I'm holding off until the Meizu MX4 Ubuntu goes on sale -- but perhaps I shouldn't - does anyone know if it is exactly the same as the one being sold now running Android?
If so, I might get that one and install Ubuntu myself.
I guess he meant that once an OS update is downloaded, it cannot be swept right and forgotten, but it stays in notifications forever. I have one Moto G I use as a bike navigation, don't plan to ever update it to Lollipop as I run only OsmAnd on it and it always insists on getting upgraded to 5.0.x.
I've had the complete opposite experience with Android phones which is why I probably plan to stick with an iPhone when I upgrade my 4S within the next few weeks. I know people who have Android phones who are waiting to upgrade to Lollipop.
On a moderately specced phone they can be. Plus maps just got less and less usable in my opinion. The map gained more screen space but got unusably slow, and no idea how to access features that I previously used (buttons for zoom in and out for example. Pinch zoom when driving is dangerous).
Yes, the original version of Google maps was good, then they kept upgrading it until it became unusable (it was incredibly slow on my phone). I managed to downgrade it, but now the local bus app that uses maps doesn't work.
Is the support for all (or nearly all) 3G/4G networks limited to higher-end chips? I believe at least e.g. the iPhone has identical hardware worldwide?
Google has 88 apps in the Android app store. Which ones are you looking to replace?
Edit: Here's a list of the "core apps". https://wiki.ubuntu.com/Touch/CoreApps Notably missing are email and SMS apps, so I'm not sure what they're using for those.
The "Core Apps" have a bad name. They are community-developed apps, that may be included in the stock image. What you're really looking for are the "System Apps": https://launchpad.net/ubuntu-system-apps
I haven't seen a maps app, but I know they're using Here/Nokia for location services (https://insights.ubuntu.com/2014/07/30/nokia-here-maps-comin...). I think the BQ phone comes with a location "scope". The Here HTML5 app is pretty good on FxOS, so they could be using that.
Nice touch that the clock on the screen shows "14:10", which is of course similar to the latest released Ubuntu version (14.10, from October last year). Coincidence? :)
I wonder why you'd need a specific chipset to have an RTC alarm. Couldn't it be added on the board independently? After having so many Nokias, I'm still amazed how so many phones miss what should be a basic feature.
Why? They're not the highest end, but then again the price and other specs makes it clear that this is not intended as a high end phone. For a mid range phone MediaTek CPU's are easily powerful enough. Unless you have other objections?
MediaTek have not been historically known for engaging with the open-source community, documenting their chipsets, and complying with the GPL, to put it mildly.
Unless anyone knows that's changed in recent years?
That may be so, but there's hardly any CPU around you can even boot without binary blobs of some form these days. E.g. consider the massive pain the Coreboot people are going through to get anything reasonably open out of Intel.
I would prefer more open hardware and will vote with my wallet if there's something open of reasonable price/performance, but I choose to be pragmatic about it. In this space, even getting something I can run a non-locked down Linux on is an improvement.
"Although applications like Whatsapp, Google+ or Candy Crush aren't there yet you get many others such as Telegram, HERE maps and Cut the rope, and web apps like Facebook and Twitter"
Now, trying not comment about Candy Crush being considered a "must have" app for a smartphone, it will be still a tough sell, especially in the EU, where Whatsapp is a necessity for a lot of users.
I too was looking for what was available for IM and hadn't heard about Telegram until I saw it works on Ubuntu phone. Terrific system and now I kind of feel bad for not using it all along!
That it's compatible is nice, but Telegram cannot be recommended as a secure messenger. Knowledgeable people have reviewed its cryptography and found it wanting, even "bizarre and nonsensical". You may want to look into other alternatives?
Yeah the demo/description was pretty inspiring. Phone->dock+monitor+storage->computer (for everyday stuff). The linked tablet video seems close enough but I'd love a phone version to theoretically have one device for everything.
This is still my "tech wish for the year" :D
Even if it's possible with this device (which I don't know) that's still an ARM processor you have. It's a Cortex A7 a bit faster from what you get in a Raspberry Pi 2 but not much.
Anyway, those phones or tablets that turn into supposed regular computers are cool, but at the end of the day when I have access to a screen and keyboard there is usually a computer not far. Since my data is in the cloud anyway, I'd rather use that separate computer than my phone.
Even if you don't have a fast Internet pipe, you can just boot the PC from your Android phone instead, using DriveDroid. I'm not sure if you can also access the files on the sdcard, though.
There are plenty of situations where I don't want to trust the available computer with my data.
And I very frequently find myself in situations where the network connection is so poor that streaming my data over the network is an exercise in frustration.
When I then walk around with more and more powerful computers in my pocket, it's great to be able to make use of it.
I think the reason is that they want separate pages by countries, not by languages. For instance, they have three different pages in Spanish (Spain, Mexico, Uruguay).
What if I live in Spain and only speak English. What if I live in a Catalan region and want Catalan? What if I live in GB and want to read it in Spanish as it's my first language?
With the world being as global as it is and people readily moving around, geographic location does not equal language preference.
Ideally the site would have geographic specific sections but allow all languages it has translations for in each section. Bonus points if you default language based on my HTTP headers and allow session based overrides.
I've been doing eCommerce for a long time now and the number of site that realize this is shockingly limited.
With a few exceptions, the translations you are using for a country website's language are possible to use for any country where a visitor wants to use the language. Exceptions include things like country specific product features and such. Those kinds of things would need a little though.
The data is all there and the tech is all there. It's just a desire or realization that is missing.
Don't misunderstand me, I can see your point, and it would be a feature I might want to use in some cases.
But apart from the data and tech you need people implementing it, and I can understand most companies not seeing covering your/our case as worty of the added development/maintenance cost that it would entail.
Obviously it depends on the use case and audience, but language and location should not be conflated by default. Location allows customization of currency, measurement units, legal policies, shipping information, tariffs, dates/times, etc independently of the copy language. There are plenty of countries with more than one major language (there are almost 40 million Spanish-speaking citizens of the US and India has 23 official languages), so websites that guess language based on country alienate a lot of users.
Your browser already tells every website what language(s) you speak in the Accept-Language header, so it's not like that information isn't available.
My (very subjective) guess, is that many of those 40 millions Spanish speakers in the US speak English as well, and the percentage of those who don't and would use an e-commerce site is low.
Still, I would imagine major e-commerce websites to add support for a langugage in the website, if the potential userbase is big enough (for example, the Apple Store does).
My knowledge of India is very limited , but it always seemed to me that the unifying language really is English (again, from a very cursory glance, Amazon, Apple and HP have Indian e-commerce stores in English).
My point is that decoupling language and location as a general feature does not make much economic sense in the vast majority of cases.
This is especially true for major e-commerce sites: think about Amazon, and the number of items being sold (millions ?). Many of those are sold only in a particular store, or have variations between a store and another: how much would it cost to translate all the articles for all the stores in x languages ?
Some of those regions are known for being proud of their language and culture, so in case of similar specs and cost many people will chose a vendor that covers their native (or L2 but local) language instead of one that doesn't. Something to take into account is that e.g. Catalan (or Valencian or Balearic, you name it) represents between ~9M and ~11M native and L2 speakers (depending on sources).
What else... Oh yes, the regions where Catalan is official in Spain are among the wealthiest when considering the average income for its residents. That sounds like a good pond to fish for early adopters. Basques with even less population (and less L1 and L2 speakers, even in % than Catalans) are also among the wealthiest. The use case doesn't seem that narrow anymore, doesn't it?
Every single big company in Spain is able to communicate in any official language. Dude, it means business!
Finally, and I'm leaving a lot of stuff behind, people are usually not very thick skinned and calling the support of these languages "very limited use case" could be considered, well... inconsiderate at least.
What gets me is Amazon. I'd love to be able to see the Germany (country) site in English. Right now trying to return a tablet that went bad, and google trans is of limited help.
Yeah, but at least they let you do cross-country purchases. I live in the US and send my son in Europe gifts from the DE and FR Amazon sites. Lucky for me I know enough of the languages to muddle through the process. :)
Other companies are MUCH worse. Apple and Google being good examples. Try either being in the US or having a US credit card and purchasing in the EU. Nightmare!
OP here. Sorry for the URL, but I caught it in my twitter feed on my mobile phone and posted it.
Maybe HN's mods can fix that. I tried to editing it but while you can edit the title and/or add text, you can't edit the URL (which makes sense, actually).
Honest question here: what does anyone need 4g for?
On HSPA+ (H+) my connection is fast enough for any purpose besides downloading movies, and it's not like I've got unlimited data. Even 3g's theoretical speed is great if they could get that to work for a change.
I have 4g on a company laptop and the speed is better than many places' WiFi, but I have yet to find an excuse to use it (someone has to pay that data bill). It's not like I don't know how fast it really is, I just don't see the point of it right now. In 5 years 3g really will be too slow for many applications, but as it stands...
> In 5 years 3g really will be too slow for many applications
You answered your own question. It's progress, and the sooner people around the world adopt 4G, the sooner it becomes the standard, just like 3G before it.
You're right, and my Nexus 4 and Lumia 521 are getting along just fine without LTE as well, and will continue to for the next 1-2 years I hope to get out of them. It will be at least another 10-15 years before 3G is turned off in favor of whatever the baseline is then (hell, we still have 2G which by all accounts should be dead by now).
Coverage is a problem in some areas. In many parts of australia the 3g coverage has been left pretty damn miserable. while they have invested in 4g.
additionally contention levels are just horrible on the 3g services. what's that 20 Kb/s and 40% packet loss just because you were silly enough to use it near a train station.
It's not about you. It's about having multiple users within the same band. In crowded places you might have full 3G signal and the internet will still be shit because of how many people are using it. With 4G it should be better, it's not all about top speeds.
4G has much better latency than HSPA+ for me. Video streaming is much smoother and breaks up less. FaceTime is much better than on HSPA+. If I see 4G in my status bar, I know my connection is going to be at least as good as coffee shop WiFi.
It contends better too, which affects everyone.
I have unlimited LTE for £15/mo (Three UK) so I don't need to worry about paying for the data.
