Reply
Thread Tools
Posts: 440 | Thanked: 2,256 times | Joined on Jul 2014
#21
The parts visible in the video are isolated from the main OS anyway, its done like that for security reasons so its like a minimal OS container that hosts the blockchain stuff
__________________
SirenSong v0.5
Like my work? buy me a beer
 

The Following 8 Users Say Thank You to r0kk3rz For This Useful Post:
Posts: 724 | Thanked: 1,255 times | Joined on Nov 2007 @ Cambridge, UK
#22
Originally Posted by r0kk3rz View Post
The parts visible in the video are isolated from the main OS anyway, its done like that for security reasons so its like a minimal OS container that hosts the blockchain stuff
Yes, people should read the white paper. The hypervisor is such that the Zipper system is able to take over control of the framebuffer to display it's content and interact with the user, without a rogue app on Sailfish or Android being able to bypass it's security.
 

The Following 10 Users Say Thank You to tswindell For This Useful Post:
Posts: 479 | Thanked: 1,284 times | Joined on Jan 2012 @ Enschede, The Netherlands
#23
Originally Posted by Stskeeps View Post
Watchmaker has it exactly right above in comment #9.

This is about making blockchain and cryptocurrency easy and straightforward.

It's about (in the future) 5 USD up front devices that provide a out-of-box experience for this.

It's not about pointing pointless crap at people - by far.
The fact of actually getting paid for your data or renting out your hardware is nice, as is the idea of cryptocurrency-made-easy.

But I'm not too keen on the fact that it uses its own token. It looks like yet-another-ICO, and a company of hoping to get at the center of a large economy. I have become wary of companies trying to lock me perpetually into their product, in an all-or-nothing-style, without alternatives. (One of the reasons I'm not using Facebook or any of its products, for example) Open standards are needed, community-driven, for the sake of progress, not profit.
 

The Following 10 Users Say Thank You to Fuzzillogic For This Useful Post:
Posts: 724 | Thanked: 1,255 times | Joined on Nov 2007 @ Cambridge, UK
#24
Originally Posted by Fuzzillogic View Post
The fact of actually getting paid for your data or renting out your hardware is nice, as is the idea of cryptocurrency-made-easy.

But I'm not too keen on the fact that it uses its own token. It looks like yet-another-ICO, and a company of hoping to get at the center of a large economy. I have become wary of companies trying to lock me perpetually into their product, in an all-or-nothing-style, without alternatives. (One of the reasons I'm not using Facebook or any of its products, for example) Open standards are needed, community-driven, for the sake of progress, not profit.
This is a really valuable point, I would not have any interest in working on something like this if it was not open. I can't speak for Carsten, but his track record speaks for itself as far as openness and community is concerned.
 

The Following 7 Users Say Thank You to tswindell For This Useful Post:
Posts: 339 | Thanked: 1,623 times | Joined on Oct 2013 @ France
#25
Originally Posted by tswindell View Post
Yes, people should read the white paper. The hypervisor is such that the Zipper system is able to take over control of the framebuffer to display it's content and interact with the user, without a rogue app on Sailfish or Android being able to bypass it's security.
Interesting read.
However, "secure" is difficult to make bullet-proof. I can be very well designed (like it seems in that case), but there are still some non-controlled attack surface.

From what I understand from the Image 2 (page 12 in https://zipperglobal.com/whitepaper.pdf), both are on top of the same linux kernel (I don't see the use of the hypervisor by the way if that is not a mistake in the image).
From talks of Greg Kroah-Hartman himself, we can see how much of the code in Android's linux kernel is out of tree (millions of lines), and never reviewed. Root exploits are well known.
On other platforms, there is said to be 2 and half kernel below the hypervisor in recent talks (the famous Intel ME case), so the hypervisor may not be the lowest level depending on hardware, and a lot can go wrong below it.
A lot of modems integrated in mobile chips have direct RAM access (which give Neo900/Purism solutions a selling point), and probably contain backdoors or at least vulnerabilities.

On another side, this container files are on the same disk as the Android/Sailfish system is, so there can be also exploits in filesystems drivers that can leak things there.


So, it is probably the best solution possible so far, and Stskeeps is someone I could trust on this, but I always take with a pinch of salt all things that are marketed as "secure" (macOS was probably presented with a "secure" login screen a few days ago ).

Nice to see you back, Stskeeps. Good luck with this project !
 

The Following 7 Users Say Thank You to Zeta For This Useful Post:
Stskeeps's Avatar
Posts: 1,671 | Thanked: 11,478 times | Joined on Jun 2008 @ Warsaw, Poland
#26
Originally Posted by Zeta View Post
Interesting read.
However, "secure" is difficult to make bullet-proof. I can be very well designed (like it seems in that case), but there are still some non-controlled attack surface.

From what I understand from the Image 2 (page 12 in https://zipperglobal.com/whitepaper.pdf), both are on top of the same linux kernel (I don't see the use of the hypervisor by the way if that is not a mistake in the image).
From talks of Greg Kroah-Hartman himself, we can see how much of the code in Android's linux kernel is out of tree (millions of lines), and never reviewed. Root exploits are well known.
On other platforms, there is said to be 2 and half kernel below the hypervisor in recent talks (the famous Intel ME case), so the hypervisor may not be the lowest level depending on hardware, and a lot can go wrong below it.
A lot of modems integrated in mobile chips have direct RAM access (which give Neo900/Purism solutions a selling point), and probably contain backdoors or at least vulnerabilities.

On another side, this container files are on the same disk as the Android/Sailfish system is, so there can be also exploits in filesystems drivers that can leak things there.


So, it is probably the best solution possible so far, and Stskeeps is someone I could trust on this, but I always take with a pinch of salt all things that are marketed as "secure" (macOS was probably presented with a "secure" login screen a few days ago ).

