no probs, that was rather speaking to me self as I’ll also need rss reader, preferably tt-rss client (as I aggregate the feeds on my own home server running ttrss).
LinuxDeploy is actually able to access them; I installed it to be able to control an Arduino.
One app that I use all the time is RedReader, along with another version of it modified to be a SaidIt client instead of a Reddit one. One major advantage of this app is offline caching of posts and a much, much faster and smoother experience than Reddit’s native app, so it would be very nice to have something like this.
Something new (as in: “I haven’t seen one of these in the wild before” - not all of them), since before this there hasn’t been need and possibility to have this: a more advanced login features / options resisting meddeling. (working title: MALFORM [it took a couple of minutes ] )
A couple of caveats:
- I have no idea how to go about getting these features
- I have no idea how to make this into a viable projects
- I have no idea how difficult it would be to implement these
- I have no idea how difficult it would be to implement these in a way that is secure
- I only assume that there could be interest to this (especially more so after it’s offered)
- I only assume this might be a Purism thing to implement, since this seems more L5 specific, even though some of it could be implemented elsewhere [at least partly via PAM-mechanism, as @ruff points out]
My only hope is that someone somewhere finds this interesting and makes it reality.
Preface:
I’m not sure how the login and lock screen works in L5. I’ve half heartedly asked but gotten no real detailed descriptions here at the forum (probably no one to give a good answer here). Atm it might be still be polished. Login I equal to desktop linux login (username/password) and expect that to be needed when phone is booted (reboot, power on as well as sudo/admin level). Lock screen, as I understand it, is supposed to be opened with a PIN, for convenience (screen lock via timer and/or manual/software switch). PIN is a number, that has been reported (unfortunately I did not find the source again) to be max 6 digits (unconfirmed and possibly temporary).
Login is decades old method from desktop side. Works well if you are in private and can maintain secrecy of the pair. PIN is based on old security tech (number key pads) and is what was used in GSM when it came out in the 90’s. It was thought to be enough for the SIM but soon as separate PIN was needed to secure the phone. As a feature, systems usually lock after enough false attempts (permanently or for a pre-set time) or in some cases can make the system dead (delete encryption keys or otherwise make it unusable - requiring new installation).
Thought:
I find these somewhat adequate but want more because this is the old way. The Librem 5 is new type of tech (in that to me in this aspect it seems to have taken a half a step forwards further and crossed a line into a new territory) that genuinely should have more entry security to be balanced with its other security related features. A highly personalized and secure entry.
Level of convenience/security could and should be user set. And I mean more easily and more widely (and I’m limiting this only to entry - there are other security features to make other aspects more secure/insecure/convenient). I would not mind if the minimum default setting were already slightly above what “normally” mainstream users may have been accustomed to, but that is a separate issue. There are use cases, when disabling login and lockscreens temporarily are sane. The idea of “Malform” would be that there are more options to choose from. Especially regarding lock screen entry event.
Lock screen PIN has been limited to a number key pad, but with a touchscreen, that is… unnecessary. It could be any combination of keys in any order. A phone (or mini computer, as L5 really aspires beyond normal phone) is used in the public and what was not thought of way back, was the level of surveillance and video (not only sec cams / CCTV but also HD phone video). The simple movement of fingers (and the visible feedback of screen) is easily recorded and played back - and used after the phone is obtained by a thief (random opportunistic stealing or targeted hack to your network using you as the weak point) or even an official of some government. And this is only where the idea starts…
New featuresets to combine:
-
Option to have PIN more than 6 digits. Anything from 4 to 32 should suffice for manual use, but I’m not sure if some options could utilize a ridiculously greater number like 256 or 65000 which could be realistic in the future (I separate here the length from the possibly tedious/genius methods of entering such large numbers/codes - it’s up to user).
-
Option to enter PIN with other methods: a secondary device (USB-key, BT-proximitykey, WIFI network transmitted something), camera/imege read, phone movement interpretation via gyro sensors, etc. As in, something is encoded to numbers (PIN) according to selected schema/key.
-
If numpad (or any keypad) is chosen to be used, the option that the placements of those keys may be random. Not only in relation to themselves but optionally also on the screen (thinking wear and tear as well as oily fingerprints that help guess pin but also screenburn on a device that has longevity beyond a normal phone). As a group or floating individually [bonus funny: for BOFHs, keys floating randomly on the screen at various speeds]
-
Option to have several PINs for the same user. One for daily personal use, additional to give to trusted people (if that is what you want to do). These additional PINs can then be managed. Additional long and secure PIN could be needed as backup entry option if some fancy other optional method doesn’t work or has locked the phone.
-
Optional PIN management: limits when PINs may be used or if they need extra or if they need to be changed. Callendar set times/dates, location based (areas where a longer PIN or other security measure is needed), special dynamic or changing PINs etc. This includes a timer that allows to use a PIN after the phone has not been opened/used for a period of time (in case user no longer is available to open it - accident, death, fired from company, on extended vacation etc.). Combinations of these could also be used.
-
Dynamic PINs: PINs that change according to some logical rules that the user can remember/calculate. For example: depending on the day, week hour or minute the last/first digit(s) change from odd to even (0/1, that precise minute, date etc.) or the seed PIN is added/substracted/multiplied by that day of the week (1-7) etc. Also, as an only PIN or second PIN, a randomized list of pins (on a card or program) can be used if user want’s to set up some (DIY) additional ID-item. I read second factor authentication to this (although it surely could be considered as it’s own), as in Librem-key and others as a subsection to this.
-
Advanced entry actions: especially for duress situations, but for other use cases as well, a pre-selected variation in the PIN/login process or code could change the entry action. When entering PIN/pw - a dynamically changed or secondary (see above) - it could be used to force phone to immediately go dead (for instance delete keys) or play dead for a while (timer), or allow entry and start some function(s), like record audio/video, send location via SMS(s), call emergency number, delete folder “MyPlansToWorldDomination”, not mount /home, back up to server, throttle processor speed, play a fanfare tune, login to a chat, etc.
-
Advanced entry options (as in “PIN + this”) would be similar with some of the previous, but for clarity, are grouped separately. PIN entry could also require timing (certain rhythm or additional pause). The touchscreen could have an invisible key that needs to be pressed for the PIN to be correct or pressing it starts some action. Similarly the gyro could require some identifiable movement in addition to the PIN or another type to begin action. Location could be one as well (workphone only works at work - not during weekends). Physical keys could also be used in some fashion like the previous or entry could only be possible when one, some or all kill-switches are activated - or if they are not, some action may be done in the background.
So, in essence, just throwing this out there and hoping someday someone sees this interesting enough to make…
(And apologies for the long post) [edit: updated after comment]
Let me try to put it under different angle.
- lockscreen on linux uses PAM - the same mechanism which logs you in.
- PAM is pluggable and flexible hence could be configured to do whatever you like however you wish (subject for PAM module to exist)
- PIN is already used differently on phones. There’s sim unlock pin and system unlock pin. Former is tied to legacy gsm telephony later is unbound.
- L5 will have smart-card slot allowing sophisticated users to use strong encryption for key material (pin unlocks card, card unlocks whatever). Normal users can still use conventional pin.
PAM seems to be part of it but I have no idea how things are in L5 and what all the suggested functionality needs (or what messing with PAM entails). Smart-card is good but it is exactly different solution to different problem: “Malform” would/could/should be applied to the pin to open that card. As I said, a conventional SIM PIN and phone PIN are the ones that need updating (well, options to do it more securely - one could always stick to the old ways in stead of selecting a combination of additional security features), and of these, I was especially thinking of phone PIN but also some of it could be applied to normal login/pw on L5 (if used - I’d imagine that is how different users and profiles on the device are still differentiated).
Lots of ideas.
Would like to have a phone at all with a single mere 4 digit PIN before worrying too much about exotic advanced options.
You realise that with open source, if you are the only one who wants some functionality, you are the one who has to implement it (but at least you have that possibility).
This is good if unlocking in a public place.
This is highly desirable, particularly once the phone is relatively secure, doing things like full disk encryption utilising TPM.
Also may help with surveillance e.g. unlocking in a public place.
Why don’t you do it?
I wish I could, but no time and it’s a bit different skillset - it’s in an area that to me requires someone who knows how not to create unwanted holes while making the whole more complex. And as I see it, this might go to territory that Purism might want to (and need to) tackle, if it’s to be done right. Which reminds me, maybe @Kyle_Rankin could weight in, on just how absurd the MALFORM idea is in the first place (could some of those even exist securely - especially location data).
It seems that there is no calendar yet, and I am not sure GNOME-calendar will work on a mobile screen out of the box. Maintaing ones agenda is crucial, so something with webcam webcal support would be good.
please no, I’m already pissed by the fact contacts require cameras support “to give you ability to make selfie and add to contact” goddamn why cant they just add simple dialog to pick from gallery/pics folder, why should my contact application be able to make a damn photo? Why calendar now?
<taking control back>
so no camera support please.
A decent Bitcoin wallet is what I miss most on ubports. Would be nice if the situation was better on the Librem 5.
LOL, my autocorrection “corrected” webcal to webcam support. I want calendaring and sync my calendar, but of course not with camera integration, that would be totally senseless, I agree.
Last time I tried GNOME-Calendar on the vm image, it wasn’t working.
Ok, your autocorrection really put me off balance
EDS has CalDav/iCal support but not sure if all gnome apps use eds as pim (some apparently not even though they use eds’ libs)
That is a good point. Just know that you could
I would really like to have One App to rule them all …
(Problems solved)
I would also like the ProtonMail client.
You can go to the link below and upvote this feature request.
@LoicG @leetaur @Torrone @pfm @jose @arisdorf
NordVPN has a Linux terminal client (a GUI would be great). I use it on my Laptop and they say it’ll work on the RaspberryPi, so it should work on the L5. Famous last words (It shouldn’t be too hard) to create an app that just ran the shell commands. @Tom_S
I would prefer a standard GNOME app for calendar and for mail + GPG (Can geary do GPG?).
For VPN, OpenVPN with a serious provider (aka not NordVPN), is a safer solution and it’s already working on the L5 (and GNOME).