They also make an e-reader [1] with open source software. I'm somewhat obsessed with the idea of using it for ssh/mosh as a portable terminal. It would be very cool to hear if someone has tried this, before ordering one. I mailed some random guy at BQ and he said he never tried it, but also found it interesting. If you find it interesting too, maybe you could run down and ask around! :)
How is it open source? Where can I find the source? How can I build software for it, and how can I load the software onto the device?
I found this[0] but it is in Spanish, and many of the links to source don't go anywhere. It seems like they us Debian and Qt, which would be very neat.
Note that I don't have the device so I don't know if this works, but if there are problems with the instructions I assume BQ would help (since the open sourceness is a selling point).
(I don't know but...) I like the idea of an e-ink terminal, however I fear the slow refresh rate would make editing difficult. I guess someone somewhere has tried it though...
The specs of that particular one show no bluetooth (and no OTG usb), so can't connect a keyboard.
It also has no wireless apart from wifi; and only 512MB (though that's plenty for ssh!)
Yeah, it has to be "OTG" (on the go), aka "usb host". Seems relatively uncommon.
Beats a line printer! Can relate - I'm ecstatic that (70s era) unix utilities are blazing instant on a phone. I'm sure vim would also work on an e-reader, if you don't need to find the cursor.
I should research this. Working on e-ink/e-paper would be so much better on the eyes - and incredible battery life (they claim 2 months for the Kindle).
That's pretty cool! But being able to connect a physical keyboard is important to me; I want to be able to actually code/admin/email/whatever, preferrably replacing a laptop for extended periods of time. :)
Yes and no. The phone image is read-only by default, with RW areas for user data / tmp / logs etc. You can easily make the RO portion RW, and then apt-get or dpkg install random packages. However the caveat is we never test that scenario, so if you break it, you get to keep the pieces. You can then re-flash it to get out of this of course.
Would you mind to explain what you are talking about ? I thought telegram are more secure than whats app and etc . I would gladly hear what do you think about these app in general.
The protocol is published, and the client is open source, but the protocol has a whole bunch of design issues, and that's the real problem with Telegram.
If the protocol was properly designed, the proprietary nature of the server wouldn't be an issue as we could write a server implementing the protocol too. For instance, I don't have to worry about all of tarsnap being open source, because I know from the way the client is implemented that the server can't do a damned thing to sniff my data.
However, due to how much of an awful botch job the protocol is, even if the server was FLOSS, it would still be untrustable.
WhatsApp's security improved an awful lot back in November when it got end-to-end encryption.
MTProto has... issues. It uses IGE (infinite garble extension, a variation on the accumulated block chaining - ABC - mode of operation) as its mode of operation, which isn't exactly widely used or battle proven and is considered broken. Something like GCM wouldn've been a saner choice. Another issue is that it uses SHA1 for message authentication. Now, the issue isn't so much that they're using SHA1, but that they aren't using a MAC for message authentication.
If you’ve created HTML5 apps or mobile websites for
other platforms — there’s good news: the path
to Ubuntu
couldn’t
be quicker. We support both the Webkit/Blink and
Cordova development standards — and with a separate
API that enables
websites to be quickly converted to run independently
of a browser, with full access to phone notifications
and
settings, the same goes for your web applications.
The more the better. As a consumer, I like choice. As a developer, multiple options means we move towards open industry standards rather than vendor lock-in and single points of control.
I got burned once with a windows phone Omnia 7 as an early adopter and it was beyond useless (lack of apps/configurability) so I will definitely not rush again on unproven phones despite my interest in Ubuntu. Also the price/specs on this phone is horrible compared to Xiaomi Note 4G (190euro) which I own and can recommend to anyone. I hope Ubuntu phone catches on though. Competition is good.
I had the Omnia 7 and had the same frustration. Nothing wrong with the phone itself, but the OS was clunky and the Windows Phone app store was basically empty...
Any recommendations on where to buy the Note 4G? I got mine at pandawill, but I'm curious about other places. It was my first time buying from a Chinese e-retailer.
The specs on that Xiaomi are really nice value. I'd been looking at the 2nd gen Moto E or G for my parents, but the Xiaomi beats it, although at a higher cost.
It just amazes me how cheap tech has become. The other day I was looking through the Microsoft Store, saw a $90 ish tablet that had various discounts at times bringing it down to an absolutely ridiculous $60-70 range. I checked out some reviews and they were glowing (in terms of value), it actually runs windows 8 and comes with a year of Office 365 and an hour of Skype minutes every month. I can hardly imagine anyone buying Office 365 for a year at $70, instead of just buying this tablet instead haha. Of course it's no Mac Pro, but it surprised me.
HP stream 7 was the name. I just sat there grinning while watching the reviews on this device, computing is truly becoming completely and totally ubiquitous this decade, even consumer computing is becoming a cheap commodity.
I was in the same position: Moto G or something similar.. but lots of reviewers complained about battery life.. And then I saw the price and specs of xiaomi note: 2Gb RAM, 3100mAh and 5.5"+good resolution. If nothing else more interesting appears in the next weeks, I'm gonna buy a second one for my wife.
Just looked it up. Currently $79, with a $25 Windows Store voucher and $69-worth of Office 365. Extremely tempted but I really need to stop buying random tablet-y devices I'll never use.
Hehe, that really is a temptation. I wish there was one all-purpose device (maybe modular, like the earlier Modu phone [1] and now Google's Project Ara (still to come).
