Post AQBbeVKQLNymRCiOZc by koakuma@uwu.social
(DIR) More posts by koakuma@uwu.social
(DIR) Post #AQBZrCsA4dVr3QQOYq by inference@plr.inferencium.net
2022-12-02T05:00:25.956639Z
2 likes, 2 repeats
Are Apple and Google the only OEMs who take security seriously?Samsung just had their private Android signing keys leaked[0], which now allows any app to be signed using them and run with privileges as high as Android itself. Goodbye sandbox and isolation.They don't even store their keys in a HSM.So, we have OnePlus allowing root access in signed production apps and having bootloader in permissive SELinux.We have Fairphone signing their production OS with publicly available signing keys, rendering verified boot and all attestation useless.We have Samsung now having their keys leaked, adding onto them having Facebook as a system_app with extremely high privileges.Google is the only sane one, which is ironic because of the hate it gets.Ever wonder why GrapheneOS only officially supports Pixel devices? Now you do.References:0: https://9to5google.com/2022/12/01/android-security-leak-samsung-lg/
(DIR) Post #AQBaRAFHJpR9KbNpYW by ocean@raru.re
2022-12-02T05:07:28Z
1 likes, 1 repeats
@inference Google is the only vendor even trying to compete with iPhone
(DIR) Post #AQBaaH0xWMhCvo1sB6 by inference@plr.inferencium.net
2022-12-02T05:08:35.991868Z
0 likes, 0 repeats
@ocean They are the only 2 OEMs worth anything in the phone space.
(DIR) Post #AQBadTCqeHr1c17ACO by GNUxeava@mk.absturztau.be
2022-12-02T05:09:42.241Z
1 likes, 0 repeats
@inference@plr.inferencium.net @ocean@raru.re time to bring dead windows phones because nobody uses them anyways :hehe:
(DIR) Post #AQBaicIuFdFDHBP0Qi by inference@plr.inferencium.net
2022-12-02T05:10:05.530397Z
0 likes, 0 repeats
@GNUxeava @ocean Windows Phone are probably still more secure than the nonsense 90% of Android OEMs pull.
(DIR) Post #AQBaqVbx1E28pr4cVM by ocean@raru.re
2022-12-02T05:12:02Z
1 likes, 0 repeats
@inference @GNUxeava Yeah we should have VITAL SECURITY UPDATES only for 2 years max and they should be delivered though your cell phone subscription provider and not through a central repository hashtag just android thingsAll those people with their phones like 3 years out of date?Wonder why that happened (buy our new 1000$ iphone knockoff -samsung)
(DIR) Post #AQBaxZJJf9NaKtivGi by GNUxeava@mk.absturztau.be
2022-12-02T05:13:19.992Z
0 likes, 0 repeats
@ocean@raru.re @inference@plr.inferencium.net if a 15 year old laptop can get patches why can't a 3 year old phone get the same treatment?
(DIR) Post #AQBb4Q4oOPIxizCqAK by inference@plr.inferencium.net
2022-12-02T05:14:01.050491Z
1 likes, 0 repeats
@ocean @GNUxeava Some Android OEMs don't release updates at all...I don't understand why people don't treat this exactly the same as PCs which receive updates on an almost daily or weekly basis. It's *exactly* the same thing.Why do they support OEMs who don't provide Android security or OS updates, or support OEMs such as Fairphone which outright lie about the support they can provide?The latter claim Fairphone 4 will receive support for years after the firmware becomes EoL from one of their component manufacturers. Nothing Fairphone can do about that, liars.
(DIR) Post #AQBb54b7jgv1OmdD5E by ocean@raru.re
2022-12-02T05:14:40Z
0 likes, 0 repeats
@GNUxeava @inference Even as an iPhone user the like 6/7 years of security updates we get on iphone is still pretty disappointingI like upgrading my hardware faster than that but it's kinda crazy to think a 1000$ phone will only last you 5-6 years
(DIR) Post #AQBbB04DUhFt5I47sm by ocean@raru.re
2022-12-02T05:15:45Z
0 likes, 0 repeats
@inference @GNUxeava It's almost as if the best system for such a thing would be if the company in charge made the entire thing themselves (like apple does)
(DIR) Post #AQBbGJKDJwXOGB52zg by inference@plr.inferencium.net
2022-12-02T05:16:11.040614Z
1 likes, 1 repeats
@GNUxeava @ocean Because chip and platform OEMs such as Qualcomm who refuse to support their chips after 3-4 years.A direct result of Google switching to their own in-house Tensor platform was 5 years of support, because they now control that.By the way, PCs are exactly the same, and Intel and AMD only provide CPU microcode updates etc for a limited number of years. I assure you, any laptop over 5-6 years old is not getting security updates for those components. Updating the OS on a PC or phone does not avoid the requirement of firmware updates which are now unavailable.
(DIR) Post #AQBbOcnQoKuexvi9XE by izaya@social.shadowkat.net
2022-12-02T05:18:12.884522Z
0 likes, 0 repeats
@ocean @inference @GNUxeava the only way to reliably get updates for an Android device is to make sure you get a device with Lineage support. The Moto G3 was still getting updates via LOS last I looked, but official support stopped in 2016 or so.
(DIR) Post #AQBbTrqsGJmB6iozWS by GNUxeava@mk.absturztau.be
2022-12-02T05:19:09.828Z
0 likes, 0 repeats
@ocean@raru.re @inference@plr.inferencium.net not necessarilyif i slap debian on a 10 year old hp netbook, it will remain up to date till the hardware lastsphones should get the same treatment. A vendor is not required to dictate the policies
(DIR) Post #AQBbUNOH0BuavHgbNw by inference@plr.inferencium.net
2022-12-02T05:18:42.792910Z
1 likes, 0 repeats
@izaya @GNUxeava @ocean No, it's not. LineageOS outright lie about the support they can provide. They can't provide the critical firmware security updates which only the upstream OEM can provide.Updating the OS is only half of it.
(DIR) Post #AQBbX9o5xglZfB5eVs by inference@plr.inferencium.net
2022-12-02T05:19:14.193557Z
1 likes, 0 repeats
@GNUxeava @ocean It is if you want full security support, since proprietary firmware plays a crucial role in that.
(DIR) Post #AQBbZ2YBucZ1jjY6T2 by izaya@social.shadowkat.net
2022-12-02T05:20:04.465805Z
0 likes, 0 repeats
@ocean @GNUxeava @inference (this is not an endorsement of how it works, I'm just complaining about how unreasonable OEMs are for not doing the updates that are evidently POSSIBLE)
(DIR) Post #AQBbZ32K6afPFBeAQy by ocean@raru.re
2022-12-02T05:20:02Z
1 likes, 0 repeats
@izaya @GNUxeava @inference You're not getting firmware support with that tho
(DIR) Post #AQBbZGGytP7GIPbYaO by koakuma@uwu.social
2022-12-02T05:15:56Z
1 likes, 1 repeats
@GNUxeava @ocean @inference State-of-the-80s unstandardized boot/hardware discovery protocol is fun, isn't it~
(DIR) Post #AQBbeVKQLNymRCiOZc by koakuma@uwu.social
2022-12-02T05:19:50Z
0 likes, 0 repeats
@inference @GNUxeava @ocean Yes, but on the other hand it's not like it's a binary situation, no?All things equal, being able to update your OS is strictly better than not being able to, no?
(DIR) Post #AQBbeVtsDaKsD9IhpQ by inference@plr.inferencium.net
2022-12-02T05:20:34.013983Z
0 likes, 0 repeats
@koakuma @GNUxeava @ocean Of course, but the lower levels are always going to be worse than the higher levels, meaning a firmware compromise can and probably will lead to an OS compromise, no matter how much you update it.
(DIR) Post #AQBbiIePQAbAHEsAqm by GNUxeava@mk.absturztau.be
2022-12-02T05:21:47.180Z
1 likes, 0 repeats
@inference@plr.inferencium.net @koakuma@uwu.social @ocean@raru.re why don't we have open firmware?
(DIR) Post #AQBbijRZnzNPNG4o64 by inference@plr.inferencium.net
2022-12-02T05:21:19.403434Z
1 likes, 0 repeats
@izaya @GNUxeava @ocean They're not possible when the chip OEMs are the ones refusing to release updates after a timeframe.For example, Fairphone has zero control of when Qualcomm pulls the SoC updates.
(DIR) Post #AQBbjtPyCusAb7sXaa by inference@plr.inferencium.net
2022-12-02T05:21:32.243234Z
0 likes, 0 repeats
@GNUxeava @ocean @koakuma Because capitalism and IP.
(DIR) Post #AQBbnSFJAqetU3ae9Y by GNUxeava@mk.absturztau.be
2022-12-02T05:22:42.200Z
0 likes, 0 repeats
@inference@plr.inferencium.net @ocean@raru.re @koakuma@uwu.social ah yes the good old "intellectual" property
(DIR) Post #AQBbpCeu67IviiOc2i by inference@plr.inferencium.net
2022-12-02T05:22:29.640265Z
0 likes, 0 repeats
@GNUxeava @ocean @koakuma Not very intellectual, is it?
(DIR) Post #AQBbpH5HdymZRgljiS by izaya@social.shadowkat.net
2022-12-02T05:23:02.830789Z
0 likes, 1 repeats
@inference @GNUxeava @ocean it is extremely messed up that we're in this situation to begin with
(DIR) Post #AQBbs15VZfyOhcBJfU by GNUxeava@mk.absturztau.be
2022-12-02T05:23:33.128Z
0 likes, 0 repeats
@inference@plr.inferencium.net @ocean@raru.re @koakuma@uwu.social trueif we get open hardware, can we slap our own firmware? (Looking at RISC-V)
(DIR) Post #AQBc1RBNvLg0ExQFuK by ocean@raru.re
2022-12-02T05:25:13Z
0 likes, 0 repeats
@izaya @GNUxeava @inference This shit is why I just bought an iPhone
(DIR) Post #AQBc2IMCDsof9pt8cK by inference@plr.inferencium.net
2022-12-02T05:24:51.529965Z
0 likes, 0 repeats
@izaya @GNUxeava @ocean Indeed, but it will never change as long as capitalism and IP exists.If freedom of having a newer OS is what you want, you can just update the OS and apps, sure, but that doesn't guarantee the firmware won't prevent you from changing stuff which becomes incompatible in the future, because it's proprietary and EoL.If security and privacy is what you want (and yes, you cannot have privacy without security), you have literally *no* choice but to keep rolling onto supported devices, and jumping ship from the EoL ones.
(DIR) Post #AQBc694Oh5aXVqOnYW by ocean@raru.re
2022-12-02T05:26:05Z
0 likes, 0 repeats
@inference @GNUxeava @izaya At least Apple and Google are offering trade in and recycling services for these devices
(DIR) Post #AQBc6jZqxc8mjpOQaG by inference@plr.inferencium.net
2022-12-02T05:25:40.102514Z
0 likes, 1 repeats
@GNUxeava @ocean @koakuma Sure, because that means only an errata in the physical silicon would mean the chip is broken, not planned via code which can but just isn't updated.
(DIR) Post #AQBcAt4DcU8RKQZo5w by koakuma@uwu.social
2022-12-02T05:26:31Z
0 likes, 1 repeats
@GNUxeava @ocean @inference Not necessarily, RISC-V being "open" simply means that anyone could implement it without licensing fees.It doesn't prevent anyone to use the processor in shitty undiscoverable platform with blobs like what we have with Arm now...
(DIR) Post #AQBcHYFrOhqQo8CR4y by inference@plr.inferencium.net
2022-12-02T05:27:36.690808Z
0 likes, 1 repeats
@koakuma @GNUxeava @ocean On this subject, RISC-V doesn't even mean there will be no hardware backdoors, either. That's something I get tired of hearing by FOSS cultists.How do they plan on checking the physical chip?Using technology will *always* have a risk of backdoors, regardless of open or closed source.
(DIR) Post #AQBcLKcI2upDfSUeWm by izaya@social.shadowkat.net
2022-12-02T05:28:50.151169Z
0 likes, 0 repeats
@ocean @GNUxeava @inference I got a PinePhone to escape Android; at least this way most of the stupidity is my own fault.It's not nonfree firmware free, unfortunately, but it's the best option available. The modem module, for example, a) doesn't have any access to the phone system b) has customised firmware available, though it does include binary blobs.I'll take what I can get.
(DIR) Post #AQBcR1Fowpb9LzhC0u by inference@plr.inferencium.net
2022-12-02T05:29:18.768773Z
3 likes, 0 repeats
@izaya @GNUxeava @ocean "Linux phones" aren't even as open as they claim to be. They still require proprietary firmware.There is no way out of this without laws which force opening code.
(DIR) Post #AQBgzMnljyuzqRCyjQ by 4censord@mstdn.social
2022-12-02T06:11:44Z
0 likes, 0 repeats
@inference Can you link me a source for the Fairphone thing? Thank you.
(DIR) Post #AQBgzNDeBlcP8hJe4G by inference@plr.inferencium.net
2022-12-02T06:20:20.110947Z
0 likes, 0 repeats
@4censord Fairphone's statement of supporting Fairphone 4 until 2026:https://support.fairphone.com/hc/en-us/articles/4405858006545-FP4-Fairphone-OS-Android-11-Qualcomm's platform support is 4 years, meaning support ends in 2023:https://arstechnica.com/gadgets/2020/12/qualcomm-promises-three-years-of-android-updates-for-its-entire-soc-lineup/Fairphone literally cannot fully support Fairphone 4 until 2026 when the SoC goes EoL 3 years before that. Security issues *will* emerge, and will *not* be patched, because they can't be.
(DIR) Post #AQBh4gn8qWUrI3S8ZM by inference@plr.inferencium.net
2022-12-02T06:21:19.665237Z
0 likes, 0 repeats
@4censord Fairphone's statement of supporting Fairphone 4 until 2026:https://support.fairphone.com/hc/en-us/articles/4405858006545-FP4-Fairphone-OS-Android-11-Qualcomm's platform support is 4 years, meaning support ends in 2024 (2023 for the pre-4 years change for Fairphone's SoC):https://arstechnica.com/gadgets/2020/12/qualcomm-promises-three-years-of-android-updates-for-its-entire-soc-lineup/Fairphone literally cannot fully support Fairphone 4 until 2026 when the SoC goes EoL 3 years before that. Security issues *will* emerge, and will *not* be patched, because they can't be.
(DIR) Post #AQBmjv2fGfpd8AC120 by fell@social.fellr.net
2022-12-02T06:52:27.267776Z
0 likes, 0 repeats
@inference @4censord Maybe they think they can work around security problems by patching their kernel fork? 🤔
(DIR) Post #AQBmjvlgZHqPNnFyCm by inference@plr.inferencium.net
2022-12-02T07:24:46.805381Z
0 likes, 0 repeats
@fell @4censord They require proprietary blobs for proprietary firmware. There is no escaping that fact.You cannot just neglect firmware and update only the OS while expecting full security.