Orion (awooo)

  • 23 Posts
  • 83 Comments
Joined 1 year ago
cake
Cake day: June 3rd, 2023

help-circle
  • Currently:

    • Caddy (reverse proxy & website)
    • Matrix (Synapse)
    • E-Mail (maddy)
    • Vaultwarden
    • Xonotic server
    • Resonite headless
    • Prometheus + Grafana (internal, monitoring)
    • dnscrypt-proxy & dnsmasq (for internal DNS)
    • gotosocial (testing)
    • cage (kiosk wayland compositor) with kitty and btop for a nice stat display on the device

    All of it running from a phone with Linux :3

    I used to have Nextcloud on this thing, but I found it to be insanely heavy for what it does and not very useful when I can just chuck files to the web server if I want to share them.


  • I think what they mean is that someone unfamiliar with your line of work might even read the entire post and come away with it with the view of “Okay, and?” since the title told them this was going to be about “What Does It Mean To Be A Signal Competitor?”

    The problem there is that what Signal is is different to different people, someone might for example use it like any other chat application, in which case even something like Telegram (ew) or Discord could be an alternative to them.

    Again, if someone is familiar with your blog, they’ll know what you mean, but the blog post can be viewed by someone in isolation, in which case it won’t be so clear, especially since it’s also in relation to moving off of Telegram, which is not an E2EE platform at all by default
















  • It’s honestly pretty hard for me to find media I can swallow because of having an anxiety trigger that is so common.

    Most media has depictions of death or loss in it, and I’ve come across first person descriptions that were so immersive that my heart was actually pounding and I had to take a few days to stop feeling down, and it’s not something the authors usually mention explicitly. So in the end I don’t really watch or read anything serious these days.


  • Nope! The point is that the hardware is deployed, and strong attestation is available.

    But for now, a lot of apps still rely on the old SafetyNet or weak integrity. So the clock is ticking, the more up to date devices running modern Android there are, the more likely these apps are to switch over to the new system and require hardware attestation, because why wouldn’t they once everyone is “ready” for it.

    I’m not sure what you’re trying to argue against, what I’m trying to say is that the technology is very dangerous and must be banned, I’m with you on user control. But I won’t fall into a false sense of security about being able to bypass everything, because we don’t have control over low level hardware as we do with software, so these megacorps have the upper hand.


  • They have already played along, all devices that have Google Play preinstalled have to pass this test.

    But locking you out of installing software is not the point, it’s much more insidious than that. What will happen is that major services you rely on will want your device to present a cryptographic proof it’s running the original software, which can’t be spoofed. So for example your YouTube would only send you over the video stream if it knows that on the other side there’s an unmodified app running on an unmodified OS. Same thing goes for your bank. At some point you’re so locked out of essential services when running a custom OS that nobody will do it, because these days you almost need a phone to function in society.

    The hardware doesn’t lock you out of your device, it lets remote servers present you with an ultimatum, if you don’t present the proof you’re out, if you do, that means you’re running the stock OS and thus can’t do anything.


  • Well not quite, you still cannot pass strong integrity, because it’s based on a hardware chain of trust.

    I’m sure there will be vulnerable hardware out there, and groups which are able to extract the keys, so nothing changes from a security perspective, you still can’t fully trust the client to not scam you out of money or something.

    But for forcing people to see ads, or discouraging the use of free software, adding vendor lock-in? You don’t even need special hardware to be annoying about it, SafetyNet in its bypassable form has already made mobile payments unreliable on non-Google Android so much that it doesn’t make sense to use them, because you could be denied service at random whenever the binary updates.

    Strong attestation in play integrity is pretty much impossible to get around from an individual user’s perspective, and in the best case scenario would be bypassable with significant effort, likely involving you having to buy leaked keys on the black market.


  • Won’t work sadly, if you install a custom OS your device will not be able to attest to it being original, and play integrity won’t pass (which would by extension include WEI). Not providing the results will be seen as just as bad as not passing. So as long as the vast majority of mobile users have it deployed you’re screwed.

    You can think of it as requiring everyone to wear a cryptographic ID badge to do something as simple as going to the store to buy groceries. You can always not wear it, but you will be denied service just as someone who has a “made up” ID.

    The evil exists at the silicon level where they cryptographic keys are hidden from the user.


  • Orion (awooo)toVideo GamesSteam's killer feature
    link
    fedilink
    arrow-up
    21
    ·
    1 year ago

    That’s really the thing with Steam in general, from a consumer perspective it’s a very good and honest service, it actually adds to the experience of playing games instead of being an annoyance.

    A lot of other stores feel like only shells made around popular titles to promote more stuff and lock people into using them. More launchers won’t solve the monopoly of Steam, you’ll just end up with as many as there are streaming services.

    That’s not the case for GOG and Itch, but there you don’t get the same level of experience.




  • Hmm I think my main concern would be lack of kernel/firmware updates, running something like postmarketOS could partly solve that and still be nearly as easy to set up (just unlock and flash a prebuilt image)

    But firmware is still almost entirely dependent on the vendor, since it’s all signed and unpatchable.

    Next issue would be lack of connectivity on a lot of phones, which have gone backwards and include USB 2.0 now. WiFi is an option, but less stable, I personally decided to just go 100Mbps and suffer.

    As for the battery, it would help a lot if phones were designed to boot without one and they were removable, it all worked well for about half a year until I found out I had a spicy pillow and had to replace it with direct power to the board, which made the whole setup much less elegant and required soldering.

    It all comes down to how devices are designed in the end. If someone took the time to make a computer instead of just a phone, and included features that make it useful past its initial life that aren’t that popular (display output, microsd, headphone jack), mainlined all the drivers and maintained firmware, that would be a different story.

    But that’s not a very profitable model, because it’s all about reducing waste and thus selling less. A lot needs to change.




  • Yeah, it’s probably worth it to slightly push back against these people irl, because there is a chance that’s the signal they need to change, but online they can just copy your responses around and use them to further their crap. They probably love getting attention inside furry spaces like this one.

    Best option is to ignore them, or if you must interact, troll around so it’s at least fun for you instead of being exhausting.














Moderates