[1] Read about Modu in TechCrunch some years ago. An Israeli startup backed by Yossi Vardi, IIRC. Not sure what happened to it. But the idea seemed promising.
Second-gen Moto E came out just as my wife's Nexus 4 was giving up the ghost, and so far it is the perfect replacement. She was a little upset that it cost so much ($150), at which point I thought it unwise to remind her how much our iPods have cost over the years.
So I got one of those stream 7 tablets. I like it when I use it as a device, but windows 8 isn't quite ready for a tablet os I feel like. I was wanting a keyboard & trackpad pretty quickly. By adding a keyboard case, I might as well use a netbook anyway at this weight profile. Also tapping on some things can be awkward.
Also the battery dies on you quickly on idle, and it doesn't charge that easily through usb, you need a really high power charger for the charging indicator to turn on.
Are netbooks still being produced in mass scale? I was considering buying a netbook recently, as a 2nd lighter machine than my laptop, so that I can take it when I go out to nearby places like for shops / malls, and use short spells of free time outside to do some work (at least work that's light on CPU/RAM resources, like Python programming, or even email or technical topic browsing). But a few computer shops I went to, told me that Asus / Acer (for example) are not making new ones these days. This is in India, BTW. Don't know if this issue (if real) is specific to this region or not.
By netbook I meant more those really cheap "11 laptops that cost about $200 and quickly get performance issues in a year. The HP stream 11 is one example. Or a chromebook.
Sort of, but also not really. Two decades ago, say around 1995, a computer was still pretty damn expensive. A decent system (not high-end systems like we use for gaming today, but very basic office stuff) would easily set you back $1k to $2k, which is a bit more in today's dollars. That wasn't accessible to everyone, especially because these things weren't good enough to replace your office, your phone, your TV, your gaming console, your newspaper, your camera etc. So it was an additional cost to all of that.
And while it was already large two decades ago, it's not ubiquitous in the sense of finding $70 star trek like tablets in remote villages in central Africa, like happens today. Ubiquitous in the sense that outside of the 10-20% upper-middle class of the US/Europe, who've indeed had personal computing for decades, we're seeing computing arrive en masse to an additional 1-2 billion people, and probably billions more not long after, now that you get full desktop software, with complete hardware including input and a screen and battery, at $70 retail, and sub $50 second hand. That's insane.
You guys remember the $20 smartphone media talk last year? Should have arrived by now. In any case, this decade is something special. Chips are using so little energy nowadays, low res screens, too. Things are sturdy, cheap. The electricity costs per year are a tiny fraction of the device's costs (which is on its way to 5 to 10c a day per device) Computing is actually going to become accessible to 4-5 billion people by the end of the decade, that's something really new. And we're seeing a lot of initiatives in terms of free, global-coverage connectivity in the form of internet, too, for low-data applications like messaging, banking, wikipedia etc. e.g. FB & Google's initiatives.
That's how I convinced myself to buy the windows phone. "Oh, it's windows ! I can program for it with C# & WPF. It will be fun.. for a week..". I hack enough things on my laptops (ubuntu). I needed a cheap phone to make calls, send sms easily, put alarms, listen to music, browse web, ocassionaly snap pictures and read some pdfs when I'm bored. Xiaomi is perfect for my needs until now.
No https:// by default. Again, if you market this as towards the nerdy audience: Put _everything_ behind HTTPS. I simply do not want to let others know, what phone I might buy.
spacefight is right. Offering HTTP along with HTTPS is an antipattern. As an example, I give you Reddit, where HTTP and HTTPS services are identical. That means you can log in on the HTTPS site, and I can have your session cookie or even your password.
The only sane solution is to set up HTTP to redirect to HTTPS, and add an HSTS cookie.
It took 3 minutes to write this comment. Getting a new cert up and running will take you $5 and 15 minutes if you follow these instructions. Free if you use startssl.com. Cheapest wildcard I found was https://www.ssls.com/ when they ran a sale: $42. Current cheapest Google turned up was https://cheapsslsecurity.com/sslproducts/wildcardssl.html for $60. Personally, I prefer wildcard certs whenever possible, free certs from startssl.com.
Setting up passwords is additional effort. Just leave them blank. To me that doesn't seem like an excuse to subject your users to what HTTP entails, and to subject yourself to the liability it implies.
How about ad fill rates? I'm not directly involved in add ops myself, but I've heard that now, even in 2015, major web properties still see a roughly 60% drop in ad revenue on HTTPS. Thats a big deal for an advertising supported website. (Though obviously not so much a big deal for a website like this selling an Ubuntu cell phone).
It's because they are. How many times will this be brought up? The browser has no way of knowing whether gmail.com should be serving a self-signed cert (pinning notwithstanding), so it must treat a self-signed cert as a MITM attack at all times. Try to think through how else it could possibly work, and you'll see why the browsers do this.
The browser should treat any HTTP connection as a MITM attack at all times, too. Actually, it should also treat it as multiple MITM because everyone in your network or in the path can see your traffic.
We could argue if it even makes sense to differentiate between SSL with self-signed certs and plain HTTP connections when warning users, I'll give you that. But in no way SSL with self-signed are worse than HTTP.
