HackerLangs
TopNewTrendsCommentsPastAskShowJobs

lucb1e

no profile record

comments

lucb1e
·23 giorni fa·discuss
Seems unlikely/strange that all these clones would miss this little thing of using the derivative instead of the accelerometer directly so that it 'actually works'

> But the significance during motion sickness is the rate of change of the rate of change. That thing where the vehicle slows down, turns a corner, goes over a bump.

That's the same as being pulled towards the earth at 1 gee. Both are acceleration from the accelerometer's point of view. I'm not sure how to convey this well in text, but maybe try installing a sensor reader (e.g. https://f-droid.org/en/packages/de.rwth_aachen.phyphox/) and looking at how the accelerometer values change when you move it in various ways
lucb1e
·23 giorni fa·discuss
From an accelerometer's point of view, there is no observable difference between standing "still" (on earth's surface, moving some km/s around its axis, which also moves around the sun, which also moves around the milky way, which...) and being in an airplane. Both feel ~9.8m/s/s acceleration in the same direction because both are in a moving reference frame that stands still with respect to the accelerometer. The 'absolute' speed of the airplane (relative to the ground or air) is not something the accelerometer can measure, so it couldn't not work at 'higher rates of speed'. (If I understood your comment correctly!)
lucb1e
·23 giorni fa·discuss
note where I wrote:

> su'ing to the user ID of [another app]

Look, I have root, so you can hack me! And my bootloader is wide open, too! In your words:

> > Root access and an unlocked bootloader are insecure, even for low threat models. These devices are vulnerable and should not be used for any sensitive data.

I'm serious that anyone should feel free to prove the point by sending me a responsible disclosure notice about having found a way in, but the threat clearly isn't serious enough for that to actually be concretely possible. Which is not to say that it's never relevant, but "such a device shouldn't be used" is not valid as a blanket statement
lucb1e
·23 giorni fa·discuss
Sure, we can have different opinions on what makes a useful Linux distribution. Either way, you can't install Ubuntu Touch on just any phone. That Volla supports that alongside their AOSP derivative gives you more options on how to use the device; it's worth pointing out to potential buyers as a bonus on top of running Android only
lucb1e
·23 giorni fa·discuss
Thanks, but there's no way anybody here hasn't already heard all of that. GrapheneOS' statements are inevitably reposted to every thread and subthread that touches on the topic.

Yes, I knew it's in a sandbox at the time of writing my comment above; no, that doesn't make it a privacy paradise compared to microG.

The sandbox still needs internet access for a lot of GMS' functions and lots of apps send information into it. For example, Signal will actively reach out for notification bundling, so Google gets to know who runs Signal, what IP address they're on, with who else they share that address as they go to school and work, build a social graph... So while the sandbox is definitely very useful and I'm glad it exists as open source software that other Android distributions can be inspired by, it doesn't definitively solve fundamental problems with running unwanted software on your device

Do you know what privileged context means? As in, what access this grants concretely? I tried to look it up once, ended up in Android source code trees, and left more confused than I went in. It looked like it gets no extra file access at all, which is strange right? What does privileged mean if not that? I tried su'ing to the user ID of GMS and this confirmed that the GMS user can't access other apps' data folders. So I'm no longer sure what to even make of this wording. Is it maybe about syscall hardening that isn't applied to privileged apps or so, so like exploit protection rather than normal permissions? The benefit of that would be protecting from exploits that Google could send. Do we think they'd legit do that, short of receiving an NSL that compels them?

Rather than running the unwanted proprietary (but necessary) software wholesale and attempt to sandbox it, I'd much rather substitute as much as possible with open code (where we know what it does) and have a much smaller set of proprietary components that need to be kept around in a sandbox and active only when necessary. For example, microG will replace Gmaps with Mapbox, reducing how much data is sent out about you to Google (they don't get to see which city you are probably in while using the map in Too Good To Go, for example).

