removes so much attack surface from doing this lmao
Yes, it can get worse. Why fuck yourself with JS when you can fuck yourself with natively compiled JS bypassing memory protections?
I want a new phone but I cannot afford to pre order a 6a right now
https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/
@itzzenxx @getimiskon @inference A sophisticated cyberattack would involve much more. Let me just hit a switch and I'm definitely not going to be bothered by my other devices or the IoT at home. I wonder if they are still giving the information to the government. If one hits that button, I'm fairly certain the government will know if they are watching.
Gotta love apple for making it easier to stalk people and spy. They don't have a great track record for human rights.
Also assuming that they have bounties open encouraging people to try to break this I think they really are going in on this.
Or, you can try GrapheneOS
@itzzenxx @getimiskon @inference They've been known to screw over talented bug hunters. They will just release to 0day solutions again. Even if they didn't have a poor history with bug hunters, they don't pay anywhere near a fair price.
I have a Pinephone. I am responsible for how secure my system is. I don't daily drive it anymore because I have beta hardware which was later considered Alpha hardware. It only has thermal problems, poor battery life because the screen adjusts from off to painful to look at in full sun light. It runs full GNU/Linux.
It was development hardware and yes I helped.
I can flip physical kill switches. That's what real control looks like.
https://madaidans-insecurities.github.io/linux-phones.html
@inference @itzzenxx @srestegosaurio @getimiskon You know that your work on Gentoo could be applied to the Pinephone. It's not as vulnerable as it sounds. This was a phone that came without an operating system and has firmware that was reverse engineered by the community. There's a good chance that a device chosen at random is going to be a nightmare to get into. It might be a nightmare after the ingress. It's an interesting community.
it's why GrapheneOS is only avalible for Google Pixel phones, and it's also why I abandoned my Thinkpad T420 over a month ago. You need something like Titan M, PSP, etc, technologies like those are needed to make the computer more secure.
@itzzenxx @srestegosaurio @getimiskon @inference I've seen enterprise security modules get bypassed and do nothing but make my job longer. Those modules are still relatively new. It's laughable how it's considered security and not just DRM protection. I can assure you that typing in the Manufacturer of that old Laptop will form many pages in CVEs. I still have some source that exploits a few.
That manufacturer needs Coreboot as they can't make anything correctly. They won't implement Coreboot because it would stop forced obsolescence.
> I've seen enterprise security modules get bypassed
I've worked in security for a long time. I've seen *everything* get bypassed, including the lock on your front door. Does it mean it's pointless? Stop being a FOSS cultist and use logic.
> It's laughable how it's considered security and not just DRM protection
*My* keys, generated on *my* PC, are not DRM, they *are* security. The definition of security is having unique keys no one else has. As for PSP, encrypting RAM so programs can't access it is "DRM"? Come back with a better joke.
> That manufacturer needs Coreboot as they can't make anything correctly
Coreboot? You mean one of those FOSS cultist UEFIs/BIOSes which break RoT and disable 90% of the security which would keep people out of my shit? Dream on.
> They won't implement Coreboot because it would stop forced obsolescence
If obsolescence is security being broken over time because of advancement, such as SHA-1 TPM 1.2s being broken and requiring a SHA-256 TPM 2.0, or how about processors which were found to be vulnerable to Spectre and Meltdown while manufacurers tried their best to fix them? The only thing FOSS projects in their current state are giving you is an easy backdoor and a loss of privacy directly resulting from the lack of security they provide.
You seem like one of the typical Church of Stallmantology cultists who obey Stalin-man like one of his sheep. Come back when you use practicality and not cult teachings.
@inference @itzzenxx @srestegosaurio @getimiskon Arguments are supported by facts, not insults. Have fun with your security and check your hubris at the door. There's going to be a day when your best efforts are going to be defeated and you will be humiliated with it. Those who aren't humble will find themselves humbled.
It ultimately does not matter how talented that one is or how much they know, hubris will be their downfall. Perhaps I know it all too well.
Make sure you don't miss today's church meeting with Lord Stallman.