> Try to think through how else it could possibly work, and you'll see why the browsers do this.
Allowing access on both http and https is indeed a bad practice, but not in regards to the scenario you described.
The scenario you described has been covered since long by the 'secure' attribute, available when creating cookies. Assuming the authentication was performed from within the https channel, the cookie won't be disclosed when requests are triggered on the http channel. This covers the 'Reddit' case from an application layer perspective.
The vulnerability is rather in browsers (such as Firefox). They allow the rewriting of an existing cookie value through the http channel, although it was originally set through the https channel. This is a huge problem and I still don't understand why this isn't reported by any researcher as a critical security flaw...
In either case it leaks information. Even if I can't get your session key, I can see every URL you visit, and every field you put in. Also, if your login form can be served over HTTP (or any included script is, which thankfully Chrome now disallows when the page loads over HTTPS), I can just get your password. Guess how Reddit serves their login form? Yup, it's right on http://www.reddit.com/.
You are right, all your Reddit traffic should be encrypted, but the reason is not because it's a vulnerability, it's because you have a personal expectation of privacy, which is different from an unexpected or undesired incident in their information system.
Let's not forget that from Reddit's point of view, the browsing of the public content is not confidential, hence no need to hide it. Only your credentials are confidential, hence their transmission is configured to happen through a secure channel by default (if you're lucky). As long as it matches their security policy, it is not a vulnerability, per say. The vulnerability here is that Reddit 1) accepts authentication events sent through HTTP and that 2) Reddit keeps considering accounts as reliable after a successful HTTP authentication. We could also argue on the quite insignificant consequences of your Reddit account being hacked (for most users) in opposition to the disclosure of a password that you have not used anywhere else (isn't it?).
As a user, you believe that the Reddit pages you browse should be private, which led you to conclude Reddit is flawed. I agree that Reddit users' traffic should be kept private. But, we are still in an era where information security is defined by the expectations of corporations, not those of customers/users. The total cost induced by the fact that anyone on the same network as you can see your Reddit traffic remains lower than improving the security of the platform.
If you want Reddit to consider this as a "vulnerability", you need to either convince lots of users to stop using Reddit until they fix this (traffic volume pressure) or convince loud people to start shaming their owners on large audience news sites (shame pressure). These two strategies are the only ones that work, to my knowledge. As long as their business keeps running and there is no shamming, they don't have any real incentive to pull the source code and fix this: it's not a major security vulnerability. (the fact that browsers overwrite https cookies from http responses is a major one, though...)
I consider them vulnerable. As a test I successfully hijacked a Reddit identity using nothing but tcpdump on my router. Leaking credential information is a form of vulnerability. Just because lots of people do this does not make it less vulnerable.
Even if Reddit allowed you to log in via HTTPS only and kept your session cookie secure, but let you browse anonymously over HTTP, they'd still be leaking info about what you are browsing, as you said. I agree, this is a problem for the user. Say, the user is looking at topics about maternity leave while her boss doesn't know she is pregnant. What can the boss do with this info? Or say the user is looking into methadone clinic experiences at work?
Browsing over HTTP also lets an attacker inject content. Ads are the obvious and somewhat innocuous case, but think about the phishing opportunities here. "Please log in to proceed" with a form that submits the password to the attacker.
You are right they won't change until either their users start complaining, or something really bad happens as a result of this negligence, but I am simply using them as an example of a pretty widespread issue. Lots of sites do this and it's very unfortunate.
VPNs aren't secure end-to-end. You can still have your connection spied upon and/or hijacked in the link between the VPN gateway and the website servers (including by the VPN operators themselves!).
Sure the client has encryption (most VPN clients do), but that's just up to their servers. From the PIA servers to the final web server, there's no extra protection, so if you're accessing an HTTP service, it's unencrypted.
Yes. Just install the Terminal app. If you have a screen lock configured you're asked again to get to a shell prompt. You get a regular prompt as the "phablet" user but have unrestricted sudo access. It's easier to use ssh though: http://askubuntu.com/q/348714/7808
What's nice is that it's just a regular Ubuntu shell prompt, not a hacked up one like you get on Android. All the usual stuff you expect to have is there. The Terminal app integrates nicely too - for example if you use less, then swiping up and down scrolls up and down.
Note though that by default the root filesystem is read-only. You can make it read-write, but then the image-based OTA updates aren't expected to work and of course if you break things you get to keep all the pieces. For this reason I've avoided doing this for now, but it's nice to know that I can do it. I expect I'll probably end up rolling my own customized images instead in order to keep my phone more reliable.
Love it. Only one missing feature prevents me from buying it: Ubuntu Phone doesn't seem to have easy, painless, over-the-air syncing of calendars and contacts with third-party applications/services like Google Apps and Microsoft Exchange, for snappy access to that data whether I'm online or offline.
279 comments
[ 3.4 ms ] story [ 271 ms ] threadIf so, I might get that one and install Ubuntu myself.
EDIT: Just noticed that the sale is only available in the Spanish store. The German one still shows "It will be available shortly".
Meanwhile my iPad 2 is still getting the latest iOS version multiple times each year...
What carrier/phone do you have?
