shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

268
active users

#grsecurity

0 posts0 participants0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@anderseknert" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>anderseknert</span></a></span> Everyone who uses <a href="https://infosec.space/tags/AssholeLicensing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AssholeLicensing</span></a> like <a href="https://infosec.space/tags/SSPL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSPL</span></a> or tries to infringe upon users' <a href="https://infosec.space/tags/FLOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FLOSS</span></a> <a href="https://infosec.space/tags/Rights" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rights</span></a> like <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a> &amp; <a href="https://infosec.space/tags/RedHad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedHad</span></a> do should be banned from any professional developments and supply chains as part of the <em><a href="https://infosec.space/tags/RiskAssessment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RiskAssessment</span></a> and <a href="https://infosec.space/tags/RiskAvoidance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RiskAvoidance</span></a></em> in <a href="https://infosec.space/tags/DueDiligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DueDiligence</span></a>.</p><ul><li>Anything else in criminal neglect at this point...</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@prem_k" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>prem_k</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@silentexception" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>silentexception</span></a></span> Well, <a href="https://infosec.space/tags/FLOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FLOSS</span></a> does not require that they need to make it simple for one to do so.</p><p>Both <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a> &amp; <a href="https://infosec.space/tags/RedHad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedHad</span></a> comply to <a href="https://infosec.space/tags/GPLv2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPLv2</span></a> by merely providing <a href="https://infosec.space/tags/paywalled" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>paywalled</span></a> access to their repos.</p><p>They don't need to provide instructions to make reproduceable builds nor documentation nor resources to do so!</p>
Kevin Karhan :verified:Rant re: CCSS vs FLOSS licensing, wishful thinking
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mas.to/@libreleah" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>libreleah</span></a></span> thanks.</p><p>Personally, I think maintainers should <em>choose their license wisely beforehand</em>:</p><ul><li><p>There are reasons why I chose to put some projects <a href="https://github.com/greyhat-academy/lists.d" rel="nofollow noopener" target="_blank">under</a> <a href="https://infosec.space/tags/CCBYNCSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CCBYNCSA</span></a>, <a href="https://github.com/kbtechnologies/nucbook" rel="nofollow noopener" target="_blank">some</a> <a href="https://infosec.space/tags/GPLv3" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPLv3</span></a> and <a href="https://github.com/OS-1337/OS1337" rel="nofollow noopener" target="_blank">some</a> <a href="https://infosec.space/tags/0BSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>0BSD</span></a>.</p></li><li><p>In some cases I did fork stuff under <a href="https://infosec.space/tags/MIT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MIT</span></a> which I'd not change the license of - even if it <em>would be compatible</em> - because I <a href="https://github.com/OS-1337/mlb" rel="nofollow noopener" target="_blank">literally changed nothing in terms of code</a> and also didn't see <em>any</em> advantage in doing so to begin with.</p></li></ul><p>Espechally in the case of <a href="https://infosec.space/tags/DuckStation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DuckStation</span></a> this is bad because we ain't talking about the whole <a href="https://infosec.space/tags/GPLv2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPLv2</span></a>-only vs. GPLv3+ drama or <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a> <a href="https://infosec.space/tags/paywalling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>paywalling</span></a> (which is <a href="https://www.youtube.com/watch?v=cXLFXV6zIyk" rel="nofollow noopener" target="_blank">an <em>asshole move</em> but legal</a> )...</p><ul><li>Maybe the dev(s) - <a href="https://www.youtube.com/watch?v=Oj9Vl-Bteq8" rel="nofollow noopener" target="_blank">unlike</a> <a href="https://infosec.space/tags/Capcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Capcom</span></a> - weren't fully aware of this issue, but even big Companies (i.e. <a href="https://infosec.space/tags/AVM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AVM</span></a>) got forced into compliance...</li></ul><p>Lets just hope a <em>friendly</em> (!!!) reminder makes them realize, apologize and undo the change...