Inferencium/website
1
0
Fork 0
Code Issues Activity

Update webpage "About" from version "10.0.1" to "10.0.2"

Browse Source
This commit is contained in:
inference 2024-03-18 03:54:26 +00:00
parent 3818c79d5a
commit 7d0744390c
Signed by: inference
SSH Key Fingerprint: SHA256:FtEVfx1CmTKMy40VwZvF4k+3TC+QhCWy+EmPRg50Nnc
1 changed files with 703 additions and 858 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

695
about.xhtml
View File

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<!-- Inferencium - Website - About --> <!-- Inferencium - Website - About -->
<!-- Version: 10.0.1 --> <!-- Version: 10.0.2 -->
<!-- Copyright 2022 Jake Winters --> <!-- Copyright 2022 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause --> <!-- SPDX-License-Identifier: BSD-3-Clause -->
@ -90,30 +90,21 @@
<section id="about_me"> <section id="about_me">
<h2><a href="#about_me">About Me</a></h2> <h2><a href="#about_me">About Me</a></h2>
<img class="avatar" src="asset/img/avatar/inference.png" alt="My avatar."/> <img class="avatar" src="asset/img/avatar/inference.png" alt="My avatar."/>
<p>I am Jake Winters, also known by my pseudonym <p>I am Jake Winters, also known by my pseudonym "Inference", a security researcher based in United
"Inference", a security researcher based in United
Kingdom.</p> Kingdom.</p>
<p>I am the founder, lead developer, and administrator, of <p>I am the founder, lead developer, and administrator, of Inferencium.</p>
Inferencium.</p> <p>All opinions are my own, and are not necessarily shared with projects or people I am affiliated
<p>All opinions are my own, and are not necessarily shared with.</p>
with projects or people I am affiliated with.</p> <p>I write about my research and experience in cybersecurity and also physical security. Most of my
<p>I write about my research and experience in cybersecurity postings are security-related, but I occasionally post about other aspects of my life.</p>
and also physical security. Most of my postings are <p>I am an open source advocate for the preservation and modifiability of source code. I believe
security-related, but I occasionally post about other source code should be considered human knowledge as much as past knowledge and teachings were; it is
aspects of my life.</p> how modern humanity survives and runs. Source code being modifiable allows it to be adapted for use
<p>I am an open source advocate for the preservation and by anyone, whether to add features, harden it for increased security and/or privacy, or provide
modifiability of source code. I believe source code should accessibility for disabled users.</p>
be considered human knowledge as much as past knowledge and <p>I am also a modular design advocate for the ability to securely and robustly make changes to
teachings were; it is how modern humanity survives and runs. hardware and software without the entire system being affected.</p>
Source code being modifiable allows it to be adapted for use <p>I run multiple XMPP channels; a directory of channels can be found on the
by anyone, whether to add features, harden it for increased
security and/or privacy, or provide accessibility for
disabled users.</p>
<p>I am also a modular design advocate for the ability to
securely and robustly make changes to hardware and software
without the entire system being affected.</p>
<p>I run multiple XMPP channels; a directory of channels can
be found on the
<a href="https://inferencium.net/directory.xhtml">directory</a> <a href="https://inferencium.net/directory.xhtml">directory</a>
webpage.</p> webpage.</p>
<p>If you wish to contact me for any reason, you can use my <p>If you wish to contact me for any reason, you can use my
@ -123,14 +114,11 @@
<h2><a href="#date_time">Date and Time</a></h2> <h2><a href="#date_time">Date and Time</a></h2>
<p>All dates and times across my services are <p>All dates and times across my services are
<a href="https://en.wikipedia.org/wiki/ISO_8601">ISO 8601</a>-compliant. <a href="https://en.wikipedia.org/wiki/ISO_8601">ISO 8601</a>-compliant.
The short-form format <code>YYYY-MM-DD</code> is used for The short-form format <code>YYYY-MM-DD</code> is used for dates, and <code>hh:mm:ss</code> is used
dates, and <code>hh:mm:ss</code> is used for times, with for times, with display of seconds being based on required level of accuracy. The full expression
display of seconds being based on required level of may be used when necessary; <code>YYYYMMDDThhmmssZ</code> (UTC without offset),
accuracy. The full expression may be used when necessary; <code>YYYYMMDDThhmmss+hhmm</code> (with positive offset), or <code>YYYYMMDDThhmmss-hhmm</code> (with
<code>YYYYMMDDThhmmssZ</code> (UTC without offset), negative offset).</p>
<code>YYYYMMDDThhmmss+hhmm</code> (with positive offset), or
<code>YYYYMMDDThhmmss-hhmm</code> (with negative
offset).</p>
</section> </section>
<section id="languages"> <section id="languages">
<h2><a href="#languages">Languages</a></h2> <h2><a href="#languages">Languages</a></h2>
@ -145,100 +133,69 @@
languages whenever possible.</p> languages whenever possible.</p>
<section id="languages-markup-xhtml"> <section id="languages-markup-xhtml">
<h4><a href="#languages-markup-xhtml">XHTML</a></h4> <h4><a href="#languages-markup-xhtml">XHTML</a></h4>
<p>XHTML is preferred for most content <p>XHTML is preferred for most content due to its HTML-based design and syntax, with
due to its HTML-based design and syntax, advantages over HTML, including strict parsing checks which assist with achieving
with advantages over HTML, including code-correctness, and being XML-compliant to allow widespread usage even outside of
strict parsing checks which assist with the intended HTML-based use case.</p>
achieving code-correctness, and being <p>HTML has multiple flaws, including allowing broken code to be loaded in the
XML-compliant to allow widespread usage user's web browser, not informing the developer of broken code or mismatching tags,
even outside of the intended HTML-based and using non-standard, highly-permissive syntax which is non-portable. XHTML
use case.</p> mitigates or completely fixes these issues via its XML namespace.</p>
<p>HTML has multiple flaws, including
allowing broken code to be loaded in the
user's web browser, not informing the
developer of broken code or mismatching
tags, and using non-standard, highly
permissive syntax which is
non-portable. XHTML mitigates or
completely fixes these issues via
its XML namespace.</p>
</section> </section>
<section id="languages-markup-asciidoc"> <section id="languages-markup-asciidoc">
<h4><a href="#languages-markup-asciidoc">AsciiDoc</a></h4> <h4><a href="#languages-markup-asciidoc">AsciiDoc</a></h4>
<p>AsciiDoc is used when portability is <p>AsciiDoc is used when portability is a concern, as it allows easy conversion to
a concern, as it allows easy conversion other file formats, including HTML and PDF. AsciiDoc can also be read as-is, due to
to other file formats, including HTML it having clean markup and high readability when viewed as plaintext.</p>
and PDF. AsciiDoc can also be read
as-is, due to it having clean markup and
high readability when viewed as
plaintext.</p>
</section> </section>
</section> </section>
<section id="languages-programming"> <section id="languages-programming">
<h3><a href="#languages-programming">Programming</a></h3> <h3><a href="#languages-programming">Programming</a></h3>
<p>The following programming languages are used in my code, with <p>The following programming languages are used in my code, with rationale provided for the
rationale provided for the usage of each language.</p> usage of each language.</p>