Wi-Fi 802.11 b/g/n Bluetooth® 4.0, Bluetooth® 4.0 hardware compatibility (software not currently integrated). 2G GSM (850/900/1800/1900) 3G HSPA+ (900/2100) GPS and A-GPS
Edit: Here's a list of the "core apps". https://wiki.ubuntu.com/Touch/CoreApps Notably missing are email and SMS apps, so I'm not sure what they're using for those.
Also, you won't spend as much time in siloed app experiences on this OS. It's all about Scopes: http://www.ubuntu.com/phone/features
Email is Dekko: https://launchpad.net/dekko (No idea about the name.) Based on (forked from) Trojitá.
I haven't seen a maps app, but I know they're using Here/Nokia for location services (https://insights.ubuntu.com/2014/07/30/nokia-here-maps-comin...). I think the BQ phone comes with a location "scope". The Here HTML5 app is pretty good on FxOS, so they could be using that.
Not sure how the phone version of Ubuntu is versioned (http://www.ubuntu.com/phone didn't help), though.
- ring an alarm when in 'off' state
- change their IMEI
I'm not claiming that everyone needs that or that it will be possible on Ubuntu; just reminding that MTK chips have some unique advantages, too.
Unless anyone knows that's changed in recent years?
I would prefer more open hardware and will vote with my wallet if there's something open of reasonable price/performance, but I choose to be pragmatic about it. In this space, even getting something I can run a non-locked down Linux on is an improvement.
"Although applications like Whatsapp, Google+ or Candy Crush aren't there yet you get many others such as Telegram, HERE maps and Cut the rope, and web apps like Facebook and Twitter"
Now, trying not comment about Candy Crush being considered a "must have" app for a smartphone, it will be still a tough sell, especially in the EU, where Whatsapp is a necessity for a lot of users.
Anyway, those phones or tablets that turn into supposed regular computers are cool, but at the end of the day when I have access to a screen and keyboard there is usually a computer not far. Since my data is in the cloud anyway, I'd rather use that separate computer than my phone.
And I very frequently find myself in situations where the network connection is so poor that streaming my data over the network is an exercise in frustration.
When I then walk around with more and more powerful computers in my pocket, it's great to be able to make use of it.
What if I live in Spain and only speak English. What if I live in a Catalan region and want Catalan? What if I live in GB and want to read it in Spanish as it's my first language?
With the world being as global as it is and people readily moving around, geographic location does not equal language preference.
Ideally the site would have geographic specific sections but allow all languages it has translations for in each section. Bonus points if you default language based on my HTTP headers and allow session based overrides.
Every Catalan (or Galician, Valencian, Basque) speaks Spanish, as do the vast majority of the expats I know (and I'm one myself).
You can still access the specific site of the language you are interested in. Or, in the worst case, use Google translate.
I've been doing eCommerce for a long time now and the number of site that realize this is shockingly limited.
With a few exceptions, the translations you are using for a country website's language are possible to use for any country where a visitor wants to use the language. Exceptions include things like country specific product features and such. Those kinds of things would need a little though.
The data is all there and the tech is all there. It's just a desire or realization that is missing.
But apart from the data and tech you need people implementing it, and I can understand most companies not seeing covering your/our case as worty of the added development/maintenance cost that it would entail.
Your browser already tells every website what language(s) you speak in the Accept-Language header, so it's not like that information isn't available.
Still, I would imagine major e-commerce websites to add support for a langugage in the website, if the potential userbase is big enough (for example, the Apple Store does).
My knowledge of India is very limited , but it always seemed to me that the unifying language really is English (again, from a very cursory glance, Amazon, Apple and HP have Indian e-commerce stores in English).
My point is that decoupling language and location as a general feature does not make much economic sense in the vast majority of cases.
This is especially true for major e-commerce sites: think about Amazon, and the number of items being sold (millions ?). Many of those are sold only in a particular store, or have variations between a store and another: how much would it cost to translate all the articles for all the stores in x languages ?
Some of those regions are known for being proud of their language and culture, so in case of similar specs and cost many people will chose a vendor that covers their native (or L2 but local) language instead of one that doesn't. Something to take into account is that e.g. Catalan (or Valencian or Balearic, you name it) represents between ~9M and ~11M native and L2 speakers (depending on sources). What else... Oh yes, the regions where Catalan is official in Spain are among the wealthiest when considering the average income for its residents. That sounds like a good pond to fish for early adopters. Basques with even less population (and less L1 and L2 speakers, even in % than Catalans) are also among the wealthiest. The use case doesn't seem that narrow anymore, doesn't it?
Every single big company in Spain is able to communicate in any official language. Dude, it means business!
Finally, and I'm leaving a lot of stuff behind, people are usually not very thick skinned and calling the support of these languages "very limited use case" could be considered, well... inconsiderate at least.
Other companies are MUCH worse. Apple and Google being good examples. Try either being in the US or having a US credit card and purchasing in the EU. Nightmare!
...and GB = Great Britain.
Just my 2¢.
Maybe HN's mods can fix that. I tried to editing it but while you can edit the title and/or add text, you can't edit the URL (which makes sense, actually).
Sorry guys.
On HSPA+ (H+) my connection is fast enough for any purpose besides downloading movies, and it's not like I've got unlimited data. Even 3g's theoretical speed is great if they could get that to work for a change.
