henfredemars

joined 1 year ago
[–] henfredemars@lemdro.id 1 points 1 year ago

Good news; a true necessity if eSIM is to be consumer friendly.

[–] henfredemars@lemdro.id 3 points 1 year ago* (last edited 1 year ago)

A smartphone is the ultimate, single-user personal computer. Choosing a device is too intimate for me to use any sort of tabular comparison tool. The device needs to be right for me qualitatively also.

I strongly recommend picking a handful of devices and getting a variety of opinions from reviewers. Then, weigh those opinions against what features are most important to you.

If this is your main computer which most likely it is for most people, it's worthwhile to spend some time on selection.

[–] henfredemars@lemdro.id 7 points 1 year ago

People get so hostile over such things. I have an iPhone for business. I have a Pixel for my personal use. They're alright. It depends on what you need. Still a smartphone enthusiast.

[–] henfredemars@lemdro.id 3 points 1 year ago

There's a lot of inertia to overcome here. There's advice online everywhere that Android may not the best platform for tablets. As someone who loved the Nexus 7, until you have a large user base that's using the tablets, it's a tougher sell to developers and to users especially that iPads are cheaper now than they have been in the past.

It's an uphill battle. Google has to pay those taxes for doing such a terrible job of getting into the tablet as its own related but different market from mobile.

[–] henfredemars@lemdro.id 11 points 1 year ago (4 children)

Is this basically Ubuntu?

They do intentionally hold back packages based on a random value to do gradual rollouts. See below:

https://askubuntu.com/questions/1431940/what-are-phased-updates-and-why-does-ubuntu-use-them

Could this be your issue?

[–] henfredemars@lemdro.id 1 points 1 year ago

The baseband firmware is not so privileged anymore. Most new phones, like the Google Pixel 7, have IOMMU to force the baseband to communicate through a very restricted interface to the kernel. Certainly, you can interfere with texts and calls, but a baseband RCE doesn't yet compromise the data stored on the phone by itself--not to diminish the seriousness or to suggest that we shouldn't patch such an exploit immediately.

RCE, the "remote" aspect, in the operating system? So directly in the kernel and accessible remotely, such as through the networking code? I'm curious now. Most of the ones I've seen are in some other component that is sandboxed. True system-level privilege RCEs seem to be relatively rare. Usually, you get RCE, then you need privilege escalation to do something especially interesting.

Indeed; I'm sometimes able to leverage even a few bits of memory corruption into execution in many cases, though the hardened allocator in Android makes this a serious PITA to arrange to overwrite something useful.

[–] henfredemars@lemdro.id 4 points 1 year ago

Mom said it's my turn to post it!

[–] henfredemars@lemdro.id 1 points 1 year ago (2 children)

True that many potential RCEs are found, but I think there are a few points to keep in mind.

  • RCE classification is often conservatively assumed when it is theoretically possible even if it is not been demonstrated. Android bulletins appear to assume any memory corruption could be an RCE.
  • Remote code is no longer sufficient for privileged control. Next, you have to use it to break out of a restrictive sandbox for whatever service or application you have compromised.
[–] henfredemars@lemdro.id 4 points 1 year ago (1 children)

To expand on this, most vulnerabilities that require the vendor to actually participate by providing security updates are specific to your hardware configuration. These kinds of vulnerabilities are less attractive to most attackers because of their specificity. Attackers would much prefer to have a vulnerability that applies to many different victims, not just a specific kind. Android has gone to great lengths to update these commonly targeted components regardless of your vendor support status. Unless you believe you would be specifically targeted, the risk is fairly low.

I'm not sure it's fair to put iPhone down. They do take security very seriously, especially physical security with their formally verified bootloader. Not seeking a flame war. I just didn't think it was accurate. Are we so sure they don't have individuals focused on iPhone security at Apple? Compromised devices impact their brand image while the same bugs can be used for jailbreaking. I'm sure it's very important. I interviewed with a team up there that I believe specialized in just that. Just recently Apple implemented an emergency security patching system for their devices to get security updates out even faster.

Full disclaimer: I use both devices for software development. I have no special preference.

[–] henfredemars@lemdro.id 4 points 1 year ago

Oh, my heart. I remember messaging my now wife with one on Skype. It was so laggy because my phone was super budget but I was amazed what I could do nonetheless.

I can still feel the plastic texture and the delayed vibration following a half second later.

[–] henfredemars@lemdro.id 2 points 1 year ago

You might be surprised. My father uses a device about that age, but it's a Facebook machine and phone call device. It's fine for the use case if you're not the type to place valuable information on your phone anyways.

[–] henfredemars@lemdro.id 2 points 1 year ago

I think this is because now the consumer knows what he or she wants. It's hard to build a mobile UI without expectations of consistency.

Back then, Android was more marching to the beat of its own drummer as it were and more dramatically crafting its design language, its visual identify.

 

Now for something a little more silly by Viva Reverie. Post 9/? of my favorite MLP links.

 

Recent artwork from Derpibooru.org that I liked: Flutgirshy and Nintendo DS. I never actually owned one of these, but I was often able to borrow one.

Suddenly one of my favorite MLP links 8/?.

 

Hello again! Time for the next post of my favorite MLP links 7/?. This link is to a flash game stored at Archive.org; finally not posting a video! This was a landmark flash game telling a story that's best experienced rather than told. The whole game is very short but definitely worth it.

Content Trigger Warnings: Jump scares, horror, murder/crime investigation, loud noises.

It's a short game with non-graphic (IMHO, fantasy violence at best) horror content where the main character Apple Bloom makes a harrowing discovery. Note that the content in the game changes by the time of day and creepier content is supposed to be available after 3am, but I have never tested this.

The game runs (barely) in the Ruffle in-browser flash emulator. I had to reload the page a few times to get it to actually run without crashing.

 

I'm confused about where my content is stored and therefore when to apply the rules of my instance. Let's say for example that an instance says that NSFW is strictly forbidden. Which of the following is permitted then?

  • Can I subscribe to NSFW communities? Doesn't this make their server pull the content?
  • Can I post NSFW content on communities hosted elsewhere? Does this cause their server to host the NSFW content? It looks like images I upload are stored on the local instance.
  • Is a private message stored on the instance and subject to the rules? Do we have to follow the current instance, the remote instance, or both during the conversation?

I've been assuming that it only applies to local community content, but I'm not so sure if that's correct because I depend on the instance to provide all the content (I think).

 
 

I don't think any listing of great MLP links would be complete without something from TJ Pones and his unique, minimal art style and silly content.

Viewers: Please be aware that not all content on the creator's channel is SFW.

This is post 6/? of my favorite MLP-relevant links, posted once daily or less frequently. It seems that most of them are videos.

3
submitted 1 year ago* (last edited 1 year ago) by henfredemars@lemdro.id to c/mylittlepony@lemmy.world
 

And we're back! Last night was a doozy for sure with the whole exploit thing going on at lemmy.world. In fact, I'm here @lemdro.id because I'd rather stay off the big instances, and my previous infosec.pub is seeing some connectivity problems. Rather than wait, I decided to embrace the plurality of the fediverse and here I am!

If you really care to check who I am (you don't) you can see my main account linked from my profile, and on that page it lists this as one of my accounts as well as the previous account, proving that they're all connected.

Post 5/?, a fun, super short clip from Cosmia's Stash, a reposter of Bilibili "Chinese YouTube" popular MLP clips. Hope you enjoy!

view more: next ›