Not fair to say I was being dismissive. Or sarcastic, for that matter, I did indeed find it interesting. Also I think presuming my intent in such a fashion is itself dismissive, so if it wasn’t the pot and the kettle before, it certainly is now.
Didn’t I already tell you that I am not interested in discussing @amosbatto? This is not a forum for discussing individuals. Also, you didn’t provide any evidence about his “wrong” behavior, which means you “are spreading misinformation and/or insults”. I saw no misinformation in my references. I expect you to retract, rephrase, or apologize.
I expect that nobody here cares about your personal opinion on individuals. It looks as if you have no technical arguments to defend your point of view, since you go to personal attacks instead.
I know that u/amosbatto and u/Adwaitian were banned from the Subreddit and the same happened with someone else (before adwaitian) defending Purism. I offered proofs that people trying to destroy Purism with misinformation get upvoted and not banned on the Subreddit. It seems you are fine with that, aren’t you? Are you fine with the spread of misinformation as long as you agree with its goals? Now, it’s your turn to show us which accounts spreading lies about Purism also got banned (show at least a few), if you want to present a reasonable evidence that I’m wrong.
One example. Now, you should also provide some evidence concerning the “fake-resells”.
This is only partially true. Yes, you will get the security updates, but AFAIK you will not get feature updates, since the kernel will be very old.
I don’t understand what you mean here. PureOS can be in-place upgraded to a new version, just like Debian.
Did you read my post above? I said that
They do not mention your link when they say that. One cannot reasonably say that it’s an insecure phone without explaining your threat model. One cannot simply say
The OS they use has a near total lack of any systemic overall privacy/security work or privacy/security model
This is completely wrong, it’s misinformation. Librem 5 with PureOS is more secure than a phone with GrapheneOS for me, according to my threat model. I stand by what I said: The wording in the latter quote is disingenuous and suspicious.
Yes, I read that thread and I still have no idea what strcat wanted to say. Did you understand them? Can you explain in simple words, how proprietary drivers can be recompiled, without a wall of text? Or can you link to the soruce code for all free drivers for any single GrapheneOS-supported phone? I see that you are defending strcat a lot, so I expect that you can do that.
I have no idea what that means. Why is Purism not having such problems with Librem 5 or devkit?
I disagree here. It’s easy to spot malicious code in a popular FLOSS, unless it’s very well obfuscated/hidden. Developers of a proprietary software can hide malicious code trivially.
Upd: Also, FLOSS doesn’t mean anybody can submit code to it.
Yes, it doesn’t mean more eyes. However, it gives an opportunity for that. It’s a less strong improvement, but it’s a one nonetheless.
This is nice OpojOJirYAIG, i follow fsflover in his post and say: No, closed source code, will use the power of the surplus i mention above to leak as much as possible Data from your devices, without paying you and sell your furfural behavior on the Marketplace for that, for more money you will ever spend on Programming or that kind of Product.
We just do not see this on open source, cause we program, copy and compile/use that software, because we can and have a choice. Others won’t have. Cause you get more money if you let someone pay and do it anyway, in cases someone can not proof.
I see fsflover and me in the same situation today… like Shoshana described on her Unfinished 2022, Talk in New York.
In Addition: Its fine Gavaudan, i have a language barrier, so its difficult for me to express complex stuff to convince Privacy2. I think he or she is one of the good people and not payed to set our, spoken as community, project on fire. Like have a future with democracy and computer systems which we use as a tool for daily knowledge, instead as a service guide to push ourself to a more efficient indirect external controlled better Version of us, like the Big Tech wants to see.
I mention 2003 Privacy2, cause this was the time when Google invention, and solve from their view the “How to create Money from our free service” Question, cause in the Beginning nobody wants to pay for Information. Its still here in Germany that most folks do not care about privacy and the mainstream will not pay 2 Dollars for the Service. But its just cause they do not understand where that lead to. I think you are good in programming and have more skill there then i have. However, i think you have missed that step of code in that direction, Cause nobody can Read (alone) 2 Million new Lines of Code, from 2.174 payed Programmers a Day, Google, Apple or Microsoft pay… However Small, simple Code will ever Survive, cause it is transparent easy to understand and still in the wild. Ok just except Bugs. But i think you get the Point. We need a Community to do and understand this and a movement in the next large Classification of “working together Humans”. And everyone needs to hand over that knowledge to the new Generations.
Even if you do not trust or like puri.sm, give them a Chance. Maybe i think back in 40 years - ok it was just a Company paid from the SC Industry to have some alternative, but i think that is not so. And even if we are on different Mind sets right now. We have to work together, or the A.I. on the SC Side will kill us before we invention… like in the Movie of Terminator 2.
I would like to support your loved Pine Project and GraphenOS, too! And maybe we have to bet on more then one horse, so we should not dispute about it, but push money on more then one, even some will fall. We can not afford to miss that point about free and self programed computers as a tool or be controlled by computers and magic Network … we have to … really! To Design our Future, right now. And an alternative to the SC Systems. Its already a fight in burning world.
