I am Jake Winters, also known by my pseudonym "Inference", a security
- researcher based in United Kingdom.
- I am the founder, lead developer, and administrator, of Inferencium.
+ researcher based in United Kingdom.
+ I am the founder, lead developer, and administrator, of Inferencium.
All opinions are my own, and are not necessarily shared with projects or people
I am affiliated with.
I write about my research and experience in cybersecurity and also physical
@@ -79,30 +80,41 @@
about other aspects of my life.
I am an open source advocate for the preservation and modifiability of source
code. I believe source code should be considered human knowledge as much as past
- knowledge and teachings were; it is how modern humanity survives and runs.
+ knowledge and teachings were; it is how modern humanity survives and runs.
Source code being modifiable allows it to be adapted for use by anyone, whether
to add features, harden it for increased security and/or privacy, or provide
- accessibility for disabled users.
+ accessibility for disabled users.
I am also a modular design advocate for the ability to securely and robustly
make changes to hardware and software without the entire system being
affected.
I run multiple XMPP channels; a directory of channels can be found on the
- directory
+ directory
webpage.
If you wish to contact me for any reason, you can use my
- contact methods.
+ contact methods.
- It's just Linux. GNU is completely unrelated to Linux, which is a
- kernel developed by Linus Torvalds. Linux can be used entirely without
- GNU software in userspace, and the kernel can be compiled without the
- use of GNU tools. Just because GNU tools were used to initally develop
- and compile the kernel, and were initially the only available tools for
+
It's just Linux. GNU is unrelated to Linux, which is a kernel
+ developed by Linus Torvalds. Linux can be used entirely without GNU
+ software in userspace, and the kernel can be compiled without the use of
+ GNU tools. Just because GNU tools were used to initally develop and
+ compile the kernel, and were initially the only available tools for
userspace, does not make this true today, and it never made GNU a part
- of Linux itself at any point of time. Where are all of the other
- forward-slashes for every other piece of software on your Linux-based
- system which makes it just as usable? If you're using "GNU/Linux", you
- should be using more than a single forward-slash when there is more to
- your system than only GNU.
+ of Linux itself at any point of time.
+ Where are all of the other forward-slashes for every other piece of
+ software on a Linux-based system which makes it just as usable? If a
+ system is running "GNU/Linux", it should be using more than a single
+ forward-slash when there is more to the system than only GNU.
+
+
@@ -112,23 +124,24 @@
preferred choice, while avoiding copyleft licenses and other licenses which
place restrictions on how my code may be used, and prevent me from including
important proprietary code, such as firmware, which can patch security
- vulnerabilities, privacy issues, and stability issues. All of my code is and
- will be permissively licensed unless specific circumstances make it impractical
- or infeasible to do so. My goal is to share code which has the least amount of
- restrictions as possible, to allow wider propagation of my code and allow more
- use cases and possibilities, as well as ensuring proprietary code, whenever
- required, is permitted to be included.
- My preferred licenses and rationale for using them are below; any licenses
- not listed are chosen on a case-by-case basis.
+ vulnerabilities, privacy issues, and stability issues.
+ All of my code is and will be permissively licensed unless specific
+ circumstances make it impractical or infeasible to do so. My goal is to share
+ code which has the least amount of restrictions as possible, to allow wider
+ propagation of my code and allow more use cases and possibilities, as well as
+ ensuring proprietary code, whenever required, is permitted to be included and/or
+ linked to.
ISO 5962:2021
is used for licensing, in the format
SPDX-License-Identifier: <license>; see the
SPDX license list
for the full list of available licenses under this standard.
+ My preferred licenses and rationale for using them are below; any licenses
+ not listed are chosen on a case-by-case basis.
SPDX-License-Identifier: BSD-3-Clause
- Type: Permissive
+ Type: Permissive
BSD 3-Clause License
is a highly permissive license which allows content
licensed under it to be used in any way, whether in
@@ -141,7 +154,7 @@
the original project.
SPDX-License-Identifier: GPL-2.0-only
- Type: Copyleft
+ Type: Copyleft
GNU General Public License v2.0
is a strong copyleft license which restricts use of
content licensed under it by requiring all source code
@@ -153,8 +166,8 @@
specified in the SPDX license identifier), and requiring
the original copyright notice to be kept in order to
attribute the original creator of the licensed
- content.
- Due to the restrictive and invasive nature of this
+ content.
+ Due to the restrictive and invasive nature of this
license, it is avoided unless such restrictions would be
beneficial to my code; whenever this is the case, the
GNU General Public License v2.0 will be used, rather
@@ -165,7 +178,7 @@
SPDX-License-Identifier: CC-BY-4.0
- Type: Permissive
+ Type: Permissive
Creative Commons Attribution 4.0 International
is a highly permissive license which allows content
licensed under it to be used in any way, in any medium,
@@ -193,26 +206,38 @@
All server logs purged every 14 days
User IP addresses used only for security and debugging
purposes (purged along with logs)
- All connections made via TLS 1.3 (TLS 1.2 and older are
- unsupported) to ensure the most secure AEAD ciphers are used,
- along with forward secrecy (each connection uses a different key
- to previous connections)
+ All connections made via
+ TLS 1.3
+ only to ensure the most secure
+ AEAD
+ ciphers are used, along with
+ forward secrecy
All connections made via high-security AEAD ciphers,
preferring AES-256-GCM for devices with AES
hardware-acceleration, and ChaCha20-Poly1305 for devices without
AES hardware-acceleration, with AES-128-GCM as a fallback
(AES-128-GCM is mandated for TLS 1.3 by
- IETF RFC8446 section 9.1)
+ IETF RFC8446 section 9.1)
All connections are made via high-security key exchange
protocols, preferring X25519, with secp256r1 as a fallback
(secp256r1 is mandated for TLS 1.3 by
- IETF RFC8446 section 9.1)
- DNSSEC implemented to provide a root-of-trust for encryption
- and authentication for domain and server configuration
+ IETF RFC8446 section 9.1)
+ Domain Name System Security Extensions (DNSSEC)
+ enabled to provide a root-of-trust for encryption and
+ authentication for domain and server configuration
+ Certificate Authority Authorization (CAA)
+ records enabled to prevent all certificate authorities other
+ than
+ Let's Encrypt from
+ issuing TLS certificates for my domains
+ Secure Shell fingerprint (SSHFP)
+ records enabled to provide a DNS-based root-of-trust for SSH
+ connections to my domains
Referrer headers disabled to prevent knowing where a user
was redirected from
All content sourced from my own domains, with third-party
- content prohibited via Content Security Policy
+ content prohibited via
+ Content Security Policy
configuration
All servers physically under my control (no VPS or other
hosting providers)
@@ -230,13 +255,13 @@
Type |
Hardware |
Description |
- Source model
+ | Source model
(License) |
| Smartphone |
- 
+
Google Pixel
|
@@ -320,7 +345,7 @@
minimum of 3 years from launch.
Pixel 6-series, Pixel 7-series, Pixel
Fold, and Pixel Tablet, are supported for a
- minimum of 5 years from launch.
+ minimum of 5 years from launch.
Pixel 8-series is supported for a
minimum of 7 years from launch,
putting it on the same support level as
@@ -341,13 +366,13 @@
| Type |
Software |
Description |
- Source model
+ | Source model
(License) |
| Operating system |
- 
+
Gentoo Linux
|
@@ -370,18 +395,18 @@
and GrapheneOS'
hardened_malloc
memory allocator.
- You can find my Gentoo Linux configurations in my
+ You can find my Gentoo Linux configurations in my
configuration respository.
|
- Open-source
+ Open-source
(GPL-2.0-only)
|
| Web browser |
- 
+
Chromium
|
@@ -398,7 +423,7 @@
memory hardening, and
control-flow integrity (CFI). |
- Open-source
+ Open-source
(BSD-3-Clause)
|
@@ -411,14 +436,13 @@
Type |
Software |
Description |
- Source model
+ | Source model
(License) |
| Operating system |
- 
-
+
GrapheneOS
|
@@ -456,14 +480,14 @@
which provides extensive documentation.
|
- Open-source
+ Open-source
(MIT)
|
| Web browser |
- 
+
Vanadium
|
@@ -481,14 +505,14 @@
patch-set, can be found in its
official repository. |
- Open-source
+ Open-source
(GPL-2.0-only)
|
| Messenger |
- 
+
Molly
|
@@ -516,13 +540,13 @@
|
- Open-source
+ Open-source
(GPL-3.0-only)
|
- 
+
Conversations
|
@@ -533,7 +557,7 @@
client and has great usability.
|
- Open-source
+ Open-source
(GPL-3.0-only)
|
@@ -543,7 +567,7 @@