What do you think? Use only Lomiri as poweruser?



  • Ok lets agree to disagree on the traditional Linux approach, which I personally find to be more flexible and more geared towards the user being in control.

    @dobey said in What do you think? Use only Lomiri as poweruser?:

    I'm tired of traditional Linux distros where app developers automatically have root on your system simply through the package management, can read all your files, record your screen, and use the microphone without any permission requests whatsoever.

    This is taking the idea of the Android ecosystem (the actual "box" 😉 ) which assumes apps to be malicious by default and applying that logic to Linux distributions, which is simply a false analogy. In traditional Linux distribution the app developer has zero access to the system, as you usually don't install apps from first party sources. This is IMHO the better security model than solely relying on a sandbox (but having a sandbox in addition usually doesn't hurt either).



  • @poVoq said in What do you think? Use only Lomiri as poweruser?:

    This is taking the idea of the Android ecosystem (the actual "box" ) which assumes apps to be malicious by default and applying that logic to Linux distributions, which is simply a false analogy. In traditional Linux distribution the app developer has zero access to the system, as you usually don't install apps from first party sources. This is IMHO the better security model than solely relying on a sandbox (but having a sandbox in addition usually doesn't hurt either).

    This is simply not true. You're making assumptions about UT based on some other OS, and declaring it malicious, without understand how or why anything works the way it does. Let's please stick to facts.

    Saying, app developers have zero access to the system in traditional Linux is way beyond false. Any app on any X11 system can log keyboard, clipboard, and see anything on the screen. This is a big reason for things like Mir and Wayland. In a trraditional Linux distro, any app can read any files in your home directory, talk to pretty much anything running on dbus, put their own service on dbus, poke at anything on the network, access all kinds of hardware, etc…

    UT obviously doesn't rely solely on a sandbox. The whole point is to reduce the amount of trust which users must place in app developers, as much as possible. Ideally, it would be a zero trust system, but we are nowhere near that in the Linux world yet.



  • The problem is that you seem to misunderstand what I am talking about. And no, I am not making assumptions about UT based on another OS at all. UT uses the same security model as Android: a more or less open app store anyone can upload software to and some technical workarounds such as sandboxing and app permissions to make it less bad that the only way to install additional software is basically a malware distribution channel.

    The security model on traditional Linux distributions is totally different. It does not depend on imperfect technical workarounds (that can always be exploited) but rather a chain of social trust and a way to install software that has been tested by a 3rd party. No software ends up in the official repositories without being tested and maintained by a person other than the developer, which is much safer than a technical crutch that a malicious developer can always find ways around.

    Of course things are not perfect with traditional Linux either. Users can be stupid and add random PPAs or compile AUR packages without looking at the code and/or understanding what it does. And of course repository maintainers are not perfect and can overlook issues with the software and so on.

    But it basically boils down to to different security cultures ("zero trust" vs. "chain of trust"):

    You can have a locked down system with lots technical imperfect workarounds that by default assume that developers are malicious and users somewhat stupid. This is what can be found in Android, and to a slightly lesser extend in iOS, UT and Windows. These app permission questions in such systems are really only a smokescreen to hide the glaring security issues with that model and to push responsibility to the users (who usually just presses "ok" on everything anyways).

    And then you have the idea that can be found in traditional Linux distributions of not (solely) depending on technical solutions and assuming your users are competent enough that they don't actively break the chain of trust. This is the tried and true method in the server world and also what is used for example for system updates in iOS or Windows. It also gives more agency to the user instead of artificially limiting what the user can do (incl. being somewhat stupid).



  • @poVoq
    Hi, you seems to thing that what Android does, what UT does and what a traditional Linux distro does are separate things.
    But it's not.

    Repos or stores are similar in the way that people can't review everything hence creating security holes.
    What UT does is add another layer of security allowing the user to cage an app to fit a need without compromising its privacy.

    What Android does is similar but the user has to either allow or deny ; no way to allow this and not that...

    How is it a problem this other layer when developers and users have the possibility to ignore this at their own risk ?



  • @AppLee Well this is getting more and more away from my original point... but no a traditional Linux distribution repository is somewhat different from an app-store like it is found in UT, Android or iOS.

    Of course you are right that also a traditional Linux repository is not automatically safe, but it is a 3rd party tested update channel for the entire system, not solely an individual app distribution mechanism.

    In a sense the official repositories of an Linux distribution are more comparable with official OS updates from Microsoft or Apple that also go directly into your system and have system-level access. But that isn't really a problem there either as Microsoft/Apple are testing the software before distributing the updates and are also maintaining all of it.

    Of course not all software included in OS updates is written by Microsoft/Apple themselves. They might outsource parts or even include external software (like for example the Linux components in the Linux subsystem for Windows), but they do not allow the external developers of offer their own software directly through the official update channel.

    Hence you end up with a chain of trust for these official updates.

    This kind of mechanism is almost non existent in Android (as there are basically no system updates once a phone is released) and in UT it is intentionally closed for software from non-core developers.

    I understand that this is the idea behind the "zero-trust" security model, but by now IMHO this model can be seen as somewhat failed (case in point: Android) and it was always trying to solve a social trust issue with a technical workaround which is in my opinion an anti-pattern not only in software development.

    And to get back to my original point: yes Google or Apple have the developer resources and money to engage in an arms-race for this "zero-trust" security model, and maybe they also have no choice as their target audience is largely software security illiterate and thus randomly installs malware from the playstore...
    But Uborts simply does not have the developers for that kind of thing and I think efforts would be better spend on joining a traditional Linux distribution and their "chain of trust" security model. And in addition most of the current audience for UT isn't nearly as software security illiterate hence people can be trusted with a more open system like a traditional Linux distribution 🙂



  • @poVoq said in What do you think? Use only Lomiri as poweruser?:

    that the only way to install additional software is basically a malware distribution channel.

    What? There's no need for such dramatization. Are you now saying that UT having app confinement is better? Because you seem to be saying that apt is a malware distribution channel.

    @poVoq said in What do you think? Use only Lomiri as poweruser?:

    The security model on traditional Linux distributions is totally different.

    There is literally no security model on traditional Linux distros. It's a purely trust based system. And no, it's not about simply trusting that packagers and developers aren't malicious. You're trusting they won't make mistakes that result in catastrophic data loss (which doesn't work, because we all know that everyone makes mistakes, and there have been plenty of occurrences of bugs in packaging scripts that result in data loss over the years).

    @poVoq said in What do you think? Use only Lomiri as poweruser?:

    No software ends up in the official repositories without being tested and maintained by a person other than the developer, which is much safer than a technical crutch that a malicious developer can always find ways around.

    This is just an assumption. Plenty of things end up in distro archives with nobody ever having looked at it other than the person who packaged it. And you are making broad assumptions and using insulting language to describe the features used in UT to improve privacy and security of the system.

    @poVoq said in What do you think? Use only Lomiri as poweruser?:

    You can have a locked down system with lots technical imperfect workarounds that by default assume that developers are malicious and users somewhat stupid.

    This is nonsense. Please stop with projecting your own opinions on others and using such demeaning language. It has nothing to do with such assumptions. It's just rude, and your assumptions do nothing to help anyone.

    @poVoq said in What do you think? Use only Lomiri as poweruser?:

    These app permission questions in such systems are really only a smokescreen to hide the glaring security issues with that model and to push responsibility to the users (who usually just presses "ok" on everything anyways).

    Again, please stop with these assumptions of yours that users can't be informed by the system, and make proper decisions when they are properly informed. If you can't cite specific security issues that exist in Ubuntu Touch regarding the app confinement implementation, I'd suggest you not make such wild and unfounded claims. You are simply ranting in a way to try and force others to share your view.