<p>Note that derivations of non-Inferencium codebases, such as <p>Note that derivations of non-Inferencium codebases, such as forks, may not contain the
forks, may not contain the programming languages listed here due programming languages listed here due to the work involved in replacing all code, but will
to the work involved in replacing all code, but will be be rewritten whenever possible, and new code will be written in my preferred languages
rewritten whenever possible, and new code will be written in my whenever possible.</p>
preferred languages whenever possible.</p>
<section id="languages-programming-rust"> <section id="languages-programming-rust">
<h4><a href="#languages-programming-rust">Rust</a></h4> <h4><a href="#languages-programming-rust">Rust</a></h4>
<p>Rust is a partially object-oriented <p>Rust is a partially object-oriented programming language with a focus on security
programming language with a focus on and performance. It has strict compile-time checks to verify the memory-safety and
security and performance. It has strict thread-safety of code, is memory-efficient, has no garbage collection, is highly
compile-time checks to verify the portable, has great support for integration with other languages, and is suitable
memory-safety and thread-safety of code, for both high-level and low-level code.</p>
is memory-efficient, has no garbage <p>Rust is the modern replacement for C++.</p>
collection, is highly portable, has
great support for integration with other
languages, and is suitable for both
high-level and low-level code.</p>
<p>Rust is the modern replacement for
C++.</p>
</section> </section>
<section id="languages-programming-go"> <section id="languages-programming-go">
<h4><a href="#languages-programming-go">Go</a></h4> <h4><a href="#languages-programming-go">Go</a></h4>
<p>Go is a functional programming <p>Go is a functional programming language with a focus on performance. It is easy
language with a focus on performance. It to use, has garbage collection, allows clean codebases, and is suitable for
is easy to use, has garbage collection, high-level code.</p>
allows clean codebases, and is suitable <p>Go is the modern replacement for C.</p>
for high-level code.</p>
<p>Go is the modern replacement for
C.</p>
</section> </section>
</section> </section>
</section> </section>
<section id="licensing"> <section id="licensing">
<h2><a href="#licensing">Licensing</a></h2> <h2><a href="#licensing">Licensing</a></h2>
<p>I care about upstreaming and sharing code, strongly <p>I care about upstreaming and sharing code, strongly preferring licenses which have high license
preferring licenses which have high license compatibility in compatibility in order to permit sharing code with as many other projects as possible; for this
order to permit sharing code with as many other projects as reason, permissive licenses are mypreferred choice, while avoiding copyleft licenses and other
possible; for this reason, permissive licenses are my licenses which place restrictions on how my code may be used, and prevent me from including
preferred choice, while avoiding copyleft licenses and other important proprietary code, such as firmware, which can patch security vulnerabilities, privacy
licenses which place restrictions on how my code may be issues, and stability issues.</p>
used, and prevent me from including important proprietary <p>All of my code is and will be permissively-licensed unless specific circumstances make it
code, such as firmware, which can patch security impractical or infeasible to do so. My goal is to share code which has the least amount of
vulnerabilities, privacy issues, and stability issues.</p> restrictions as possible, to allow wider propagation of my code and allow more use cases and
<p>All of my code is and will be permissively licensed possibilities, as well as ensuring proprietary code, whenever required, is permitted to be included
unless specific circumstances make it impractical or and/or linked to.</p>
infeasible to do so. My goal is to share code which has the
least amount of restrictions as possible, to allow wider
propagation of my code and allow more use cases and
possibilities, as well as ensuring proprietary code,
whenever required, is permitted to be included and/or linked
to.</p>
<p><a href="https://iso.org/standard/81870.html">ISO 5962:2021</a> <p><a href="https://iso.org/standard/81870.html">ISO 5962:2021</a>
is used for licensing, in the format is used for licensing, in the format
<code>SPDX-License-Identifier: <var>&lt;license&gt;</var></code>; <code>SPDX-License-Identifier: <var>&lt;license&gt;</var></code>; see the
see the
<a href="https://spdx.org/licenses/">SPDX License List</a> <a href="https://spdx.org/licenses/">SPDX License List</a>
for the full list of available licenses under this for the full list of available licenses under this
standard.</p> standard.</p>
<p>My preferred licenses and rationale for using them are <p>My preferred licenses and rationale for using them are below; any licenses not listed are chosen
below; any licenses not listed are chosen on a case-by-case on a case-by-case basis.</p>
basis.</p>
<section id="licensing-code"> <section id="licensing-code">
<h3><a href="#licensing-code">Code</a></h3> <h3><a href="#licensing-code">Code</a></h3>
<section id="licensing-code-bsd3clause"> <section id="licensing-code-bsd3clause">
@ -246,17 +203,11 @@
<p><b>SPDX License Identifier:</b> <code>BSD-3-Clause</code></p> <p><b>SPDX License Identifier:</b> <code>BSD-3-Clause</code></p>
<p><b>Type: Permissive</b></p> <p><b>Type: Permissive</b></p>
<p><a href="https://spdx.org/licenses/BSD-3-Clause.html">BSD 3-Clause License</a> <p><a href="https://spdx.org/licenses/BSD-3-Clause.html">BSD 3-Clause License</a>
is a highly permissive license which is a highly permissive license which allows content licensed under it to be used in
allows content licensed under it to be any way, whether in source or binary form, and allows sublicensing under a different
used in any way, whether in source or license, with the only restrictions being the original copyright notice must be kept
binary form, and allows sublicensing in order to attribute the original creator of the licensed content, and the name of
under a different license, with the only the project and/or its contributors may not be used to endorse or promote products
restrictions being the original
copyright notice must be kept in order
to attribute the original creator of the
licensed content, and the name of the
project and/or its contributors may not
be used to endorse or promote products
derived from the original project.</p> derived from the original project.</p>
</section> </section>
<section id="licensing-code-gpl2.0only"> <section id="licensing-code-gpl2.0only">
@ -264,31 +215,18 @@
<p><b>SPDX License Identifier:</b> <code>GPL-2.0-only</code></p> <p><b>SPDX License Identifier:</b> <code>GPL-2.0-only</code></p>
<p><b>Type: Copyleft</b></p> <p><b>Type: Copyleft</b></p>
<p><a href="https://spdx.org/licenses/GPL-2.0-only.html">GNU General Public License v2.0</a> <p><a href="https://spdx.org/licenses/GPL-2.0-only.html">GNU General Public License v2.0</a>
is a strong copyleft license which is a strong copyleft license which restricts use of content licensed under it by
restricts use of content licensed under requiring all source code of the content to be publicly available, making
it by requiring all source code of the binary-only form and inclusion of proprietary code impossible, requiring all
content to be publicly available, making derivatives to be licensed under the same license (allowing sublicensing under only
binary-only form and inclusion of newer GPL licenses if <code>GPL-2.0-or-later</code> is specified in the SPDX License
proprietary code impossible, requiring Identifier), and requiring the original copyright notice to be kept in order to
all derivatives to be licensed under the attribute the original creator of the licensed content.</p>
same license (allowing sublicensing <p>Due to the restrictive and invasive nature of this license, it is avoided unless
under only newer GPL licenses if such restrictions would be beneficial to my code; whenever this is the case, the GNU
<code>GPL-2.0-or-later</code> is General Public License v2.0 will be used, rather than the more restrictive
specified in the SPDX License
Identifier), and requiring the original
copyright notice to be kept in order to
attribute the original creator of the
licensed content.</p>
<p>Due to the restrictive and invasive
nature of this license, it is avoided
unless such restrictions would be
beneficial to my code; whenever this is
the case, the GNU General Public License
v2.0 will be used, rather than the more
restrictive
<a href="https://spdx.org/licenses/GPL-3.0-only.html">GNU General Public License v3.0</a>, <a href="https://spdx.org/licenses/GPL-3.0-only.html">GNU General Public License v3.0</a>,
and relicensing derivatives under the and relicensing derivatives under the GNU General Public License v3.0 will be
GNU General Public License v3.0 will be
disallowed.</p> disallowed.</p>
</section> </section>
</section> </section>
@ -299,24 +237,18 @@
<p><b>SPDX License Identifier:</b> <code>CC-BY-4.0</code></p> <p><b>SPDX License Identifier:</b> <code>CC-BY-4.0</code></p>
<p><b>Type: Permissive</b></p> <p><b>Type: Permissive</b></p>
<p><a href="https://spdx.org/licenses/CC-BY-4.0.html">Creative Commons Attribution 4.0 International</a> <p><a href="https://spdx.org/licenses/CC-BY-4.0.html">Creative Commons Attribution 4.0 International</a>
is a highly permissive license which is a highly-permissive license which allows content licensed under it to be used in
allows content licensed under it to be any way, in any medium, with the only restriction being the original copyright
used in any way, in any medium, with the notice must be kept in order to attribute the original creator of the licensed
only restriction being the original content.</p>
copyright notice must be kept in order
to attribute the original creator of the
licensed content.</p>
</section> </section>
</section> </section>
<section id="licensing-open_source_vs_free_software"> <section id="licensing-open_source_vs_free_software">
<h3><a href="#licensing-open_source_vs_free_software">Do I Distinguish Between Open Source and Free Software?</a></h3> <h3><a href="#licensing-open_source_vs_free_software">Do I Distinguish Between Open Source and Free Software?</a></h3>
<p>No. If code is not released under an open-source <p>No. If code is not released under an open-source license and places restrictions on how
license and places restrictions on how the code may be the code may be used, it is either source-available (if viewing the code is permitted) or
used, it is either source-available (if viewing the code proprietary. "Free software" only causes confusion and exists to push an ideology by a
is permitted) or proprietary. "Free software" only specific group of people. If software isn't "free", it's not open-source, either.</p>
causes confusion and exists to push an ideology by a
specific group of people. If software isn't "free", it's
not open-source, either.</p>
</section> </section>
</section> </section>
<section id="versioning"> <section id="versioning">
@ -325,131 +257,105 @@
<h3><a href="#versioning-numbering_scheme">What is the Numbering Scheme?</a></h3> <h3><a href="#versioning-numbering_scheme">What is the Numbering Scheme?</a></h3>
<p>All code uses <p>All code uses
<a href="https://semver.org">Semantic Versioning</a>. <a href="https://semver.org">Semantic Versioning</a>.
The numbering scheme divided into 3 blocks (herein referred to The numbering scheme is divided into 3 blocks (herein referred to as Block 0, Block 1, and
as Block 0, Block 1, and Block 2, in left-to-right order); the Block 2, in left-to-right order); the version blocks are separated by periods. When a
version blocks are separated by periods. When a version number version number block is incremented, all blocks to the right of it are reset to 0. The
block is incremented, all blocks to the right of it are reset to legacy versioning scheme was a similar numerical versioning scheme which lacked
0. The legacy versioning scheme was a similar numerical standardisation.</p>
versioning scheme which lacked standardisation.</p> <p>Block 0 contains the <code><var>MAJOR</var></code> version; this number is incremented
<p>Block 0 contains the <code><var>MAJOR</var></code> version; whenever an API-incompatible change is made to the code.</p>
this number is incremented whenever an API-incompatible change <p>Block 1 contains the <code><var>MINOR</var></code> version; this number is incremented
is made to the code.</p> whenever an API-compatible, substantial change is made to the code, such as adding a
<p>Block 1 contains the <code><var>MINOR</var></code> version;
this number is incremented whenever an API-compatible,
substantial change is made to the code, such as adding a
feature.</p> feature.</p>
<p>Block 2 contains the <code><var>PATCH</var></code> version; <p>Block 2 contains the <code><var>PATCH</var></code> version; this number is incremented
this number is incremented whenever an API-compatible, whenever an API-compatible, unsubstantial change is made to the code, such as fixing or
unsubstantial change is made to the code, such as fixing or
optimising the code.</p> optimising the code.</p>
<p>Development and pre-release versions are suffixed with <p>Development and pre-release versions are suffixed with a hyphen, followed by their phase,
a hyphen, followed by their phase, a period, then the version of a period, then the version of that phase; for example, <code>-alpha.<var>n</var></code> for
that phase; for example, <code>-alpha.<var>n</var></code> for an an alpha version, <code>-beta.<var>n</var></code> for a beta version, and
alpha version, <code>-beta.<var>n</var></code> for a beta <code>-rc.<var>n</var></code> for a release candidate version, with
version, and <code>-rc.<var>n</var></code> for a release <code><var>n</var></code> being a non-negative integer. Stable versions have no suffix.</p>
candidate version, with <code><var>n</var></code> being a
non-negative integer. Stable versions have no suffix.</p>
</section> </section>
<section id="versioning-phases"> <section id="versioning-phases">
<h3><a href="#versioning-phases">What Are the Phases?</a></h3> <h3><a href="#versioning-phases">What Are the Phases?</a></h3>
<p>There are 4 phases of development. Each phase typically has <p>There are 4 phases of development. Each phase typically has its own branch in each source
its own branch in each source code repository. The phases are as code repository. The phases are as follows:</p>
follows:</p>
<ol> <ol>
<li>Alpha: Pre-alpha development and alpha testing <li>Alpha: Pre-alpha development and alpha testing occurs in this phase. Features
occurs in this phase. Features are added, modified, are added, modified, and/or removed. Fixes and optimisations may also occur if they
and/or removed. Fixes and optimisations may also occur are caught during this phase. This is where the majority of changes occur and where
if they are caught during this phase. This is where the the fine-grained commits can be found. Breakage is highly likely within this phase
majority of changes occur and where the fine-grained as it makes no attempt to be stable or usable due to being where the most rapid
commits can be found. Breakage is highly likely within development occurs. Code is tested internally in a fine-grained manner and is moved
this phase as it makes no attempt to be stable or usable to the next phase only when it is deemed feature-complete and reasonably stable for
due to being where the most rapid development occurs. broader public testing. If you would like to assist in testing code in this phase,
Code is tested internally in a fine-grained manner and you must use the code and/or tags from the source code repositories due to it not
is moved to the next phase only when it is deemed being available publicly outside of them.</li>
feature-complete and reasonably stable for broader <li>Beta: Feature-complete testing occurs in this phase. Only bug fixes and
public testing. If you would like to assist in testing optimisations occur in this phase, such as stability and security fixes. This phase
code in this phase, you must use the code and/or tags is classified as stable enough for broad public testing and is made available
from the source code repositories due to it not being publicly in many cases without having to use the source code repositories. Since
available publicly outside of them.</li> this phase contains only feature-complete code, no features will be added, modified,
<li>Beta: Feature-complete testing occurs in this phase. or removed in this phase.</li>
Only bug fixes and optimisations occur in this phase, <li>Release candidate (RC): Feature-complete testing occurs in this phase. Code in
such as stability and security fixes. This phase is the RC phase is often stable enough for production usage, but is not yet completely
classified as stable enough for broad public testing and acceptable to be classified as stable by my standards. This phase is often skipped
is made available publicly in many cases without having due to most bugs being caught in the beta phase, but will be used should the need
to use the source code repositories. Since this phase arise for finer-grained testing beyond what the beta phase can provide. Like the
contains only feature-complete code, no features will be beta phase, code in this phase is available publicly without requiring usage of the
added, modified, or removed in this phase.</li> source code repositories.</li>
<li>Release candidate (RC): Feature-complete testing <li>Stable: Feature-complete and well-tested code is moved to this phase. Code in
occurs in this phase. Code in the RC phase is often this phase is deemed to be stable enough for production usage and full support is
stable enough for production usage, but is not yet
completely acceptable to be classified as stable by my
standards. This phase is often skipped due to most bugs
being caught in the beta phase, but will be used should
the need arise for finer-grained testing beyond what the
beta phase can provide. Like the beta phase, code in
this phase is available publicly without requiring usage
of the source code repositories.</li>
<li>Stable: Feature-complete and well-tested code is
moved to this phase. Code in this phase is deemed to be
stable enough for production usage and full support is
provided.</li> provided.</li>
</ol> </ol>
<p>When development of a new version has begun, the code within <p>When development of a new version has begun, the code within the alpha phase is rebased
the alpha phase is rebased onto the most recent code from the onto the most recent code from the stable phase before work commences. This cycle continues
stable phase before work commences. This cycle continues for the for the lifetime of the code.</p>
lifetime of the code.</p>
</section> </section>
</section> </section>
<section id="services"> <section id="services">
<h2><a href="#services">Services</a></h2> <h2><a href="#services">Services</a></h2>
<p>This list contains the policies and practices of my services.</p> <p>This list contains the policies and practices of my services.</p>
<p>My policies and practices are heavily security- and privacy-focused, with <p>My policies and practices are heavily security- and privacy-focused, with improvements made on an
improvements made on an ongoing basis as new technologies, protocols, and ongoing basis as new technologies, protocols, and software become available.</p>
software become available.</p>
<h3 id="services-websites"><a href="#services-websites">Websites</a></h3> <h3 id="services-websites"><a href="#services-websites">Websites</a></h3>
<ul> <ul>
<li>Unnecessary logging avoided (only logs required for security <li>Unnecessary logging avoided (only logs required for security and debugging
and debugging purposes)</li> purposes)</li>
<li>All server logs purged every 14 days</li> <li>All server logs purged every 14 days</li>
<li>User IP addresses used only for security and debugging <li>User IP addresses used only for security and debugging purposes (purged along with
purposes (purged along with logs)</li> logs)</li>
<li>All connections made via <li>All connections made via
<a href="https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3">TLS 1.3</a> <a href="https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3">TLS 1.3</a>
only to ensure the most secure only to ensure the most secure
<a href="https://en.wikipedia.org/wiki/Authenticated_encryption">AEAD</a> <a href="https://en.wikipedia.org/wiki/Authenticated_encryption">AEAD</a>
ciphers are used, along with ciphers are used, along with
<a href="https://en.wikipedia.org/wiki/Forward_secrecy">forward secrecy</a></li> <a href="https://en.wikipedia.org/wiki/Forward_secrecy">forward secrecy</a></li>
<li>All connections made via high-security AEAD ciphers, <li>All connections made via high-security AEAD ciphers, preferring AES-256-GCM for
preferring AES-256-GCM for devices with AES devices with AES hardware acceleration, and ChaCha20-Poly1305 for devices without AES
hardware acceleration, and ChaCha20-Poly1305 for devices without hardware acceleration, with AES-128-GCM as a fallback (AES-128-GCM is mandated for TLS
AES hardware acceleration, with AES-128-GCM as a fallback 1.3 by
(AES-128-GCM is mandated for TLS 1.3 by
<a href="https://datatracker.ietf.org/doc/rfc8446#section-9.1">IETF RFC8446 section 9.1</a>)</li> <a href="https://datatracker.ietf.org/doc/rfc8446#section-9.1">IETF RFC8446 section 9.1</a>)</li>
<li>All connections are made via high-security key exchange <li>All connections are made via high-security key exchange protocols, preferring
protocols, preferring X25519, with secp256r1 as a fallback X25519, with secp256r1 as a fallback (secp256r1 is mandated for TLS 1.3 by IETF RFC8446
(secp256r1 is mandated for TLS 1.3 by IETF RFC8446 section section 9.1)</li>
9.1)</li>
<li><a href="https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions">Domain Name System Security Extensions (DNSSEC)</a> <li><a href="https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions">Domain Name System Security Extensions (DNSSEC)</a>
enabled to provide a root-of-trust for encryption and enabled to provide a root-of-trust for encryption and authentication for domain and
authentication for domain and server configuration</li> server configuration</li>
<li><a href="https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization">Certification Authority Authorization (CAA)</a> <li><a href="https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization">Certification Authority Authorization (CAA)</a>
records enabled to prevent all certificate authorities other records enabled to prevent all certificate authorities other than
than
<a href="https://letsencrypt.org/">Let's Encrypt</a> from <a href="https://letsencrypt.org/">Let's Encrypt</a> from
issuing TLS certificates for my domains</li> issuing TLS certificates for my domains</li>
<li><a href="https://en.wikipedia.org/wiki/SSHFP_record">Secure Shell fingerprint (SSHFP)</a> <li><a href="https://en.wikipedia.org/wiki/SSHFP_record">Secure Shell fingerprint (SSHFP)</a>
records enabled to provide a DNS-based root-of-trust for SSH records enabled to provide a DNS-based root-of-trust for SSH connections to my
connections to my domains</li> domains</li>
<li>Referrer headers disabled to prevent knowing where a user <li>Referrer headers disabled to prevent knowing where a user was redirected from</li>
was redirected from</li> <li>All content sourced from my own domains, with third-party content prohibited via
<li>All content sourced from my own domains, with third-party
content prohibited via
<a href="https://en.wikipedia.org/wiki/Content_Security_Policy">Content Security Policy</a> <a href="https://en.wikipedia.org/wiki/Content_Security_Policy">Content Security Policy</a>
configuration</li> configuration</li>
<li>All servers physically under my control (no VPS or other <li>All servers physically under my control (no VPS or other hosting providers)</li>
hosting providers)</li> <li>No proprietary services, ensuring I have complete control over my services, and
<li>No proprietary services, ensuring I have complete control vendor lock-in does not occur</li>
over my services, and vendor lock-in does not occur</li>
</ul> </ul>
</section> </section>
<section id="recommendations"> <section id="recommendations">
@ -480,102 +386,78 @@
<th id="hardware-smartphone-smartphone">Smartphone</th> <th id="hardware-smartphone-smartphone">Smartphone</th>
<th id ="google-pixel" headers="hardware hardware-smartphone-smartphone"> <th id ="google-pixel" headers="hardware hardware-smartphone-smartphone">
<img src="asset/img/google-pixel_8_pro.png" width="100" height="100" alt="Front and rear view of a Google Pixel 8 Pro in Obsidian colour"/><br/> <img src="asset/img/google-pixel_8_pro.png" width="100" height="100" alt="Front and rear view of a Google Pixel 8 Pro in Obsidian colour"/><br/>
Google Pixel Google Pixel</th>
</th>
<td class="desc" headers="hardware-description google-pixel"> <td class="desc" headers="hardware-description google-pixel">
<h5>Security/Privacy</h5> <h5>Security/Privacy</h5>
<p>Google Pixel devices are the best <p>Google Pixel devices are the best Android devices
Android devices available on the market available on the market for
for
<a href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">security and privacy</a>.</p> <a href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">security and privacy</a>.</p>
<p>They allow locking the bootloader <p>They allow locking the bootloader with a
with a
<a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">custom Android Verified Boot (AVB) key</a> <a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">custom Android Verified Boot (AVB) key</a>
in order to preserve security and in order to preserve security and privacy features when
privacy features when installing a installing a custom operating system, such as
custom operating system, such as
<a href="https://source.android.com/docs/security/features/verifiedboot/">verified boot</a> <a href="https://source.android.com/docs/security/features/verifiedboot/">verified boot</a>
which verifies that the OS has not been which verifies that the OS has not been corrupted or tampered with, and
corrupted or tampered with, and
<a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a> <a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a>
which prevents an adversary from rolling which prevents an adversary from rolling back the OS or
back the OS or firmware version to a firmware version to a previous version with known security
previous version with known security
vulnerabilities.</p> vulnerabilities.</p>
<p>They also include a <p>They also include a
<a href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule">hardware security module</a> <a href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule">hardware security module</a>
(Titan M2, improving on the previous (Titan M2, improving on the previous generation
generation
<a href="https://security.googleblog.com/2018/10/building-titan-better-security-through.html">Titan M</a>) <a href="https://security.googleblog.com/2018/10/building-titan-better-security-through.html">Titan M</a>)
which is extremely resistant to both which is extremely resistant to both remote and physical
remote and physical attacks due to being attacks due to being completely isolated from the rest of
completely isolated from the rest of the the system, including the operating system. Titan M2 ensures
system, including the operating system. that the device cannot be remotely compromised by requiring
Titan M2 ensures that the device cannot the side buttons of the device to be physically pressed for
be remotely compromised by requiring the some sensitive operations. Titan M2 also takes the role of
side buttons of the device to be
physically pressed for some sensitive
operations. Titan M2 also takes the role
of
<a href="https://source.android.com/docs/security/best-practices/hardware#strongbox-keymaster">Android StrongBox Keymaster</a>, <a href="https://source.android.com/docs/security/best-practices/hardware#strongbox-keymaster">Android StrongBox Keymaster</a>,
a a
<a href="https://source.android.com/docs/security/features/keystore">hardware-backed Keystore</a> <a href="https://source.android.com/docs/security/features/keystore">hardware-backed Keystore</a>
containing sensitive user keys which are containing sensitive user keys which are unavailable to the
unavailable to the OS or apps running on OS or apps running on it without authorisation from Titan M2
it without authorisation from Titan M2
itself. itself.
<a href="https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html">Insider attack resistance</a> <a href="https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html">Insider attack resistance</a>
ensures that Titan M2 firmware can be ensures that Titan M2 firmware can be flashed only if the
flashed only if the user PIN/password is user PIN/password is already known, making it impossible to
already known, making it impossible to backdoor the device without already knowing these secrets.</p>
backdoor the device without already <p>Google Pixel device kernels are compiled with
knowing these secrets.</p>
<p>Google Pixel device kernels are
compiled with
<a href="https://android-developers.googleblog.com/2018/10/control-flow-integrity-in-android-kernel.html">forward-edge control-flow integrity</a> <a href="https://android-developers.googleblog.com/2018/10/control-flow-integrity-in-android-kernel.html">forward-edge control-flow integrity</a>
and and
<a href="https://security.googleblog.com/2019/10/protecting-against-code-reuse-in-linux_30.html">backward-edge control-flow integrity</a> <a href="https://security.googleblog.com/2019/10/protecting-against-code-reuse-in-linux_30.html">backward-edge control-flow integrity</a>
to prevent code reuse attacks against to prevent code reuse attacks against the kernel. MAC
the kernel. MAC address randomisation is address randomisation is
<a href="https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html">implemented well, along with minimal probe requests and randomised initial sequence numbers</a>.</p> <a href="https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html">implemented well, along with minimal probe requests and randomised initial sequence numbers</a>.</p>