Nice to see you back, Stskeeps. Good luck with this project !
It all comes down to the threat model and who's your attacker. You don't necessarily want to have a Swiss Bank like security for most operations. It's not necessarily devices for a cypherpunk. It's meant to be for everybody and get people on a 'secure enough' setup. You want to make sure people don't needlessly lose money in scams, through stolen phones, or through bad actor apps.

As a comparison, contactless credit cards seem totally crazy security wise. But, actually, when I do transactions below some amount, I don't get asked for PIN. And it's very very convenient in shops. Despite the flaws.
 

The Following 12 Users Say Thank You to Stskeeps For This Useful Post:
Stskeeps's Avatar
Posts: 1,671 | Thanked: 11,478 times | Joined on Jun 2008 @ Warsaw, Poland
#27
Originally Posted by Fuzzillogic View Post
The fact of actually getting paid for your data or renting out your hardware is nice, as is the idea of cryptocurrency-made-easy.

But I'm not too keen on the fact that it uses its own token. It looks like yet-another-ICO, and a company of hoping to get at the center of a large economy. I have become wary of companies trying to lock me perpetually into their product, in an all-or-nothing-style, without alternatives. (One of the reasons I'm not using Facebook or any of its products, for example) Open standards are needed, community-driven, for the sake of progress, not profit.
I'd like to say on my part that a major part of the reason I left Jolla back then was to pursue the idea of combining blockchain and mobile. We were toying with IPFS, Ethereum nodes on Android and Sailfish, Qt-based wallets quite early on. My only mistake was not to buy enough ETH back then. I think "ICOs" are terrible.

However. They show that people will finance ideas happily if they get a stake in it. We try to do things a bit more orderly - gauging interest, have people commit funds they have time to withdraw; make people re-confirm the interest; appropriately identify who contributors are, do anti-money laundering checks; be transparent; etc. We aren't even trying to raise 180m+ USD

If you read the whitepaper ( https://zipperglobal.com/whitepaper.pdf ) the token itself is not a lockup. See this section for example:

Curation market

The purpose of the curation market is to incentivise development of applications for the Zipper store and power discovery for those applications.
 

The Following 12 Users Say Thank You to Stskeeps For This Useful Post:
Stskeeps's Avatar
Posts: 1,671 | Thanked: 11,478 times | Joined on Jun 2008 @ Warsaw, Poland
#28
Originally Posted by Manatus View Post
It is not just about cryptocurrency: Resolving public key distribution dilemma is much more interesting thing.
And if both of you had appropriate devices you'd very easily be able to exchange basic cryptographic identity information through something like Ultrasonic networking in person.

https://www.youtube.com/watch?v=w6lRq5spQmc
 

The Following 6 Users Say Thank You to Stskeeps For This Useful Post:
Stskeeps's Avatar
Posts: 1,671 | Thanked: 11,478 times | Joined on Jun 2008 @ Warsaw, Poland
#29
Originally Posted by biketool View Post
I would only consider a FOSS cryptocurrency app where I could and HAD reviewed the code for phone home of my wallet details as otherwise I would suspect the app of being able to 'rob' me at any time by on command, time delayed, or randomly execute a transfer of my cryptocurrency to a wallet accessible to the devs. Remember that there are no take-backs or appeals with a transfer, it is P2P.
I also want to state for those who have been fed misinformation, the way blockchain works it is even less annon than transferring money bybank transfer, paypal, or or credit card; essentially it is like cash where every transaction and holder is indelibly recorded on the banknote/bill, announced over the radio, and recorded in a public almanac.
I would not be surprised to find that blockchain based pseudocurrencies were designed by an American three letter police or intelligence agency to have a way to track the flow of black money even when transfers were done offline.
Every app should have it's own sub-account of it's own separate from your regular money. You can do P2P or take-back systems if you design them to just fine - it's just another kind of token.

Albeit not that mobile capable yet (too much RAM requirements), https://z.cash/ is quite interesting technology.

Regarding the public ledger; https://en.wikipedia.org/wiki/Rai_stones were a interesting historical precedent.
 

The Following 5 Users Say Thank You to Stskeeps For This Useful Post:
Stskeeps's Avatar
Posts: 1,671 | Thanked: 11,478 times | Joined on Jun 2008 @ Warsaw, Poland
#30
Originally Posted by jenix View Post
So, what does you app do now? I'm pretty sure SFOS handles my identities and private keys very well with the default unix-based tools, thank you very much.

Which "blockchain based services" should I be able to access now? And which benifits do they bring over conventional services, already available today?
I'm sorry but this sounds like another ******** bingo project which only exists because most of the people do not seem to understand the concept behind blockchain-based crypto currencies. The only advantage of crypto currencies like BTC, being able to pay anonymously is long clouded by the many disadvantages like high-risk, unstable prices, transaction fees making daily useage unfeasible and shitty wallet services / softwares losing the funds of their users all the time.
Sure, there are some interesting approaches for the blockchain idea in science, but there still does not exist a single idea for a legit, everyday service based on this technology which convinces me. Instead, this feels more and more like a scam, like its "Dot Com" all over again.

But here is your chance to convince me.
******** bingo is awesome.

This is far from being such a project. I fully agree that the current state of things is crazy and this is part of the reason why we're doing a project to genuinely make it a proper out of box experience. I even get confused with some of the setups needed - I even randomly found 250 EUR worth of Bitcoin I had totally forgotten I had. It's like the amount of manual work to get mobile internet working back in the day.

How about you send me a private message on here and we'll have a more real-time conversation on some medium (Telegram? IRC?); and then gather our thoughts and differing views into a post for the rest?
 

The Following 16 Users Say Thank You to Stskeeps For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 11:16.