removes so much attack surface from doing this lmao
Yes, it can get worse. Why fuck yourself with JS when you can fuck yourself with natively compiled JS bypassing memory protections?
I want a new phone but I cannot afford to pre order a 6a right now
https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/
@itzzenxx @getimiskon @inference A sophisticated cyberattack would involve much more. Let me just hit a switch and I'm definitely not going to be bothered by my other devices or the IoT at home. I wonder if they are still giving the information to the government. If one hits that button, I'm fairly certain the government will know if they are watching.
Gotta love apple for making it easier to stalk people and spy. They don't have a great track record for human rights.
Also assuming that they have bounties open encouraging people to try to break this I think they really are going in on this.
Or, you can try GrapheneOS
@itzzenxx @getimiskon @inference They've been known to screw over talented bug hunters. They will just release to 0day solutions again. Even if they didn't have a poor history with bug hunters, they don't pay anywhere near a fair price.
I have a Pinephone. I am responsible for how secure my system is. I don't daily drive it anymore because I have beta hardware which was later considered Alpha hardware. It only has thermal problems, poor battery life because the screen adjusts from off to painful to look at in full sun light. It runs full GNU/Linux.
It was development hardware and yes I helped.
I can flip physical kill switches. That's what real control looks like.
https://madaidans-insecurities.github.io/linux-phones.html
@inference @itzzenxx @srestegosaurio @getimiskon You know that your work on Gentoo could be applied to the Pinephone. It's not as vulnerable as it sounds. This was a phone that came without an operating system and has firmware that was reverse engineered by the community. There's a good chance that a device chosen at random is going to be a nightmare to get into. It might be a nightmare after the ingress. It's an interesting community.
@itzzenxx @srestegosaurio @getimiskon @inference Do you know what a Pinephone is? You should like you don't know what it is. You want to integrate a Yubikey or something similar too? It's trivial to add these.
@itzzenxx @srestegosaurio @getimiskon @inference I've seen enterprise security modules get bypassed and do nothing but make my job longer. Those modules are still relatively new. It's laughable how it's considered security and not just DRM protection. I can assure you that typing in the Manufacturer of that old Laptop will form many pages in CVEs. I still have some source that exploits a few.
That manufacturer needs Coreboot as they can't make anything correctly. They won't implement Coreboot because it would stop forced obsolescence.
> I've seen enterprise security modules get bypassed
I've worked in security for a long time. I've seen *everything* get bypassed, including the lock on your front door. Does it mean it's pointless? Stop being a FOSS cultist and use logic.
> It's laughable how it's considered security and not just DRM protection
*My* keys, generated on *my* PC, are not DRM, they *are* security. The definition of security is having unique keys no one else has. As for PSP, encrypting RAM so programs can't access it is "DRM"? Come back with a better joke.
> That manufacturer needs Coreboot as they can't make anything correctly
Coreboot? You mean one of those FOSS cultist UEFIs/BIOSes which break RoT and disable 90% of the security which would keep people out of my shit? Dream on.
> They won't implement Coreboot because it would stop forced obsolescence
If obsolescence is security being broken over time because of advancement, such as SHA-1 TPM 1.2s being broken and requiring a SHA-256 TPM 2.0, or how about processors which were found to be vulnerable to Spectre and Meltdown while manufacurers tried their best to fix them? The only thing FOSS projects in their current state are giving you is an easy backdoor and a loss of privacy directly resulting from the lack of security they provide.
You seem like one of the typical Church of Stallmantology cultists who obey Stalin-man like one of his sheep. Come back when you use practicality and not cult teachings.
>Coreboot? You mean one of those FOSS cultist UEFIs/BIOSes which break RoT and disable 90% of the security which would keep people out of my shit? Dream on.
coreboot is based
stop advocating for consumerism. "BUY PRODUCT! BUY NEW PRODUCT! THROW AWAY OLD PRODUCT!"
it's not that big of a deal
If it's well designed, sure, open source can be great, but using it in a broken and insecure state is certainly not better than just using the stock firmware. Same goes for Firefox and its poorly implemented and still leaky sandbox vs the proprietary browsers. People complain about Chromium taking over the web, but they don't work on improving the alternatives, they just complain. Firefox and other browsers caused their own demise.
Not once did I state that. License is irrelevant to the security of a project.
I have not once seen you say that Microsoft is bad, you constantly talk about how Microsoft is good, Google is good, all these proprietary companies are good. but when someone mentions FOSS you're like "this is terrible! cultism!".
@straw @itzzenxx @srestegosaurio @getimiskon @inference While being on Mastodon too. This is how one loses credibility.
Talking down to others and only using insults with very little substance to counter. Showing ignorance about the areas claimed to be an expert in. Insulting people based on what they believe in.
They sound like someone who works in security. Mocking the decisions of others with far more credibility and making it abundantly clear that the only reason they don't like the FSF or people who even partially believe in it is because they respect the ability to choose.
The harder they come, the harder they fall.
Open source isn't bad, and you won't ever find me saying it. Take your misleading misinfo somewhere else.
I said the people who are obsessed with FOSS and think it's able to take over the world in its current state, despite its countless flaws, especially in the security aspect, are delusional and ignore the facts and evidence, pushing their dangerous cult onto other people.
linux-libre even admitted there was an AES side-channel attack available in Intel iGPUs, and they admitted it was exploitable when encrypting/decrypting data. They refused to fix it because "muh microcode!"
Pwned in the name of "freedom". Unbelievable.
What have you done? Probably nothing but suck up to Stallman and complain about why FOSS isn't used everywhere. Every one of my public projects is open source, I am a huge open source advocate, and I have made major contributions to both people's knowledge and systems.
I suggest you know your enemy before engaging battle with someone you have no idea about, posting lies and libel against them without a single bit of evidence.
The amount of bits of logic you're using, just like the rest of the Church of Stallmantology, the FOSS cultists, is probably the same as the entropy of your passwords, and I can't see that being much.
https://inferencium.net/blog/foss-is-working-against-itself.html
My thinkpad t420 runs Gentoo and I installed coreboot
Still slow asf and insecure as shit lmao
@inference @itzzenxx @srestegosaurio @getimiskon Arguments are supported by facts, not insults. Have fun with your security and check your hubris at the door. There's going to be a day when your best efforts are going to be defeated and you will be humiliated with it. Those who aren't humble will find themselves humbled.
It ultimately does not matter how talented that one is or how much they know, hubris will be their downfall. Perhaps I know it all too well.
Make sure you don't miss today's church meeting with Lord Stallman.
it's why GrapheneOS is only avalible for Google Pixel phones, and it's also why I abandoned my Thinkpad T420 over a month ago. You need something like Titan M, PSP, etc, technologies like those are needed to make the computer more secure.