<p>Google releases <p>Google releases
<a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>, <a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>,
ensuring Google Pixel devices are ensuring Google Pixel devices are up-to-date and quickly
up-to-date and quickly protected against protected against security vulnerabilities.</p>
security vulnerabilities.</p> <p>Pixel 6-series and 7-series devices are a large
<p>Pixel 6-series and 7-series devices improvement over the already very secure and private
are a large improvement over the already previous generation Pixel devices. They replace ARM-based
very secure and private previous Titan M with RISC-V-based Titan M2, reducing trust by
generation Pixel devices. They replace removing ARM from the equation. Titan M2 is more resiliant
ARM-based Titan M with RISC-V-based to attacks than Titan M, and is
Titan M2, reducing trust by removing ARM
from the equation. Titan M2 is more
resiliant to attacks than Titan M, and
is
<a href="https://www.tuv-nederland.nl/assets/files/cerfiticaten/2022/09/nscib-cc-22-0228971-cert-final.pdf">AVA_VAN.5 certified</a>, <a href="https://www.tuv-nederland.nl/assets/files/cerfiticaten/2022/09/nscib-cc-22-0228971-cert-final.pdf">AVA_VAN.5 certified</a>,
the highest level of vulnerability the highest level of vulnerability assessment. Google's
assessment. Google's in-house Tensor in-house Tensor System-on-Chip includes Tensor Security
System-on-Chip includes Tensor Security Core, further improving device security.</p>
Core, further improving device
security.</p>
<p>Pixel 8-series includes Armv9's <p>Pixel 8-series includes Armv9's
<a href="https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enhanced-security-through-mte">Memory Tagging Extension</a>, <a href="https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enhanced-security-through-mte">Memory Tagging Extension</a>,
which dramatically increases device which dramatically increases device security by eliminating
security by eliminating up to 95% of all up to 95% of all security issues caused by
security issues caused by
memory-unsafety.</p> memory-unsafety.</p>
<h5>Support</h5> <h5>Support</h5>
<p>Pixel 5a is supported for a <p>Pixel 5a is supported for a
<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-a-g-pixel-pixel-a-g-pixel-a-pixel-xl-pixel">minimum of 3 years from launch</a>.</p> <a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-a-g-pixel-pixel-a-g-pixel-a-pixel-xl-pixel">minimum of 3 years from launch</a>.</p>
<p>Pixel 6-series, Pixel 7-series, Pixel <p>Pixel 6-series, Pixel 7-series, Pixel Fold, and Pixel
Fold, and Pixel Tablet are supported for Tablet are supported for a
a
<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-a-pixel-pixel-pro-pixel-a-pixel-pixel-pro-pixel-fold">minimum of 5 years from launch</a>.</p> <a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-a-pixel-pixel-pro-pixel-a-pixel-pixel-pro-pixel-fold">minimum of 5 years from launch</a>.</p>
<p>Pixel 8-series is supported for a <p>Pixel 8-series is supported for a
<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-pro">minimum of 7 years from launch</a>.</p> <a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-pro">minimum of 7 years from launch</a>.</p>
</td> </td>
<td headers="hardware-smartphone-source_model google-pixel"> <td headers="hardware-smartphone-source_model google-pixel"></td>
</td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -608,50 +490,41 @@
<th id="software-pc-os">Operating system</th> <th id="software-pc-os">Operating system</th>
<th id="gentoo_linux" headers="software-pc software-pc-os"> <th id="gentoo_linux" headers="software-pc software-pc-os">
<img src="asset/img/logo/gentoo_linux.png" width="100" height="100" alt="Gentoo Linux logo"/><br/> <img src="asset/img/logo/gentoo_linux.png" width="100" height="100" alt="Gentoo Linux logo"/><br/>
Gentoo Linux Gentoo Linux</th>
</th>
<td class="desc" headers="software-pc-description gentoo_linux"> <td class="desc" headers="software-pc-description gentoo_linux">
<p><a href="https://www.gentoo.org/">Gentoo Linux</a> <p><a href="https://www.gentoo.org/">Gentoo Linux</a>
is a highly modular, source-based, Linux-based is a highly modular, source-based, Linux-based operating system
operating system which allows vast customisation which allows vast customisation to tailor the operating system
to tailor the operating system to suit your to suit your specific needs. There are many advantages to such
specific needs. There are many advantages to an operating system, with the most notable being the ability to
such an operating system, with the most notable optimise the software for security, privacy, performance, or
being the ability to optimise the software for power usage; however, there are effectively unlimited other use
security, privacy, performance, or power usage; cases, or a combination of multiple use cases.</p>
however, there are effectively unlimited other <p>I have focused on security hardening and privacy hardening,
use cases, or a combination of multiple use placing performance below those aspects, although my system is
cases.</p> still very performant. Some of the hardening I apply includes
<p>I have focused on security hardening and
privacy hardening, placing performance below
those aspects, although my system is still very
performant. Some of the hardening I apply
includes
<a href="https://en.wikipedia.org/wiki/Buffer_overflow_protection">stack protection</a>, <a href="https://en.wikipedia.org/wiki/Buffer_overflow_protection">stack protection</a>,
<a href="https://en.wikipedia.org/wiki/Integer_overflow">signed integer overflow trapping</a>, <a href="https://en.wikipedia.org/wiki/Integer_overflow">signed integer overflow trapping</a>,
and GrapheneOS' and GrapheneOS'
<a href="https://github.com/GrapheneOS/hardened_malloc/">hardened_malloc</a> <a href="https://github.com/GrapheneOS/hardened_malloc/">hardened_malloc</a>
memory allocator.</p> memory allocator.</p>
<p>You can find my Gentoo Linux configurations <p>You can find my Gentoo Linux configurations in my
in my
<a href="https://src.inferencium.net/Inferencium/cfg/">configuration respository</a>.</p> <a href="https://src.inferencium.net/Inferencium/cfg/">configuration respository</a>.</p>
</td> </td>
<td headers="software-pc-source_model gentoo_linux"> <td headers="software-pc-source_model gentoo_linux">
Open-source<br/> Open-source<br/>
(GPL-2.0-only) (GPL-2.0-only)</td>
</td>
</tr> </tr>
<tr> <tr>
<th id="software-web_browser">Web browser</th> <th id="software-web_browser">Web browser</th>
<th id="chromium" headers="software-pc software-web_browser"> <th id="chromium" headers="software-pc software-web_browser">
<img src="asset/img/logo/chromium.png" width="100" height="100" alt="Chromium logo"/><br/> <img src="asset/img/logo/chromium.png" width="100" height="100" alt="Chromium logo"/><br/>
Chromium Chromium</th>
</th>
<td class="desc" headers="software-pc-description chromium"> <td class="desc" headers="software-pc-description chromium">
<p><a href="https://chromium.org/">Chromium</a> <p><a href="https://chromium.org/">Chromium</a>
is a highly secure web browser which is often ahead is a highly secure web browser which is often ahead of other web
of other web browsers in security aspects. It has a browsers in security aspects. It has a dedicated security team
dedicated security team and a very impressive and a very impressive
<a href="https://www.chromium.org/Home/chromium-security/brag-sheet/">security brag sheet</a>. <a href="https://www.chromium.org/Home/chromium-security/brag-sheet/">security brag sheet</a>.
