Subscribe to future posts here
Sailfish OS update from Jolla
It’s all about presentations in the newsletter this fortnight, with news of an upcoming panel session with Jolla’s CEO Sami Pienimäki, and a summary of the two talks at the FIXME event in Lausanne from both a community and Jolla perspective.
But first, an important announcement about QtWebKit usage.
As already announced back in May, QtWebKit has been deprecated and will be removed from the default install of Sailfish OS in the next 4.5.0 release. We’re working hard to minimise the impact on end users, and for existing devices there should be very little change. On new installs from 4.5.0 onwards, old apps that make use of SilicaWebView may fail to work (the SilicaWebView package will be available in the repos, but you’ll need to install it manually).
If you’re an app developer and are currently making use of QtWebKit or SilicaWebView, then this will have a more significant impact.
Crucially, we will no longer be accepting apps into the Jolla Store which rely on either of these components, which are used for displaying Web content inside an app. Developers are encouraged to switch their apps to use the Gecko-based Sailfish WebView API instead.
We know it can be frustrating to have to make changes to an otherwise perfectly working app, but Sailfish WebView is much more modern and standards-compliant, and we are continuing to update it. We know many developers have already made the switch, and we’re grateful to you for your effort in doing this. We’ve seen many exciting new apps being released based on the Sailfish WebView, which is also great to see.
Older apps using QtWebKit or SilicaWebView in the store will continue to work, but any new apps, or updates to these old apps, will need to adhere to the new requirements.
If you have any questions about what’s required, or how to make the switch, do please add a comment here in the forum and we’ll do our best to help.
As some of you will already have noticed from the announcement on Twitter, Jolla will be attending AutoTech Europe on 15-16 November in Munich, Germany. The event bills itself as “the premier European automotive technology industry event”.
Jolla’s CEO, Sami Pienimäki will be joining the panel discussion “The OS Debate — Ecosystem vs. Proprietary System” on the 16th at 11:00 CET, alongside Jeremy Parker from Polestar, David Holecek from Volvo and Vincent Duval from Xperi. There he’ll be making the case for a middle ground in automotive between in-house proprietary OEM systems and delegation entirely to the existing Android or mobile ecosystems.
It’s sure to be an interesting discussion and we’ll bring you any news that comes out from the event in a future newsletter. If you can make it to the event in person, we’ll also be on the Business Finland Joint Stand and we’d love it if you swung by to visit us!
Don’t forget to continue reading for our regular Repository Roundup of source code changes and the App Roundup of new and updated apps in the Jolla Store. But before then, let’s rewind a bit to give you a summary of some of the Sailfish OS talks that took place over the last fortnight.
Energy from the Community
On the weekend following the previous newsletter was the “Your Phone & You - Sailfish OS” event that took place at FIXME in Lausanne, arranged by active community member Patrick Hervieux (pherjung). We talked about this as an upcoming event in the last newsletter. The event attracted a lively audience both on and offline, and even if you weren’t able to be there in person, no doubt some of you will have enjoyed the live stream of the event on Twitch.
In case you didn’t get the chance to watch it live, recordings of the presentations are available on both YouTube and Twitch.
The first presentation was from Ruben De Smet (rubdos) from Vrije Universiteit Brussel, who talked about “Signal and Sailfish”. Ruben is working on Zero Knowledge Proofs at the university, which ties in nicely with the work he’s doing on Whisperfish, and which he explained in some detail in his talk.
Ruben explained the notion of a Zero Knowledge Proof in relation the Belgian identity card. The back of the card, and the RSA certificate stored on the card, contain private data that you may not wish to share, including your date of birth, place of birth, identity card number and so on:
There is a little chip in here and the chip contains an RSA certificate and the RSA certificate says “I’m Ruben do Smet, I’m born 27 years ago, born in some kind of a city, my nationality, card number, validity of the card”; all those things are signed on the RSA certificate. But it is one big monolithic certificate.
So, suppose you want prove that you’re over 18 at the grocery store to buy a bottle of wine.
The people at the liquor store say “show me your identity card” and I say “no I can’t do that, because the back contains confidential information”.
