838 lines
49 KiB
HTML
838 lines
49 KiB
HTML
<!DOCTYPE html>
|
|
|
|
<!-- Inferencium - Website - About -->
|
|
<!-- Version: 10.2.0 -->
|
|
|
|
<!-- Copyright 2022 Jake Winters -->
|
|
<!-- SPDX-License-Identifier: BSD-3-Clause -->
|
|
|
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
|
<head>
|
|
<meta charset="utf-8"/>
|
|
<meta name="viewport" content="width=device-width, initial-scale=1"/>
|
|
<link rel="stylesheet" href="main.css"/>
|
|
<link rel="icon shortcut" href="asset/img/logo/inferencium-notext.png"/>
|
|
<title>Inferencium - About</title>
|
|
</head>
|
|
<body>
|
|
<nav class="navbar">
|
|
<div class="logo"><a href="index.xhtml"><img src="asset/img/logo/inferencium-notext.png" alt="Inferencium logo"/></a></div>
|
|
<div class="title"><a href="index.xhtml">Inferencium</a></div>
|
|
<div><a href="about.xhtml">About</a></div>
|
|
<div><a href="news.xhtml">News</a></div>
|
|
<div><a href="documentation.xhtml">Documentation</a></div>
|
|
<div><a href="source.xhtml">Source</a></div>
|
|
<div><a href="changelog.xhtml">Changelog</a></div>
|
|
<div><a href="blog.xhtml">Blog</a></div>
|
|
<div><a href="contact.xhtml">Contact</a></div>
|
|
<div><a href="directory.xhtml">Directory</a></div>
|
|
<div><a href="key.xhtml">Key</a></div>
|
|
<div class="sitemap"><a href="sitemap.xhtml">Sitemap</a></div>
|
|
</nav>
|
|
<h1 id="about"><a href="#about">About</a></h1>
|
|
<nav id="toc">
|
|
<h2><a href="#toc">Table of Contents</a></h2>
|
|
<ul>
|
|
<li><a href="#about_me">About Me</a></li>
|
|
<li><a href="#date_time">Date and Time</a></li>
|
|
<li><a href="#languages">Languages</a></li>
|
|
<ul>
|
|
<li><a href="#languages-markup">Markup</a></li>
|
|
<ul>
|
|
<li><a href="#languages-markup-xhtml">XHTML</a></li>
|
|
<li><a href="#languages-markup-asciidoc">AsciiDoc</a></li>
|
|
</ul>
|
|
<li><a href="#languages-programming">Programming</a></li>
|
|
<ul>
|
|
<li><a href="#languages-programming-rust">Rust</a></li>
|
|
<li><a href="#languages-programming-go">Go</a></li>
|
|
</ul>
|
|
</ul>
|
|
<li><a href="#licensing">Licensing</a></li>
|
|
<ul>
|
|
<li><a href="#licensing-code">Code</a></li>
|
|
<ul>
|
|
<li><a href="#licensing-code-bsd3clause">BSD 3-Clause License</a></li>
|
|
<li><a href="#licensing-code-gpl2.0only">GNU General Public License v2.0</a></li>
|
|
</ul>
|
|
<li><a href="#licensing-noncode">Non-code</a></li>
|
|
<ul>
|
|
<li><a href="#licensing-noncode-ccby4.0">Creative Commons Attribution 4.0 International</a></li>
|
|
</ul>
|
|
<li><a href="#licensing-open_source_vs_free_software">Do I Distinguish Between Open Source and Free Software?</a></li>
|
|
</ul>
|
|
<li><a href="#versioning">Versioning</a></li>
|
|
<ul>
|
|
<li><a href="#versioning-numbering_scheme">What is the Numbering Scheme?</a></li>
|
|
<li><a href="#versioning-phases">What Are the Phases?</a></li>
|
|
</ul>
|
|
<li><a href="#services">Services</a></li>
|
|
<ul>
|
|
<li><a href="#services-websites">Websites</a></li>
|
|
</ul>
|
|
<li><a href="#recommendations">Recommendations</a></li>
|
|
<ul>
|
|
<li><a href="#recommendations-hardware">Hardware</a></li>
|
|
<ul>
|
|
<li><a href="#recommendations-hardware-smartphone">Smartphone</a></li>
|
|
</ul>
|
|
<li><a href="#recommendations-software">Software</a></li>
|
|
<ul>
|
|
<li><a href="#recommendations-software-pc">PC</a></li>
|
|
<li><a href="#recommendations-software-smartphone">Smartphone</a></li>
|
|
</ul>
|
|
<li><a href="#recommendations-music">Music</a></li>
|
|
</ul>
|
|
<li><a href="#gnulinux_or_linux">Is it GNU/Linux or Just Linux?</a></li>
|
|
</ul>
|
|
</nav>
|
|
<section id="about_me">
|
|
<h2><a href="#about_me">About Me</a></h2>
|
|
<img class="avatar" src="asset/img/avatar/inference.png" alt="My avatar."/>
|
|
<p>I am Jake Winters, also known by my pseudonym "Inference", a security researcher based in United
|
|
Kingdom.</p>
|
|
<p>I am the founder, lead developer, and administrator, of Inferencium.</p>
|
|
<p>All opinions are my own, and are not necessarily shared with projects or people I am affiliated
|
|
with.</p>
|
|
<p>I write about my research and experience in cybersecurity and also physical security. Most of my
|
|
postings are security-related, but I occasionally post about other aspects of my life.</p>
|
|
<p>I am an open source advocate for the preservation and modifiability of source code. I believe
|
|
source code should be considered human knowledge as much as past knowledge and teachings were; it is
|
|
how modern humanity survives and runs. Source code being modifiable allows it to be adapted for use
|
|
by anyone, whether to add features, harden it for increased security and/or privacy, or provide
|
|
accessibility for disabled users.</p>
|
|
<p>I am also a modular design advocate for the ability to securely and robustly make changes to
|
|
hardware and software without the entire system being affected.</p>
|
|
<p>I run multiple XMPP channels; a directory of channels can be found on the
|
|
<a href="https://inferencium.net/directory.xhtml">directory</a>
|
|
webpage.</p>
|
|
<p>If you wish to contact me for any reason, you can use my
|
|
<a href="https://inferencium.net/contact.xhtml">contact methods</a>.</p>
|
|
</section>
|
|
<section id="date_time">
|
|
<h2><a href="#date_time">Date and Time</a></h2>
|
|
<p>All dates and times across my services are
|
|
<a href="https://en.wikipedia.org/wiki/ISO_8601">ISO 8601</a>-compliant.
