I really like to get some feedback. Have fun everyone!

Remove the “MILITARY-GRADE” stuff. It doesn’t relay any useful information and has been used as a phrase in countless crappy products.

There was this recent attack to XZ utils, which shows that more attention is needed on the code being merged and compiled.

XZ was made possible largely because there was unaudited binary data. One part as test data in the repo, and the other part within the pre-built releases. Bootstrapping everything from source would have required that these binaries had an auditable source, thus allowing public eyes to review the code and likely stopping the attack. Granted, reproducibility almost certainly would have too, unless the malware wasn’t directly present in the code.

Pulled from here:

Every unauditable binary also leaves us vulnerable to compiler backdoors as described by Ken Thompson in the 1984 paper Reflections on Trusting Trust and beautifully explained by Carl Dong in his Bitcoin Build System Security talk.

It is therefore equally important that we continue towards our final goal: A Full Source bootstrap; removing all unauditable binary seeds.

Sure you might have the code that was input into GCC to create the binary, and sure the code can be absolutely safe, and you can even compile it yourself to see that you arrive at the same bit-for-bit binary as the official release binary. But was GCC safe? Did some other compilation dependency infect the compiled binary? Bootstrapping from an auditable seed can answer this question.

Gay Breakfast is a legendary name.

Most entry points are through various other ways…

With encryption, the data is changed so that only the key could decrypt it. If there are no encryption backdoors, then the key is the only end goal of attack. Compared to a physical lock, where, even if the lock was perfect, you still need to secure the structure it locks.

Most entry points are through various other ways, which is also why i find GrapheneOS for the average user stupid.

I still appreciate defense against the less common. Easier to focus on the more common.

Just because stuff is sandboxed and you have some Ad-Blockers on, doesn’t mean shit these days.

Sandboxing and Ad-blockers are quite different. One gives restricted permissions, so a program has less tools to be able to cause harm, and less visibility into the system to violate privacy. Ad blockers need only to stop an ad from displaying. The security and privacy gain would likely only come from stopping you from clicking them (since they’re blocked), or stopping the resources from being networked to in the first place.

Sandboxing I would consider much better for security and privacy. That’s why its a valuable tool for security researchers.

They support 3 devices under the “main” branch.

I’ve used quite a lot of software in a “community” repo. It can certainly work. Will of course depend on the device you are using.

some will never see further updates after getting them to work once.

For it to be in community, their wiki states in needs to be actively maintained. Granted, I’m sure there is a window of time before something goes back to “testing” or “archived”

…binary blob for as driver and not the source code.

Just as I want free firmware in the desktop, laptop, and server Linux space, I hope we can move toward that in the mobile space as well.

…won’t meet the security requirements of the Graphene OS team.

I’m sure it doesn’t. I’ve read their statements on such things. Simply change the requirements.

…for the entire hardware…

Referring to Pixel hardware? I also don’t think they should be building on top of Pixels.

…would take years until you have an even halfway working device.

PostmarketOS seems to support many devices. So its doable. I would prioritize something like the Pinephone though.

frankly i just laugh at the concept of safe and secure, anyone who seriously wants into your device will get into it.

This is paranoia.

it’s the same as physical locks.

Encryption works very differently. A user can encrypt a machine with an Argon2id password that requires 1GB of ram per parallel attempt, requires an average of 1s per attempt, and would take every computer on earth billions of years for a 0.1% chance to crack it if they all worked in parallel.

It’s not even close to as insecure as a physical lock.

…if the US government wants into your phone they will get into it eventually.

The US government doesn’t have magic word to break into every device. That is paranoia, unless you’re talking about “if given an infinite amount of time…”.

Should’ve built upon straight Linux rather than Android.

And there’s the typical non-answer…

There wasn’t any question asked in the thread I replied to.

“just use fstab”

What I actually said was:

You can just run a mount command for your drive on startup as root.

Which is significant because its less verbose than the fstab

a helpful answer would read something like; To auto mount drives on Bazzite open terminal and type…

Its not a given that someone would know how to automount disks in X desktop environment. One can’t provide a step-by-step process on something they do not know.

All fstab does is provide data for the mount command. Typically your OS just runs something like mount -a on boot and it mounts all the filesystems as listed in the fstab.

You can just run a mount command for your drive on startup as root. It would be doing essentially the same thing and its quite simple even for a new CLI user.

(DBus-based?)

Yeah. iwd even has this issue where it needs you to run a system dbus (presumably so regular users can configure network and the admin can apply dbus polices) even if you do everything as root. No dbus, no function.

Not good.

Really Linux distros just didn’t work with it right out of the box…

From what I’ve read, this is misleading. Default secureboot within Windows will only boot a bootloader signed with Microsoft’s key. Although Microsoft does seem to provide a signing service for signing with their keys, this is at their mercy. Windows made a change that broke booting alternative operating systems unless they use a service that Windows provides to fix it, or disable secureboot.

The “I hate change.” Mindset.

Or maybe it’s extra complexity that often leads to the first recommendation to fixing Linux not booting being “disable secureboot” and how this is an extra hurdle to jump through for new users. As well as increased likelihood of problems, due to secureboot.

If they don’t have the training data available, then I wouldn’t consider them open source.

Hearter executes screen cast to living room TV!

Gnome shenanigans.

The most hilarious part about how Anubis is implemented is that it triggers challenges for every request with a User-Agent containing “Mozilla”.

If you have JavaScript disabled, this “challenge” is just a wall. They might’ve stopped bots, but they’ve stopped me too.

I’m excited for my cursor to not get trapped in a window anymore.

On Wayland at least, u can completely disable pointer constraints. Thus, a game window freezes, it doesn’t lock your cursor in it.

With X11, the only solutions I found were basically recompiling the X11 code. Thus, I deal with one game window making my cursor disappear and frozen inside itself, affecting all other Xwayland windows.

Annoying and ridiculous. Hopefully not long before wine-wayland matures enough to fix this.

Discord servers are just groups. Lemmy “instances” are actual separate instances of Lemmy communicating.