I have 4g on a company laptop and the speed is better than many places' WiFi, but I have yet to find an excuse to use it (someone has to pay that data bill). It's not like I don't know how fast it really is, I just don't see the point of it right now. In 5 years 3g really will be too slow for many applications, but as it stands...
You answered your own question. It's progress, and the sooner people around the world adopt 4G, the sooner it becomes the standard, just like 3G before it.
But in 5 years, in all reasonableness, you'd have a new phone. Having no lte on this one doesn't change much. That's what I meant to say.
additionally contention levels are just horrible on the 3g services. what's that 20 Kb/s and 40% packet loss just because you were silly enough to use it near a train station.
It contends better too, which affects everyone.
I have unlimited LTE for £15/mo (Three UK) so I don't need to worry about paying for the data.
Pretty useless comment, I know.
[1]: http://www.bq.com/gb/products/cervantes-2013.html
(or did you mean the ereader? Not tried, sorry)
I found this[0] but it is in Spanish, and many of the links to source don't go anywhere. It seems like they us Debian and Qt, which would be very neat.
[0]: http://www.mibqyyo.com/actualidad/2013/07/10/programa-de-des...
That links to an English version of the page you found: http://www.mibqyyo.com/actualidad/2014/01/08/bq-ereaders-dev...
Note that I don't have the device so I don't know if this works, but if there are problems with the instructions I assume BQ would help (since the open sourceness is a selling point).
The specs of that particular one show no bluetooth (and no OTG usb), so can't connect a keyboard.
It also has no wireless apart from wifi; and only 512MB (though that's plenty for ssh!)
Also, difficult schmifficult! I bet ed, the standard editor, will work just fine. Shouldn't be much worse than, say, a 300 baud terminal!
Beats a line printer! Can relate - I'm ecstatic that (70s era) unix utilities are blazing instant on a phone. I'm sure vim would also work on an e-reader, if you don't need to find the cursor.
I should research this. Working on e-ink/e-paper would be so much better on the eyes - and incredible battery life (they claim 2 months for the Kindle).
[0] http://www.engadget.com/2012/02/23/hack-enables-fast-refresh...
http://en.wikipedia.org/wiki/Mobile_Web_Server
Shame that this phone has such a low res screen or I'd be tempted.
"Telegram is the most secure way to..." or http://www.bq.com/flexy_templates/game/assets/en/screen-3.pn...
If you market your phone towards nerds, don't bullshit us with crypto marketing.
However, due to how much of an awful botch job the protocol is, even if the server was FLOSS, it would still be untrustable.
MTProto has... issues. It uses IGE (infinite garble extension, a variation on the accumulated block chaining - ABC - mode of operation) as its mode of operation, which isn't exactly widely used or battle proven and is considered broken. Something like GCM wouldn've been a saner choice. Another issue is that it uses SHA1 for message authentication. Now, the issue isn't so much that they're using SHA1, but that they aren't using a MAC for message authentication.
It has other issues, but I have to rush off.
However, it looks like you should be able to get Kitkat on this easily[1].
[1] http://www.bq.com/gb/products/aquaris-e4-5.html Search for "android"
Are you happy with it ?
It just amazes me how cheap tech has become. The other day I was looking through the Microsoft Store, saw a $90 ish tablet that had various discounts at times bringing it down to an absolutely ridiculous $60-70 range. I checked out some reviews and they were glowing (in terms of value), it actually runs windows 8 and comes with a year of Office 365 and an hour of Skype minutes every month. I can hardly imagine anyone buying Office 365 for a year at $70, instead of just buying this tablet instead haha. Of course it's no Mac Pro, but it surprised me.
HP stream 7 was the name. I just sat there grinning while watching the reviews on this device, computing is truly becoming completely and totally ubiquitous this decade, even consumer computing is becoming a cheap commodity.
[1] Read about Modu in TechCrunch some years ago. An Israeli startup backed by Yossi Vardi, IIRC. Not sure what happened to it. But the idea seemed promising.
Also the battery dies on you quickly on idle, and it doesn't charge that easily through usb, you need a really high power charger for the charging indicator to turn on.
Are netbooks still being produced in mass scale? I was considering buying a netbook recently, as a 2nd lighter machine than my laptop, so that I can take it when I go out to nearby places like for shops / malls, and use short spells of free time outside to do some work (at least work that's light on CPU/RAM resources, like Python programming, or even email or technical topic browsing). But a few computer shops I went to, told me that Asus / Acer (for example) are not making new ones these days. This is in India, BTW. Don't know if this issue (if real) is specific to this region or not.
And while it was already large two decades ago, it's not ubiquitous in the sense of finding $70 star trek like tablets in remote villages in central Africa, like happens today. Ubiquitous in the sense that outside of the 10-20% upper-middle class of the US/Europe, who've indeed had personal computing for decades, we're seeing computing arrive en masse to an additional 1-2 billion people, and probably billions more not long after, now that you get full desktop software, with complete hardware including input and a screen and battery, at $70 retail, and sub $50 second hand. That's insane.