|
|
The short-form format <code>YYYY-MM-DD</code> is used for dates, and <code>hh:mm:ss</code> is used
|
|
for times, with display of seconds being based on required level of accuracy. The full expression
|
|
may be used when necessary; <code>YYYYMMDDThhmmssZ</code> (UTC without offset),
|
|
<code>YYYYMMDDThhmmss+hhmm</code> (with positive offset), or <code>YYYYMMDDThhmmss-hhmm</code> (with
|
|
negative offset).</p>
|
|
</section>
|
|
<section id="languages">
|
|
<h2><a href="#languages">Languages</a></h2>
|
|
<section id="languages-markup">
|
|
<h3><a href="#languages-markup">Markup</a></h3>
|
|
<p>The following markup languages are used in my code, with
|
|
rationale provided for the usage of each language.</p>
|
|
<p>Note that derivations of non-Inferencium codebases, such as
|
|
forks, may not contain the markup languages listed here due to
|
|
the work involved in replacing all code, but will be rewritten
|
|
whenever possible, and new code will be written in my preferred
|
|
languages whenever possible.</p>
|
|
<section id="languages-markup-xhtml">
|
|
<h4><a href="#languages-markup-xhtml">XHTML</a></h4>
|
|
<p>XHTML is preferred for most content due to its HTML-based design and syntax, with
|
|
advantages over HTML, including strict parsing checks which assist with achieving
|
|
code-correctness, and being XML-compliant to allow widespread usage even outside of
|
|
the intended HTML-based use case.</p>
|
|
<p>HTML has multiple flaws, including allowing broken code to be loaded in the
|
|
user's web browser, not informing the developer of broken code or mismatching tags,
|
|
and using non-standard, highly-permissive syntax which is non-portable. XHTML
|
|
mitigates or completely fixes these issues via its XML namespace.</p>
|
|
</section>
|
|
<section id="languages-markup-asciidoc">
|
|
<h4><a href="#languages-markup-asciidoc">AsciiDoc</a></h4>
|
|
<p>AsciiDoc is used when portability is a concern, as it allows easy conversion to
|
|
other file formats, including HTML and PDF. AsciiDoc can also be read as-is, due to
|
|
it having clean markup and high readability when viewed as plaintext.</p>
|
|
</section>
|
|
</section>
|
|
<section id="languages-programming">
|
|
<h3><a href="#languages-programming">Programming</a></h3>
|
|
<p>The following programming languages are used in my code, with rationale provided for the
|
|
usage of each language.</p>
|
|
<p>Note that derivations of non-Inferencium codebases, such as forks, may not contain the
|
|
programming languages listed here due to the work involved in replacing all code, but will
|
|
be rewritten whenever possible, and new code will be written in my preferred languages
|
|
whenever possible.</p>
|
|
<section id="languages-programming-rust">
|
|
<h4><a href="#languages-programming-rust">Rust</a></h4>
|
|
<p>Rust is a partially object-oriented programming language with a focus on security
|
|
and performance. It has strict compile-time checks to verify the memory-safety and
|
|
thread-safety of code, is memory-efficient, has no garbage collection, is highly
|
|
portable, has great support for integration with other languages, and is suitable
|
|
for both high-level and low-level code.</p>
|
|
<p>Rust is the modern replacement for C++.</p>
|
|
</section>
|
|
<section id="languages-programming-go">
|
|
<h4><a href="#languages-programming-go">Go</a></h4>
|
|
<p>Go is a functional programming language with a focus on performance. It is easy
|
|
to use, has garbage collection, allows clean codebases, and is suitable for
|
|
high-level code.</p>
|
|
<p>Go is the modern replacement for C.</p>
|
|
</section>
|
|
</section>
|
|
</section>
|
|
<section id="licensing">
|
|
<h2><a href="#licensing">Licensing</a></h2>
|
|
<p>I care about upstreaming and sharing code, strongly preferring licenses which have high license
|
|
compatibility in order to permit sharing code with as many other projects as possible; for this
|
|
reason, permissive licenses are my preferred choice, while avoiding copyleft licenses and other
|
|
licenses which place restrictions on how my code may be used, and prevent me from including
|
|
important proprietary code, such as firmware, which can patch security vulnerabilities, privacy
|
|
issues, and stability issues.</p>
|
|
<p>All of my code is and will be permissively-licensed unless specific circumstances make it
|
|
impractical or infeasible to do so. My goal is to share code which has the least amount of
|
|
restrictions as possible, to allow wider propagation of my code and allow more use cases and