It seems fairly obvious to me that less data sharing plus less proprietary code (that needs to be sandboxed) is better than letting Google go wild and installing their apps as-is with self-updating functionality (in said sandbox). What threat would sandboxed microG pose that sandboxed GMS doesn't? Is there any logic to GrapheneOS not wanting to build upon microG to get the remaining proprietary parts properly sandboxed, rather than starting over from scratch?
lucb1e
·23 giorni fa·discuss
> Contrary to popular belief

Extraordinary claims require extraordinary evidence. Got any?

The rest of the comment consists of even vaguer statements about how it's better in every way and then (circularly) drawing the conclusion that it's always the right choice because it's better in every way. I have no idea how to respond to these opinions than either writing a book that goes into every subtopic you're touching on, or just concluding "ok that's your opinion". Maybe consider that others may disagree by having different values and priorities than you, and so it's not strictly always the best option
lucb1e
·23 giorni fa·discuss
Somehow that stands in stark contrast with the many Fairphone users that I know use their device for many years. One of them uses it as their primary computing device, not owning something like a laptop because the Ubuntu Touch that runs on it plugs into a screen and keyboard and works like a desktop as well as a phone for them. I don't understand why the derogatory statement about that being e-waste out of the box when it obviously works great, at least for those willing to pay the premium for as-fair-as-they-can-make-it part sourcing
lucb1e
·23 giorni fa·discuss
Privacy is when nobody is looking, whether that's because they cannot look or because there's nobody that looks.

Security is the former: actively denying someone or something the ability to look in a situation where they are trying. GrapheneOS does that by encouraging a locked bootloader (preventing physical attacks) and letting you deny sensor access (preventing malicious apps from accessing unnecessary info), for example. I think we agree so far?

But you can also have privacy by just not installing apps that violate your privacy. Such a device could be as open as any Linux laptop where you log in with root:root. It lets you do whatever you want and access whatever you want. It's yours through and through. That's freedom without security, which may or may not have privacy depending on who you let look: if you leave it unattended at a hacker conference or have sshd with password login enabled, yeah that won't stay private for very long. But that's your choice right? You can just not invite anyone in or, in this example, bring it to someone who would do something malicious

An official GrapheneOS release has a lot of features baked in against actively malicious actors (be it apps or people at border checks), but users need to work within the boundaries and limitations of the sandpit that's provided to them. They're not granted much freedom, and that limits what privacy measures you can enact. Making a backup of /data, modifying firewall or traffic routing rules, signature spoofing to substitute an untrusted app with a trusted implementation, intercepting and faking Android API responses... a lot of things are off-limits: you don't have the freedom to shape the environment to suit your needs, for example to create privacy or security

The axes (privacy, freedom, security) all influence each other, but they are still separate enough that you can have one or two without the other. I can see what you mean if you say that your threat actors are skilled exploit developers and you can't have privacy without also thwarting these constant attempts. (Paranoid as that may sound, I'm sure it's true for some people.) Most people would gain more privacy from doing something about the pervasive adtech than about exploit developers they're not likely to run into. For them, LineageOS could be more private and provide more freedom while being less secure in some ways (e.g. they need to watch out which processes they grant access, for example something claiming to be backup software that turns out to be ransomware) and more secure in others (e.g. data availability by getting to make backups)
lucb1e
·23 giorni fa·discuss
> Grapheneos is fully open source and comes with 0 Google services.

And calls the open source microG a threat while encouraging people to install google mobile services, conveniently provided from their preinstalled app store, which most people will need for at least some of the apps they need in daily life, so everyone ends up with GMS installed in their main profile. A real bastion of freedom and choice.
lucb1e
·23 giorni fa·discuss
> giving out root willy-nilly is not more freedom. It's more like letting your child play on the 5th floor of a half-constructed building that's about to be exploded

I take it you don't use desktop OSes anymore of any kind and call child support whenever you see a parent letting their kid use one? Better protect them from themselves in case they can't handle sudo / UAC prompts and give access (xkcd.com/1200) to the wrong process