Chromium's security features include a strong Chromium's security features include a strong
<a href="https://code.google.com/p/chromium/wiki/LinuxSandboxing">multi-layer sandbox</a>, <a href="https://code.google.com/p/chromium/wiki/LinuxSandboxing">multi-layer sandbox</a>,
@ -659,11 +532,11 @@
<a href="https://www.chromium.org/Home/chromium-security/site-isolation">site isolation</a>, <a href="https://www.chromium.org/Home/chromium-security/site-isolation">site isolation</a>,
<a href="https://www.chromium.org/Home/chromium-security/binding-integrity">Binding Integrity</a> <a href="https://www.chromium.org/Home/chromium-security/binding-integrity">Binding Integrity</a>
memory hardening, and memory hardening, and
<a href="https://www.chromium.org/developers/testing/control-flow-integrity/">control-flow integrity (CFI)</a>.</p></td> <a href="https://www.chromium.org/developers/testing/control-flow-integrity/">control-flow integrity (CFI)</a>.</p>
</td>
<td headers="software-pc-source_model chromium"> <td headers="software-pc-source_model chromium">
Open-source<br/> Open-source<br/>
(BSD-3-Clause) (BSD-3-Clause)</td>
</td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -693,146 +566,125 @@
<th id="software-smartphone-os">Operating system</th> <th id="software-smartphone-os">Operating system</th>
<th id="grapheneos" headers="software-smartphone software-smartphone-os"> <th id="grapheneos" headers="software-smartphone software-smartphone-os">
<img src="asset/img/logo/grapheneos.png" width="100" height="100" alt="GrapheneOS logo"/><br/> <img src="asset/img/logo/grapheneos.png" width="100" height="100" alt="GrapheneOS logo"/><br/>
GrapheneOS GrapheneOS</th>
</th>
<td class="desc" headers="software-smartphone-description grapheneos"> <td class="desc" headers="software-smartphone-description grapheneos">
<p><a href="https://grapheneos.org/">GrapheneOS</a> <p><a href="https://grapheneos.org/">GrapheneOS</a>
is a security-hardened, privacy-hardened, is a security-hardened, privacy-hardened, secure-by-default,
secure-by-default, Android-based operating Android-based operating system which implements extensive,
system which implements extensive, systemic systemic security and privacy hardening to the Android Open
security and privacy hardening to the Android Source Project used as its base codebase.</p>
Open Source Project used as its base <p>Its hardening includes closing gaps for apps to access
codebase.</p> sensitive system information, a secure app spawning feature
<p>Its hardening includes closing gaps for apps which avoids sharing address space layout and other secrets
to access sensitive system information, a secure AOSP's default Zygote app spawning model would share,
app spawning feature which avoids sharing
address space layout and other secrets AOSP's
default Zygote app spawning model would share,
<a href="https://github.com/GrapheneOS/kernel_gs-gs101/">hardened kernel</a>, <a href="https://github.com/GrapheneOS/kernel_gs-gs101/">hardened kernel</a>,
hardened memory allocator hardened memory allocator
(<a href="https://github.com/GrapheneOS/hardened_malloc/">hardened_malloc</a>) (<a href="https://github.com/GrapheneOS/hardened_malloc/">hardened_malloc</a>)
to protect against common memory corruption to protect against common memory corruption vulnerabilities,
vulnerabilities,
<a href="https://github.com/GrapheneOS/platform_bionic/">hardened Bionic standard C library</a>, <a href="https://github.com/GrapheneOS/platform_bionic/">hardened Bionic standard C library</a>,
<a href="https://github.com/GrapheneOS/platform_system_sepolicy/">stricter SELinux policies</a>, <a href="https://github.com/GrapheneOS/platform_system_sepolicy/">stricter SELinux policies</a>,
and local and remote hardware-backed attestation and local and remote hardware-backed attestation
(<a href="https://attestation.app/about/">Auditor</a>) (<a href="https://attestation.app/about/">Auditor</a>)
to ensure the OS has not been corrupted or to ensure the OS has not been corrupted or tampered with.</p>
tampered with.</p>
<p>GrapheneOS only supports <p>GrapheneOS only supports
<a href="https://grapheneos.org/faq#device-support">high-security and well-supported devices</a> <a href="https://grapheneos.org/faq#device-support">high-security and well-supported devices</a>
which receive full support from their which receive full support from their manufacturers, including
manufacturers, including firmware updates, long firmware updates, long support lifecycles, secure hardware, and
support lifecycles, secure hardware, and overall overall high-security practices.</p>
high-security practices.</p> <p>For an extensive list of features GrapheneOS provides, visit
<p>For an extensive list of features GrapheneOS its
provides, visit its
<a href="https://grapheneos.org/features/">official features list</a> <a href="https://grapheneos.org/features/">official features list</a>
which provides extensive documentation.</p> which provides extensive documentation.</p>
</td> </td>
<td headers="software-smartphone-source_model grapheneos"> <td headers="software-smartphone-source_model grapheneos">
Open-source<br/> Open-source<br/>
(MIT) (MIT)</td>
</td>
</tr> </tr>
<tr> <tr>
<th id="software-smartphone-web_browser">Web browser</th> <th id="software-smartphone-web_browser">Web browser</th>
<th id="vanadium" headers="software-smartphone software-smartphone-web_browser"> <th id="vanadium" headers="software-smartphone software-smartphone-web_browser">
<img src="asset/img/logo/vanadium.png" width="100" height="100" alt="Vanadium logo"/><br/> <img src="asset/img/logo/vanadium.png" width="100" height="100" alt="Vanadium logo"/><br/>
Vanadium Vanadium</th>
</th>
<td class="desc" headers="software-smartphone-description vanadium"> <td class="desc" headers="software-smartphone-description vanadium">
<p>Vanadium is a security-hardened, <p>Vanadium is a security-hardened, privacy-hardened,
privacy-hardened, Chromium-based web browser Chromium-based web browser which utilises GrapheneOS' operating
which utilises GrapheneOS' operating system system hardening to implement stronger defenses to the already
hardening to implement stronger defenses to the very secure Chromium web browser.</p>
already very secure Chromium web browser.</p> <p>Its hardening alongside Chromium's base security features
<p>Its hardening alongside Chromium's base includes
security features includes
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0081-Implement-UI-for-JIT-site-settings.patch">disabling JavaScript just-in-time (JIT) compilation by default</a>, <a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0081-Implement-UI-for-JIT-site-settings.patch">disabling JavaScript just-in-time (JIT) compilation by default</a>,
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0051-stub-out-the-battery-status-API.patch">stubbing out the battery status API to prevent abuse of it</a>, <a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0051-stub-out-the-battery-status-API.patch">stubbing out the battery status API to prevent abuse of it</a>,
and and
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0084-Toggle-for-navigating-external-URL-in-incognito.patch">always-on Incognito mode as an option</a>.</p> <a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0084-Toggle-for-navigating-external-URL-in-incognito.patch">always-on Incognito mode as an option</a>.</p>
<p>Vanadium's source code, including its Chromium <p>Vanadium's source code, including its Chromium patch-set, can
patch-set, can be found in its be found in its
<a href="https://github.com/GrapheneOS/Vanadium/">official repository</a>.</p> <a href="https://github.com/GrapheneOS/Vanadium/">official repository</a>.</p>
</td> </td>
<td headers="software-smartphone-source_model vanadium"> <td headers="software-smartphone-source_model vanadium">
Open-source<br/> Open-source<br/>
(GPL-2.0-only) (GPL-2.0-only)</td>
</td>