This is a different threat model than the one I presented, the one I presented was it is harder for a malicious actor to submit malicious code and have that get past the developers.
Changing the context is a dishonest argument.
.
Again, changing the context. Let’s at least have an honest conversation. The argument about whether or not companies spy on their customers is a different conversation and trying to change the conversation is a dishonest approach at best that diminishes the legitimate points you are trying to make.
I financially support both Purism and Graphene teams. The powers that (shouldn’t) be will use our disagreements to divide and rule, like Julius Caesar once did with Rome. The fact of the matter is that both teams should treat each other with respect and continue to work in the same vector as they do now. It goes without saying that every individual has unique threat model and its great that the end user now has options to choose between Librem 5 + PureOS and Pixel + GrapheneOS.
I don’t care if you’re interested in discussing amosbatto. You brought him up by
linking to his screed of a FAQ. I’ve had personal experiences with him
and those personal experiences have shown me that his writing is not worth my time.
I linked to plenty of discussions with him as a participant. Some of which he was banned exactly because of bad behavior. That’s proof enough. I owe you nothing.
You asserted “only people who defend Purism get banned”. I showed that your assertion was wrong by giving you an example of /u/jaylittle who was banned at least once (I think twice) for poor behavior toward Purism advocates. i.e. You were wrong. Everything you said, above, is just you deflecting from the fact that you were wrong. Why not just admit that you had nothing to back up your absurd assertion that “only people who defend Purism get banned”?
You’re confused. It wasn’t the assertion that /r/pine64 had “hateful” comments that I cared about, it’s your assertion that those hateful comments was that reason why pine64 created /r/pine64official . I thought I remembered a different reason so I asked you to support your assertion. You still haven’t.
Your link doesn’t support why /r/pine64official was created. You made the assertion, I was just asking for evidence. You still haven’t provided evidence for your assertion.
It turns out that the answer is addressed in the following thread. ( It was /r/pinephone and they were behaving in a way that was contrary to pine64’s interest by badmouthing pine64 (not Purism) [ " Don’t buy a new pinephone from Pine64’s evil communist factories in China. "] ). https://www.reddit.com/r/PINE64official/comments/fxcipk/psa_refrain_from_using_rpinephone/
Feature updates? WTF are you talking about? This is the supported life of GrapheneOS on that device. I don’t care about the age of the kernel as long as it is getting security updates. Also, although I don’t particularly care about kernel version, strcat has indicated that the kernel can be updated. You were in that discussion ( https://news.ycombinator.com/item?id=30761693 ).
[strcat] The reason for using an LTS kernel branch with 6 years of support from kernel.org is stability. Porting forward the drivers to each new kernel release is entirely possible and isn’t a lot of work when it’s done incrementally. Not that many changes are even required.
…
There are already people who have gotten the mainline 5.15 kernel working with the Pixel 6, but from 5.10 to 5.15 there are a lot of regressions, …
… It isn’t better from a security perspective to use the 5.15 LTS rather than the 5.10 LTS, especially with the additional changes backported by AOSP including security enhancements like mitigations, not just bug fixes. It may be a good idea to move to the new LTS branch once it has matured for 1-2 years, but definitely not months after release.
Discussing “security” of the Librem 5 vs. Graphene you said:
I disagree. I think that they have been clear. You criticized them for that … and they
created that link to make sure they were clear. It certainly wasn’t “disengenuous”.
Regarding strcat’s quote (also quoted below), you said:
Who is being disingenuous now? What they said is clear and I think you understand what they said. You simply don’t believe it since you don’t understand how it
can be true. That’s different. And that’s your problem.
I already said that I’m not an expert and I’m certainly not strcat’s keeper. If you want
to understand how it can be true, I suggest you read up on the kernel structure of the android kernel https://source.android.com/docs/core/architecture/kernel (pay attention to the HAL Implementation) and then look at the graphene build structure to see any details in regard to the drivers. Or, as I’ve said before, if you want to question what strcat said, ask him.
But what I will point out is that there is one Purism supporter whose name you don’t want mentioned who repeatedly asserted the opposite and didn’t stop when he was told he was wrong. Burden of proof is on the not-to-be-named supporter … and if he can’t show it, he should stop asserting it as if it’s a fact.
I think the HAL Layer is Software and the IOMMU is good but not perfect. Look at VMware Research Center Quote to this:
Since we see in the past attacks against CPU-Firmware like Spectre,Meltdown and at RAM Data integrety… Rawhammer - i like to see Linux on Smartphones instead of Android. Android have to trust the Drivers more, and with each year and an not open Source driver we will see more wholes and issues.
Not sure if Purism choose the CPU well, cause it used in Cars and more. Its already a target, or if its good cause so many are using it.
As you can read on my Link, the IOMMU set the Kernel at Risk, cause the Driver for your Modem (i think the Mobile Network Provider can Update them remotely**) can steal some Kernel-Pointer and “the device drivers expose sensitive callback pointers, which may be overwritten by a device to hijack kernel control flow.”.