|
|
possibilities, as well as ensuring proprietary code, whenever required, is permitted to be included
|
|
and/or linked to.</p>
|
|
<p><a href="https://iso.org/standard/81870.html">ISO 5962:2021</a>
|
|
is used for licensing, in the format
|
|
<code>SPDX-License-Identifier: <var><license></var></code>; see the
|
|
<a href="https://spdx.org/licenses/">SPDX License List</a>
|
|
for the full list of available licenses under this
|
|
standard.</p>
|
|
<p>My preferred licenses and rationale for using them are below; any licenses not listed are chosen
|
|
on a case-by-case basis.</p>
|
|
<section id="licensing-code">
|
|
<h3><a href="#licensing-code">Code</a></h3>
|
|
<section id="licensing-code-bsd3clause">
|
|
<h4><a href="#licensing-code-bsd3clause">BSD 3-Clause License</a></h4>
|
|
<p><b>SPDX License Identifier:</b> <code>BSD-3-Clause</code></p>
|
|
<p><b>Type:</b> Permissive</p>
|
|
<p><a href="https://spdx.org/licenses/BSD-3-Clause.html">BSD 3-Clause License</a>
|
|
is a highly-permissive license which allows content licensed under it to be used in
|
|
any way, whether in source or binary form, and allows sublicensing under a different
|
|
license, with the only restrictions being the original copyright notice must be kept
|
|
in order to attribute the original creator of the licensed content, and the name of
|
|
the project and/or its contributors may not be used to endorse or promote products
|
|
derived from the original project.</p>
|
|
</section>
|
|
<section id="licensing-code-gpl2.0only">
|
|
<h4><a href="#licensing-code-gpl2.0only">GNU General Public License v2.0</a></h4>
|
|
<p><b>SPDX License Identifier:</b> <code>GPL-2.0-only</code></p>
|
|
<p><b>Type:</b> Copyleft</p>
|
|
<p><a href="https://spdx.org/licenses/GPL-2.0-only.html">GNU General Public License v2.0</a>
|
|
is a strong copyleft license which restricts use of content licensed under it by
|
|
requiring all source code of the content to be publicly available, making
|
|
binary-only form and inclusion of proprietary code impossible, requiring all
|
|
derivatives to be licensed under the same license (allowing sublicensing under only
|
|
newer GPL licenses if <code>GPL-2.0-or-later</code> is specified in the SPDX License
|
|
Identifier), and requiring the original copyright notice to be kept in order to
|
|
attribute the original creator of the licensed content.</p>
|
|
<p>Due to the restrictive and invasive nature of this license, it is avoided unless
|
|
such restrictions would be beneficial to my code; whenever this is the case, the GNU
|
|
General Public License v2.0 will be used, rather than the more restrictive
|
|
<a href="https://spdx.org/licenses/GPL-3.0-only.html">GNU General Public License v3.0</a>,
|
|
and relicensing derivatives under the GNU General Public License v3.0 will be
|
|
disallowed.</p>
|
|
</section>
|
|
</section>
|
|
<section id="licensing-noncode">
|
|
<h3><a href="#licensing-noncode">Non-code</a></h3>
|
|
<section id="licensing-noncode-ccby4.0">
|
|
<h4><a href="#licensing-noncode-ccby4.0">Creative Commons Attribution 4.0 International</a></h4>
|
|
<p><b>SPDX License Identifier:</b> <code>CC-BY-4.0</code></p>
|
|
<p><b>Type:</b> Permissive</p>
|
|
<p><a href="https://spdx.org/licenses/CC-BY-4.0.html">Creative Commons Attribution 4.0 International</a>
|
|
is a highly-permissive license which allows content licensed under it to be used in
|
|
any way, in any medium, with the only restriction being the original copyright
|
|
notice must be kept in order to attribute the original creator of the licensed
|
|
content.</p>
|
|
</section>
|
|
</section>
|
|
<section id="licensing-open_source_vs_free_software">
|
|
<h3><a href="#licensing-open_source_vs_free_software">Do I Distinguish Between Open Source and Free Software?</a></h3>
|
|
<p>No. If code is not released under an open-source license and places restrictions on how
|
|
the code may be used, it is either source-available (if viewing the code is permitted) or
|
|
proprietary. "Free software" only causes confusion and exists to push an ideology by a
|
|
specific group of people. If software isn't "free", it's not open-source, either.</p>
|
|
</section>
|
|
</section>
|
|
<section id="versioning">
|
|
<h2><a href="#versioning">Versioning</a></h2>
|
|
<section id="versioning-numbering_scheme">
|
|
<h3><a href="#versioning-numbering_scheme">What is the Numbering Scheme?</a></h3>
|
|
<p>All code uses
|
|
<a href="https://semver.org">Semantic Versioning</a>.
