The real deal y0

  • 0 Posts
  • 61 Comments
Joined 1 year ago
cake
Cake day: July 16th, 2023

help-circle
  • Pre-locked bootloader times ive had multiple android devices be passed to me that were malware infected that changed the rom in a way that even a factory reset would not remove the malware. Locked bootloaders made it so the rom needed to be signed and unaltered on boot, fixing this. Root access also means apps can use and access api’s in android that it normally cant, changing settings and things inside android it shouldnt. What do you think happens when malware comes in? :p

    Imo, i agree what you said. bootloaders should remain locked but you should be able to somehow, in the bootloader, be able to add the os’ signature/keys to the bootloader’s trusted stuff like how secure boot on a pc keeps os signing keys and verification stuff inside the tpm.

    This way you can install lineage os for example, tell bootloader to trust it, and lock bootloader again so nothing can be changed anymore.
    I wouldnt take this from user input, as that is controlable by malware, but rather come from the OS itself. Maybe even during installation, idk


  • This is a very complex topic that is very hard to draw the line on.
    As a technical person who follows hacking and security news i can understand google introduced the api and warnings, as phones are getting hacked and unlocked bootloader or root can be abused to keep your malware going, and has been abused in the past.

    But as a user of fairphone/lineageOS, who tells google, apple, meta, … all of them to fuck off when i can, this scares me. The lockdown of devices can and is going too far. Hell, i even consider samsung’s android ui changes to be going too far, as it changes a shit ton of stuff and really is not a stock android experience. It locks users in their environment…



  • Not saying youre wrong, but you took the wrong project as an example hehe.
    Visual code is not open source. Its core is, but visual code isnt. The difference is what visual code ships with, on top of its core.
    Its like saying chrome == chromium ( it isnt ).

    Visual code comes with a lot of features, addins and other stuff that isnt in the core.
    .net debugger for example, is not found in vscodium ( build of the vscode core ). And there is more stuff i cant think of now but have come across. Source: been using vscodium for a few months instead of vscode



  • Thats just dual booting. That wont work with the law if the contract says anything created using company hardware is theirs.
    And yes, some companies need to give you a green light to work on projects in your free time, because they might have a team doing similar things somewhere, it might compete in something they would like to do in the future or like you said, might use company know how which is a huge nono. Its bs imo, but those clauses and rules are found in some employment agreements.
    Remember, always read your employment agreements!



  • And not every team is allowed to do that.
    Also, youre telling somebody who has worked with big companies not allowing it in their employer contract that he is lying? Riiiight…
    A lot of google devs also are not allowed to do any linux work outside of work without explicit permissions because of all the internal docs, teams and other work being done on linux from within google. Development rights is an absolute mess, legally.
    I usually dont care and do what is right, despite what my emploter contract says, but i have gotten in trouble for it


  • I agree they should have sent a patch to the grub source, but keep in mind big software companies like microsoft, Verizon, … do not normally allow their product teams to send a patch or PR to open source projects. This is because in their contract it states that all code written on and during company times is owned by the company. This means that it is impossible for them to make a patch or PR because it would conflict with the projects licence and fact its open source.
    This changes when the team explicitly works on the foss product/project like the ms wsl team or the team working on linux supporting azure hardware, but that is an exception. I do not believe the microsoft kernel/bootloader team is allowed to send patches to grub.

    Its a terrible thing, and it shouldnt be, but thats the fact of the world atm.








  • Thats interresting, thanks! Stuff for me to look into!
    I also think halfway through the conversation i might have given the impression i was talking about pointers, while it was not my intention to do so. That said, the readonly/mutable reference thing is very interresting!
    Ill look into what rust does/has that is like the following psuedocode :

    DataBaseUser variable1 = GetDataBaseUser(20);
    userService.Users.Add(variable1);
    variable1 = null; // or free?
    [end of function scope here, reference to heap now in list ]



  • Thanks for the response. Ive heard of rust’s compiler being very smart and checking a ton of stuff. Its good thing it does, but i feel like there are things that can cause this issues rust cant catch. Cant put my finger on it.
    What would rust do if you have a class A create something on the heap, and it passes this variable ( by ref ? ) to class B, which saves the value into a private variable in class B. Class A gets out of scope, and would be cleaned up. What it put on the heap would be cleaned up, but class B still has a reference(?) to the value on the heap, no? How would rust handle such a case?