Dushman  
@iska @safiuddinkhan @m0xee @cyberspook
1
CyberSpook  
@dushman
Ugh… It's Termux. You're using GNU/Linux on Android essentially. Which just proves my point that GNU/Linux just offers more stuff.
@safiuddinkhan @iska @m0xee
1+
Dushman  
@cyberspook @safiuddinkhan @iska @m0xee
Well, why not use it too? It sure comes in handy.
1
CyberSpook  
@dushman
Again, why not use some mobile GNU/Linux OS instead? It's even more robust than a terminal emulator.
@safiuddinkhan @iska @m0xee
1+
Dushman  
@cyberspook @safiuddinkhan @iska @m0xee
Why not? It's still quite clunky at this stage really. Not that I'm against the concept, it's just not very fleshed out as of now. LOS with termux and no google bloat is comfy.
1
m0xEE  

@dushman @safiuddinkhan@fosstodon.org @iska@mstdn.starnix.network @cyberspook You can't get rid of Google bloat completely because a lot of stuff won't work without WebView. Replacing Google's implementation with Bromite is probably the best you can do at the moment. Mozilla tried to make WebView based on Gecko, but they've given up long time ago.

1+
inference  
@m0xee @dushman @safiuddinkhan @iska @cyberspook GrapheneOS says hello.
1
m0xEE
Follow

@inference @safiuddinkhan@fosstodon.org @cyberspook @iska@mstdn.starnix.network @dushman But Graphene only supports Google phones, does it not?
Trusting Google with hardware and not trusting with software is a little weird 🤷

· Web · 1 · 0 · 1
inference  
@m0xee @safiuddinkhan @cyberspook @iska @dushman Not exactly. Don't be part of the FOSS cult and you'll be just fine. The reason GrapheneOS only supports Pixels is because they are extremely sane with security and allow you to even sign your own OS with your own key which at that point even Google can't get it, because it's yours, just like a PGP key.

Not a single other phone allows you to do that. GOS knows their shit, and it's the reason I only use Pixels. I want real security and privacy, not fairy tales. Fairphone even signs their OS with Google's publicly available test key... as their private signing key.
1+
m0xEE  

@inference @safiuddinkhan@fosstodon.org @cyberspook @iska@mstdn.starnix.network @dushman Insightful! At least now I know what this is about.
Still, I prefer to stay away from anything by Google. Not because I'm some FOSS-zealot, I just don't like them and don't trust them. I can't even take things that are not obviously evil like WebPee and VP9, sorry.
Still, thanks for the info, that was interesting.

1
inference  
@m0xee @safiuddinkhan @cyberspook @iska @dushman Well, it's fine as long as you understand it's emotional opinion/preference and you're not just saying it's factually bad because it's by Google. I respect your own beliefs and opinions, I just won't tolerate people spreading misinfo because of opinions.

At least you did it the right way.
0
creator of #fediblock :verified::makemeneko:  
@inference @safiuddinkhan @iska @dushman @cyberspook @m0xee

actually I believe OnePlus also allows custom signing keys (however not all models have an unlockable bootloader)
1
inference  
@roboneko @safiuddinkhan @iska @dushman @cyberspook @m0xee They do, but their implementation is very bad. Their recovery has SELinux set to permissive, making it useless, and it also fails to wipe the memory on reboot. It also has no HSM unlike Pixels, so you're relying on weaker TEE.
1+
CyberSpook  
@inference
The magic is, the phone is secure… until you root it.
"Well, don't root!"
Not an option.
@safiuddinkhan @iska @dushman @m0xee
1
inference  
@cyberspook @safiuddinkhan @iska @dushman @m0xee I'm focused on security, so of course I'm anti-rooting.

If you're not focused on security and want more freedom, sure, root it.
1
CyberSpook  
@inference
That's the flaw of Android itself, making root so insecure. It's the design issue. One would think getting root is a core functonality of an OS. Not on Android.
@safiuddinkhan @iska @dushman @m0xee
1
inference  
@cyberspook @safiuddinkhan @iska @dushman @m0xee Linux hardening always includes restricting root access, regardless of Linux proper or Android.

root is, by design, the worst security flaw of Linux.
1
CyberSpook  
@inference
Root is flawed if there's no proper permission control system in place like sudo or whatever. Nobody suggests this.
@safiuddinkhan @iska @dushman @m0xee
1
inference  
@cyberspook @safiuddinkhan @iska @dushman @m0xee Even sudo and doas are flawed.

I can give you a simple code block which can save your root password and feed it back:
https://madaidans-insecurities.github.io/linux.html#root
1+
inference  
@cyberspook @dushman @iska @m0xee @safiuddinkhan root access via any means, on any Linux system, regardless of OS, is fatal. Game over. The end.
1+
CyberSpook  
@inference
Might as well not use the Internet then.
@safiuddinkhan @iska @dushman @m0xee
1
m0xEE  

@cyberspook @safiuddinkhan@fosstodon.org @dushman @inference @iska@mstdn.starnix.network You can always resort to hardware firewall in case of emergency!

0
CyberSpook  
@inference
Why would you run some random code from the Internet on a GNU/Linux machine to begin with?
@safiuddinkhan @iska @dushman @m0xee
1
inference  
@cyberspook @safiuddinkhan @iska @dushman @m0xee You don't have to, your attacker will do it for you.

I suggest you read this, because I'm not repeating what Madaidan of Whonix has already written:
https://madaidans-insecurities.github.io/linux.html
1
CyberSpook  
@inference
That implies that the attacker has an access to my computer somehow.
@safiuddinkhan @iska @dushman @m0xee
0
Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml