Update back-end code to new 100-120 column coding style.

2022-12-09 14:19:55 +00:00 · 2022-12-09 14:19:55 +00:00 · 6b85ffa35c
commit 6b85ffa35c
parent bb5c4f13d4
1 changed files with 75 additions and 99 deletions
--- a/blog/foss-is-working-against-itself.html
+++ b/blog/foss-is-working-against-itself.html
@ -5,7 +5,7 @@
 <!-- Copyright 2022 Inference -->
 <!-- License: BSD 3-Clause Clear (with personal content exception) -->
-<!-- 0.2.1.3 -->
+<!-- 0.2.2.4 -->
 <html>
@ -38,12 +38,10 @@
 <br>
 <h4>Introduction</h4>
-<p>The world has become a dangerous, privacy invading, human rights stripping,
+<p>The world has become a dangerous, privacy invading, human rights stripping, totalitarian place;
-totalitarian place; in order to combat this, people are joining a growing,
+in order to combat this, people are joining a growing, and dangerous, trend, which I will refer to
-and dangerous, trend, which I will refer to in this post as the "Free and
+in this post as the "Free and Open Source (FOSS) movement". With that stated, I will now debunk the
-Open Source (FOSS) movement".
+misinformation being spread inside of this extremely flawed movement.</p>
 With that stated, I will now debunk the misinformation being spread inside
 of this extremely flawed movement.</p>
 <br>
 <p>The
 <a class="body-link" href="https://en.wikipedia.org/wiki/Free_software"
@ -51,140 +49,118 @@ of this extremely flawed movement.</p>
 <a class="body-link" href="https://en.wikipedia.org/wiki/Privacy"
 >privacy</a> and
 <a class="body-link" href="https://en.wikipedia.org/wiki/Control_(psychology)"
->control</a> over our devices and data, but the entire concept of FOSS-only, at
+>control</a> over our devices and data, but the entire concept of FOSS-only, at the current time, is
-the current time, is severely, and dangerously, flawed. What the FOSS community
+severely, and dangerously, flawed. What the FOSS community does not seem to understand is the fact
-does not seem to understand is the fact that most FOSS software cares not about
+that most FOSS software cares not about
 <a class="body-link" href="https://en.wikipedia.org/wiki/Security"
 >security</a>.
-"Security"; keep that word in mind as you progress through this article.
+"Security"; keep that word in mind as you progress through this article. What is security? Security
-What is security? Security is being safe and secure from adversaries and
+is being safe and secure from adversaries and unwanted consequences; security protects our rights
-unwanted consequences; security protects our rights and allows us to
+and allows us to protect ourselves. Without security, we have no protection, and without protection,
-protect ourselves. Without security, we have no protection, and without
+we have a lack of certainty of everything else, including privacy and control, which is what the
-protection, we have a lack of certainty of everything else, including
+FOSS movement is seeking.</p>
 privacy and control, which is what the FOSS movement is seeking.</p>
 <br>
-<p>FOSS projects rarely take security into account; they simply look at the
+<p>FOSS projects rarely take security into account; they simply look at the surface level, rather
-surface level, rather than the actual
+than the actual
 <a class="body-link" href="https://en.wikipedia.org/wiki/Root_cause_analysis"
->root cause</a> of the issues they are
+>root cause</a> of the issues they are attempting to fight against. In this case, the focus is on
-attempting to fight against. In this case, the focus is on privacy and
+privacy and control. Without security mechanisms to protect the privacy features and the ability to
-control. Without security mechanisms to protect the privacy features and
+control your devices and data, it can be stripped away as if it never existed in the first place,
-the ability to control your devices and data, it can be stripped away as
+which, inevitably, leads us back to the beginning, and the cycle repeats. With this
 if it never existed in the first place, which, inevitably, leads us back to
 the beginning, and the cycle repeats. With this
 <a class="body-link" href="https://en.wikipedia.org/wiki/Ideology"
->ideology</a>, privacy and
+>ideology</a>, privacy and control will *never* be achieved. There is no foundation to build privacy
-control will *never* be achieved. There is no foundation to build privacy
+or control upon. It is impossible to build a solid, freedom respecting platform on this model.</p>
 or control upon. It is impossible to build a solid, freedom respecting
 platform on this model.</p>
 <br>
 <h4>Example: Smartphones</h4>
 <p>A FOSS phone, especially so-called
 <a class="body-link" href="https://en.wikipedia.org/wiki/Linux_for_mobile_devices#Smartphones"
 >"Linux phones"</a> are completely
-detrimental to privacy and control, because they do not have the security
+detrimental to privacy and control, because they do not have the security necessary to enforce that
-necessary to enforce that privacy.
