Update webpage "Blog - #0" from version "9.0.0-beta.1" to "9.0.1-beta.1"

blog/foss_is_working_against_itself.xhtml

@@ -1,10 +1,10 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Blog - #0 -->
-<!-- Version: 9.0.0-beta.1 -->
+<!-- Version: 9.0.1-beta.1 -->
 
 <!-- Copyright 2022 Jake Winters -->
-<!-- SPDX-License-Identifier: BSD-3-Clause -->
+<!-- SPDX-License-Identifier: BSD-3-Clause WITH AdditionRef-Inferencium-Personal-exception -->
 
 
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -48,39 +48,35 @@
 				</nav>
 				<section id="introduction">
 					<h2><a href="#introduction">Introduction</a></h2>
-										<p>The world has become a dangerous, privacy invading, human rights stripping,
+						<p>The world has become a dangerous, privacy invading, human rights stripping, totalitarian
-										totalitarian place; in order to combat this, people are joining a growing, and
+						place; in order to combat this, people are joining a growing, and dangerous, trend, which I will
-										dangerous, trend, which I will refer to in this post as the "Free and Open
+						refer to in this post as the "Free and Open Source (FOSS) movement". With that stated, I will
-										Source (FOSS) movement". With that stated, I will now debunk the misinformation
+						now debunk the misinformation being spread inside of this extremely flawed movement.</p>
-										being spread inside of this extremely flawed movement.</p>
 						<p>The
 						<a href="https://en.wikipedia.org/wiki/Free_software">FOSS</a>
 						movement is an attempt to regain
 						<a href="https://en.wikipedia.org/wiki/Privacy">privacy</a>
 						and
 						<a href="https://en.wikipedia.org/wiki/Control_(psychology)">control</a>
-										over our devices and data, but the entire concept of FOSS-only, at the current
+						over our devices and data, but the entire concept of FOSS-only, at the current time, is
-										time, is severely, and dangerously, flawed. What the FOSS community does not
+						severely, and dangerously, flawed. What the FOSS community does not seem to understand is the
-										seem to understand is the fact that most FOSS software cares not about
+						fact that most FOSS software cares not about
 						<a href="https://en.wikipedia.org/wiki/Security">security</a>.
-										"Security"; keep that word in mind as you progress through this article. What is
+						"Security"; keep that word in mind as you progress through this article. What is security?
-										security? Security is being safe and secure from adversaries and unwanted
+						Security is being safe and secure from adversaries and unwanted consequences; security protects
-										consequences; security protects our rights and allows us to protect ourselves.
+						our rights and allows us to protect ourselves. Without security, we have no protection, and
-										Without security, we have no protection, and without protection, we have a lack
+						without protection, we have a lack of certainty of everything else, including privacy and
-										of certainty of everything else, including privacy and control, which is what
+						control, which is what the FOSS movement is seeking.</p>
-										the FOSS movement is seeking.</p>
+						<p>FOSS projects rarely take security into account; they simply look at the surface level,
-										<p>FOSS projects rarely take security into account; they simply look at the
+						rather than the actual
-										surface level, rather than the actual
 						<a href="https://en.wikipedia.org/wiki/Root_cause_analysis">root cause</a>
-										of the issues they are attempting to fight against. In this case, the focus is
+						of the issues they are attempting to fight against. In this case, the focus is on privacy and
-										on privacy and control. Without security mechanisms to protect the privacy
+						control. Without security mechanisms to protect the privacy features and the ability to control
-										features and the ability to control your devices and data, it can be stripped
+						your devices and data, it can be stripped away as if it never existed in the first place, which,
-										away as if it never existed in the first place, which, inevitably, leads us back
+						inevitably, leads us back to the beginning, and the cycle repeats. With this
-										to the beginning, and the cycle repeats. With this
 						<a href="https://en.wikipedia.org/wiki/Ideology">ideology</a>,
-										privacy and control will <em>never</em> be achieved. There is no foundation to
+						privacy and control will <em>never</em> be achieved. There is no foundation to build privacy or
-										build privacy or control upon. It is impossible to build a solid, freedom
+						control upon. It is impossible to build a solid, freedom respecting platform on this model.</p>
-										respecting platform on this model.</p>
 				</section>
 				<section id="examples">
 					<h2><a href="#examples">Examples</a></h2>
@@ -88,107 +84,91 @@
 							<h3><a href="#examples-smartphones">Smartphones</a></h3>
 								<p>A FOSS phone, especially so-called
 								"<a href="https://en.wikipedia.org/wiki/Linux_for_mobile_devices#Smartphones">Linux phones</a>"
-														are completely detrimental to privacy and control, because they
+								are completely detrimental to privacy and control, because they do not have the security
-														do not have the security necessary to enforce that privacy.
+								necessary to enforce that privacy.
 								<a href="https://en.wikipedia.org/wiki/Bootloader_unlocking">Unlocked bootloaders</a>
 								prevent the device from
 								<a href="https://source.android.com/docs/security/features/verifiedboot/">verifying the integrity of the boot chain</a>,
-														including the OS, meaning any adversary, whether a stranger who
+								including the OS, meaning any adversary, whether a stranger who happens to pick up the
-														happens to pick up the device, or a big tech or government
+								device, or a big tech or government entity, can simply inject malicious code into your
-														entity, can simply inject malicious code into your software and
+								software and you wouldn't have any idea it was there. If that's not enough of a backdoor
-														you wouldn't have any idea it was there. If that's not enough of
+								for you to reconsider your position, how about the trivial
-														a backdoor for you to reconsider your position, how about the
-														trivial
 								<a href="https://en.wikipedia.org/wiki/Evil_maid_attack">evil maid</a>
-														and data extraction attacks which could be executed on your
+								and data extraction attacks which could be executed on your device, without coercion?
-														device, without coercion? With Android phones, this is bad
+								With Android phones, this is bad enough to completely break the privacy and control the
-														enough to completely break the privacy and control the FOSS
+								FOSS movement seeks, but "Linux phones" take it a step further by implementing barely
-														movement seeks, but "Linux phones" take it a step further by
+								any security, if any at all.
-														implementing barely any security, if any at all.
 								<a href="https://en.wikipedia.org/wiki/Privilege_escalation">Privilege escalation</a>
-														is trivial to achieve on any Linux system, which is the reason
+								is trivial to achieve on any Linux system, which is the reason Linux
-														Linux
 								<a href="https://en.wikipedia.org/wiki/Hardening_(computing)">hardening</a>
-														strategies often include restricting access to the root account;
+								strategies often include restricting access to the root account; if you
-														if you
 								<a href="https://en.wikipedia.org/wiki/Rooting_(Android)">root your Android phone</a>,
-														or use a "Linux phone", you've already destroyed the security
+								or use a "Linux phone", you've already destroyed the security model, and thus privacy
-														model, and thus privacy and control model you were attempting to
+								and control model you were attempting to achieve. Not only are these side effects of
-														achieve. Not only are these side effects of FOSS, so is the
+								FOSS, so is the absolutely illogical restriction of not being able to, or making it
-														absolutely illogical restriction of not being able to, or making
+								unnecessarily difficult to, install and update critical components of the system, such
-														it unnecessarily difficult to, install and update critical
+								as proprietary
-														components of the system, such as proprietary
 								<a href="https://en.wikipedia.org/wiki/Firmware">firmware</a>,
-														which just so happens to be almost all of them. "Linux phones"
+								which just so happens to be almost all of them. "Linux phones" are not as free as they
-														are not as free as they proclaim to be.</p>
+								proclaim to be.</p>
 								<p>You may ask "What's so bad about using
 								<a href="https://lineageos.org/">LineageOS</a>?",
-														to which I answer with "What's not bad about it?".
+								to which I answer with "What's not bad about it?".</p>
 									<ul>
 										<li>LineageOS uses
 										<a href="https://github.com/LineageOS/hudson/blob/master/lineage-build-targets">debug builds</a>,
 										not safe and secure release builds.</li>
-																		<li>LineageOS requires an unlocked bootloader.