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@carlwgeorge" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>carlwgeorge</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.bsd.cafe/@vermaden" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>vermaden</span></a></span> <span class="h-card" translate="no"><a href="https://fosstodon.org/@samurro" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>samurro</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.bsd.cafe/@tara" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tara</span></a></span> <span class="h-card" translate="no"><a href="https://linuxmom.net/@vkc" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>vkc</span></a></span> <span class="h-card" translate="no"><a href="https://mstdn.social/@BrodieOnLinux" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BrodieOnLinux</span></a></span> </p><p>OFC, <a href="https://infosec.space/tags/RedHat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedHat</span></a> - like <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a> - is legally in the position to <a href="https://infosec.space/tags/paywall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>paywall</span></a> the <a href="https://infosec.space/tags/SourceCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SourceCode</span></a> access to paying customers only.</p><ul><li>That doesn't mean it's a good idea either way...</li></ul><p>And they <a href="https://www.youtube.com/watch?v=p6wP-6-2XwA&amp;t=9m54s" rel="nofollow noopener" target="_blank">decided</a> to kill <a href="https://infosec.space/tags/CentOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CentOS</span></a>, because they don't understand that to make people and orgs buy <a href="https://infosec.space/tags/RHEL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RHEL</span></a> subscriptions, they've to provide <em>value</em> with those subscriptions, and many people decided that their offer isn't what they are able and/or willing to take.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://fedi.getimiskon.xyz/users/getimiskon" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>getimiskon</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@catsalad" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>catsalad</span></a></span> <span class="h-card" translate="no"><a href="https://lgbtqia.space/@alexadeswift" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>alexadeswift</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@brouhaha" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>brouhaha</span></a></span> yeah, <a href="https://infosec.space/tags/SubgraphOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SubgraphOS</span></a> got killed by <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a> being assholes and <a href="https://infosec.space/tags/paywalling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>paywalling</span></a> access to their suite!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.treehouse.systems/@marcan" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>marcan</span></a></span> <span class="h-card" translate="no"><a href="https://oxytodon.com/@fuchsiii" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>fuchsiii</span></a></span> kinda gives me <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a> &amp; <a href="https://infosec.space/tags/RHEL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RHEL</span></a> - flashbacks:<br>cuz <a href="https://infosec.space/tags/paywalling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>paywalling</span></a> <a href="https://infosec.space/tags/SourcecodeAccess" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SourcecodeAccess</span></a> to paying <a href="https://infosec.space/tags/subscribers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>subscribers</span></a> and penalizing them aka. firing them as clients for exercising their right to share/modify/redistribute the <a href="https://infosec.space/tags/SourceCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SourceCode</span></a> is inherently an asshole move but apparently legal.</p><ul><li>Since <a href="https://infosec.space/tags/BrucePerens" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BrucePerens</span></a> failed to sue <a href="https://infosec.space/tags/grsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsec</span></a> into not doing that and <a href="https://infosec.space/tags/IBM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IBM</span></a> took notice when they bought <a href="https://infosec.space/tags/RedHat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedHat</span></a>.</li></ul> <p>Not shure if a <a href="https://infosec.space/tags/license" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>license</span></a> that governs things beyond the useage rights of a <a href="https://infosec.space/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Software</span></a> is even legally enforceable in Germany amd many other juristictions... </p><ul><li>I'd certainly rather blow €€€€ on a lawyer instead of playing <em>"<a href="https://infosec.space/tags/FuckAroundAndFindOit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FuckAroundAndFindOit</span></a>"</em> and facing insolvency-inducing <em>"cease and decist letters"</em> from competitiors by having flatout-illegal terms...</li></ul><p><a href="https://infosec.space/tags/WhatYouAllowIsWhatWillContinue" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WhatYouAllowIsWhatWillContinue</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.de/@the_moep" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>the_moep</span></a></span> Again: I've not tested / used / installed it <em>yet</em> so I can't formulate an educated opinion beyond: <em>"Will keep it in mind as an option"</em> ...</p><ul><li>I don't want to discount it, I'm just very wary of recommendations, as those have backfired on me, with <a href="https://infosec.space/tags/PorteusKiosk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PorteusKiosk</span></a> currently sadly <em>"<a href="https://infosec.space/tags/Enshittifying" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Enshittifying</span></a>"</em> in a <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a> /#RedHat - Style by subsequently <a href="https://infosec.space/tags/paywalling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>paywalling</span></a> even the most basic functionality and me having just gotten confirmation that basic functions like <em>"<a href="https://infosec.space/tags/diskless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>diskless</span></a> clients"</em> have been silently axed.</li></ul>
