@nitrokey Hey NitroKey, as a #postmarketOS dev this honestly gets me a bit worried. I've seen several companies jumping on the "Linux on mobile" bandwagon without realizing what makes the PinePhone and Librem 5 so great: mainline Linux kernel support.

Please make sure that if you make a Linux-based phone, it'll either ship with mainline support or has at least work going to it to make that happen in the future!

@Utgardloki @bart @nitrokey

Oh please. Like you're more secure running some ancient downstream kernel or outdated android version that your phone's manufacturer has long since abandoned? Or do you enjoy "needing" to buy a new phone every 2 years because it no longer receives security updates for purely business (and non-technical) reasons?

Linux on phones isn't perfect right now (early android wasn't either, lol), but it's definitely a step in the right direction.

@craftyguy @Utgardloki
Hehe, Librem5 insecure because you cannot update the firmware?

Hehe, a pile of "never-received-firmware-updates" Androids here begs to differ. 😉

@mobian @craftyguy @Utgardloki

So you know, you CAN update the firmware in the Librem5. Purism even has a repo for it!

Also, that article has a bunch of stuff wrong with it. I'll just name the gyroscope "microphone" for one.

If the gyroscope microphone was at all possible. it would have to provide updates in the KHz range (I would say at least 8 KHz, but more realistically 16 KHz). I sincerely doubt the gyroscope even does that.

@kop316 @mobian @Utgardloki yeah IIRC that's a fairly recent possibility, the redpine wifi driver in the kernel had to be modified to allow for updating firmware. I hacked around that a while back to 'fix' my wifi card, which seems to corrupt the firmware on it every time it reboots, so now it loads firmware on driver load like every other wifi chip out there :P (the 'hack' for that has been in pmOS for a few months now)

@Utgardloki @craftyguy @kop316 Let me think, mmh...

In case of a security breach, everybody through the package management system?

Freedom is choice! Choice is Freedom! Over and out.

@Utgardloki @craftyguy @mobian

Consdering I have presented two fallacies to your article, I am considering it unreliable.

Based on your response, I do not think you want to debate this in good faith either.

@Utgardloki @craftyguy @mobian

Ehh, for fun, I will point out more issues with your article:

It complains about USB links to:
madaidans-insecurities.github. "ctrl+F USB" is empty.

The article compares Firewire to USB, then talks about DMA attacks on Firewire. USB does NOT use DMA, so DMA attacks ARE NOT POSSIBLE. Likewise, an IOMMU makes no sense in context of USB, because DMA isn't used!

I am happy to discuss security merits, but let's actually do it in good faith and not spread bad info.

@craftyguy @bart @nitrokey
I don’t use nor own such shitty phones. My phone get 5+ year support.

Linux phones are many years behind Android so no it’s not a right step.

@Utgardloki @bart @nitrokey do you mind sharing what phone you have that gets 5+ year support from the manufacturer? Keep in mind that the article you referenced supports *all* android phones, so your special 5+ yr phone is quite an exception to how the rest of the android world operates....

@Utgardloki

Madaidan makes a few good points about Android having a more hardened kernel that the one found in most Linux distros, but there are lots of problems with his arguments. See the links here:
reddit.com/r/Purism/comments/p

@amosbatto
Purism and Librem phones are just insecure shit and a joke.
They’re many years behind Android

@Utgardloki @bart @nitrokey Reads like a cheap propaganda smear campain paper. The autor clearly shows that his knowledge does not go much further then usual marketing level fear.

@Utgardloki @bart @nitrokey As much facts as trumps tweets. A lot of half knowledge, a pinch of fear and uncertainty, a 10/10 shitpost.

@Utgardloki @bart @nitrokey
whats the point of this blog entry?
saying everyone shall stay in the unhealty and becoming creepy android/ios ecosystem? Buying a new phone every year because we do not care about future? I love to be part of a small niche searching for free and open solutions, dont be one of does iditos saying: 'ah, who cares, i have nothing to hide and already sold my soul anyway...'

@pocketvj @bart @nitrokey
He list facts.

Don’t know where you read that you should buy phones every year. My phone get 5+ years support

@Utgardloki @bart @nitrokey

I'm afraid there is *no single factual information* in the following paragraph:

> PureOS also uses linux-libre. This will prevent the user from loading any proprietary firmware updates which just so happens to be almost all of them. The Librem 5 prevents the user from updating new firmware even with an alternative kernel which forces the user to use outdated and insecure firmware with known vulnerabilities.

@Utgardloki @bart @nitrokey (haven't read the updated version of the rest yet, but in the past other paragraphs weren't much better)

@Utgardloki @nitrokey You seem to be missing the fact that I only asked for mainline Linux support. Even if you agree with the article you linked you still have to agree with me that mainline kernel support is only a good thing.

Sign in to participate in the conversation
norden.social

Moin! Dies ist eine Mastodon Instanz für Nordlichter, Schnacker und was sonst noch so aus dem Norden kommt. Administriert wird der Norden von Niklas & Benny. Zusätzliche Moderator:innen sind Marius und Kurzi.
Bitte gebt bei der Registrierung einen kurzen Text ein. Das erleichtert uns euch schneller freizugeben.