|
|
The numbering scheme is divided into 3 blocks (herein referred to as Block 0, Block 1, and
|
|
Block 2, in left-to-right order); the version blocks are separated by periods. When a
|
|
version number block is incremented, all blocks to the right of it are reset to 0. The
|
|
legacy versioning scheme was a similar numerical versioning scheme which lacked
|
|
standardisation.</p>
|
|
<p>Block 0 contains the <code><var>MAJOR</var></code> version; this number is incremented
|
|
whenever an API-incompatible change is made to the code.</p>
|
|
<p>Block 1 contains the <code><var>MINOR</var></code> version; this number is incremented
|
|
whenever an API-compatible, substantial change is made to the code, such as adding a
|
|
feature.</p>
|
|
<p>Block 2 contains the <code><var>PATCH</var></code> version; this number is incremented
|
|
whenever an API-compatible, unsubstantial change is made to the code, such as fixing or
|
|
optimising the code.</p>
|
|
<p>Development and pre-release versions are suffixed with a hyphen, followed by their phase,
|
|
a period, then the version of that phase; for example, <code>-alpha.<var>n</var></code> for
|
|
an alpha version, <code>-beta.<var>n</var></code> for a beta version, and
|
|
<code>-rc.<var>n</var></code> for a release candidate version, with
|
|
<code><var>n</var></code> being a positive integer beginning at 1. Stable versions have no
|
|
suffix.</p>
|
|
</section>
|
|
<section id="versioning-phases">
|
|
<h3><a href="#versioning-phases">What Are the Phases?</a></h3>
|
|
<p>There are 4 phases of development. Each phase typically has its own branch in each source
|
|
code repository. The phases are as follows:</p>
|
|
<ol>
|
|
<li><b>Alpha:</b> Pre-alpha development and alpha-testing occurs in this phase.
|
|
Features are added, modified, and/or removed. Fixes and optimisations may also occur
|
|
if they are caught during this phase. This is where the majority of changes occur
|
|
and where the fine-grained commits can be found. Breakage is highly likely within
|
|
this phase as it makes no attempt to be stable or usable due to being where the most
|
|
rapid development occurs. Code is tested internally in a fine-grained manner and is
|
|
moved to the next phase only when it is deemed feature-complete and reasonably
|
|
stable for broader public testing. If you would like to assist in testing code in
|
|
this phase, you must use the code and/or tags from the source code repositories due
|
|
to it not being available publicly outside of them.</li>
|
|
<li><b>Beta:</b> Feature-complete testing occurs in this phase. Only bug fixes and
|
|
optimisations occur in this phase, such as stability and security fixes. This phase
|
|
is classified as stable enough for broad public testing and is made available
|
|
publicly in many cases without having to use the source code repositories. Since
|
|
this phase contains only feature-complete code, no features will be added, modified,
|
|
or removed in this phase.</li>
|
|
<li><b>Release candidate (RC):</b> Feature-complete testing occurs in this phase.
|
|
Code in the RC phase is often stable enough for production usage, but is not yet
|
|
completely acceptable to be classified as stable by my standards. This phase is
|
|
often skipped due to most bugs being caught in the beta phase, but will be used
|
|
should the need arise for finer-grained testing beyond what the beta phase can
|
|
provide. Like the beta phase, code in this phase is available publicly without
|
|
requiring usage of the source code repositories.</li>
|
|
<li><b>Stable:</b> Feature-complete and well-tested code is moved to this phase.
|
|
Code in this phase is deemed to be stable enough for production usage and full
|
|
support is provided.</li>
|
|
</ol>
|
|
<p>When development of a new version has begun, the code within the alpha phase is rebased
|
|
onto the most recent code from the stable phase before work commences. This cycle continues
|
|
for the lifetime of the code.</p>
|
|
</section>
|
|
</section>
|
|
<section id="services">
|
|
<h2><a href="#services">Services</a></h2>
|
|
<p>This list contains the policies and practices of my services.</p>
|
|
<p>My policies and practices are heavily security-focused and privacy-focused, with improvements
|
|
made on an ongoing basis as new technologies, hardware, software, and protocols become
|
|
available.</p>
|
|
<h3 id="services-websites"><a href="#services-websites">Websites</a></h3>
|
|
<ul>
|
|
<li>Unnecessary logging avoided (only logs required for security and debugging
|
|
purposes)</li>
|
|
<li>All server logs purged every 14 days</li>
|
|
<li>User IP addresses used only for security and debugging purposes (purged along with
|
|
logs)</li>
|
|
<li>All connections made via
|
|
<a href="https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3">TLS 1.3</a>
|
|
only to ensure the most secure
|
|
<a href="https://en.wikipedia.org/wiki/Authenticated_encryption">AEAD</a>
|
|
ciphers are used, along with
|
|
<a href="https://en.wikipedia.org/wiki/Forward_secrecy">forward secrecy</a></li>