</tr> </tr>
<tr> <tr>
<th rowspan="2" id="software-smartphone-messenger">Messenger</th> <th rowspan="2" id="software-smartphone-messenger">Messenger</th>
<th id="molly" headers="software-smartphone software-smartphone-messenger"> <th id="molly" headers="software-smartphone software-smartphone-messenger">
<img src="asset/img/logo/molly.png" width="100" height="100" alt="Molly logo"/><br/> <img src="asset/img/logo/molly.png" width="100" height="100" alt="Molly logo"/><br/>
Molly Molly</th>
</th>
<td class="desc" headers="software-smartphone-description molly"> <td class="desc" headers="software-smartphone-description molly">
<p><a href="https://molly.im/">Molly</a> <p><a href="https://molly.im/">Molly</a>
is a security-hardened, privacy-hardened is a security-hardened, privacy-hardened
<a href="https://signal.org/">Signal</a> <a href="https://signal.org/">Signal</a>
client which hardens Signal by using a variety client which hardens Signal by using a variety of
of
<a href="https://github.com/mollyim/mollyim-android#features">unique features</a>, <a href="https://github.com/mollyim/mollyim-android#features">unique features</a>,
allowing allowing
<a href="https://github.com/mollyim/mollyim-android/wiki/Data-Encryption-At-Rest">locking the database when not in use</a>, <a href="https://github.com/mollyim/mollyim-android/wiki/Data-Encryption-At-Rest">locking the database when not in use</a>,
and and
<a href="https://github.com/mollyim/mollyim-android/blob/a81ff7d120adc9d427be17239107343146bad704/app/src/main/java/org/thoughtcrime/securesms/crypto/MasterSecretUtil.java#L91">utilising Android StrongBox</a> <a href="https://github.com/mollyim/mollyim-android/blob/a81ff7d120adc9d427be17239107343146bad704/app/src/main/java/org/thoughtcrime/securesms/crypto/MasterSecretUtil.java#L91">utilising Android StrongBox</a>
to protect user keys using the device's hardware to protect user keys using the device's hardware security
security module.</p> module.</p>
<p>Molly is available in <p>Molly is available in
<a href="https://github.com/mollyim/mollyim-android#free-and-open-source">2 flavours</a>:</p> <a href="https://github.com/mollyim/mollyim-android#free-and-open-source">2 flavours</a>:</p>
<ul> <ul>
<li>Molly, which includes the same <li>Molly, which includes the same proprietary Google
proprietary Google code as Signal to code as Signal to support more features</li>
support more features</li> <li>Molly-FOSS, which removes the proprietary Google
<li>Molly-FOSS, which removes the code to provide an entirely open-source client</li>
proprietary Google code to provide an
entirely open-source client</li>
</ul> </ul>
</td> </td>
<td headers="software-smartphone-source_model molly"> <td headers="software-smartphone-source_model molly">
Open-source<br/> Open-source<br/>
(GPL-3.0-only) (GPL-3.0-only)</td>
</td>
</tr> </tr>
<tr> <tr>
<th id="conversations" headers="software-smartphone software-smartphone-messenger"> <th id="conversations" headers="software-smartphone software-smartphone-messenger">
<img src="asset/img/logo/conversations.png" width="100" height="100" alt="Conversations logo"/><br/> <img src="asset/img/logo/conversations.png" width="100" height="100" alt="Conversations logo"/><br/>
Conversations Conversations</th>
</th>
<td class="desc" headers="software-smartphone-description conversations"> <td class="desc" headers="software-smartphone-description conversations">
<p><a href="https://conversations.im/">Conversations</a> <p><a href="https://conversations.im/">Conversations</a>
is a well-designed Android is a well-designed Android
<a href="https://xmpp.org/">XMPP</a> <a href="https://xmpp.org/">XMPP</a>
client which serves as the de facto XMPP client which serves as the de facto XMPP reference client and
reference client and has great usability.</p> has great usability.</p>
</td> </td>
<td headers="software-smartphone-source_model conversations"> <td headers="software-smartphone-source_model conversations">
Open-source<br/> Open-source<br/>
(GPL-3.0-only) (GPL-3.0-only)</td>
</td>
</tr> </tr>
<tr> <tr>
<th id="software-smartphone-viewer">Viewer</th> <th id="software-smartphone-viewer">Viewer</th>
<th id="gallery" headers="software-smartphone software-smartphone-viewer"> <th id="gallery" headers="software-smartphone software-smartphone-viewer">
<img src="asset/img/logo/gallery.png" width="100" height="100" alt="Gallery logo"/><br/> <img src="asset/img/logo/gallery.png" width="100" height="100" alt="Gallery logo"/><br/>
Gallery Gallery</th>
</th>
<td class="desc" headers="software-smartphone-description gallery"> <td class="desc" headers="software-smartphone-description gallery">
<p><a href="https://github.com/IacobIonut01/Gallery">Gallery</a> <p><a href="https://github.com/IacobIonut01/Gallery">Gallery</a>
is a lightweight image and video viewer with is a lightweight image and video viewer with image editing
image editing capabilities.</p> capabilities.</p>
<p>It has a clean and modern design without <p>It has a clean and modern design without including
including unnecessary features, and runs unnecessary features, and runs smoothly. It provides both
smoothly. It provides both individual image and individual image and video file view, and folder view.</p>
video file view, and folder view.</p>
</td> </td>
<td headers="software-smartphone-source_model gallery"> <td headers="software-smartphone-source_model gallery">
Open-source<br/> Open-source<br/>
(Apache-2.0) (Apache-2.0)</td>
</td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -841,28 +693,21 @@
</section> </section>
<section id="recommendations-music"> <section id="recommendations-music">
<h3><a href="#recommendations-music">Music</a></h3> <h3><a href="#recommendations-music">Music</a></h3>
<p>For a curated list of music I enjoy, <p>For a curated list of music I enjoy, visit my
visit my
<a href="music.xhtml">music page</a>.</p> <a href="music.xhtml">music page</a>.</p>
</section> </section>
</section> </section>
<section id="gnulinux_or_linux"> <section id="gnulinux_or_linux">
<h2><a href="#gnulinux_or_linux">Is it GNU/Linux or Just Linux?</a></h2> <h2><a href="#gnulinux_or_linux">Is it GNU/Linux or Just Linux?</a></h2>
<p>It's just Linux. GNU is unrelated to Linux, which is a <p>It's just Linux. GNU is unrelated to Linux, which is a kernel developed by
kernel developed by
<a href="https://en.wikipedia.org/wiki/Linus_Torvalds">Linus Torvalds</a>. <a href="https://en.wikipedia.org/wiki/Linus_Torvalds">Linus Torvalds</a>.
Linux can be used entirely without GNU software in Linux can be used entirely without GNU software in userspace, and the kernel can be compiled without
userspace, and the kernel can be compiled without the use of the use of GNU tools. Just because GNU tools were used to initally develop and compile the kernel,
GNU tools. Just because GNU tools were used to initally and were initially the only available tools for userspace, does not make this true today, and it
develop and compile the kernel, and were initially the only never made GNU a part of Linux itself at any point of time.</p>
available tools for userspace, does not make this true <p>Where are all of the other forward-slashes for every other piece of software on a Linux-based
today, and it never made GNU a part of Linux itself at any system which makes it just as usable? If a system is running "GNU/Linux", it should be using more
point of time.</p> than a single forward-slash when there is more to the system than only GNU.</p>
<p>Where are all of the other forward-slashes for every
other piece of software on a Linux-based system which makes
it just as usable? If a system is running "GNU/Linux", it
should be using more than a single forward-slash when there
is more to the system than only GNU.</p>
</section> </section>
<div class="sitemap-small"><a href="sitemap.xhtml">Sitemap</a></div> <div class="sitemap-small"><a href="sitemap.xhtml">Sitemap</a></div>
</body> </body>