    @poVoq said in What do you think? Use only Lomiri as poweruser?:

    And then you have the idea that can be found in traditional Linux distributions of not (solely) depending on technical solutions and assuming your users are competent enough that they don't actively break the chain of trust. This is the tried and true method in the server world and also what is used for example for system updates in iOS or Windows. It also gives more agency to the user instead of artificially limiting what the user can do (incl. being somewhat stupid).

    Yet more unfounded ranting. No, this is not how traditional Linux systems work. One does not have "more agency" there, simply because of apt or rpm. iOS is nothing like traditional Linux. The security model of Ubuntu Touch is actually based on how iOS works, not Android.

    Please just stop making all these gross assumptions.



  • @dobey No apt isn't. But the Playstore is evidently a malware distribution channel, and UT's only real method to install non-core software is the open-store, which follows (as you say) the same methodology as the iOS appstore (or the Playstore). It is IMHO only a question of time before we see malware in the open-store as well and no amount of app-confinement it going to stop a dedicated malware author.



  • @poVoq
    Sorry, but I don't get your point.
    You're mixing subjects in order to make your point, but comparing the open store with apt is not a valid comparison.

    The store is used for third party software. Like snap store on Ubuntu or other stores.
    On a traditional Linux distro you have several ways to get these third party : from stores, from the developers, ppa, ...
    How you get third party software doesn't matter because it has the same issues.

    The OS is updated using images instead of a trusted repository... Well I don't see any issue with that.
    As said many times it's for the best because you don't want to crash your phone with a simple update failure so it's more robust.

    I just want to add that I'm not part of the core team and mostly a standard user of Ubuntu Touch.
    So my opinion is forged on my experience with the system and I appreciate how reliable it is and how it is continuously improving.
    Choices are made, you can either accept them or search for something else. If there are things I wish different, I'd create an issue and hope it is heard. Or I'd make a PR... Or even shut myself up because it is what it is.

    Last, I try to give back a little of what is offered by UBports by giving time as a moderator here. And as such I'd like to point out that in order to make a point there is no need to use harsh words. People from different horizons and ages come here, so please be careful. You never know who you can hurt with a poor choice of words.

    Thanks.



  • @AppLee said in What do you think? Use only Lomiri as poweruser?:

    @poVoq
    Sorry, but I don't get your point.
    You're mixing subjects in order to make your point, but comparing the open store with apt is not a valid comparison.

    Yeah, I agree. That is why I tried to steer the topic back several times. But what can I do if the actual point I am trying to make continues to get distorted to make it look like something I am not claiming at all?

    The store is used for third party software. Like snap store on Ubuntu or other stores.
    On a traditional Linux distro you have several ways to get these third party : from stores, from the developers, ppa, ...
    How you get third party software doesn't matter because it has the same issues.

    Exactly! But on traditional Linux distributions you can get most common apps through the trusted official repository while on UT there is only the open-store and apt is disabled (I know why, no need to explain 😉 ).

    The OS is updated using images instead of a trusted repository... Well I don't see any issue with that.
    As said many times it's for the best because you don't want to crash your phone with a simple update failure so it's more robust.

    Yes, there are advantages to that for sure. But also several disadvantages, such as that you can't have normal apt repositories and a lot of things only work though inconvenient workarounds such as Libertine.

    My point basically is that when taking development effort and actual user-base into account, the disadvantages might outweigh the advantages, but this seems to be a bit of a taboo topic in this community that every time it comes up is shouted down by very vocal (minority?) users like dobey.



  • Hi,
    just a few thoughts about Open-store and apt package manager. I don't think that any of the two ways is perfect or wrong, they are just different in the way they handle security and privacy.
    Open store allows everyone to upload a new app, that will be automatically added and will be available by default on all the UT devices. Apps aren't checked by humans if they don't ask for dangerous permissions, because they are containerized.
    APT has some default repositories which only contain apps that are trusted by the OS maker. Apps can't be submitted to be displayed in apt. The user can install all the other apps by adding repositories, that the user should trust. An app is added to the default repository only if it has enough users and it passed mantainer's security checks. This makes containerization almost unnecessary, but still a nice measure for extra security.