|
|
<li>All connections made via high-security AEAD ciphers, preferring AES-256-GCM for
|
|
devices with AES hardware-acceleration, and ChaCha20-Poly1305 for devices without AES
|
|
hardware-acceleration, with AES-128-GCM as a fallback (AES-128-GCM is mandated for TLS
|
|
1.3 by
|
|
<a href="https://datatracker.ietf.org/doc/rfc8446#section-9.1">IETF RFC8446 section 9.1</a>)</li>
|
|
<li>All connections are made via high-security key exchange protocols, preferring
|
|
X25519, with secp256r1 as a fallback (secp256r1 is mandated for TLS 1.3 by IETF RFC8446
|
|
section 9.1)</li>
|
|
<li><a href="https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions">Domain Name System Security Extensions (DNSSEC)</a>
|
|
enabled to provide a root-of-trust for encryption and authentication for domain and
|
|
server configuration</li>
|
|
<li><a href="https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization">Certification Authority Authorization (CAA)</a>
|
|
records enabled to prevent all certificate authorities other than
|
|
<a href="https://letsencrypt.org/">Let's Encrypt</a> from
|
|
issuing TLS certificates for my domains</li>
|
|
<li><a href="https://en.wikipedia.org/wiki/SSHFP_record">Secure Shell fingerprint (SSHFP)</a>
|
|
records enabled to provide a DNS-based root-of-trust for SSH connections to my
|
|
domains</li>
|
|
<li>Referrer headers disabled to prevent knowing where a user was redirected from</li>
|
|
<li>All content sourced from my own domains, with third-party content prohibited via
|
|
<a href="https://en.wikipedia.org/wiki/Content_Security_Policy">Content Security Policy</a>
|
|
configuration</li>
|
|
<li>All servers physically under my control (no VPS or other hosting providers)</li>
|
|
<li>No proprietary services, ensuring I have complete control over my services, and
|
|
vendor lock-in does not occur</li>
|
|
</ul>
|
|
</section>
|
|
<section id="recommendations">
|
|
<h2><a href="#recommendations">Recommendations</a></h2>
|
|
<section id="recommendations-hardware">
|
|
<h3><a href="#recommendations-hardware">Hardware</a></h3>
|
|
<section id="recommendations-hardware-smartphone">
|
|
<h4><a href="#recommendations-hardware-smartphone">Smartphone</a></h4>
|
|
<div style="overflow-x:auto;">
|
|
<table>
|
|
<colgroup>
|
|
<col class="small"/>
|
|
<col class="small"/>
|
|
<col class="lrg"/>
|
|
<col class="med"/>
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th id="hardware-smartphone-type">Type</th>
|
|
<th id="hardware-smartphone">Hardware</th>
|
|
<th id="hardware-smartphone-description">Description</th>
|
|
<th id="hardware-smartphone-source_model">
|
|
<p>Source model</p>
|
|
<p>(SPDX License Identifier)</p>
|
|
</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<th id="hardware-smartphone-smartphone">Smartphone</th>
|
|
<th id ="google-pixel" headers="hardware hardware-smartphone-smartphone">
|
|
<img src="asset/img/google-pixel_8_pro.png" width="100" height="100" alt="Front and rear view of a Google Pixel 8 Pro in Obsidian colour"/>
|
|
Google Pixel
|
|
</th>
|
|
<td class="desc" headers="hardware-description google-pixel">
|
|
<h5>Security/Privacy</h5>
|
|
<p>Google Pixel devices are the best Android devices
|
|
available on the market for
|
|
<a href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">security and privacy</a>.</p>
|
|
<p>They allow locking the bootloader with a
|
|
<a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">custom Android Verified Boot (AVB) key</a>
|
|
in order to preserve security and privacy features when
|
|
installing a custom operating system, such as
|
|
<a href="https://source.android.com/docs/security/features/verifiedboot/">verified boot</a>
|
|
which verifies that the OS has not been corrupted or tampered with, and
|
|
<a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a>
|
|
which prevents an adversary from rolling back the OS or
|
|
firmware version to a previous version with known security
|
|
vulnerabilities.</p>
|
|
<p>They also include a
|
|
<a href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule">hardware security module</a>
|
|
(Titan M2, improving on the previous generation
|
|
<a href="https://security.googleblog.com/2018/10/building-titan-better-security-through.html">Titan M</a>)
|
|
which is extremely resistant to both remote and physical
|
|
attacks due to being completely isolated from the rest of
|
|
the system, including the operating system. Titan M2 ensures
|
|
that the device cannot be remotely compromised by requiring
|
|
the side buttons of the device to be physically pressed for
|
|
some sensitive operations. Titan M2 also takes the role of
|
|
<a href="https://source.android.com/docs/security/best-practices/hardware#strongbox-keymaster">Android StrongBox Keymaster</a>,
|
|
a
|
|
<a href="https://source.android.com/docs/security/features/keystore">hardware-backed Keystore</a>
|
|
containing sensitive user keys which are unavailable to the
|
|
OS or apps running on it without authorisation from Titan M2
|
|
itself.