+										<li>LineageOS requires an unlocked bootloader. Even when installed on devices
-																		Even when installed on devices which support
+										which support custom Android Verified Boot (AVB) keys, the bootloader cannot be
-																		custom Android Verified Boot (AVB) keys, the
+										locked due to lack of the OS being signed.</li>
-																		bootloader cannot be locked due to lack of the
+										<li>LineageOS does not install critically important firmware without manual
-																		OS being signed.</li>
+										flashing, requiring users to perform a second update to install this firmware;
-																		<li>LineageOS does not install critically
+										this likely causes users to ignore the notification or miss firmware
-																		important firmware without manual flashing,
-																		requiring users to perform a second update to
-																		install this firmware; this likely causes users
-																		to ignore the notification or miss firmware
 										updates.</li>
 										<li>LineageOS does not implement
 										<a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a>,
-																		meaning any adversary, from a stranger who
+										meaning any adversary, from a stranger who physically picks up the device, to a
-																		physically picks up the device, to a goverment
+										goverment entity remotely, can simply downgrade the OS to a previous version in
-																		entity remotely, can simply downgrade the OS to
+										order to exploit known
-																		a previous version in order to exploit known
 										<a href="https://en.wikipedia.org/wiki/Vulnerability_(computing)">security vulnerabilities</a>.</li>
 									</ul>
-														</p>
+								<p>LineageOS is not the only Android OS (commonly, and incorrectly, referred to as a
-														<p>LineageOS is not the only Android OS (commonly, and
+								"ROM") with such issues, but it is one of the worst. The only things such insecure OSes
-														incorrectly, referred to as a "ROM") with such issues, but it is
+								can provide you are customisation abilities, and a backdoor to your data. They are best
-														one of the worst. The only things such insecure OSes can provide
+								suited as a development OS, not a production OS.</p>
-														you are customisation abilities, and a backdoor to your data.
-														They are best suited as a development OS, not a production
-														OS.</p>
 						</section>
 				</section>
 				<section id="solution">
 					<h2><a href="#solution">Solution</a></h2>
-										<p>What can you do about this? The answer is simple; however, it does require
+						<p>What can you do about this? The answer is simple; however, it does require you to use logic,
-										you to use logic, fact, and evidence, not emotion, which is a difficult pill for
+						fact, and evidence, not emotion, which is a difficult pill for most people to swallow. Use your
-										most people to swallow. Use your adversaries' weapons against them. The only way
+						adversaries' weapons against them. The only way to effectively combat the privacy invasion and
-										to effectively combat the privacy invasion and lack of control of our devices
+						lack of control of our devices and data is to become a
-										and data is to become a
 						<a href="https://en.wikipedia.org/wiki/Turncoat">renegade</a>
-										and not take sides. Yes, that means not taking sides with the closed-source,
+						and not take sides. Yes, that means not taking sides with the closed-source, proprietary, big
-										proprietary, big tech and government entities, but it also means not taking
+						tech and government entities, but it also means not taking sides with any FOSS entities. The
-										sides with any FOSS entities. The only way to win this war is to take
+						only way to win this war is to take <em>whatever</em> hardware and software you can, and use it
-										<em>whatever</em> hardware and software you can, and use it tactically.</p>
+						tactically.</p>
-										<p>The best solution for device security, privacy, and control, is to use a
+						<p>The best solution for device security, privacy, and control, is to use a Google Pixel
-										Google Pixel (currently, Pixel 5a or newer) running
+						(currently, Pixel 5a or newer) running
 						<a href="https://grapheneos.org/">GrapheneOS</a>.
 						Google Pixel devices allow you complete bootloader freedom, including the
 						<a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">ability to lock the bootloader after flashing a custom OS</a>
-										(GrapheneOS includes a custom OS signing key to allow locking the bootloader and
+						(GrapheneOS includes a custom OS signing key to allow locking the bootloader and enabling
-										enabling verified boot to prevent
+						verified boot to prevent
 						<a href="https://en.wikipedia.org/wiki/Malware">malware</a>
 						persistence, evil maid attacks, and boot chain
 						<a href="https://en.wikipedia.org/wiki/Data_corruption">corruption</a>),
 						<a href="https://support.google.com/nexus/answer/4457705">long device support lifecycles</a>
-										(minimum 3 years for Pixel 5a, minimum 5 years for Pixel 6-series and 7-series,
+						(minimum 3 years for Pixel 5a, minimum 5 years for Pixel 6-series and 7-series, and minimum 7
-										and minimum 7 years for Pixel 8-series and newer), and
+						years for Pixel 8-series and newer), and
 						<a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>
 						for the entire support timeframe of the devices.</p>
 				</section>
 				<section id="conclusion">
 					<h2><a href="#conclusion">Conclusion</a></h2>
-										<p>Use what you can, and do what you can. By neglecting security, you are, even
+						<p>Use what you can, and do what you can. By neglecting security, you are, even if
-										if unintentionally, neglecting exactly what you are trying to gain; privacy and
+						unintentionally, neglecting exactly what you are trying to gain; privacy and control.</p>
-										control.</p>
 				</section>
 		<div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div>
 	</body>