@dushman
Ugh… It's Termux. You're using GNU/Linux on Android essentially. Which just proves my point that GNU/Linux just offers more stuff.
@safiuddinkhan @iska @m0xee
@dushman
Again, why not use some mobile GNU/Linux OS instead? It's even more robust than a terminal emulator.
@safiuddinkhan @iska @m0xee
@cyberspook @safiuddinkhan @iska @m0xee
Why not? It's still quite clunky at this stage really. Not that I'm against the concept, it's just not very fleshed out as of now. LOS with termux and no google bloat is comfy.

@dushman @safiuddinkhan@fosstodon.org @iska@mstdn.starnix.network @cyberspook You can't get rid of Google bloat completely because a lot of stuff won't work without WebView. Replacing Google's implementation with Bromite is probably the best you can do at the moment. Mozilla tried to make WebView based on Gecko, but they've given up long time ago.

@inference @safiuddinkhan@fosstodon.org @cyberspook @iska@mstdn.starnix.network @dushman But Graphene only supports Google phones, does it not?
Trusting Google with hardware and not trusting with software is a little weird 🤷

@m0xee @safiuddinkhan @cyberspook @iska @dushman Not exactly. Don't be part of the FOSS cult and you'll be just fine. The reason GrapheneOS only supports Pixels is because they are extremely sane with security and allow you to even sign your own OS with your own key which at that point even Google can't get it, because it's yours, just like a PGP key.

Not a single other phone allows you to do that. GOS knows their shit, and it's the reason I only use Pixels. I want real security and privacy, not fairy tales. Fairphone even signs their OS with Google's publicly available test key... as their private signing key.
@inference @safiuddinkhan @iska @dushman @cyberspook @m0xee

actually I believe OnePlus also allows custom signing keys (however not all models have an unlockable bootloader)
@roboneko @safiuddinkhan @iska @dushman @cyberspook @m0xee They do, but their implementation is very bad. Their recovery has SELinux set to permissive, making it useless, and it also fails to wipe the memory on reboot. It also has no HSM unlike Pixels, so you're relying on weaker TEE.
@inference
The magic is, the phone is secure… until you root it.
"Well, don't root!"
Not an option.
@safiuddinkhan @iska @dushman @m0xee
@cyberspook @safiuddinkhan @iska @dushman @m0xee I'm focused on security, so of course I'm anti-rooting.

If you're not focused on security and want more freedom, sure, root it.
@inference
That's the flaw of Android itself, making root so insecure. It's the design issue. One would think getting root is a core functonality of an OS. Not on Android.
@safiuddinkhan @iska @dushman @m0xee
@cyberspook @safiuddinkhan @iska @dushman @m0xee Linux hardening always includes restricting root access, regardless of Linux proper or Android.

root is, by design, the worst security flaw of Linux.
@inference
Root is flawed if there's no proper permission control system in place like sudo or whatever. Nobody suggests this.
@safiuddinkhan @iska @dushman @m0xee
@cyberspook @safiuddinkhan @iska @dushman @m0xee Even sudo and doas are flawed.

I can give you a simple code block which can save your root password and feed it back:
https://madaidans-insecurities.github.io/linux.html#root
@cyberspook @dushman @iska @m0xee @safiuddinkhan root access via any means, on any Linux system, regardless of OS, is fatal. Game over. The end.
Follow

@cyberspook @safiuddinkhan@fosstodon.org @dushman @inference @iska@mstdn.starnix.network You can always resort to hardware firewall in case of emergency!

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml