Posts by h3artbl33d@bsd.network
(DIR) Post #9pxS9vPRwzwHlAVXd2 by h3artbl33d@bsd.network
2019-12-14T14:12:37Z
1 likes, 0 repeats
@liebach Furthermore, a client without electron is a win :)
(DIR) Post #9qlUeKR8iv2VwwY2am by h3artbl33d@bsd.network
2020-01-07T17:34:04Z
1 likes, 1 repeats
Quite a big project, I am ditching Xen and VMware in favor of Bhyve on HardenedBSD. If all goes well, everything should be over mid-February. Really stoked to make this move!After this phase is completed, I'll probably start creating some tools to manage the infrastructure which runs solely on #OpenBSD and #HardenedBSD by then..
(DIR) Post #9rEBfuhOo88XqrSjGy by h3artbl33d@bsd.network
2020-01-21T13:46:27Z
0 likes, 0 repeats
@quad Apologies for the somewhat controversial question: but what is the advantage here?
(DIR) Post #9rECpQ1tn3XtaA9CBE by h3artbl33d@bsd.network
2020-01-21T13:57:22Z
0 likes, 0 repeats
@quad Thank you for your prompt and thoughtful reply.AOSP or proper forks like GrapheneOS allow the same. But it does require flashing. The way I see it, is that the main advantage of AOSP/GrapheneOS over the Librem 5 is the more secure design. Initially, the Librem product info claimed that there would be SELinux but that got scrapped pre-launch.I fully agree with the choice advantage though :)
(DIR) Post #9rECugMOV7dxg8FAO0 by h3artbl33d@bsd.network
2020-01-21T13:59:37Z
0 likes, 0 repeats
@quad Perhaps I am being a tidbit negative here, but my real concern is that - whatever phone/OS one goes with, there is still a baseband SoC required, which is closed source, proprietary nastyness.Fixing that, however, requires a industry-wide approach and change of attitude, I am afraid.
(DIR) Post #9rEOJIFQO1Chd9vCsK by h3artbl33d@bsd.network
2020-01-21T14:10:49Z
1 likes, 0 repeats
@quad I agree, at least partially. Older/EOL/unsupported phones can be 'hacked' to run a more recent version of Android. For example, Android 10 can run on a Samsung Galaxy S4.That doesn't fix, however, that the firmware (bootloader, vendor, radio, etc) aren't updated anymore and are likely to contain nasty vulnerabilities and bugs.The same goes for the Librem/Pinephone. While you might receive more recent kernels during X years, baseband/firmware updates will stop at some point. [1/2]
(DIR) Post #9rEOJIYZEqW4aWsUiG by h3artbl33d@bsd.network
2020-01-21T14:14:03Z
0 likes, 0 repeats
@quad And while it might very well be possible to run a newer kernel/distro on them, it will remain insecure if the baseband is severely out of date. See, eg: https://www.extremetech.com/computing/170874-the-secret-second-operating-system-that-could-make-every-mobile-phone-insecureBut, I refuse to take away the positivity here. I really like that Librem, Pinephone and possibly others are, at the very least, giving it a shot. In the end, nothing changes if no one cares.
(DIR) Post #9rEP3aeUIAYW1zikOe by h3artbl33d@bsd.network
2020-01-21T16:16:46Z
0 likes, 0 repeats
@quad Totally agreed :) That is one thing I like about the Librem, a hardware toggle to turn off the baseband (same for the microphone, etc).I am keeping a close eye on the Pinephone, really curious to see their accomplishments.
(DIR) Post #9rEUcQfRuCwkyGbPBQ by h3artbl33d@bsd.network
2020-01-21T17:16:25Z
0 likes, 0 repeats
@quad Wow - that is awesome! I'll take switches behind the back cover over my current phone - without switches - anytime.I hope they would seperate the WiFi/BT switch though. Disabling baseband and BT would require a half-baked fix now (baseband through the dipswitch, BT through software). But hey - it is more than nothing and workable.Thanks for the info and details :)
(DIR) Post #9rEUeXQPkhl4VZZkR6 by h3artbl33d@bsd.network
2020-01-21T17:21:11Z
0 likes, 0 repeats
@quad Do you have a BreaveHeart Pinephone by the way?
