional Linux distro design is actually the box.

poVoq

Ok lets agree to disagree on the traditional Linux approach, which I personally find to be more flexible and more geared towards the user being in control.

@dobey said in What do you think? Use only Lomiri as poweruser?:

I'm tired of traditional Linux distros where app developers automatically have root on your system simply through the package management, can read all your files, record your screen, and use the microphone without any permission requests whatsoever.

This is taking the idea of the Android ecosystem (the actual "box" ) which assumes apps to be malicious by default and applying that logic to Linux distributions, which is simply a false analogy. In traditional Linux distribution the app developer has zero access to the system, as you usually don't install apps from first party sources. This is IMHO the better security model than solely relying on a sandbox (but having a sandbox in addition usually doesn't hurt either).

dobey

@poVoq said in What do you think? Use only Lomiri as poweruser?:

This is taking the idea of the Android ecosystem (the actual "box" ) which assumes apps to be malicious by default and applying that logic to Linux distributions, which is simply a false analogy. In traditional Linux distribution the app developer has zero access to the system, as you usually don't install apps from first party sources. This is IMHO the better security model than solely relying on a sandbox (but having a sandbox in addition usually doesn't hurt either).

This is simply not true. You're making assumptions about UT based on some other OS, and declaring it malicious, without understand how or why anything works the way it does. Let's please stick to facts.

Saying, app developers have zero access to the system in traditional Linux is way beyond false. Any app on any X11 system can log keyboard, clipboard, and see anything on the screen. This is a big reason for things like Mir and Wayland. In a trraditional Linux distro, any app can read any files in your home directory, talk to pretty much anything running on dbus, put their own service on dbus, poke at anything on the network, access all kinds of hardware, etc…

UT obviously doesn't rely solely on a sandbox. The whole point is to reduce the amount of trust which users must place in app developers, as much as possible. Ideally, it would be a zero trust system, but we are nowhere near that in the Linux world yet.

poVoq

The problem is that you seem to misunderstand what I am talking about. And no, I am not making assumptions about UT based on another OS at all. UT uses the same security model as Android: a more or less open app store anyone can upload software to and some technical workarounds such as sandboxing and app permissions to make it less bad that the only way to install additional software is basically a malware distribution channel.

The security model on traditional Linux distributions is totally different. It does not depend on imperfect technical workarounds (that can always be exploited) but rather a chain of social trust and a way to install software that has been tested by a 3rd party. No software ends up in the official repositories without being tested and maintained by a person other than the developer, which is much safer than a technical crutch that a malicious developer can always find ways around.

Of course things are not perfect with traditional Linux either. Users can be stupid and add random PPAs or compile AUR packages without looking at the code and/or understanding what it does. And of course repository maintainers are not perfect and can overlook issues with the software and so on.

But it basically boils down to to different security cultures ("zero trust" vs. "chain of trust"):

You can have a locked down system with lots technical imperfect workarounds that by default assume that developers are malicious and users somewhat stupid. This is what can be found in Android, and to a slightly lesser extend in iOS, UT and Windows. These app permission questions in such systems are really only a smokescreen to hide the glaring security issues with that model and to push responsibility to the users (who usually just presses "ok" on everything anyways).

And then you have the idea that can be found in traditional Linux distributions of not (solely) depending on technical solutions and assuming your users are competent enough that they don't actively break the chain of trust. This is the tried and true method in the server world and also what is used for example for system updates in iOS or Windows. It also gives more agency to the user instead of artificially limiting what the user can do (incl. being somewhat stupid).

AppLee

@poVoq
Hi, you seems to thing that what Android does, what UT does and what a traditional Linux distro does are separate things.
But it's not.

Repos or stores are similar in the way that people can't review everything hence creating security holes.
What UT does is add another layer of security allowing the user to cage an app to fit a need without compromising its privacy.

What Android does is similar but the user has to either allow or deny ; no way to allow this and not that...

How is it a problem this other layer when developers and users have the possibility to ignore this at their own risk ?

poVoq

@AppLee Well this is getting more and more away from my original point... but no a traditional Linux distribution repository is somewhat different from an app-store like it is found in UT, Android or iOS.

Of course you are right that also a traditional Linux repository is not automatically safe, but it is a 3rd party tested update channel for the entire system, not solely an individual app distribution mechanism.

In a sense the official repositories of an Linux distribution are more comparable with official OS updates from Microsoft or Apple that also go directly into your system and have system-level access. But that isn't really a problem there either as Microsoft/Apple are testing the software before distributing the updates and are also maintaining all of it.

Of course not all software included in OS updates is written by Microsoft/Apple themselves. They might outsource parts or even include external software (like for example the Linux components in the Linux subsystem for Windows), but they do not allow the external developers of offer their own software directly through the official update channel.

Hence you end up with a chain of trust for these official updates.