So, as Ruben goes on to explain in his talk, the idea of a Zero Knowledge Proof is that it allows you to prove a statement about the data on the card, without giving away any other information, other than that the statement is true. In the case of the liquor store, the statement that “I am over 18 years old”.
It allows you to extract this RSA certificate, make some statement from it and show that I am over 18 years old. And I can’t do this by holding my fingers over the back of the card because they will still know my birthday, they will know that I’m 27 years old instead of over 18. A zero knowledge proof actually allows you to make some kind of a formal proof that convinces this store that I’m actually over 18 years old. And it’s something we’re working on at the university, specifically with the Belgian eID by the way.
So how does this relate to Signal? Most people round these parts will know that Signal was one of the pioneers in using end-to-end encryption for confidential message sending. However, while end-to-end encryption may hide the contents of the message from the service you use to send the message, it won’t hide the metadata of who is sending the message and to whom. As Ruben explains:
Four years ago Signal decided that, well, “it’s not really cool that we know Alice and Bob are talking to each other. We shouldn’t be able to know that”. So they came up with an interesting system they call “Sealed Sending” or “Unidentified Sending”, and the idea is pretty simple.
Alice wants to send a message to Bob and what they do instead is they say to the server “hey, I know Bob, but I’m not going to tell you who I am, deliver this thing to Bob please”. And in the real world this works: it’s like a postal office: you have an envelope, you go to the postal office, you put it in the letter box, and you don’t really have to write on the back of the envelope who you are for the return, it will just arrive and the postal office will not know who you were.
Sealed Sending is the same principle: you just don’t tell the server who you are. This has a very annoying implication in the digital world because it’s extremely cheap to send messages, so you have things like spam and impersonation attacks.
So the problem Signal aimed to solve is to allow messages to be sent anonymously, but in such a way that the sender must prove that the recipient has granted permissions for them to be sent messages from this person.
In essence what you do is when you want to send a message to Bob you go to the server, you show them some random-looking data that they cannot know what’s actually happening there, and the only thing they can actually see in this random data is that the person who sends this message knows Bob and they have permission to send the message. Zero knowledge proofs allow you to do this.
Ruben explains all of this in detail in his talk. And he also goes further, explaining how similar techniques can be used to send data not just to an individual, but also to groups.
He also talks more broadly about the relationship between Signal, Sailfish and Whisperfish, why he converted the original Whisperfish from Go to Rust, and some of the challenges he’s had to address during his time as the Whisperfish maintainer. He raises too many interesting points to cover here. He discusses the topic of whether Signal is comfortable to allow third party clients to use their service. He talks about the challenges of keeping up with Signal’s updates even while the company claims they don’t have a “move fast and break things” philosophy. He covers the fact that Signal has been gradually changing their protocol to allow registration without a phone number. He compares Signal to other services such as Telegram, Matrix and Session. And much, much more.
The second presentation was from Jolla’s Andrew Branson, who talked about “Sailfish OS and Privacy”. In practice his talk was split into three parts. First an overview of the technical characteristics of Sailfish OS, followed by a brief history of Jolla, and finishing off with his take on privacy in the mobile space. “Sailfish OS is a mobile Linux distribution”, Andrew explains at the outset.
There are a few of them around these days, but this one has a lineage that goes quite far back. It’s glibc based and it runs on ARM and x86 (64 bit ARM and 32 bit ARM). It’s more like a desktop Linux than other mobile OSes.
Andrew also highlights some of the main differences between Sailfish OS and other more mainstream mobile OSes.
You can be root. That’s something that’s so hidden from us these days. We buy these devices and we don’t own them, we’re just allowed to use them while someone else administers them. But on Sailfish you set a password to be root in the developer mode options, in the Settings, so you don’t need a jailbreak, it doesn’t need rooting because you already have root.
In this section Andrew also talks about Android App Support. “The Android app support is something we’ve been working on for a few years,” Andrew explains.
The original version of the Jolla1 was the 4.1 Android API and then it went to 4.4 for the tablet and the Jolla C. But then we moved it to an LXC container where we’re booting Android in a container. That works really well, and that started Android 8, then 9 and 10 which is the current.
But as readers will know, Android App Support is much more than just a container running Android.