(DIR) Post #9svxlb6riHeFDaHzXs by h3artbl33d@bsd.network
2020-03-12T14:17:41Z
0 likes, 0 repeats
From the Tails 4.4 changelog:"Vagrant build box: disable mitigation features for CPU vulnerabilities (Closes: #17386). Given the kind of things we do in our Vagrant build box, it seems very unlikely that vulnerabilities such as Spectre and Meltdown can be exploited in there. Let's reclaim some of the performance cost of the corresponding mitigation features."Source: https://git.tails.boum.org/tails/plain/debian/changelog
(DIR) Post #9svxlbXo67COZ8tVXU by h3artbl33d@bsd.network
2020-03-12T14:21:57Z
0 likes, 0 repeats
I get that the mitigations for the CPU vulnerabilities come with a performance cost. Might be even called a "harsh" cost for certain workloads.However, coming from a Linux distribution with the target audience that Tails has, offering privacy and resiliency, it seems a somewhat concerning choice to pick performance over security.Personally, I consider Tails to be a high profile target, given the use for whistleblowers, the privacy conscious and those in need [...]
(DIR) Post #9svxlbykTwkXuhV1X6 by h3artbl33d@bsd.network
2020-03-12T14:28:05Z
0 likes, 0 repeats
for a system that might offer some resiliency / anonimity for whatever reason. It could very well be oppressed people that want to bring out information, risking their lives. Literally.Thus, even though the project considers it "very unlikely", the impact in case of a succesfull breach is disastrous and could put users in grave danger.I would really like if Tails were to reconsider this move. Or am I being overly paranoid and alone in this thinking?
(DIR) Post #9svy3ocoCd22Lauwa0 by h3artbl33d@bsd.network
2020-03-12T14:37:25Z
0 likes, 0 repeats
@ParadeGrotesque Thank you for your reply. That is exactly how I have interpreted the message. Ideally, the build machine should be utterly secure, even against complex and high-resource attacks such as the Intel vulns. I mean, if there is a chance to snuck in some code in the Tails distro, an adversary *will* try sooner or later.Currently downloading Tails to do just that :)
(DIR) Post #9tP8A4WkIXxY2DWuVE by h3artbl33d@bsd.network
2020-03-26T16:13:11Z
0 likes, 0 repeats
@nextcloud Wow! That is an awesome improvement. Thank you very much, totally love you! ❤️
(DIR) Post #9tXdejYNXWKneK5tz6 by h3artbl33d@bsd.network
2020-03-30T18:29:27Z
0 likes, 1 repeats
Little known fact: the Dutch Greens work from home, secured by BSD: OpenBSD for the core network (routing, firewalling, dns, vpn, ids/ips) and HardenedBSD for filesharing/storage.
(DIR) Post #9tXz5aPtiSeWAUlyj2 by h3artbl33d@bsd.network
2020-03-30T18:36:13Z
0 likes, 2 repeats
For metal fans, Master Boot Record dropped his newest album Floppy Disk Overdrive a week ago (listen to it via https://masterbootrecord.bandcamp.com/album/floppy-disk-overdrive ).Win two bonus tracks by completing the CTF on mbrserver.com. Music and hacking go hand-in-hand very well :blobhearteyes:
(DIR) Post #9v6JxbQuwKcp8cDNKK by h3artbl33d@bsd.network
2020-05-16T09:28:47Z
0 likes, 0 repeats
The dumpsterfire that is systemd gets worse with systemd-homed. T minus 5 years for the arrival of systemd-kerneld. Or, GNU/systemd as the purists say.
(DIR) Post #9v76y0DFhnO7kDdwMi by h3artbl33d@bsd.network
2020-05-16T19:23:15Z
0 likes, 0 repeats
@maryjane I consider systemd itself the bigger dumpster fire:• It adds so much complexity - which tends to be a security nightmare.• Replaces daemons and tools that were well tested and in use for many years.• Debugging is a hell with systemd.• There have been whackjob bugs, like the entire system crashing because failing to obtain a DHCP lease on boot.• And so, so much more.And now its going to replace homedirs while still having architecture issues like ssh key logins? How? What? Why?
(DIR) Post #9x74JqaCGmpvyYcaDQ by h3artbl33d@bsd.network
2020-07-13T08:15:40Z
1 likes, 0 repeats
Github has an outage for 3+ hours (https://www.githubstatus.com/incidents/j597fw8kv04c). This might be a good option to consider self-hosting a Git repo.That doesn't take away the chance that outages might happen, but at the very least the impact will be less... huge.