Email or username:

Password:

Forgot your password?
Top-level
CyberSpook🇷🇺

@iska
Also, due to Android phones not being full-fledged pocket PCs I can’t find some basic shit like (local) file converters and stuff. And the stuff that I do find is riddled with garbage PREMIUM TIERS. And no, there are no F-Droid alternatives I did search. Android in Windows of mobile phones, iOS doesn’t have this bullshit at the very least.
@m0xee @safiuddinkhan

41 comments
CyberSpook🇷🇺 replied to Dushman
@dushman
Ugh… It's Termux. You're using GNU/Linux on Android essentially. Which just proves my point that GNU/Linux just offers more stuff.
@safiuddinkhan @iska @m0xee
CyberSpook🇷🇺 replied to Dushman
@dushman
Again, why not use some mobile GNU/Linux OS instead? It's even more robust than a terminal emulator.
@safiuddinkhan @iska @m0xee
Dushman replied to CyberSpook🇷🇺
@cyberspook @safiuddinkhan @iska @m0xee
Why not? It's still quite clunky at this stage really. Not that I'm against the concept, it's just not very fleshed out as of now. LOS with termux and no google bloat is comfy.
m0xEE replied to Dushman

@dushman @safiuddinkhan @iska @cyberspook You can't get rid of Google bloat completely because a lot of stuff won't work without WebView. Replacing Google's implementation with Bromite is probably the best you can do at the moment. Mozilla tried to make WebView based on Gecko, but they've given up long time ago.

m0xEE replied to inference

@inference @safiuddinkhan @cyberspook @iska @dushman But Graphene only supports Google phones, does it not?
Trusting Google with hardware and not trusting with software is a little weird 🤷

inference replied to m0xEE
@m0xee @safiuddinkhan @cyberspook @iska @dushman Not exactly. Don't be part of the FOSS cult and you'll be just fine. The reason GrapheneOS only supports Pixels is because they are extremely sane with security and allow you to even sign your own OS with your own key which at that point even Google can't get it, because it's yours, just like a PGP key.

Not a single other phone allows you to do that. GOS knows their shit, and it's the reason I only use Pixels. I want real security and privacy, not fairy tales. Fairphone even signs their OS with Google's publicly available test key... as their private signing key.
@m0xee @safiuddinkhan @cyberspook @iska @dushman Not exactly. Don't be part of the FOSS cult and you'll be just fine. The reason GrapheneOS only supports Pixels is because they are extremely sane with security and allow you to even sign your own OS with your own key which at that point even Google can't get it, because it's yours, just like a PGP key.
GNU/neko :cursed_verified::makemeneko: replied to inference
@inference @safiuddinkhan @iska @dushman @cyberspook @m0xee

actually I believe OnePlus also allows custom signing keys (however not all models have an unlockable bootloader)
inference replied to GNU/neko :cursed_verified::makemeneko:
@roboneko @safiuddinkhan @iska @dushman @cyberspook @m0xee They do, but their implementation is very bad. Their recovery has SELinux set to permissive, making it useless, and it also fails to wipe the memory on reboot. It also has no HSM unlike Pixels, so you're relying on weaker TEE.
CyberSpook🇷🇺 replied to inference
@inference
The magic is, the phone is secure… until you root it.
"Well, don't root!"
Not an option.
@safiuddinkhan @iska @dushman @m0xee
inference replied to CyberSpook🇷🇺
@cyberspook @safiuddinkhan @iska @dushman @m0xee I'm focused on security, so of course I'm anti-rooting.

If you're not focused on security and want more freedom, sure, root it.
CyberSpook🇷🇺 replied to inference
@inference
That's the flaw of Android itself, making root so insecure. It's the design issue. One would think getting root is a core functonality of an OS. Not on Android.
@safiuddinkhan @iska @dushman @m0xee
inference replied to CyberSpook🇷🇺
@cyberspook @safiuddinkhan @iska @dushman @m0xee Linux hardening always includes restricting root access, regardless of Linux proper or Android.

root is, by design, the worst security flaw of Linux.
CyberSpook🇷🇺 replied to inference
@inference
Root is flawed if there's no proper permission control system in place like sudo or whatever. Nobody suggests this.
@safiuddinkhan @iska @dushman @m0xee
inference replied to CyberSpook🇷🇺
@cyberspook @safiuddinkhan @iska @dushman @m0xee Even sudo and doas are flawed.