+privacy.
 <a class="body-link" href="https://en.wikipedia.org/wiki/Bootloader_unlocking"
->Unlocked bootloaders</a> prevent the device
+>Unlocked bootloaders</a> prevent the device from
 from
 <a class="body-link" href="https://source.android.com/docs/security/features/verifiedboot/"
->verifying the integrity of the boot chain</a>, including the OS, meaning
+>verifying the integrity of the boot chain</a>, including the OS, meaning any adversary, whether a
-any adversary, whether a stranger who happens to pick up the device, or
+stranger who happens to pick up the device, or a big tech or government entity, can simply inject
-a big tech or government entity, can simply inject malicious code into
+malicious code into your software and you wouldn't have any idea it was there. If that's not enough
-your software and you wouldn't have any idea it was there. If that's not
+of a backdoor for you to reconsider your position, how about the trivial
 enough of a backdoor for you to reconsider your position, how about the
 trivial
 <a class="body-link" href="https://en.wikipedia.org/wiki/Evil_maid_attack"
->evil maid</a> and data extraction attacks which could be executed on
+>evil maid</a> and data extraction attacks which could be executed on your device, without coercion?
-your device, without coercion? With Android phones, this is
+With Android phones, this is bad enough to completely break the privacy and control the FOSS
-bad enough to completely break the privacy and control the FOSS movement
+movement seeks, but "Linux phones" take it a step further by implementing barely any security, if
-seeks, but "Linux phones" take it a step further by implementing barely any
+any at all.
 security, if any at all.
 <a class="body-link" href="https://en.wikipedia.org/wiki/Privilege_escalation"
->Privilege escalation</a> is trivial to achieve on any
+>Privilege escalation</a> is trivial to achieve on any Linux system, which is the reason Linux
 Linux system, which is the reason Linux
 <a class="body-link" href="https://en.wikipedia.org/wiki/Hardening_(computing)"
->hardening</a> strategies often include
+>hardening</a> strategies often include restricting access to the root account; if you
 restricting access to the root account; if you
 <a class="body-link" href="https://en.wikipedia.org/wiki/Rooting_(Android)"
->root your Android phone</a>, or
+>root your Android phone</a>, or use a "Linux phone", you've already destroyed the security model,
-use a "Linux phone", you've already destroyed the security model, and thus
+and thus privacy and control model you were attempting to achieve. Not only are these side effects
-privacy and control model you were attempting to achieve. Not only are
+of FOSS, so is the absolutely illogical restriction of not being able to, or making it unnecessarily
-these side effects of FOSS, so is the absolutely illogical restriction of
+difficult to, install and update critical components of the system, such as proprietary
 not being able to, or making it unnecessarily difficult to, install and
 update critical components of the system, such as proprietary
 <a class="body-link" href="https://en.wikipedia.org/wiki/Firmware"
->firmware</a>, which just so happens to be almost all of them.
+>firmware</a>, which just so happens to be almost all of them. "Linux phones" are not as free as
-"Linux phones" are not as free as they proclaim to be.</p>
+they proclaim to be.</p>
 <br>
 <p>You may ask "What's so bad about using
 <a class="body-link" href="https://lineageos.org/"
->LineageOS</a>?", to which I answer with
+>LineageOS</a>?", to which I answer with "What's not bad about it?".<br>
 "What's not bad about it?".<br>
 <br>
 - LineageOS uses
 <a class="body-link" href="https://github.com/LineageOS/hudson/blob/master/lineage-build-targets"
 >debug builds</a>, not safe and secure release builds.<br>
- LineageOS requires an unlocked bootloader. Even when installed on devices
+- LineageOS requires an unlocked bootloader. Even when installed on devices which support custom
-which support custom Android Verified Boot (AVB) keys, the bootloader cannot
+Android Verified Boot (AVB) keys, the bootloader cannot be locked due to lack of the OS being
-be locked due to lack of the OS being signed.<br>
+signed.<br>
- LineageOS does not install critically important firmware without manual
+- LineageOS does not install critically important firmware without manual flashing, requiring users
-flashing, requiring users to perform a second update to install this firmware;
+to perform a second update to install this firmware; this likely causes users to ignore the
-this likely causes users to ignore the notification or miss firmware
+notification or miss firmware updates.<br>
 updates.<br>
 - LineageOS does not implement
-<a class="body-link" href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection"
