Update webpage "Blog - #0" from version 5.0.0-beta.1+32 to 5.0.1-beta.1

2023-10-31 00:15:27 +00:00 · 2023-10-31 00:15:27 +00:00 · fe8328e4f1
commit fe8328e4f1
parent ba2c10b5ac
1 changed files with 164 additions and 147 deletions
--- a/blog/foss_is_working_against_itself.html
+++ b/blog/foss_is_working_against_itself.html
@ -5,7 +5,7 @@
 <!-- Copyright 2022 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
-<!-- Version: 5.0.0-beta.1+32 -->
+<!-- Version: 5.0.1-beta.1 -->
 <html>
@ -14,7 +14,7 @@
 				<link rel="stylesheet" href="../main.css">
 				<meta name="viewport" content="width=device-width, initial-scale=1">
 		</head>
-		<!-- Navigation bar -->
+		<body>
 				<div class="sidebar">
 						<a href="../index.html"><img src="../asset/img/logo-inferencium-no_text.png" width="110px" height="110px"></a>
 						<a href="../index.html" class="title">Inferencium</a><br>
@ -28,13 +28,10 @@
 						<div><a href="../key.html">Key</a></div>
 						<div><a href="../changelog.html">Changelog</a></div>
 				</div>
 		<body>
 				<h1>Blog - #0</h1>
 						<section id="blog">
 						<h2>FOSS is Working Against Itself</h2>
 								<p class="update_date">Posted: 2022-01-27 (UTC+00:00)</p>
 								<p class="update_date">Updated: 2022-11-09 (UTC+00:00)</p>
 								<!-- Table of contents -->
 						<section id="toc">
 								<h2 id="toc"><a href="#toc">Table of Contents<a/></h2>
 										<ul>
@ -49,127 +46,147 @@
 						</section>
 						<section id="introduction">
 								<h2 id=introduction"><a href="#introduction">Introduction</a></h2>
-												<p>The world has become a dangerous, privacy invading, human rights stripping, totalitarian place;
+										<p>The world has become a dangerous, privacy invading, human rights stripping,
-												in order to combat this, people are joining a growing, and dangerous, trend, which I will refer to
+										totalitarian place; in order to combat this, people are joining a growing, and
-												in this post as the "Free and Open Source (FOSS) movement". With that stated, I will now debunk the
+										dangerous, trend, which I will refer to in this post as the "Free and Open
-												misinformation being spread inside of this extremely flawed movement.</p>
+										Source (FOSS) movement". With that stated, I will now debunk the misinformation
 										being spread inside of this extremely flawed movement.</p>
 										<p>The
 										<a href="https://en.wikipedia.org/wiki/Free_software">FOSS</a>
 										movement is an attempt to regain
 										<a href="https://en.wikipedia.org/wiki/Privacy">privacy</a>
 										and
 										<a href="https://en.wikipedia.org/wiki/Control_(psychology)">control</a>
-												over our devices and data, but the entire concept of FOSS-only, at the current time, is
+										over our devices and data, but the entire concept of FOSS-only, at the current
-												severely, and dangerously, flawed. What the FOSS community does not seem to understand is the fact
+										time, is severely, and dangerously, flawed. What the FOSS community does not
-												that most FOSS software cares not about
+										seem to understand is the fact that most FOSS software cares not about
 										<a href="https://en.wikipedia.org/wiki/Security">security</a>.
-												"Security"; keep that word in mind as you progress through this article. What is security? Security
+										"Security"; keep that word in mind as you progress through this article. What is
-												is being safe and secure from adversaries and unwanted consequences; security protects our rights
+										security? Security is being safe and secure from adversaries and unwanted
-												and allows us to protect ourselves. Without security, we have no protection, and without protection,
+										consequences; security protects our rights and allows us to protect ourselves.
-												we have a lack of certainty of everything else, including privacy and control, which is what the
+										Without security, we have no protection, and without protection, we have a lack
-												FOSS movement is seeking.</p>
+										of certainty of everything else, including privacy and control, which is what
-												<p>FOSS projects rarely take security into account; they simply look at the surface level, rather
+										the FOSS movement is seeking.</p>
-												than the actual
+										<p>FOSS projects rarely take security into account; they simply look at the
 										surface level, rather than the actual
 										<a href="https://en.wikipedia.org/wiki/Root_cause_analysis">root cause</a>
-												of the issues they are attempting to fight against. In this case, the focus is on
+										of the issues they are attempting to fight against. In this case, the focus is
-												privacy and control. Without security mechanisms to protect the privacy features and the ability to
+										on privacy and control. Without security mechanisms to protect the privacy
-												control your devices and data, it can be stripped away as if it never existed in the first place,
+										features and the ability to control your devices and data, it can be stripped
-												which, inevitably, leads us back to the beginning, and the cycle repeats. With this
+										away as if it never existed in the first place, which, inevitably, leads us back
 										to the beginning, and the cycle repeats. With this
 										<a href="https://en.wikipedia.org/wiki/Ideology">ideology</a>,
-												privacy and control will *never* be achieved. There is no foundation to build privacy
+										privacy and control will <em>never</em> be achieved. There is no foundation to
-												or control upon. It is impossible to build a solid, freedom respecting platform on this model.</p>
+										build privacy or control upon. It is impossible to build a solid, freedom
 										respecting platform on this model.</p>
 						</section>
 						<section id="examples">
 								<h2 id="examples"><a href="#examples">Examples</a></h2>
 										<section id="examples-smartphones">
 												<h3 id="examples-smartphones"><a href="#examples-smartphones">Smartphones</a></h3>
 														<p>A FOSS phone, especially so-called
-																<a href="https://en.wikipedia.org/wiki/Linux_for_mobile_devices#Smartphones">"Linux phones"</a>
+														"<a href="https://en.wikipedia.org/wiki/Linux_for_mobile_devices#Smartphones">Linux phones</a>"
-																are completely
+														are completely detrimental to privacy and control, because they
-																detrimental to privacy and control, because they do not have the security necessary to enforce that
+														do not have the security necessary to enforce that privacy.
 																privacy.
 														<a href="https://en.wikipedia.org/wiki/Bootloader_unlocking">Unlocked bootloaders</a>
 														prevent the device from
 														<a href="https://source.android.com/docs/security/features/verifiedboot/">verifying the integrity of the boot chain</a>,
-																including the OS, meaning any adversary, whether a
+														including the OS, meaning any adversary, whether a stranger who
-																stranger who happens to pick up the device, or a big tech or government entity, can simply inject
+														happens to pick up the device, or a big tech or government
-																malicious code into your software and you wouldn't have any idea it was there. If that's not enough
+														entity, can simply inject malicious code into your software and
-																of a backdoor for you to reconsider your position, how about the trivial
+														you wouldn't have any idea it was there. If that's not enough of
 														a backdoor for you to reconsider your position, how about the
 														trivial
 														<a href="https://en.wikipedia.org/wiki/Evil_maid_attack">evil maid</a>
-																and data extraction attacks which could be executed on your device, without coercion?
+														and data extraction attacks which could be executed on your
-																With Android phones, this is bad enough to completely break the privacy and control the FOSS
+														device, without coercion? With Android phones, this is bad
-																movement seeks, but "Linux phones" take it a step further by implementing barely any security, if
+														enough to completely break the privacy and control the FOSS
-																any at all.
+														movement seeks, but "Linux phones" take it a step further by
 														implementing barely any security, if any at all.
 														<a href="https://en.wikipedia.org/wiki/Privilege_escalation">Privilege escalation</a>
-																is trivial to achieve on any Linux system, which is the reason Linux
+														is trivial to achieve on any Linux system, which is the reason
 														Linux
 														<a href="https://en.wikipedia.org/wiki/Hardening_(computing)">hardening</a>
-																strategies often include restricting access to the root account; if you
+														strategies often include restricting access to the root account;
 														if you
 														<a href="https://en.wikipedia.org/wiki/Rooting_(Android)">root your Android phone</a>,
-																or use a "Linux phone", you've already destroyed the security model,
+														or use a "Linux phone", you've already destroyed the security
-																and thus privacy and control model you were attempting to achieve. Not only are these side effects
+														model, and thus privacy and control model you were attempting to
-																of FOSS, so is the absolutely illogical restriction of not being able to, or making it unnecessarily
+														achieve. Not only are these side effects of FOSS, so is the
-																difficult to, install and update critical components of the system, such as proprietary
+														absolutely illogical restriction of not being able to, or making
 														it unnecessarily difficult to, install and update critical
 														components of the system, such as proprietary
 														<a href="https://en.wikipedia.org/wiki/Firmware">firmware</a>,
-																which just so happens to be almost all of them. "Linux phones" are not as free as
+														which just so happens to be almost all of them. "Linux phones"
-																they proclaim to be.</p>
+														are not as free as they proclaim to be.</p>
 														<p>You may ask "What's so bad about using
 														<a href="https://lineageos.org/">LineageOS</a>?",
-																to which I answer with "What's not bad about it?".</p>
+														to which I answer with "What's not bad about it?".
 																<ul>
 																		<li>LineageOS uses
 																		<a href="https://github.com/LineageOS/hudson/blob/master/lineage-build-targets">debug builds</a>,
 																		not safe and secure release builds.</li>
-																		<li>LineageOS requires an unlocked bootloader. Even when installed on devices which support custom
+																		<li>LineageOS requires an unlocked bootloader.
