Gregory's Server|
54 comments
 @iska @cyberspook @safiuddinkhan If you are willing to spend time on unlocking bootloader and installing custom ROM, I'm pretty sure you can get call recording on iOS too. @m0xee @cyberspook @safiuddinkhan thing is the call recording was in stock ROM Also why would that be illegal. Isn't call recording useful for court?  Call recordings' legality depends on the jurisdiction so even if it can be useful it can also be consequential.
@colinsmatt11 @safiuddinkhan @iska @cyberspook Exactly! @m0xee @colinsmatt11 @safiuddinkhan @cyberspook that makes 0 sense... Many of the laws don't makes sense because they're a relic of past. Working with law is like working with patch works on top of patch works hence needing an entire profession dedicated to solving this patchwork of madness
 @colinsmatt11
Bureaucracy stifles progress. That's one of the reasons Windows sucks. That's one of the reasons mathematics suck as well. All this legacy bullshit standardized by a central authority. @safiuddinkhan @iska @m0xee Progress for the sake of it will also end in madness, and I prefer less of people be mad than all of them.
The nature of existence is to make compromises, the only thing you get to choose is what to compromise. @iska @dushman @safiuddinkhan @m0xee @cyberspook probably means something like ffmpeg -i h.mp3 h.ogg @dushman
Ugh… It's Termux. You're using GNU/Linux on Android essentially. Which just proves my point that GNU/Linux just offers more stuff. @safiuddinkhan @iska @m0xee @dushman
Again, why not use some mobile GNU/Linux OS instead? It's even more robust than a terminal emulator. @safiuddinkhan @iska @m0xee @cyberspook @safiuddinkhan @iska @m0xee
Why not? It's still quite clunky at this stage really. Not that I'm against the concept, it's just not very fleshed out as of now. LOS with termux and no google bloat is comfy. @dushman @safiuddinkhan @iska @cyberspook You can't get rid of Google bloat completely because a lot of stuff won't work without WebView. Replacing Google's implementation with Bromite is probably the best you can do at the moment. Mozilla tried to make WebView based on Gecko, but they've given up long time ago. @inference @safiuddinkhan @cyberspook @iska @dushman But Graphene only supports Google phones, does it not?  @inference @safiuddinkhan @iska @dushman @cyberspook @m0xee
actually I believe OnePlus also allows custom signing keys (however not all models have an unlockable bootloader) @roboneko @safiuddinkhan @iska @dushman @cyberspook @m0xee They do, but their implementation is very bad. Their recovery has SELinux set to permissive, making it useless, and it also fails to wipe the memory on reboot. It also has no HSM unlike Pixels, so you're relying on weaker TEE.
@inference
The magic is, the phone is secure… until you root it. "Well, don't root!" Not an option. @safiuddinkhan @iska @dushman @m0xee @cyberspook @safiuddinkhan @iska @dushman @m0xee I'm focused on security, so of course I'm anti-rooting.
If you're not focused on security and want more freedom, sure, root it. @inference
That's the flaw of Android itself, making root so insecure. It's the design issue. One would think getting root is a core functonality of an OS. Not on Android. @safiuddinkhan @iska @dushman @m0xee @cyberspook @safiuddinkhan @iska @dushman @m0xee Linux hardening always includes restricting root access, regardless of Linux proper or Android.
root is, by design, the worst security flaw of Linux. @inference
Root is flawed if there's no proper permission control system in place like sudo or whatever. Nobody suggests this. @safiuddinkhan @iska @dushman @m0xee @cyberspook @safiuddinkhan @iska @dushman @m0xee Even sudo and doas are flawed.
I can give you a simple code block which can save your root password and feed it back: https://madaidans-insecurities.github.io/linux.html#root @cyberspook @dushman @iska @m0xee @safiuddinkhan root access via any means, on any Linux system, regardless of OS, is fatal. Game over. The end.
@inference @safiuddinkhan @cyberspook @m0xee @dushman Maybe. Why isn't the whole web using android servers, if it's so secure? @iska @safiuddinkhan @cyberspook @m0xee @dushman Because no Linux hardware other than Android is really using HSMs or TEEs with verified boot. The only company I know which does that is Google, using the Titan.
@inference @safiuddinkhan @cyberspook @m0xee @dushman Verified boot is not a requirement for android, and exists in standard PCs. @iska @safiuddinkhan @cyberspook @m0xee @dushman Verified boot does not exist in normal PCs. Verified boot is not the same as secure boot, it is an extra layer above which protects the OS integrity, not just checking the bootloader signature. You are very wrong.
@inference @safiuddinkhan @cyberspook @m0xee @dushman How would google's edition of GNU/Linux have verified boot but not normal? puri.sm is even more secure, even neutralizing IME. Here's one of their features. @iska @safiuddinkhan @cyberspook @m0xee @dushman
"Distributions like PureOS are not particularly secure. They are mostly a reskinned Debian and do not include substantial hardening." https://madaidans-insecurities.github.io/linux-phones.html @inference @safiuddinkhan @cyberspook @m0xee @dushman I'm talking about the hardware there. You can install a hardened OS on it, including ChromiumOS or Android-x86. @iska @safiuddinkhan @cyberspook @m0xee @dushman Chromium OS doesn't have verified boot, only Chrome OS does.
There is no system outside of ARM phones and tablets which take advantage of a HSM or TEE to allow storing OS signing keys (not the same as bootloader/kernel keys, which is secure boot). @cyberspook @safiuddinkhan @iska @dushman @m0xee But you also get the hardened security of Android, including full verified boot, all apps sandboxing, and SELinux across entire system by default.
No chance on a Linux phone. @inference @safiuddinkhan @cyberspook @iska @dushman You won't need Android app sandboxing in you've got no Android apps 😅 @cyberspook @inference @safiuddinkhan @dushman @iska That's until you try using desktop Firefox on a phone. Believe me, it's THAT bad! @m0xee
*uses Windows 11 on a phone* Man, and I thought it can't get worse than Android. @inference @safiuddinkhan @dushman @iska @m0xee @safiuddinkhan @cyberspook @iska @dushman Don't have no privacy without sandboxing.
*Insert dumb... I mean smart person pointing towards head here.* @inference @safiuddinkhan @cyberspook @m0xee @dushman who said I don't sandbox on my GNU system. @iska @inference @safiuddinkhan @cyberspook @dushman What's the point in sandboxing if hardware has more holes than Swiss cheese? Sandboxing looks good on paper, but with all this Spectre/Meltdown shit, Apple has this Heartbleed thing… To me it's just a waste of resources security-wise. |
@cyberspook @m0xee @safiuddinkhan
At least the custom roms are usable. (while not giving everything to xi pingpong)