[maemo-users] Lock, sleep, power-down

From: Mark wolfmane at gmail.com
Date: Thu Jun 5 00:36:00 EEST 2008
On Wed, Jun 4, 2008 at 11:07 AM, David Dyer-Bennet <dd-b at dd-b.net> wrote:
> I can probably just be careful about ssh agent and keys, I don't use it
> *that* much on the N800.  My fallback position on the email config would
> be to be prepared to change the password there on short notice, which is
> easy enough to do.  It's a bit inelegant.
> Also anything where the browser is keeping the passwords for me would be
> at risk.
> I know *so* many people who have had portable electronic devices lost or
> stolen, I really do think it's a much bigger threat than desktop systems
> (I do know some people who have had those stolen as well, but not nearly
> as many).
> And, because it's Linux underneath, I tend to think in terms of the level
> of security I normally try to achieve on my linux boxes.
> I'm kinda left feeling that security was not considered in the design of
> the software system for this box.

... which is why the whole root situation is so frustrating. They went
to great lengths to "protect" the devices from their legitimate
owners, while leaving the owner's data completely and utterly exposed.
That's one really good reason why (whether they agree or not) Nokia
should have made a decent PIM part of the package out of the box, and
it's probably the major reason why they didn't; they didn't want to go
to any effort to deal with the security side of it. By pronouncing the
devices "NOT PDAs" they're attempting to absolve themselves of any
responsibility on that front. However, there's no justification for
assuming people want to carry around another device, especially when
with VoIP it's perfectly legitimate to expect some people to do
without a smartphone (or maybe even *any* mobile phone) if they have
one of these.

Why didn't they just force owners login to their tablet like you do in
most Linux distros? If they used the same kind of login process as
desktop Linux, users could choose whether to autologin if they don't
care about security or require logging in if they do. Between that and
the "lock device" feature (which should also have a timeout feature to
automatically lock it after a selectable period of inactivity and
would work like screensavers that can be set to require a login to
exit the screensaver) would go a long way toward satisfying basic
security needs. Inclusion of on-the-fly encryption (especially for the
removable cards) would round out the package nicely.


More information about the maemo-users mailing list