+<a class="body-link" href="https://source.android.com/docs/security/features/verifiedboot/
->rollback protection</a>, meaning any adversary,
+verified-boot#rollback-protection"
-from a stranger who physically picks up the device, to a goverment entity
+>rollback protection</a>, meaning any adversary, from a stranger who physically picks up the device,
-remotely, can simply downgrade the OS to a previous version in order to exploit
+to a goverment entity remotely, can simply downgrade the OS to a previous version in order to
-known
+exploit known
 <a class="body-link" href="https://en.wikipedia.org/wiki/Vulnerability_(computing)"
 >security vulnerabilities</a>.<br>
 <br>
-LineageOS is not the only Android OS (commonly, and incorrectly, referred
+LineageOS is not the only Android OS (commonly, and incorrectly, referred to as a "ROM") with such
-to as a "ROM") with such issues, but it is one of the worst. The only
+issues, but it is one of the worst. The only things such insecure OSes can provide you are
-things such insecure OSes can provide you are customisation abilities, and
+customisation abilities, and a backdoor to your data. They are best suited as a development OS, not
-a backdoor to your data. They are best suited as a development OS, not a
+a production OS.</p>
 production OS.</p>
 <br>
 <h4>Solution</h4>
-<p>What can you do about this? The answer is simple; however, it does require
+<p>What can you do about this? The answer is simple; however, it does require you to use logic,
-you to use logic, fact, and evidence, not emotion, which is a difficult
+fact, and evidence, not emotion, which is a difficult pill for most people to swallow. Use your
-pill for most people to swallow. Use your adversaries' weapons against
+adversaries' weapons against them. The only way to effectively combat the privacy invasion and lack
-them. The only way to effectively combat the privacy invasion and lack of
+of control of our devices and data is to become a
 control of our devices and data is to become a
 <a class="body-link" href="https://en.wikipedia.org/wiki/Turncoat"
->renegade</a> and not take sides.
+>renegade</a> and not take sides. Yes, that means not taking sides with the closed source,
-Yes, that means not taking sides with the closed source, proprietary, big
+proprietary, big tech and government entities, but it also means not taking sides with any
-tech and government entities, but it also means not taking sides with any
+FOSS entities. The only way to win this war is to take *whatever* hardware and software you can, and
-FOSS entities. The only way to win this war is to take *whatever* hardware
+use it tactically.</p>
 and software you can, and use it tactically.</p>
 <br>
-<p>The only solution for phone security, privacy, and control, is to use
+<p>The only solution for phone security, privacy, and control, is to use a Google Pixel (currently,
-a Google Pixel (currently, Pixel 4a-series or newer) running
+Pixel 4a-series or newer) running
 <a class="body-link" href="https://grapheneos.org/"
->GrapheneOS</a>. Google Pixel phones allow you complete bootloader freedom,
+>GrapheneOS</a>. Google Pixel phones allow you complete bootloader freedom, including the
 including the
 <a class="body-link" href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later"
 >ability to lock the bootloader after flashing a custom OS</a>
-(GrapheneOS includes a custom OS signing key to allow locking the bootloader
+(GrapheneOS includes a custom OS signing key to allow locking the bootloader and enabling verified
-and enabling verified boot to prevent
+boot to prevent
 <a class="body-link" href="https://en.wikipedia.org/wiki/Malware"
->malware</a> persistence, evil maid attacks,
+>malware</a> persistence, evil maid attacks, and boot chain
 and boot chain
 <a class="body-link" href="https://en.wikipedia.org/wiki/Data_corruption"
 >corruption</a>),
 <a class="body-link" href="https://support.google.com/nexus/answer/4457705"
->long device support lifecycles</a> (minimum 3 years for
+>long device support lifecycles</a> (minimum 3 years for Pixel 4a-series to Pixel 5a, minimum 5
-Pixel 4a-series to Pixel 5a, minimum 5 years for Pixel 6-series and newer), and
+years for Pixel 6-series and newer), and
 <a class="body-link" href="https://source.android.com/docs/security/bulletin/pixel/"
->guaranteed monthly security updates</a> for the entire support timeframe of the
+>guaranteed monthly security updates</a> for the entire support timeframe of the devices.</p>
 devices.</p>
 <br>
 <h4>Conclusion</h4>
-<p>Use what you can, and do what you can. By neglecting security, you are,
+<p>Use what you can, and do what you can. By neglecting security, you are, even if unintentionally,
-even if unintentionally, neglecting exactly what you are trying to gain;
+neglecting exactly what you are trying to gain; privacy and control.</p>
 privacy and control.</p>
 <br>
 <br>
 </body>