The integration is quite good on that. An Android app appears, each app has its own window, it’s not like a shared desktop. Notifications, launchers, everything is integrated and we integrate more all the time. So it works well with the device.
Andrew’s historical tour of Sailfish OS was partitioned by device, starting from Nokia Maemo devices onwards. Andrew had even brought with him several example devices, including an N900, N9, Jolla1 and Jolla Tablet. He also covers Sailfish OS from a software perspective in detail as well.
Four major releases — we’re on Sailfish 4 now — 46 updates which is quite a lot, and we support devices for a very long time. The Jolla1 stopped receiving updates about a year ago, so it had almost eight, nine, years of updates and about 40 updates.
In the final section Andrew speaks about some of the Sailfish technologies — and Jolla policies — that underpin privacy on Sailfish OS devices. He makes very clear that these thoughts are his own, rather than the official position of Jolla. Andrew presents his three Cornerstones of Privacy Violation: First by denying access to parts of the device you own. Second by harvesting your data in cloud services. And third by profiting from exploitation of this data.
On an average phone you’ll be denied access to parts of it, so there’ll be some parts of the filesystem which you’re not allowed to see and which contain the bits the operating system is doing stuff to. On large parts of Android you can only see your own data, you can’t see even the private data folders of the apps themselves.
Having allowed the operating system to perform operations that aren’t accessible to the user, the second step is to:
sell cloud services [to users], that they will put their data on: you put your contacts on there and you put your pictures on there, and everything else on there.
Finally, once this is in place you have the opportunity to gather behavioural activity which can then be monetised.
At least one of these big players profits from that data because they analyse it and they know where their users are and they look at what their users are doing… And those three together, leaves everyone powerless.
Andrew then goes on to explain why, on Sailfish, these three cornerstones simply don’t apply.
But on Sailfish you’ve got root: you can read everything, you can monitor everything, you can run Wireshark and you can watch all the packets come and go out of the OS…
For the second point, Jolla doesn’t do any services, Jolla just sells software. The best way to keep a user’s data private is to not collect it in the first place.
And then finally, for the third point, Andrew talks about Jolla’s business model.
Jolla’s business model has these three things: we sell to the community, and then to those guys like Intex as we had before, then selling custom versions of Sailfish to large companies or government organisations.
It’s impossible to go into all of the detail here, and there was far more besides that Andrew covered, from the vibrant Sailfish OS porting community to privacy technologies such as Sailjail and OS-level home encryption. And finishing off his talk, Andrew touched on community activities, with a view that I hope we can all very much get behind.
It’s a great community all working together!
Hopefully this brief summary of the talks will have piqued your interest. I very much recommend watching both talks through to the end, including all of the excellent questions from the floor. And really hope we’ll have more events and more talks like these to feature in future newsletters.
While Damien enjoys a well-earned break this fortnight, the responsibility to compile the newsletter’s Repository Roundup falls to me. So please lower your expectations appropriately, but I hope you’ll still find something of interest in amongst all of the many changes that have either been created or merged into the Sailfish OS codebase in the last fortnight.
- nemo-qml-plugin-calendar, for exposing calendar capabilities to the user interface, as part of dcaliste’s work to improve the Calendar user interface, and in particular to add a week view, the pull request to move the all day event filtering from QML to C++ has now been merged.
signon-plugin-oauth2, a library for helping perform OAuth2 authentication, tomin has been working on the OAuth2 support for Exchange servers, and this commit to add PKCE support and ExtraParams to plugin data for sending non-standard query items to the server adds to this, and has now been merged.
oFono, the mobile telephony stack, slava has had his changes merged in to widen the range allowed for cell broadcast channels. These are messages sent in a specified cell, for example warning or emergency messages.
sailfish-api-patterns, used to determine which packages will be installed on a device, mkosola has merged his pull request to remove QtWebKit, which, following its deprecation, will now no longer be installed on devices by default.
qtwebkit5, the deprecated QtWebKit browser plugin, mal had his changes merged to fix the build which had started failing.