|
|
<a href="https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html">Insider attack resistance</a>
|
|
ensures that Titan M2 firmware can be flashed only if the
|
|
user PIN/password is already known, making it impossible to
|
|
backdoor the device without already knowing these secrets.</p>
|
|
<p>Google Pixel device kernels are compiled with
|
|
<a href="https://android-developers.googleblog.com/2018/10/control-flow-integrity-in-android-kernel.html">forward-edge control-flow integrity</a>
|
|
and
|
|
<a href="https://security.googleblog.com/2019/10/protecting-against-code-reuse-in-linux_30.html">backward-edge control-flow integrity</a>
|
|
to prevent code reuse attacks against the kernel. MAC
|
|
address randomisation is
|
|
<a href="https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html">implemented well, along with minimal probe requests and randomised initial sequence numbers</a>.</p>
|
|
<p>Google releases
|
|
<a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>,
|
|
ensuring Google Pixel devices are up-to-date and quickly
|
|
protected against security vulnerabilities.</p>
|
|
<p>Pixel 6-series and 7-series devices are a large
|
|
improvement over the already very secure and private
|
|
previous generation Pixel devices. They replace ARM-based
|
|
Titan M with RISC-V-based Titan M2, reducing trust by
|
|
removing ARM from the equation. Titan M2 is more resiliant
|
|
to attacks than Titan M, and is
|
|
<a href="https://www.tuv-nederland.nl/assets/files/cerfiticaten/2022/09/nscib-cc-22-0228971-cert-final.pdf">AVA_VAN.5 certified</a>,
|
|
the highest level of vulnerability assessment. Google's
|
|
in-house Tensor System-on-Chip includes Tensor Security
|
|
Core, further improving device security.</p>
|
|
<p>Pixel 8-series includes Armv9's
|
|
<a href="https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enhanced-security-through-mte">Memory Tagging Extension</a>,
|
|
which dramatically increases device security by eliminating
|
|
up to 95% of all security issues caused by
|
|
memory-unsafety.</p>
|
|
<h5>Support</h5>
|
|
<p>Pixel 5a is supported for a
|
|
<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-a-g-pixel-pixel-a-g-pixel-a-pixel-xl-pixel">minimum of 3 years from launch</a>.</p>
|
|
<p>Pixel 6-series, Pixel 7-series, Pixel Fold, and Pixel
|
|
Tablet are supported for a
|
|
<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-a-pixel-pixel-pro-pixel-a-pixel-pixel-pro-pixel-fold">minimum of 5 years from launch</a>.</p>
|
|
<p>Pixel 8-series is supported for a
|
|
<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-pro">minimum of 7 years from launch</a>.</p>
|
|
</td>
|
|
<td headers="hardware-smartphone-source_model google-pixel">
|
|
<p>Proprietary</p>
|
|
<p>(NONE)</p>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</section>
|
|
</section>
|
|
<section id="recommendations-software">
|
|
<h3><a href="#recommendations-software">Software</a></h3>
|
|
<section id="recommendations-software-pc">
|
|
<h4><a href="#recommendations-software-pc">PC</a></h4>
|
|
<div style="overflow-x:auto;">
|
|
<table>
|
|
<colgroup>
|
|
<col class="small"/>
|
|
<col class="small"/>
|
|
<col class="lrg"/>
|
|
<col class="med"/>
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th id="software-pc-type">Type</th>
|
|
<th id="software-pc">Software</th>
|
|
<th id="software-pc-description">Description</th>
|
|
<th id="software-pc-source_model">
|
|
<p>Source model</p>
|
|
<p>(SPDX License Identifier)</p>
|
|
</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<th id="software-pc-os">Operating system</th>
|
|
<th id="gentoo_linux" headers="software-pc software-pc-os">
|
|
<img src="asset/img/logo/gentoo_linux.png" width="100" height="100" alt="Gentoo Linux logo"/>
|
|
Gentoo Linux
|
|
</th>
|
|
<td class="desc" headers="software-pc-description gentoo_linux">
|
|
<p><a href="https://www.gentoo.org/">Gentoo Linux</a>
|
|
is a highly-modular, source-based, Linux-based operating system
|
|
which allows vast customisation to tailor the operating system
|
|
to suit your specific needs. There are many advantages to such
|
|
an operating system, with the most notable being the ability to
|
|
optimise the software for security, privacy, performance, or
|
|
power usage; however, there are effectively unlimited other use
|
|
cases, or a combination of multiple use cases.</p>
|
|
<p>I have focused on security hardening and privacy hardening,
|
|
placing performance below those aspects, although my system is
|
|
still very performant. Some of the hardening I apply includes
|
|
<a href="https://en.wikipedia.org/wiki/Buffer_overflow_protection">stack protection</a>,
|
|
<a href="https://en.wikipedia.org/wiki/Integer_overflow">signed integer overflow trapping</a>,
|
|
and GrapheneOS'
|
|
<a href="https://github.com/GrapheneOS/hardened_malloc/">hardened_malloc</a>
|
|
memory allocator.</p>
|
|
<p>You can find my Gentoo Linux configurations in my
|
|
<a href="https://src.inferencium.net/Inferencium/cfg/">configuration respository</a>.</p>
|
|
</td>
|
|
<td headers="software-pc-source_model gentoo_linux">
|
|
<p>Open-source</p>
|
|
<p>(GPL-2.0-only)</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<th id="software-pc-libc">C Standard Library</th>
|
|
<th id="musl" headers="software-pc software-pc-libc">
|
|
<img src="asset/img/logo/musl.png" width="90%" height="90%" alt="musl logo"/>
|
|
musl
|
|
</th>
|
|
<td class="desc" headers="software-pc-description musl">
|
|
<p><a href="https://musl.libc.org/">musl</a>
|
|
is a lightweight C standard library which aims to be correct,
|
|
standards-compliant, and safe. Unlike
|
|
<a href="https://gnu.org/software/libc">glibc</a>,
|
|
it greatly conforms to POSIX standards, deviating very little
|
|
by keeping its own non-standard extensions to a minimum, and
|
|
takes care to not break such conformity.</p>
|
|
<p>Also unlike glibc, due to its lightweight and
|
|
standards-compliant design, musl is portable and well-suited for
|
|
use in any system, whether desktop, server, or embedded.</p>
|
|
</td>
|
|
<td headers="software-pc-source_model musl">
|
|
<p>Open-source</p>
|
|
<p>(MIT)</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<th id="software-web_browser">Web browser</th>
|
|
<th id="chromium" headers="software-pc software-web_browser">
|
|
<img src="asset/img/logo/chromium.png" width="100" height="100" alt="Chromium logo"/>
|
|
Chromium
|
|
</th>
|
|
<td class="desc" headers="software-pc-description chromium">
|
|
<p><a href="https://chromium.org/">Chromium</a>
|
|
is a highly-secure web browser which is often ahead of other web
|
|
browsers in security aspects. It has a dedicated security team
|
|
and a very impressive
|
|
<a href="https://www.chromium.org/Home/chromium-security/brag-sheet/">security brag sheet</a>.