This kind of mechanism is almost non existent in Android (as there are basically no system updates once a phone is released) and in UT it is intentionally closed for software from non-core developers.

I understand that this is the idea behind the "zero-trust" security model, but by now IMHO this model can be seen as somewhat failed (case in point: Android) and it was always trying to solve a social trust issue with a technical workaround which is in my opinion an anti-pattern not only in software development.

And to get back to my original point: yes Google or Apple have the developer resources and money to engage in an arms-race for this "zero-trust" security model, and maybe they also have no choice as their target audience is largely software security illiterate and thus randomly installs malware from the playstore...
But Uborts simply does not have the developers for that kind of thing and I think efforts would be better spend on joining a traditional Linux distribution and their "chain of trust" security model. And in addition most of the current audience for UT isn't nearly as software security illiterate hence people can be trusted with a more open system like a traditional Linux distribution

dobey

@poVoq said in What do you think? Use only Lomiri as poweruser?:

that the only way to install additional software is basically a malware distribution channel.

What? There's no need for such dramatization. Are you now saying that UT having app confinement is better? Because you seem to be saying that apt is a malware distribution channel.

@poVoq said in What do you think? Use only Lomiri as poweruser?:

The security model on traditional Linux distributions is totally different.

There is literally no security model on traditional Linux distros. It's a purely trust based system. And no, it's not about simply trusting that packagers and developers aren't malicious. You're trusting they won't make mistakes that result in catastrophic data loss (which doesn't work, because we all know that everyone makes mistakes, and there have been plenty of occurrences of bugs in packaging scripts that result in data loss over the years).

@poVoq said in What do you think? Use only Lomiri as poweruser?:

No software ends up in the official repositories without being tested and maintained by a person other than the developer, which is much safer than a technical crutch that a malicious developer can always find ways around.

This is just an assumption. Plenty of things end up in distro archives with nobody ever having looked at it other than the person who packaged it. And you are making broad assumptions and using insulting language to describe the features used in UT to improve privacy and security of the system.

@poVoq said in What do you think? Use only Lomiri as poweruser?:

You can have a locked down system with lots technical imperfect workarounds that by default assume that developers are malicious and users somewhat stupid.

This is nonsense. Please stop with projecting your own opinions on others and using such demeaning language. It has nothing to do with such assumptions. It's just rude, and your assumptions do nothing to help anyone.

@poVoq said in What do you think? Use only Lomiri as poweruser?:

These app permission questions in such systems are really only a smokescreen to hide the glaring security issues with that model and to push responsibility to the users (who usually just presses "ok" on everything anyways).

Again, please stop with these assumptions of yours that users can't be informed by the system, and make proper decisions when they are properly informed. If you can't cite specific security issues that exist in Ubuntu Touch regarding the app confinement implementation, I'd suggest you not make such wild and unfounded claims. You are simply ranting in a way to try and force others to share your view.

@poVoq said in What do you think? Use only Lomiri as poweruser?:

And then you have the idea that can be found in traditional Linux distributions of not (solely) depending on technical solutions and assuming your users are competent enough that they don't actively break the chain of trust. This is the tried and true method in the server world and also what is used for example for system updates in iOS or Windows. It also gives more agency to the user instead of artificially limiting what the user can do (incl. being somewhat stupid).

Yet more unfounded ranting. No, this is not how traditional Linux systems work. One does not have "more agency" there, simply because of apt or rpm. iOS is nothing like traditional Linux. The security model of Ubuntu Touch is actually based on how iOS works, not Android.

Please just stop making all these gross assumptions.

poVoq

@dobey No apt isn't. But the Playstore is evidently a malware distribution channel, and UT's only real method to install non-core software is the open-store, which follows (as you say) the same methodology as the iOS appstore (or the Playstore). It is IMHO only a question of time before we see malware in the open-store as well and no amount of app-confinement it going to stop a dedicated malware author.

AppLee

@poVoq
Sorry, but I don't get your point.
You're mixing subjects in order to make your point, but comparing the open store with apt is not a valid comparison.

The store is used for third party software. Like snap store on Ubuntu or other stores.
On a traditional Linux distro you have several ways to get these third party : from stores, from the developers, ppa, ...
How you get third party software doesn't matter because it has the same issues.

The OS is updated using images instead of a trusted repository... Well I don't see any issue with that.
As said many times it's for the best because you don't want to crash your phone with a simple update failure so it's more robust.

I just want to add that I'm not part of the core team and mostly a standard user of Ubuntu Touch.
So my opinion is forged on my experience with the system and I appreciate how reliable it is and how it is continuously improving.
Choices are made, you can either accept them or search for something else. If there are things I wish different, I'd create an issue and hope it is heard. Or I'd make a PR... Or even shut myself up because it is what it is.

Last, I try to give back a little of what is offered by UBports by giving time as a moderator here. And as such I'd like to point out that in order to make a point there is no need to use harsh words. People from different horizons and ages come here, so please be careful. You never know who you can hurt with a poor choice of words.