- amber-mpris, for allowing multimedia to be controlled using devices and from the lock screen, abranson merged his change to improve the extra metadata field support.
nemo-qml-plugin-systemsettings, which exposes settings to the user interface, the pull request from martyone to allow charging hysteresis to be configured in the Settings app has now been merged.
mce-dev, developer portion of mode control entity, spiiroin’s pull request to add forced charging D-Bus constants, needed to allow the overriding of charging policy state on D-Bus has been merged in.
mce, mode control entity, another pull request from spiiroin has been merged in, which allows users to override the battery ageing protection in case they want to charge the battery fully for some reason as a one-off.
nemo-qml-plugin-systemsettings, which exposes settings to the user interface, a change from spiiroin needed to allow the Settings app to offer controls for the charging hysteresis capabilities (i.e. the battery ageing protection) has been merged in.
usb-moded, the USB tracking daemon, gber is proposing a change to add support for the USB-PD power supply. There is currently ongoing discussion with spiiroin about it, and so the pull request is currently marked as draft. spiiroin has created his own alternative pull request that’s likely to supersede it.
- There have been many new articles and changes made to docs.sailfishos.org, the official Sailfish OS developer and user documentation.
- a pull request from sage that simplifies the Open Source documentation related to Sailfish OS has been merged in.
- jovirkku has merged in a change adding instructions for how to update Sailfish OS to the documentation.
- since on Android 10
ccachemust be installed and configured explicitly, voidanix has merged in a pull request to add instructions to the documentation for how to do this.
- jpwalden has merged in a troubleshooting article for device flashing.
- jpwalden had his pull request for creating an article about resetting oFono merged in.
- jovirkku has had his article for how to enable Developer Mode on-device merged into the documentation.
- jovirkku has had his article on encryption of user data merged in to the documentation.
- jpwalden has had his article on how to collect logcat logs merged into the documentation.
- jpwalden has had his article on how to collect oFono logs merged into the documentation.
- jpwalden has also had his article on how to factory reset a device merged into the documentation.
- and finally, jpwalden has had his article on User Interface Basic Concepts merged in as well.
- vige is proposing to add a page about the way Patterns and Images are used in the Sailfish OS build process.
- vige is proposing to add a dynamic table of contents to the Support and Help Articles pages.
scratchbox2, the cross-compilation tool used by the SDK, the pull request from martyone that reverts an earlier fix that changed the tools prefix priority has been merged. The original aim was to change the tool ordering to ensure packages using Python or Perl at build time worked correctly, but the fix was found to cause problems elsewhere.
sailfish-qtcreator, the Sailfish IDE, this update from martyone to have the
sfdkhide snapshots when the
listcommand is used unless the
--snapshotsoption is added, has been merged in.
autoconf, used for configuring build files, mal’s pull request to update autoconf to version 2.71 has been merged in.
autoconf, used for configuring build files, mal has merged in a change to fix the changelog, as part of the update to 2.71.
scratchbox2, the cross-compilation tool used by the SDK, a pull request from mal has been merged in to automatically add
config.subautomatically if needed, to support the update of autoconf to version 2.71.
python3-yaml, YAML parser/emitter for Python, a pull request from nephros to update the package to version 22.214.171.124 has been merged in. The update mainly pulls in security fixes.
libyaml, the “Yet Another Markup Language” parser library, nephros is proposing a pull request to update it to version 0.2, since the library is used by python3-yaml, which just received an update.
ruby, the interpreted scripting language for quick and easy object-oriented programming, mal has merged in his pull request to update Ruby to version 2.7.6. The update mostly concerns security fixes.
sdk-setup, part of the Sailfish SDK, vige has merged in his pull request to update the
mb2documentation to highlight the fact that the
.mb2directory can be removed to stop its parent being treated like a build directory.
sailfish-qtcreator, the Sailfish IDE, vige has also merged in a similar pull request for the Qt Creator documentation.
ed, part of the build pipeline, mal has merged in his pull request to update ed to version 1.18, which also addresses a potential security vulnerability.
sdk-harbour-rpmvalidator, the tool for validating apps for inclusion in the Jolla Store, mal has updated the
allowed_libraries.conffile so that it’s now acceptable to link against
sdk-harbour-rpmvalidator, the tool for validating apps for inclusion in the Jolla Store, vige has removed the deprecated QtWebKit, since this will no longer be allowed for use in the Jolla Store after the 4.5.0 release.
vala, the Gnome-oriented C#-like programming language that interoperates with C, pvuorela had his pull request updating it to version 0.56.1 merged in.
bison, the parser generator for creating context-free language parsers, pvuorela has created a pull request to update it to version 3.8.2. Bison isn’t installed by default but is a useful tool for developers.