Kevin Karhan :verified:<p>Sadly the <a href="https://infosec.space/tags/paywalling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>paywalling</span></a> of <a href="https://infosec.space/tags/grsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsec</span></a> / <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a> also killed more <a href="https://infosec.space/tags/downstream" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>downstream</span></a> projects like <a href="https://web.archive.org/web/20191230091137/https://en.wikipedia.org/wiki/Tor-ramdisk" rel="nofollow noopener" target="_blank">tor-ramdisk</a> which was a minimalist <a href="https://infosec.space/tags/busybox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>busybox</span></a> / <a href="https://infosec.space/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://infosec.space/tags/distro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>distro</span></a> <a href="https://blogs.gentoo.org/blueness/2014/05/23/tor-ramdisk-a-tiny-embedded-image-to-host-a-tor-relay-or-exit/" rel="nofollow noopener" target="_blank">designed</a> to host <a href="https://infosec.space/tags/OnionServices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionServices</span></a>. It was <a href="https://tor-talk.torproject.narkive.com/jgOoi0bN/tor-ramdisk-20160810-released" rel="nofollow noopener" target="_blank">pretty nifty</a> and the <a href="https://infosec.space/tags/SourceCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SourceCode</span></a> is <a href="https://gitlab.torproject.org/legacy/gitolite/tor-ramdisk/" rel="nofollow noopener" target="_blank">still</a> <a href="https://web.archive.org/web/20200329155520/https://gitweb.torproject.org/tor-ramdisk.git" rel="nofollow noopener" target="_blank">online</a> and hosted by <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> on their <a href="https://infosec.space/tags/gitlab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gitlab</span></a>, abeit seemingly abandoned since 2018...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://musician.social/@soulexpress" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>soulexpress</span></a></span> <em>nodds in agreement</em> </p><ul><li>EVERY SINGLE ONE OF THEM!</li></ul><p>Like there's a reason I only got a copy of <a href="https://infosec.space/tags/SubgraphOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SubgraphOS</span></a> as <em>non-public alpha</em> under the precondition to <em>not redistribute</em> and was allowed to <a href="https://www.youtube.com/watch?v=AAdzyCQdxvE" rel="nofollow noopener" target="_blank">preview it</a> because that thing was unstable and had a lot of <em>known issues</em> the devs were working on to get fixed.</p><ul><li>It's not as if they weren't aware of those, but they also didn't want <em>"<a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterates</span></a>"</em> using it with a false belief in it being ready to use and trust in.</li></ul><p>Not shure how <a href="https://infosec.space/tags/Subgraph" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Subgraph</span></a> evolved after <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a> decided to <a href="https://infosec.space/tags/paywall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>paywall</span></a> access to the <a href="https://infosec.space/tags/sourcecodes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sourcecodes</span></a> of said <a href="https://infosec.space/tags/patches" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>patches</span></a> and <a href="https://infosec.space/tags/tools" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tools</span></a> cuz those were used in said distro as a means to harden it.</p><ul><li>But then again the <a href="https://infosec.space/tags/grsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsec</span></a> devs seem to be so toxic, their entire Wikipedia Article got nuked and only an old <a href="https://web.archive.org/web/20200201055409/https://en.wikipedia.org/wiki/grsecurity" rel="nofollow noopener" target="_blank">archive version</a> exists.</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.fbxl.net/users/Hyolobrika" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Hyolobrika</span></a></span> my guess is that <span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GrapheneOS</span></a></span> is hell-bent on perfection or not bothering at all.</p><p>Kinda like saying <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> is shit because there is no distro paying for <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a> and thus only <a href="https://infosec.space/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenBSD</span></a> qualifies for them in terms of <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>.</p><p>There are <em>"compromises"</em> and <em>compromises</em>: <a href="https://infosec.space/tags/GrapheneOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GrapheneOS</span></a> would <a href="https://grapheneos.social/@GrapheneOS/112882867425207102" rel="nofollow noopener" target="_blank">rather mothball than back down</a> and that's their right as a project...</p><p>I just think that keeps their adoption rate artificially low so <a href="https://infosec.space/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> can shaft them and not face much Backclash...