this post was submitted on 02 Sep 2023
19 points (67.9% liked)

Asklemmy

43816 readers
1170 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy πŸ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

trying to make a near 100% foss build lol

top 30 comments
sorted by: hot top controversial new old
[–] TexMexBazooka@lemm.ee 38 points 1 year ago (1 children)

If you’re going for 100% FOSS, trash your apple products.

[–] Blake 12 points 1 year ago (3 children)

As long as you say the same for Google and Microsoft, I agree.

[–] peter 9 points 1 year ago (1 children)

Technically android is open source, though. You could install AOSP on a device and not use any Google services

[–] Blake -2 points 1 year ago (5 children)

Except in reality nobody really does that. Everyone uses google play services / gapps because they pretty much have to.

[–] apotheotic@beehaw.org 6 points 1 year ago (1 children)

Eh, it's not that hard to get degoogled on android

  • sent from my android device running grapheneos
[–] Blake 5 points 1 year ago

I’ve got a pixel 7 pro with GrapheneOS. If you’re a normal phone user, it’s pretty much impossible to be degoogled unless you don’t want to use banking apps. Plenty of apps straight up don’t work unless you have the sandboxed Google play services running.

[–] seliaste@lemmy.blahaj.zone 3 points 1 year ago (2 children)

MicroG is an open source implementation of the services. My phone is google free

[–] Blake 0 points 1 year ago

Your phone is almost definitely still using Google services as the backend, MicroG is smoke and mirrors - the front-end libraries are open source, but they still use closed source APIs and send your data to Google unless you have it set up extremely restrictively.

[–] anarchopunk_girl@kolektiva.social 0 points 1 year ago (1 children)

@seliaste @Blake my issue with microG is that it's very insecure

[–] pewgar_seemsimandroid@lemmy.blahaj.zone 2 points 1 year ago (1 children)
[–] anarchopunk_girl@kolektiva.social -1 points 1 year ago (2 children)

@pewgar_seemsimandroid yeah I know. Calyx is focused more on privacy than security though, and overall has a lot of security flaws for a mobile OS. https://madaidans-insecurities.github.io/android.html#unlocking-the-bootloader

it's not for more security than normal android that's graphene os

[–] iliketrains@kbin.social 1 points 1 year ago (1 children)

If in order to achieve security, users have to give up their privacy and freedom, I guess mobile operating systems are behind regular desktop or server oriented operating systems. I mean no matter how secure the operating system is, with bad opsec things can go wrong pretty quickly anyway.

[–] anarchopunk_girl@kolektiva.social 0 points 1 year ago* (last edited 1 year ago)

@iliketrains @jackpot @TexMexBazooka @Blake @peter @seliaste @pewgar_seemsimandroid you don't necessarily have to give up privacy and freedom for security because GrapheneOS does exist, but yeah, it's an awful, sucky choice if you don't have a Pixel phone, and the state of mobile operating systems is indeed atrocious from a freedom and privacy standpoint. But I don't think it's useful to deny the gigantic gaping easily exploitable security holes in LineageOS and CalyxOS just because we want to support privacy and freedom. People need to be able to make an informed choice about what's more important to them. And yes with poor operational security you can end up accidentally getting compromised anyway, but with poor device security it's literally *guaranteed* that nothing you do operational-security wise will protect you from a determined investigation or attack. It's the difference between authorities having to rely on someone happening to make a mistake in how they use Tor or Signal versus being able to just pull their messages from their phone easily through a number of gaping security holes. Everyone will have different threat models and different things they care about, and I'm not saying nobody should use Lineage or Clayx β€” for the average person that isn't doing leftist organizing their threat model is most likely going to be more about corporations hoovering up their data than it is going to be the police or the government, and so even an insecure operating system that is private will be better because insecurity gives the possibility of people getting your data but at least having privacy means that there isn't a *guaranteed* actor that's getting your data, so if you don't have a Pixel they're fine β€” but I don't think we should pretend like lineage OS and calyx Os or even remotely as secure as other mobile operating systems, or that security doesn't matter lmao

[–] amanneedsamaid@sopuli.xyz 3 points 1 year ago

Not the majority, but many people do that.