  • @poVoq said in What do you think? Use only Lomiri as poweruser?:

    things only work though inconvenient workarounds such as Libertine.

    Not true. Simply because you don't like it doesn't make it a workaround. The only thing remotely being a "workaround" is the fact that traditional apps developed for PCs with large screens, keyboards, and mice, are not at all designed to use on a phone.

    If you think Libertine is somehow inconvenient or has issues, you are more than welcome to contribute fixes and improvements. It is open source. But your language is denigrating and doesn't provide any indication of what any actual issues might be.

    @poVoq said in What do you think? Use only Lomiri as poweruser?:

    My point basically is that when taking development effort and actual user-base into account, the disadvantages might outweigh the advantages, but this seems to be a bit of a taboo topic in this community that every time it comes up is shouted down by very vocal (minority?) users like dobey.

    No. We try to explain things, and people like you try to shout us down for wanting something better than traditional linux distros, in exactly this same manner, rudely claiming things to be workarounds, crutches, and a taboo topic. It's simply tiring having to keep explaining how and why things work the way they do on Ubuntu Touch, to people who seem to be against the very idea, and keep suggesting that every distribution of Linux must work in exactly the same traditional broken ways.



  • @dobey Honestly, I think you are extremely rude for constantly stating that things I say are false or untrue, while they are actually a matter of different opinion. I respect your opinion and have tried to explain several times now why I am of a different opinion, but you keep on claiming that my opinions are false.

    And Libertine is a workaround, claiming the opposite makes no sense at all. I never said that traditional apps designed for PCs are convenient to use on a mobile touch screen and that is a totally different topic anyways. And saying that I can help improving this workaround if I don't like it, also makes no sense as my entire point is that such workarounds shouldn't be needed in the first place.



  • Is UT different from "standard" Linux OS yes. Is it going to stay that way? from what I have seen and read yes. Could Lomiri be developed for/on different OS yes and as has pointed out this is happening. Is that a better direction for UT?
    Can the pro's and cons of this and any other aspect of UT be discussed on the Forum? Yes of course, even if sometimes in a robust way. We all have opinions after all.
    What must happen though is that the discussion is conducted in a respectful and friendly way between all parties. There may be no meeting of minds at the end of it but hopefully all those involved (taking part or just reading) will take something from it. If not what's the point. Please remember and keep this in mind when using the Forum.



  • @poVoq said in What do you think? Use only Lomiri as poweruser?:

    And Libertine is a workaround, claiming the opposite makes no sense at all

    Now you're doing what you don't like from @dobey ...

    Libertine is as much a workaround as VirtualBox is one.
    That's a feature allowing the user to extend how to use its device.

    The workaround is to use a desktop app with poor UX on a phone because no native app has been developed yet.
    I know expressing an idea is difficult, but when the explanation doesn't work, try understanding why and change it so it become more precise.



  • If i use uTouch, that's not because i'm a GNU/L power user, i'm even far.
    I use it because i WANTED an alternative, open source, with freedom, without crapware, without data mining.
    I use it because i WANTED a smartphone OS, that don't push me to change phone every 2 years, and guess what, 5 years with MX4 now...
    I use it because i would enjoy having a portable secondary desktop with convergence, but not to replace my desktop.

    OK it's not perfect, i was used to canonical first design with scopes since 2015, and lost it since i got ubports on my phone this year, now i miss some custom settings but hey, work in progress...

    What miss on uTouch is more apps, so more user and devs to interest to, in my point of view.

    Making it a "power user" GNU/L distro's not a good thing i think.

    Just let uTouch being a phone adapted GNU/L distro that makes people sick of GAFAM but not used to GNU/L say to themselves "why not trying it, it's not far from what i know?", and also usable by advanced GNU/L users, as you can do lot of things with it anyway (as i understood, you even can make system writable with UTTT).



  • @Keneda yeah, definitly. That is one way of seeing it, as I tried to explain already in my first post.
    But it is an uphill battle, and maybe too amitious for a small community project like Ubports.