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.fbxl.net/users/Hyolobrika" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Hyolobrika</span></a></span> <span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GrapheneOS</span></a></span> </p><p><em>EXACTLY THAT!</em></p><p>I get <em>why</em> but <a href="https://grapheneos.social/@GrapheneOS/112882867425207102" rel="nofollow noopener" target="_blank">the nonchalant attitude</a> reminds me of <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a> and deciding to rather cancel that budge makes it a huge risk I'd not consider investing time, blood, sweat and tears into.</p><p>I think this rather sends the wrong signals and letting <a href="https://infosec.space/tags/GAFAMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GAFAMs</span></a> and <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a> - <a href="https://infosec.space/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoor</span></a> integrators win.</p><p>Ideally we'd see <span class="h-card" translate="no"><a href="https://fosstodon.org/@PINE64" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>PINE64</span></a></span> , <span class="h-card" translate="no"><a href="https://mastodon.social/@olimex" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>olimex</span></a></span> , <a href="https://infosec.space/tags/Fairphone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fairphone</span></a> and <span class="h-card" translate="no"><a href="https://fosstodon.org/@frameworkcomputer" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>frameworkcomputer</span></a></span> look at <a href="https://infosec.space/tags/GrapheneOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GrapheneOS</span></a> and decide to make <a href="https://infosec.space/tags/secure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secure</span></a> &amp; <a href="https://infosec.space/tags/repairable" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>repairable</span></a> devices!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GrapheneOS</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@matchboxbananasynergy" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>matchboxbananasynergy</span></a></span> And I guess noone has even dared to make a <a href="https://infosec.space/tags/DevBoard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevBoard</span></a> or <a href="https://infosec.space/tags/DevKit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevKit</span></a> that does supoort <a href="https://infosec.space/tags/GrapheneOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GrapheneOS</span></a> and isn't a disassembled <a href="https://infosec.space/tags/GooglePixel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GooglePixel</span></a>...</p><p>Maybe <span class="h-card" translate="no"><a href="https://mastodon.social/@olimex" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>olimex</span></a></span> or <span class="h-card" translate="no"><a href="https://fosstodon.org/@PINE64" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>PINE64</span></a></span> may be interested?</p><p>I mean I wished for better support of GrapheneOS, and I guess similar to <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a>, these hardening features are all intertwined and not optionalities one can choose to add or remove on a whim at build time...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GrapheneOS</span></a></span> I guess you gotta have to go like <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a> and maintain your own <a href="https://infosec.space/tags/fork" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fork</span></a> of <a href="https://infosec.space/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a>?</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://equestria.social/@SweetAIBelle" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>SweetAIBelle</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.space/@OS1337" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>OS1337</span></a></span> shure.</p><p>I'm convinced that a fully-fledged image of that would be similar to <a href="https://infosec.space/tags/toybox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>toybox</span></a>'s <a href="https://infosec.space/tags/mkroot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mkroot</span></a>, which is <span class="h-card" translate="no"><a href="https://mstdn.jp/@landley" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>landley</span></a></span> 's reference implementation for a toxbox + <a href="https://infosec.space/tags/musl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>musl</span></a> / <a href="https://infosec.space/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> system.</p><ul><li>Last time I checked it came out just below 4 MB, but that was the premade image using only the stuff <a href="https://youtu.be/MkJkyMuBm3g" rel="nofollow noopener" target="_blank">toybox included</a> [and linux &amp; being statically compiled against musl] like <a href="https://infosec.space/tags/gzip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gzip</span></a> instead of <a href="https://infosec.space/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>xz</span></a> for compression, so there already is room to shave a few hundred kB without reducing functionality out of the get-go as I've seen with my build tests of <a href="https://infosec.space/tags/kernel666" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kernel666</span></a>...