So i like to have the ability to shut down the Modem by Hardware on my Librem5 ;D
(Yes i know i may have an offline Computer without WLAN, or i use a additional LAN or Docking Device. I think its just a step forward. And i hope we have the ability to Monitor Drivers on the Librem5. Even it have to be a black Box due to the have to regulatory.)
Personal i think it make no difference. If some smart Folks with enough Money like to watch you they can, and do. Which is kind of right. I just want to have a reliable phone in times of Cyberworldwar-Hygiene.
And maybe i can make a Back-Up of a 100.000 Dollar worth exploit, just kidding.
I think the Sound-Card have the ability to make Modem Sounds or receive if the Modem is down…
Oh one Edit: Graphenos use only Google Hardware… that’s kind of sad, even its a low hanging fruit. I just think about that undocumented Micro in Nest-Devices… Just do not get me wrong. Graphenos are some of the good one, too. Would just be better have more Driver developers out there, even if it takes years like on the Linux Desktop.
I think you’ve missed the point, but there’s enough of a communication gap (you’re a non-native speaker) that I can’t even tell.
My bringing up HAL (Android HAL, not GNU/Linux HAL) was in regard to the architecture of the interaction between the kernel and devices drivers for Android systems and was to help direct fsflover to understand how one could update kernels on Android systems as claimed by strcat. As I said, I’m not an expert. However, I don’t have any idea why you mentioned HAL to me … or what your point was.
The discussion of IOMMU in regard to GrapheneOS was not in regard to general DMA attacks. The discussion of IOMMU was in regard to how GrapheneOS can completely shut down transmit/receive requests for devices like the cellular modems, sound processors, etc. There’s
no attack I’m aware of when the whole channel to/from the device is shut down by the IOMMU. Are you aware of any?
Of course it is a separate issue that the IOMMU and memory attacks (DMA or otherwise) are relevant when the modem is “on” for either of the devices. In those cases, having an IOMMU is still arguably a better for isolation (kernel USB stack + IOMMU) than simply (USB2 stack in the kernel). This is discussed in the links below. [I argued *against* this with one of the Graphene devs since I thought USB2 should be safe since there is no DMA. He pointed me to several USB2 --> memory attacks via the USB2 stack. ]
As I mentioned above, I’m not sure if it is a language barrier (you’re a non-native speaker) or something else, but I have a difficult time figuring out what you’re talking about and/or whether you even understand the details. In that regard, please let me know if you have a good understanding of DMA attacks and IOMMUs. If so, maybe I’ve missed something. However, I had already seen/read all of the references you provided above before, so unless I’m missing something, I don’t think your link was relevant to me previous discussion about how the IOMMU was used in
GrapheneOS to shut off rec/transmit for the cellular modem.
You post a Link to Android Docs and said “pay attention to the HAL Implementation”, that’s why i quote HAL. And you are right, i am just a Hobby Developer. I do just read and compile Code cause of Fun and some kind of have save and already patched Software.
Thank you for be here and take care on free and Open Source Software. Sometimes we need to have a Job and to earn Money for stay living. That’s why purism take this kind of journey. Do not judge so hard about them. I am sorry that i can not express better, about my concerns and why i think that you not understand the S.C, maybe because you work with computers and Turing machines, and do not think that a computer or a Neural Network, can use knowledge about you, to tell you not the truth. Just to nudge you to another direction for own profit and change your behavior to a finite future behavior… for the future behavior Stock Marked.
The issue with the Internet and the self driven Individuals, is that you turn their decisions - you/someone can earn some Money.
Right here, we need to have and understand folks why we not just need this Money or Power from them, cause its sometimes good to have a self controlled future and some individual purposed choose targets to create/be something new.
I just see how TicToc, Microsoft Windows, Android and Google just Nudge people like they want to chance their Mindset. To Vote for X, betray someone who want to hide… cause of Y… …
You know its just about Information. And the World and other have to share their Mindset for truth. … Just. you know in the 2 World War the Nazis are the Bad one, cause you know. And now i am not sure if we, or the System might say that the ugly truth came true. … I am just not sure if this is the Truth. Or just Algorithm.
This is not so easy to answer in philosophy. I think personal: We have to keep privacy for our own, to be able to find an opinion about our believes without too much interruptions. And Time to carve opinions. To commit a lager value to the system. However Internet and Computers accelerate this kind of process.
And i am just not sure if the physical and the informational environment, play’s fair. Or try to nudge ourselves to change the future or way we behave in future.
Its kind of a big Mystery, in Informatics, Mathematic and Biology.
By the Way. I do not trust 3erd Party Algorithm and Drivers, since Shoshana Zuboff teach about that way about how someone else got Money cause the Smartphone, can change over personalized Display Information the behavior of folks. Like an Ad could do in the 1990th.
I think we have reached a new Time cause we lost Data about ourself through that device in our Hands… and yes… we have to chance this for a new century with free and open source systems. So we are here, together.
It is indeed my pleasure to gladly learn from you, to come back here because of your kind thoughts. And thanks for sharing those important/inspiring thoughts of yours here with us!