|
|
Chromium's security features include a strong
|
|
<a href="https://code.google.com/p/chromium/wiki/LinuxSandboxing">multi-layer sandbox</a>,
|
|
strong
|
|
<a href="https://www.chromium.org/Home/chromium-security/site-isolation">site isolation</a>,
|
|
<a href="https://www.chromium.org/Home/chromium-security/binding-integrity">Binding Integrity</a>
|
|
memory hardening, and
|
|
<a href="https://www.chromium.org/developers/testing/control-flow-integrity/">control-flow integrity (CFI)</a>.</p>
|
|
</td>
|
|
<td headers="software-pc-source_model chromium">
|
|
<p>Open-source</p>
|
|
<p>(BSD-3-Clause)</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<th rowspan="2" id="software-vcs">Version Control</th>
|
|
<th id="git" headers="software-pc software-vcs">
|
|
<img src="asset/img/logo/git.png" width="85%" height="85%" alt="Git logo"/>
|
|
Git
|
|
</th>
|
|
<td class="desc" headers="software-pc-description git">
|
|
<p><a href="https://git-scm.com/">Git</a>
|
|
is highly-flexible and feature-rich version control software
|
|
which allows fast, cheap branching for any source code
|
|
development use case, allowing rapid, flexible development in
|
|
either centralised or decentralised configurations, whether
|
|
client-server model or peer-to-peer.</p>
|
|
</td>
|
|
<td headers="software-pc-source_model git">
|
|
<p>Open-source</p>
|
|
<p>(GPL-2.0-only)</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<th id="gitea" headers="software-pc software-vcs">
|
|
<img src="asset/img/logo/gitea.png" width="100" height="100" alt="Gitea logo"/>
|
|
Gitea
|
|
</th>
|
|
<td class="desc" headers="software-pc-description software-vcs">
|
|
<p><a href="https://gitea.com/">Gitea</a>
|
|
is an all-in-one development platform with Git hosting, code
|
|
review, team collaboration, package registry and CI/CD.</p>
|
|
</td>
|
|
<td headers="software-pc-source_model gitea">
|
|
<p>Open-source</p>
|
|
<p>(MIT)</p>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</section>
|
|
<section id="recommendations-software-smartphone">
|
|
<h4><a href="#recommendations-software-smartphone">Smartphone</a></h4>
|
|
<div style="overflow-x:auto;">
|
|
<table>
|
|
<colgroup>
|
|
<col class="small"/>
|
|
<col class="small"/>
|
|
<col class="lrg"/>
|
|
<col class="med"/>
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th id="software-smartphone-type">Type</th>
|
|
<th id="software-smartphone">Software</th>
|
|
<th id="software-smartphone-description">Description</th>
|
|
<th id="software-smartphone-source_model">
|
|
<p>Source model</p>
|
|
<p>(SPDX License Identifier)</p>
|
|
</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<th id="software-smartphone-os">Operating system</th>
|
|
<th id="grapheneos" headers="software-smartphone software-smartphone-os">
|
|
<img src="asset/img/logo/grapheneos.png" width="100" height="100" alt="GrapheneOS logo"/><br/>
|
|
GrapheneOS</th>
|
|
<td class="desc" headers="software-smartphone-description grapheneos">
|
|
<p><a href="https://grapheneos.org/">GrapheneOS</a>
|
|
is a security-hardened, privacy-hardened, secure-by-default,
|
|
Android-based operating system which implements extensive,
|
|
systemic security and privacy hardening to the Android Open
|
|
Source Project used as its base codebase.</p>
|
|
<p>Its hardening includes closing gaps for apps to access
|
|
sensitive system information, a secure app spawning feature
|
|
which avoids sharing address space layout and other secrets
|
|
AOSP's default Zygote app spawning model would share,
|
|
<a href="https://github.com/GrapheneOS/kernel_gs-gs101/">hardened kernel</a>,
|
|
hardened memory allocator
|
|
(<a href="https://github.com/GrapheneOS/hardened_malloc/">hardened_malloc</a>)
|
|
to protect against common heap memory corruption vulnerabilities
|
|
and reduce the lifetime of data in memory due to
|
|
zero-initialising memory on it being freed, Arm's Memory Tagging
|
|
Extension to provide protection against heap memory bugs such as
|
|
use-after-free and buffer overflow (MTE-supporting devices
|
|
only),
|
|
<a href="https://github.com/GrapheneOS/platform_bionic/">hardened Bionic standard C library</a>,
|
|
<a href="https://github.com/GrapheneOS/platform_system_sepolicy/">stricter SELinux policies</a>,