@Blake @peter with grapheneOS at least you can sandbox them like any other app and reroute e.g. location services requests through the OS's extra secure implementation.

[–] Tyfud@lemmy.one 4 points 1 year ago (1 children)

Microsoft has been contributing a ton to FOSS the last 5 or 6 years.

Their flagship programming language, .net, is fully OSS and runs best on Linux.

[–] 30p87@feddit.de 2 points 1 year ago

To be fair, like no programming language is not 'open source'. A language could only be closed source if there's only one compiler which is closed source. And in contrast to other languages like Python, which has the official interpreter, cython, PyPy, etc., C++, which has GCC, Clang, Mingw, C# only has the official M$ compiler provided by VS or the inofficial Mono. So C# is actually a lot more closed than nearly any other language.

[–] TexMexBazooka@lemm.ee -2 points 1 year ago (1 children)

Google, definitely. Microsoft sliiiightly less so, windows specifically you can turn off most monitoring and telemetry- though it would still violate the 100% FOSS idea since windows is technically proprietary

[–] dan1101@lemm.ee 16 points 1 year ago

With Windows turning off telemetry will be an ongoing battle as updates find new ways to enable shit.

[–] federalreverse@feddit.de 17 points 1 year ago (1 children)

What are you trying to do here?

[–] SpikesOtherDog@ani.social 14 points 1 year ago

There is no problem connecting an iPhone to a PC. Generally, Apple requires iTunes to interact with the device, as they wish to restrict and monitor the way you interact with the device. There used to be a FOSS plugin that worked with Apple on Linux, but it was not stable when I was fighting with it back on the iPhone 5.

[–] Blake 4 points 1 year ago* (last edited 1 year ago)

You don’t even need to do that. You can side-load iOS compatible apps through the web browser. The device needs to either be in developer mode or provisioned with a configuration profile for the app (or app signing key) in question, iirc.

It’s quite a pointless effort, though - using an open source licence and having the source code publicly available is the best you should really try to get for iOS apps. But I’m guessing this is just a theoretical thought experiment.

[–] j4k3@lemmy.world 3 points 1 year ago (1 children)

I don't think anyone can really say, but I'm not an expert on security.

My biggest skepticism is that all phones have untrusted proprietary hardware. Apple does its own thing and usually seems to develop stuff like a full stack. However, I don't think there has ever been a documented cellular modem. I don't trust anything on a PC unless it is running libre boot. Like even UEFI has network access. You likely also have an entire Intel ME operating system or the AMD equivalent running with lower level permissions than root at all times. Maybe if you have an extensive SELinux ruleset you could mitigate any potential.

If your software is signed or has a hash key available, you can use that to verify file status.

I haven't had any issues with AOSP and GrapheneOS, but I go as far as installing a fresh OS on an old laptop, setup a custom network, all just to install chrome and do the easy automated ROM swap to run GrapheneOS. Then I format the drive. It is the only way I care to run regular chrome or connect Google tainted hardware.

[–] Blake 3 points 1 year ago (1 children)

You can install Graphene without Chrome, just so you know - might be worth looking into, since it sounds like you’re taking this stuff seriously - good for you. But yeah, at a certain point, can you trust the Graphene hashes haven’t been altered? You can take it to extremes.

[–] j4k3@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

We all have our thresholds. I use this mostly to learn using the practical application of an example. I do care about my actual workstation and what is on it, mostly for the peace of mind, but also because I might occasionally get pissed off at some piece of shit proprietary hardware, reverse engineer the design with a schematic and upload it with kicad files. That's about the only real reason for me. I also source a lot of sketchy datasheets and old documentation. I care enough to be behind a whitelist fw, which would stop most junk. It's mostly just the principal of ownership. Stalkerware is hacking as privateers with a license from the king of the USA - corporate America.

[–] rikonium@discuss.tchncs.de 1 points 1 year ago

I believe the iPhone uses a basic read-only protocol to access media. (MTP?) You can use iTunes to add files to the iPhone but that's not FOSS. I personally use Photosync, you might like that for wireless photo transfers.