-																		Android Verified Boot (AVB) keys, the bootloader cannot be locked due to lack of the OS being
+																		Even when installed on devices which support
-																		signed.</li>
+																		custom Android Verified Boot (AVB) keys, the
-																		<li>LineageOS does not install critically important firmware without manual flashing, requiring users
+																		bootloader cannot be locked due to lack of the
-																		to perform a second update to install this firmware; this likely causes users to ignore the
+																		OS being signed.</li>
-																		notification or miss firmware updates.</li>
+																		<li>LineageOS does not install critically
 																		important firmware without manual flashing,
 																		requiring users to perform a second update to
 																		install this firmware; this likely causes users
 																		to ignore the notification or miss firmware
 																		updates.</li>
 																		<li>LineageOS does not implement
 																		<a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a>,
-																		meaning any adversary, from a stranger who physically picks up the device,
+																		meaning any adversary, from a stranger who
-																		to a goverment entity remotely, can simply downgrade the OS to a previous version in order to
+																		physically picks up the device, to a goverment
-																		exploit known
+																		entity remotely, can simply downgrade the OS to
 																		a previous version in order to exploit known
 																		<a href="https://en.wikipedia.org/wiki/Vulnerability_(computing)">security vulnerabilities</a>.</li>
 																</ul>
-																<p>LineageOS is not the only Android OS (commonly, and incorrectly, referred to as a "ROM") with such
+														</p>
-																issues, but it is one of the worst. The only things such insecure OSes can provide you are
+														<p>LineageOS is not the only Android OS (commonly, and
-																customisation abilities, and a backdoor to your data. They are best suited as a development OS, not
+														incorrectly, referred to as a "ROM") with such issues, but it is
-																a production OS.</p>
+														one of the worst. The only things such insecure OSes can provide
 														you are customisation abilities, and a backdoor to your data.
 														They are best suited as a development OS, not a production
 														OS.</p>
 										</section>
 						</section>
 						<section id="solution">
 								<h2 id="solution"><a href="#solution">Solution</a></h2>
-												<p>What can you do about this? The answer is simple; however, it does require you to use logic,
+										<p>What can you do about this? The answer is simple; however, it does require
-												fact, and evidence, not emotion, which is a difficult pill for most people to swallow. Use your
+										you to use logic, fact, and evidence, not emotion, which is a difficult pill for
-												adversaries' weapons against them. The only way to effectively combat the privacy invasion and lack
+										most people to swallow. Use your adversaries' weapons against them. The only way
-												of control of our devices and data is to become a
+										to effectively combat the privacy invasion and lack of control of our devices
 										and data is to become a
 										<a href="https://en.wikipedia.org/wiki/Turncoat">renegade</a>
-												and not take sides. Yes, that means not taking sides with the closed source,
+										and not take sides. Yes, that means not taking sides with the closed-source,
-												proprietary, big tech and government entities, but it also means not taking sides with any
+										proprietary, big tech and government entities, but it also means not taking
-												FOSS entities. The only way to win this war is to take *whatever* hardware and software you can, and
+										sides with any FOSS entities. The only way to win this war is to take
-												use it tactically.</p>
+										<em>whatever</em> hardware and software you can, and use it tactically.</p>
-												<p>The only solution for phone security, privacy, and control, is to use a Google Pixel (currently,
+										<p>The best solution for device security, privacy, and control, is to use a
-												Pixel 4a-series or newer) running
+										Google Pixel (currently, Pixel 5a-series or newer) running
 										<a href="https://grapheneos.org/">GrapheneOS</a>.
-												Google Pixel phones allow you complete bootloader freedom, including the
+										Google Pixel devices allow you complete bootloader freedom, including the
 										<a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">ability to lock the bootloader after flashing a custom OS</a>
-												(GrapheneOS includes a custom OS signing key to allow locking the bootloader and enabling verified
+										(GrapheneOS includes a custom OS signing key to allow locking the bootloader and
-												boot to prevent
+										enabling verified boot to prevent
 										<a href="https://en.wikipedia.org/wiki/Malware">malware</a>
 										persistence, evil maid attacks, and boot chain
 										<a href="https://en.wikipedia.org/wiki/Data_corruption">corruption</a>),
 										<a href="https://support.google.com/nexus/answer/4457705">long device support lifecycles</a>
-												(minimum 3 years for Pixel 4a-series to Pixel 5a, minimum 5
+										(minimum 3 years for Pixel 5a, minimum 5 years for Pixel 6-series and 7-series,
-												years for Pixel 6-series and newer), and
+										and minimum 7 years for Pixel 8-series and newer), and
 										<a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>
 										for the entire support timeframe of the devices.</p>
 						</section>
 						<section id="conclusion">
 								<h2 id="conclusion"><a href="#conclusion">Conclusion</a></h2>
-												<p>Use what you can, and do what you can. By neglecting security, you are, even if unintentionally,
+										<p>Use what you can, and do what you can. By neglecting security, you are, even
-												neglecting exactly what you are trying to gain; privacy and control.</p>
+										if unintentionally, neglecting exactly what you are trying to gain; privacy and
-								</section>
+										control.</p>
 						</section>
 		</body>
 </html>