</li></ul><p>Either way, we're close to <a href="https://youtu.be/cz6iGrhnMKs" rel="nofollow noopener" target="_blank">his reference matterial</a> AFAICT and I do think that OS/1337 can become a good and solid foundation for <a href="https://infosec.space/tags/minimalist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>minimalist</span></a> &amp; <a href="https://infosec.space/tags/embedded" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>embedded</span></a> systems.</p> <p>For comparison:</p><ul><li><p><a href="https://infosec.space/tags/YoctoLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YoctoLinux</span></a> is <a href="https://www.yoctoproject.org/" rel="nofollow noopener" target="_blank">quite</a> <a href="https://infosec.space/tags/THICC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>THICC</span></a> in comparison (using LSB &amp; <a href="https://infosec.space/tags/GNUtils" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GNUtils</span></a> for the most part!) and stuff like <a href="https://infosec.space/tags/OpenADK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenADK</span></a> seems to be overly complex...</p><ul><li>tho <a href="https://infosec.space/tags/Viprinet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Viprinet</span></a> <a href="https://www.viprinet.com/en/support/downloads#viprinux" rel="nofollow noopener" target="_blank">hasn't updated their stuff in like 8 years</a> and I sincerely hope that's just them loginwalling access to <a href="https://infosec.space/tags/SourceCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SourceCode</span></a> like <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a> to paying customers only and not them such old Kernels.</li></ul></li></ul> <p>Speaking of <a href="https://infosec.space/tags/grsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsec</span></a>, I wounder if Bruce Perens actually sued them for <em>allegedly violating <a href="https://infosec.space/tags/GPLv2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPLv2</span></a></em> when in fact said license allows <a href="https://infosec.space/tags/paywalling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>paywalling</span></a> aka. restricting access to buyers of the product it contains.</p><p><a href="https://infosec.space/tags/OS1337" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OS1337</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.treehouse.systems/@ariadne" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ariadne</span></a></span> I prefer <a href="https://infosec.space/tags/design" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>design</span></a>-based approaches than <a href="https://infosec.space/tags/afterthoughts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>afterthoughts</span></a>!</p><p>Sadly <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a> did kneecap themselves by <a href="https://infosec.space/tags/paywalling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>paywalling</span></a> their shite!</p>
OS/1337<p>Interestingly, all the people that say "<a href="https://infosec.space/tags/Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Copilot</span></a> is violating my <a href="https://infosec.space/tags/Copyright" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Copyright</span></a>!" and fanboy <a href="https://infosec.space/tags/BusyBox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BusyBox</span></a>'s hamfisted approach to <a href="https://infosec.space/tags/GPLv2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPLv2</span></a> enforcement are really quiet when it comes to enforcing <a href="https://infosec.space/tags/GPLv2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPLv2</span></a> against <a href="https://infosec.space/tags/RedHat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedHat</span></a> or <a href="https://infosec.space/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a>... </p><p><a href="https://infosec.space/tags/NotLegalAdvice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NotLegalAdvice</span></a> but maybe it's because only those that bought the final product are entitled to the <a href="https://infosec.space/tags/SourceCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SourceCode</span></a> and <a href="https://infosec.space/tags/learning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>learning</span></a> isn't <a href="https://infosec.space/tags/CopyrightInfringement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CopyrightInfringement</span></a> because otherwise we'd all be lifelong <a href="https://infosec.space/tags/DebtPeons" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DebtPeons</span></a> to <a href="https://infosec.space/tags/Schoolbook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Schoolbook</span></a>- &amp; <a href="https://infosec.space/tags/Textbook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Textbook</span></a> <a href="https://infosec.space/tags/authors" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authors</span></a> or rather their Copyright-holding <a href="https://infosec.space/tags/publishers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>publishers</span></a>! </p><p><a href="https://felixreda.eu/2021/07/github-copilot-is-not-infringing-your-copyright/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">felixreda.eu/2021/07/github-co</span><span class="invisible">pilot-is-not-infringing-your-copyright/</span></a></p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://mstdn.social/@msw" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>msw</span></a></span> login- &amp; paywalling sourcecode access may nit strictly be legal.</p><p>Sadly noone sued <a href="https://mstdn.social/tags/grsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grsecurity</span></a> and other serial violators into compliance.</p>