Thanks.

poVoq

@AppLee said in What do you think? Use only Lomiri as poweruser?:

@poVoq
Sorry, but I don't get your point.
You're mixing subjects in order to make your point, but comparing the open store with apt is not a valid comparison.

Yeah, I agree. That is why I tried to steer the topic back several times. But what can I do if the actual point I am trying to make continues to get distorted to make it look like something I am not claiming at all?

The store is used for third party software. Like snap store on Ubuntu or other stores.
On a traditional Linux distro you have several ways to get these third party : from stores, from the developers, ppa, ...
How you get third party software doesn't matter because it has the same issues.

Exactly! But on traditional Linux distributions you can get most common apps through the trusted official repository while on UT there is only the open-store and apt is disabled (I know why, no need to explain ).

The OS is updated using images instead of a trusted repository... Well I don't see any issue with that.
As said many times it's for the best because you don't want to crash your phone with a simple update failure so it's more robust.

Yes, there are advantages to that for sure. But also several disadvantages, such as that you can't have normal apt repositories and a lot of things only work though inconvenient workarounds such as Libertine.

My point basically is that when taking development effort and actual user-base into account, the disadvantages might outweigh the advantages, but this seems to be a bit of a taboo topic in this community that every time it comes up is shouted down by very vocal (minority?) users like dobey.

Capsia

Hi,
just a few thoughts about Open-store and apt package manager. I don't think that any of the two ways is perfect or wrong, they are just different in the way they handle security and privacy.
Open store allows everyone to upload a new app, that will be automatically added and will be available by default on all the UT devices. Apps aren't checked by humans if they don't ask for dangerous permissions, because they are containerized.
APT has some default repositories which only contain apps that are trusted by the OS maker. Apps can't be submitted to be displayed in apt. The user can install all the other apps by adding repositories, that the user should trust. An app is added to the default repository only if it has enough users and it passed mantainer's security checks. This makes containerization almost unnecessary, but still a nice measure for extra security.

dobey

@poVoq said in What do you think? Use only Lomiri as poweruser?:

things only work though inconvenient workarounds such as Libertine.

Not true. Simply because you don't like it doesn't make it a workaround. The only thing remotely being a "workaround" is the fact that traditional apps developed for PCs with large screens, keyboards, and mice, are not at all designed to use on a phone.

If you think Libertine is somehow inconvenient or has issues, you are more than welcome to contribute fixes and improvements. It is open source. But your language is denigrating and doesn't provide any indication of what any actual issues might be.

@poVoq said in What do you think? Use only Lomiri as poweruser?:

My point basically is that when taking development effort and actual user-base into account, the disadvantages might outweigh the advantages, but this seems to be a bit of a taboo topic in this community that every time it comes up is shouted down by very vocal (minority?) users like dobey.

No. We try to explain things, and people like you try to shout us down for wanting something better than traditional linux distros, in exactly this same manner, rudely claiming things to be workarounds, crutches, and a taboo topic. It's simply tiring having to keep explaining how and why things work the way they do on Ubuntu Touch, to people who seem to be against the very idea, and keep suggesting that every distribution of Linux must work in exactly the same traditional broken ways.

poVoq

@dobey Honestly, I think you are extremely rude for constantly stating that things I say are false or untrue, while they are actually a matter of different opinion. I respect your opinion and have tried to explain several times now why I am of a different opinion, but you keep on claiming that my opinions are false.

And Libertine is a workaround, claiming the opposite makes no sense at all. I never said that traditional apps designed for PCs are convenient to use on a mobile touch screen and that is a totally different topic anyways. And saying that I can help improving this workaround if I don't like it, also makes no sense as my entire point is that such workarounds shouldn't be needed in the first place.

Lakotaubp

Is UT different from "standard" Linux OS yes. Is it going to stay that way? from what I have seen and read yes. Could Lomiri be developed for/on different OS yes and as has pointed out this is happening. Is that a better direction for UT?
Can the pro's and cons of this and any other aspect of UT be discussed on the Forum? Yes of course, even if sometimes in a robust way. We all have opinions after all.
What must happen though is that the discussion is conducted in a respectful and friendly way between all parties. There may be no meeting of minds at the end of it but hopefully all those involved (taking part or just reading) will take something from it. If not what's the point. Please remember and keep this in mind when using the Forum.

AppLee

@poVoq said in What do you think? Use only Lomiri as poweruser?:

And Libertine is a workaround, claiming the opposite makes no sense at all

Now you're doing what you don't like from @dobey ...

Libertine is as much a workaround as VirtualBox is one.
That's a feature allowing the user to extend how to use its device.

The workaround is to use a desktop app with poor UX on a phone because no native app has been developed yet.
I know expressing an idea is difficult, but when the explanation doesn't work, try understanding why and change it so it become more precise.