You guys remember the $20 smartphone media talk last year? Should have arrived by now. In any case, this decade is something special. Chips are using so little energy nowadays, low res screens, too. Things are sturdy, cheap. The electricity costs per year are a tiny fraction of the device's costs (which is on its way to 5 to 10c a day per device) Computing is actually going to become accessible to 4-5 billion people by the end of the decade, that's something really new. And we're seeing a lot of initiatives in terms of free, global-coverage connectivity in the form of internet, too, for low-data applications like messaging, banking, wikipedia etc. e.g. FB & Google's initiatives.
No https:// by default. Again, if you market this as towards the nerdy audience: Put _everything_ behind HTTPS. I simply do not want to let others know, what phone I might buy.
Thank you.
The only sane solution is to set up HTTP to redirect to HTTPS, and add an HSTS cookie.
Put the cert and the key in /etc/ssl/certs/example.com.crt and respectively /etc/ssl/private/example.com.key;
In your nginx config add the following:
Restart nginx. If you want to only do HTTPS, and have HTTP redirect to HTTPS: It took 3 minutes to write this comment. Getting a new cert up and running will take you $5 and 15 minutes if you follow these instructions. Free if you use startssl.com. Cheapest wildcard I found was https://www.ssls.com/ when they ran a sale: $42. Current cheapest Google turned up was https://cheapsslsecurity.com/sslproducts/wildcardssl.html for $60. Personally, I prefer wildcard certs whenever possible, free certs from startssl.com.All web servers just do HTTP by default.
That, and shared hosts.
The browser should treat any HTTP connection as a MITM attack at all times, too. Actually, it should also treat it as multiple MITM because everyone in your network or in the path can see your traffic.
We could argue if it even makes sense to differentiate between SSL with self-signed certs and plain HTTP connections when warning users, I'll give you that. But in no way SSL with self-signed are worse than HTTP.
> Try to think through how else it could possibly work, and you'll see why the browsers do this.
Funny :)
Allowing access on both http and https is indeed a bad practice, but not in regards to the scenario you described.
The scenario you described has been covered since long by the 'secure' attribute, available when creating cookies. Assuming the authentication was performed from within the https channel, the cookie won't be disclosed when requests are triggered on the http channel. This covers the 'Reddit' case from an application layer perspective.
The vulnerability is rather in browsers (such as Firefox). They allow the rewriting of an existing cookie value through the http channel, although it was originally set through the https channel. This is a huge problem and I still don't understand why this isn't reported by any researcher as a critical security flaw...
Let's not forget that from Reddit's point of view, the browsing of the public content is not confidential, hence no need to hide it. Only your credentials are confidential, hence their transmission is configured to happen through a secure channel by default (if you're lucky). As long as it matches their security policy, it is not a vulnerability, per say. The vulnerability here is that Reddit 1) accepts authentication events sent through HTTP and that 2) Reddit keeps considering accounts as reliable after a successful HTTP authentication. We could also argue on the quite insignificant consequences of your Reddit account being hacked (for most users) in opposition to the disclosure of a password that you have not used anywhere else (isn't it?).
As a user, you believe that the Reddit pages you browse should be private, which led you to conclude Reddit is flawed. I agree that Reddit users' traffic should be kept private. But, we are still in an era where information security is defined by the expectations of corporations, not those of customers/users. The total cost induced by the fact that anyone on the same network as you can see your Reddit traffic remains lower than improving the security of the platform.
If you want Reddit to consider this as a "vulnerability", you need to either convince lots of users to stop using Reddit until they fix this (traffic volume pressure) or convince loud people to start shaming their owners on large audience news sites (shame pressure). These two strategies are the only ones that work, to my knowledge. As long as their business keeps running and there is no shamming, they don't have any real incentive to pull the source code and fix this: it's not a major security vulnerability. (the fact that browsers overwrite https cookies from http responses is a major one, though...)
Even if Reddit allowed you to log in via HTTPS only and kept your session cookie secure, but let you browse anonymously over HTTP, they'd still be leaking info about what you are browsing, as you said. I agree, this is a problem for the user. Say, the user is looking at topics about maternity leave while her boss doesn't know she is pregnant. What can the boss do with this info? Or say the user is looking into methadone clinic experiences at work?
Browsing over HTTP also lets an attacker inject content. Ads are the obvious and somewhat innocuous case, but think about the phishing opportunities here. "Please log in to proceed" with a form that submits the password to the attacker.
You are right they won't change until either their users start complaining, or something really bad happens as a result of this negligence, but I am simply using them as an example of a pretty widespread issue. Lots of sites do this and it's very unfortunate.
This is the responsibility of the admin, not the user.
Is there a Terminal app with a local shell?
I'm in the US, so I can't get this one, but these are what I'm hoping for when it gets here.
What's nice is that it's just a regular Ubuntu shell prompt, not a hacked up one like you get on Android. All the usual stuff you expect to have is there. The Terminal app integrates nicely too - for example if you use less, then swiping up and down scrolls up and down.
Note though that by default the root filesystem is read-only. You can make it read-write, but then the image-based OTA updates aren't expected to work and of course if you break things you get to keep all the pieces. For this reason I've avoided doing this for now, but it's nice to know that I can do it. I expect I'll probably end up rolling my own customized images instead in order to keep my phone more reliable.
There is a lot of relevant information inside that bar.
https://www.youtube.com/watch?v=c3PUYoa1c9M