I can give you a simple code block which can save your root password and feed it back:
https://madaidans-insecurities.github.io/linux.html#root
inference replied to inference
@cyberspook @dushman @iska @m0xee @safiuddinkhan root access via any means, on any Linux system, regardless of OS, is fatal. Game over. The end.
inference replied to Iska :emacs_thinking:​ :guix:
@iska @safiuddinkhan @cyberspook @m0xee @dushman Because no Linux hardware other than Android is really using HSMs or TEEs with verified boot. The only company I know which does that is Google, using the Titan.
inference replied to Iska :emacs_thinking:​ :guix:
@iska @safiuddinkhan @cyberspook @m0xee @dushman Verified boot does not exist in normal PCs. Verified boot is not the same as secure boot, it is an extra layer above which protects the OS integrity, not just checking the bootloader signature. You are very wrong.
Iska :emacs_thinking:​ :guix: replied to inference

@inference @safiuddinkhan @cyberspook @m0xee @dushman

How would google's edition of GNU/Linux have verified boot but not normal?
elinux.org/images/f/f8/Verifie

puri.sm is even more secure, even neutralizing IME. Here's one of their features.
puri.sm/posts/new-pureboot-fea

inference replied to Iska :emacs_thinking:​ :guix:
@iska @safiuddinkhan @cyberspook @m0xee @dushman

"Distributions like PureOS are not particularly secure. They are mostly a reskinned Debian and do not include substantial hardening."

https://madaidans-insecurities.github.io/linux-phones.html
Iska :emacs_thinking:​ :guix: replied to inference

@inference @safiuddinkhan @cyberspook @m0xee @dushman

I'm talking about the hardware there. You can install a hardened OS on it, including ChromiumOS or Android-x86.

inference replied to Iska :emacs_thinking:​ :guix:
@iska @safiuddinkhan @cyberspook @m0xee @dushman Chromium OS doesn't have verified boot, only Chrome OS does.

There is no system outside of ARM phones and tablets which take advantage of a HSM or TEE to allow storing OS signing keys (not the same as bootloader/kernel keys, which is secure boot).
Iska :emacs_thinking:​ :guix: replied to inference

@inference @safiuddinkhan @cyberspook @m0xee @dushman

You can boot chromeos there too, but it has at least one backdoor so you're not safe.
google.com/intl/en/chromebook/
(section 4)

chromebooks are bad too.
theregister.com/2019/08/22/buy

Would you trust your house to a thief?

I've already mentioned an article about verified boot on normal GNU/Linux.

MattZ replied to Iska :emacs_thinking:​ :guix:
Computer Security is an unachievable goal, the most reasonable thing to do is not connect your computer to internet 24/7.
Iska :emacs_thinking:​ :guix: replied to MattZ

@colinsmatt11 @safiuddinkhan @inference @dushman @m0xee @cyberspook

Besides you need hardware access or hard fuckups to compromise boot.

Guix with LUKS and SELinux is 99.99% secure, with simplicity and freedom; and definitely better than proprietary jails.

m0xEE replied to inference

@inference @safiuddinkhan @cyberspook @iska @dushman You may be right, but this article is just bad. Hardening in the OS is not good enough so we can just install Android 🤷
Hardware switches are not good enough because we can just use software airplane mode 🤦
Having modem on a separate board so that we can physically disconnect it is not good enough because we can just ask SoC to do it (and trust it) 🤯
It doesn't mean that Liberm5 is perfect, but these points are just awful!

inference replied to CyberSpook🇷🇺
@cyberspook @safiuddinkhan @iska @dushman @m0xee But you also get the hardened security of Android, including full verified boot, all apps sandboxing, and SELinux across entire system by default.

No chance on a Linux phone.
m0xEE replied to inference

@inference @safiuddinkhan @cyberspook @iska @dushman You won't need Android app sandboxing in you've got no Android apps 😅

m0xEE replied to CyberSpook🇷🇺

@cyberspook @inference @safiuddinkhan @dushman @iska That's until you try using desktop Firefox on a phone. Believe me, it's THAT bad!
I have an old Lumia phone running desktop Windows 11 and Firefox is rather usable on it, but on e.g. Droidian it's clunky as fsck!

CyberSpook🇷🇺 replied to m0xEE
@m0xee
*uses Windows 11 on a phone*
Man, and I thought it can't get worse than Android.

@inference @safiuddinkhan @dushman @iska
inference replied to m0xEE
@m0xee @safiuddinkhan @cyberspook @iska @dushman Don't have no privacy without sandboxing.

*Insert dumb... I mean smart person pointing towards head here.*
m0xEE replied to Iska :emacs_thinking:​ :guix:

@iska @inference @safiuddinkhan @cyberspook @dushman What's the point in sandboxing if hardware has more holes than Swiss cheese? Sandboxing looks good on paper, but with all this Spectre/Meltdown shit, Apple has this Heartbleed thing… To me it's just a waste of resources security-wise.

Go Up