Low-level system libraries
dbus, the inter-process communication library, pvuorela has merged in his pull request to update dbus to version 1.14.4. This pulls the library from an unstable to the stable release.
zlib, the compression library, pvuorela has also merged in his pull request to update zlib to version 1.2.13. This addresses a potential security vulnerability.
libksba, the “Kasbah” library) for utilising X.509 certificates, mal has merged in his pull request to update libksba to version 1.6.2.
libxslt, the XML toolkit, mal has merged in his pull request to update libxslt to version 1.1.37, which addresses a potential security vulnerability.
libdbusaccess, providing more fine-grained D-Bus access control, slava has had his change merged in to fix the build dependencies for the package.
libffi, a library providing a high level programming interface to various calling conventions, pvuorela had his changes merged in to update it to version 3.4.4, since it was due an update.
gobject-introspection, for supporting GIR files, which allow GLib APIs to be introspected for language binding, pvuorela had his pull request updating it to version 1.72.1 merged in.
libgee, the GObject data structure utility library, pvuorela merged in his pull request updating it to version 0.20.6.
gssdp, the GLib SSDP resource discovery library, pvuorela has merged in his housekeeping pull request to make use of Vala directly, rather than libvala.
gupnp, the GLib UPnP library, as with gssdp, pvuorela has merged in his housekeeping pull request to make use of Vala directly, rather than libvala.
texinfo, the single-source-multiple-output-format document generator, mal has had his change merged in to update it to version 6.3.
gpgme, allowing GunPG functionality to be easily added to other applications, mal has merged in a backported fix for use of the newer texinfo.
cups, the standards-based printing system, mal has merged in his pull request that updates it to version 2.4.2. This addresses a number of security issues.
cups again, mal has also had his housekeeping pull request which removes an unused source file merged in.
mlite, the configuration storage library, neochapay has proposed a pull request to fix the build on Qt6.
It’s always nice to try out new apps, and while the apps in the App Roundup this time aren’t all new, all of them bar AIDA64 are new to the newsletter. The apps seem particularly appropriate as the reds and browns of autumn fade into the whites and blacks of long winter nights. Whether you’re looking to virtually warm yourself on a virtual open fire, snuggle up on the sofa and project a movie from your phone, or enjoy a pint in from the cold in your local alehouse, then these apps should do the trick.
We covered the introduction of the 64-bit ARM version of AIDA64 to the Jolla Store back in September, and now we’re seeing FinalWire Ltd update it again, this time with improved support for the Xperia XZ2 Compact, and with improved Sailjail support. In case you’re not already familiar with it, AIDA64 is an app that provides a wealth of information about your device, from battery voltage to Open GL ES capabilities; it’s a mine of useful data.
Not only can you browse through the info on you phone, you can also get the app to email out a complete report of the data so that you can capture it for later review. The app is available on an impressive roster of platforms, not just Sailfish OS but also Android, iOS, Ubuntu Touch, Windows Phone and Tizen. That makes it particularly useful if you want to compare characteristics across platforms.
The latest version 2.1.1 of AIDA64 is only available from the Jolla Store, but you can also read more about it on the FinalWire website.
Qayttamaton from helicalgear is billed as an unofficial UNTAPPD Client for Sailfish OS. And in case you’re not familiar with UNTAPPD, it’s like FOURSQUARE but for beer. And in case you’re not familiar with FOURSQUARE (or, more specifically, Foursquare Swarm) it lets you “Check in” to places that you’ve visited and share the fact with your friends. UNTAPPD riffs on this idea by allowing users to check in beers that they’re drinking, building up a list of both beers you’d like to try, and those you’ve already tried.