    And then there is the fact that in the months since I joined this community and started developing some simple apps for it, I have seen a lot of people (with a traditional Linux background) come and go again for reasons that basically boil down to feeling unwelcome and constantly running into (what they perceive as) artificial limitations of the system.

    I also had high hopes that the PinePhone would bring in more developers for UT. And while the final verdict is still out on that, my current gut feeling based on discussions around the PinePhone outside of this direct community is that because of the above reasons the vast majority (of the developers at least) prefer to use a more traditional Linux base and would rather port Lomiri to it than putting up with the uphill battle in UT.

    That said, this isn't really a major problem if this community's majority of users and its current developers feels it is a tradeoff they are willing to make. But I wanted to raise this topic as I feel it is not being openly discussed and people fail to understand why UT isn't attracting nearly as many new users and developers as everyone would hope (of course under realistic assumptions, not claiming it could topple Android or such).



  • @poVoq said in What do you think? Use only Lomiri as poweruser?:

    I have seen a lot of people (with a traditional Linux background) come and go again for reasons that basically boil down to feeling unwelcome and constantly running into (what they perceive as) artificial limitations of the system.

    If you love cats and go to shop and choose a dog, you get a dog, no?

    What i mean, uTouch should be known, by GNU/L community users and even more devs, to be what it is, as it is like that from five years now.

    Problem is this OS is not to replace or mimic a PC GNU/L "normal" distro, this OS is for phones and tablets, under arm, and for all users, not only advanced GNUL ones.

    I want my phone to... phone, SMS/MMS, browse web, take photos, and lot of things yous can do with smartphone, i don't want to use it, like 99% of the time, as a desktop.

    Now with convergence, it could be good to have PC like features, but, why would ubports devs brake phone OS specific tweaks, just for 1% of usage (for average user)?

    If we can converge our phone to a PC like device with specific arrangment like libertine to run PC programms, that's not a problem.

    Most people, even those tired of GAFAM, don't want a "traditional" GNU/L smartphone, they even don't care about GNU/L at all, they just wan't a smartphone that is smartphoning.

    People that wan't a GNU/L full traditional system on their smartphone, because they will do linuxing on it prior to the rest, shouldn't get uTouch if that doesn't fill their needs, and they should know that it doesn't as they are advanced linux users that know a little what's happening in this community (the all GNU/L one, not just ubports).



  • @Keneda said in What do you think? Use only Lomiri as poweruser?:

    I want my phone to... phone, SMS/MMS, browse web, take photos, and lot of things yous can do with smartphone, i don't want to use it, like 99% of the time, as a desktop.

    Sure, just like anyone else. But as other more traditional Linux versions on the PinePhone show, this is perfectly possible without a lot of things that make UT different. And in addition convergence works a lot better and things like video chat also work fine since it isn't prevented from working in the normal way like on UT.



  • @poVoq said in What do you think? Use only Lomiri as poweruser?:

    things like video chat also work fine since it isn't prevented from working in the normal way like on UT.

    I'm quite sure vidéochat could work on UT despite its security guardrails...
    And in the mean time, some apps can "have access to all system", at user own risk (but revieved before releasing on openstore), after all, no?



  • @poVoq
    I start to understand your point (I think).

    Yes some people come here because "Ubuntu", so it's some kind of flare...
    And yes these people are disappointed : they can't use latest stuff, playing Doom or TuxRacer is not possible (or annoying), ...

    Earlier today I read a post from someone wanting to make a Raspberry Pi out of its old phone. With some work they can achieve this goal with UT, but that is the workaround : trying to bend the OS to do something else.

    Those people won't help build up the OS I want, because (without any judgement) they mostly want to have fun with a touch screen and some sensors (on a personal note I can also relate to that but not with my daily driver phone).
    You see a lot of them in the Pinephone community and it's fine. But that's not what UT is for.

    When I read your post I think that you want us (as a community) to bail because it's a long way until UT is polished and with many useful and fun apps. But I don't think that we should stop because that is something I want and many others too.


Log in to reply