This sort of logic really boggles my mind to see on hacker news
lucb1e
·23 giorni fa·discuss
Nah, Android is not a really a proper Linux system that 'supports' Linux software within any reasonable definition of the word; not anymore at least

Root nowadays gets you very little: software like wavemon that worked great on Android 4.4 no longer runs because selinux or whatever restrictions block nearly everything from working that isn't going through the Android API channels. Accessing external storage from Linux Deploy (running your favorite distro in userspace with root) no longer works; thankfully it does from Termux so I have some way of manipulating the files with standard Linux tools, but then that keeps getting killed and you need to restart sshd a few times per day if you want to actually use that as a remote access method for your photos.

The Linux processes are being shot at left and right, it's go android or go bust on android. Perhaps that sounded redundant but it used to be that you could install Xorg, Virtualbox and other GUI software, and knock yourself out. No more
lucb1e
·23 giorni fa·discuss
Oh, one vendor supporting multiple OSes! I hadn't clicked through (https://volla.online/en/operating-systems/), that is neat indeed and quite a unique selling point among mobile vendors

This should have gone in my spreadsheet before I chose a new device xD. Ah well, next time
lucb1e
·24 giorni fa·discuss
> The Pixel 8 Pro has hardware WiFi problems, the 9 and 10 are both minor updates

The prime difference between P8 pro and P9 pro is that the newer one is nearly a usable size (just about fits in a pocket now). The battery also got substantially better in two ways: on mobile data (when you're on someone's WiFi, odds are you're also near a charger) you get 33% longer use time on all variants of the P9 and 55% on the P10 and P10p (9 to 12 and 14 hours, respectively), and hours of use per 30 minutes of charging went up from 4.6 for the P8 to 6.3 for the P9(p) and 6.2 or 7 for the P10 and P10p, respectively

The rest is indeed relatively minor but it's not an unwelcome upgrade. Prices didn't change much when buying second-hand 1.5 years after release, when the newest devices are out and nobody cares about the generation-before-last despite >5 years of updates remaining (plus however long you think it's fine without updates)
lucb1e
·24 giorni fa·discuss
Ah, right I forgot they are discontinuing ChromeOS. Makes sense that current Android releases are focused on getting the Android laptop experience on par

Edit: not discontinued but 'merge with Android' https://en.wikipedia.org/wiki/ChromeOS
lucb1e
·24 giorni fa·discuss
I don't see anything they offer for security that's not also in AOSP/LineageOS/eOS/stock/etc.

Which is not to say that's not enough for most people, but why highlight them? It doesn't seem comparable to the laser-focus GrapheneOS has on security
lucb1e
·24 giorni fa·discuss
Not without root, no
lucb1e
·24 giorni fa·discuss
Hold the phone upside down for extra rollercoaster effect!
lucb1e
·24 giorni fa·discuss
> Probably the lesser known feature because it’s under Accessibility.

First thing I do on a new device is browse accessibility settings. They're among the most useful and I'm always excited for what extra features you can get if you just browse that section

For example turning off animations is somehow an accessibility thing, but it also just makes everything work instantly and you're not having to wait for animations to complete (which in the alarm app triggers a bug where it'll select the wrong hour if you didn't let it finish animating the hour dial before starting on the minute dial). Or finding out during initial browse that it can do autogenerated offline subtitles, that's a useful solution to know about when you want to watch a clip someone sent with relevant audio but can't listen to the audio
lucb1e
·24 giorni fa·discuss
Not sure if the word 'modern' is meant to carry meaning there. Did/do you not get sick in non-modern cars? I could imagine less good soundproofing giving your brain extra clues or so but it seems odd. Are non-cars an issue (bus/train)?
lucb1e
·24 giorni fa·discuss
Only if the other services provide a network proxy right? You'd need to find an exploit in the app otherwise.

Edit: although, I just remembered that it's actually as simple as sending "open this URL" intents to the Android equivalent of sensible-browser, which everyone will have installed. That does rely on users not understanding or caring about what's happening or it only works for the first user