I have to admit that I’m not an UNTAPPD user, but I can see the appeal. The app allows you to search for beers of different types to get ratings and descriptions provided by other users. If you like the look of it, add it to your wishlist. And after finding a local alehouse to test it out, check it in to add your own comment and rating for the beer. The laser focus on beers keeps things clean and simple, and the app seems to have pretty good coverage of the functionality on the official website. Beer icons, statistics and sharing are all supported. You can check your own wishlist, although lists other than the main wishlist aren’t supported by the app.
But when you’re out on the town after having enjoyed a few beers, complexity isn’t what you’ll be looking for, and Qayttamaton seems to cover the basics really well, with a clean interface that’s nicely tailored for the Sailfish Silica style.
The latest update brings Qayttamaton to version 0.1.2. OAuth login has been improved, Sailjail permissions have been added and the internals of the app have been updated, making for a nice release.
Qayttamaton is available only from the Jolla Store. If you’re a beer connoisseur and aren’t already acquainted with UNTAPPD, then it certainly deserves a look.
Fire is a new app from prolific app author and Jolla engineer Slava Monich (slava). As we head towards the cold winter months (at least here in Finland) it’s good to have a nice warm fire to snuggle up beside. While Slava’s app doesn’t generate real heat, so won’t keep you warm on the outside, it presents a very attractive flame-like animation to keep you warm on the inside.
The flames themselves are generated using a colour indexed cellular automaton. At each frame the heat of a pixel is derived from the average of the pixel and the three pixels below it. The bottom row of pixels is randomised to create the flickering effect, and the heat is transformed using a colour index to create the glorious yellow-to-red-to-blue colouring. Not only does it create a beautiful flame-like effect, it also captures the mesmerising way a simple set of mathematical rules can generate a complex, chaotic, result.
Version 1.0.1 was the first version to arrive in the Jolla Store, swiftly followed by Sailjail-compatible version 1.0.2. You can get yourself some virtual fire from the Jolla Store, OpenRepos and Chum.
If you’ve ever been a bit envious of Android’s ability to send audio, images and video to televisions with a Chromecast attached, then Jupii from Michal Kosciesza (mkiol) may be the app you’ve been looking for. By supporting UPnP (Universal Plug n Play) and DLNA (Digital Living Network Alliance) interoperability, Jupii is able to send just these things to any television or device that supports these protocols.
In practice, that means that if you have a video on your phone, you can connect wirelessly to your TV over the local network and play the video without having to get off the couch (assuming you have your phone on the couch with you, of course). In my testing with a JVC smart TV over a Wifi network it worked extremely well, casting videos captured with my phone to the television without any stuttering or buffering.
The app picked up the TV immediately, and items added to the playlist on my phone were playable on the TV almost immediately. I say “almost” because I had to exit out of the UPnP source on the TV and back again for it to pick up new material, but this behaviour can probably be blamed on the TV rather than the app.
Two particularly nice features of Jupii stand out. First the ease with which new devices can be found on the network. This ease is supposed to be the purpose of UPnP, but when it comes to technology the reality doesn’t always live up to the hype. But in the case of UPnP and the Jupii app, the “Play” part really is just a couple of taps away (whether there’s any Plugging involved will depend on whether your TV is already powered up). Second, files on your Sailfish OS device need to be explicitly shared before they become available on the TV, which should minimise the chance of your entire video, photo and audio collection being made available to others by accident over the network.
Jupii is available on the Jolla Store and OpenRepos, and while the version on OpenRepos is rumoured to have an even greater range of features (including YouTube, Bandcamp and Soundcloud integration), I personally found the Jolla version to be immediately useful, and worth the download.
Please feed us your news
We hope you enjoyed this fortnight’s community news. This is your news, and frankly we can’t always keep up with all the exciting stuff happening in the Sailfish community, so please help us out by replying to this post in the forum if you’d like to see something included.
And do also join us at our community meetings on IRC, Matrix and Telegram. It’s a great place to discuss any of the content you see here, ask questions and share your ideas. The next meeting will be on the 10th November, and note the time change from 0700 UTC to 0800 UTC, which after taking into account the shift from Summer to Winter time, should mean that for many people this isn’t a time change at all.