|
|
and local and remote hardware-backed attestation
|
|
(<a href="https://attestation.app/about/">Auditor</a>)
|
|
to ensure the OS has not been corrupted or tampered with.</p>
|
|
<p>GrapheneOS only supports
|
|
<a href="https://grapheneos.org/faq#device-support">high-security and well-supported devices</a>
|
|
which receive full support from their manufacturers, including
|
|
firmware updates, long support lifecycles, secure hardware, and
|
|
overall high-security practices.</p>
|
|
<p>For an extensive list of features GrapheneOS provides, visit
|
|
its
|
|
<a href="https://grapheneos.org/features/">official features list</a>.</p>
|
|
</td>
|
|
<td headers="software-smartphone-source_model grapheneos">
|
|
<p>Open-source</p>
|
|
<p>(MIT)</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<th id="software-smartphone-web_browser">Web browser</th>
|
|
<th id="vanadium" headers="software-smartphone software-smartphone-web_browser">
|
|
<img src="asset/img/logo/vanadium.png" width="100" height="100" alt="Vanadium logo"/><br/>
|
|
Vanadium</th>
|
|
<td class="desc" headers="software-smartphone-description vanadium">
|
|
<p>Vanadium is a security-hardened, privacy-hardened,
|
|
Chromium-based web browser which utilises GrapheneOS' operating
|
|
system hardening to implement stronger defenses to the already
|
|
very-secure Chromium web browser.</p>
|
|
<p>Its hardening alongside Chromium's base security features
|
|
includes
|
|
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0081-Implement-UI-for-JIT-site-settings.patch">disabling JavaScript just-in-time (JIT) compilation by default</a>,
|
|
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0051-stub-out-the-battery-status-API.patch">stubbing out the battery status API to prevent abuse of it</a>,
|
|
and
|
|
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0084-Toggle-for-navigating-external-URL-in-incognito.patch">always-on Incognito mode as an option</a>.</p>
|
|
<p>Vanadium's source code, including its Chromium patch-set, can
|
|
be found in its
|
|
<a href="https://github.com/GrapheneOS/Vanadium/">official repository</a>.</p>
|
|
</td>
|
|
<td headers="software-smartphone-source_model vanadium">
|
|
<p>Open-source</p>
|
|
<p>(GPL-2.0-only)</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<th rowspan="2" id="software-smartphone-messenger">Messenger</th>
|
|
<th id="molly" headers="software-smartphone software-smartphone-messenger">
|
|
<img src="asset/img/logo/molly.png" width="100" height="100" alt="Molly logo"/><br/>
|
|
Molly</th>
|
|
<td class="desc" headers="software-smartphone-description molly">
|
|
<p><a href="https://molly.im/">Molly</a>
|
|
is a security-hardened, privacy-hardened
|
|
<a href="https://signal.org/">Signal</a>
|
|
client which hardens Signal by using a variety of
|
|
<a href="https://github.com/mollyim/mollyim-android#features">unique features</a>,
|
|
allowing
|
|
<a href="https://github.com/mollyim/mollyim-android/wiki/Data-Encryption-At-Rest">locking the database when not in use</a>,
|
|
and
|
|
<a href="https://github.com/mollyim/mollyim-android/blob/a81ff7d120adc9d427be17239107343146bad704/app/src/main/java/org/thoughtcrime/securesms/crypto/MasterSecretUtil.java#L91">utilising Android StrongBox</a>
|
|
to protect user keys using the device's hardware security
|
|
module.</p>
|
|
<p>Molly is available in
|
|
<a href="https://github.com/mollyim/mollyim-android#free-and-open-source">2 flavours</a>:</p>
|
|
<ul>
|
|
<li><b>Molly:</b> Includes the same proprietary Google
|
|
code as Signal to support more features</li>
|
|
<li><b>Molly-FOSS:</b> Removes the proprietary Google
|
|
code to provide an entirely open-source client</li>
|
|
</ul>
|
|
</td>
|
|
<td headers="software-smartphone-source_model molly">
|
|
<p>Open-source</p>
|
|
<p>(AGPL-3.0-only)</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<th id="conversations" headers="software-smartphone software-smartphone-messenger">
|
|
<img src="asset/img/logo/conversations.png" width="100" height="100" alt="Conversations logo"/><br/>
|
|
Conversations</th>
|
|
<td class="desc" headers="software-smartphone-description conversations">
|
|
<p><a href="https://conversations.im/">Conversations</a>
|
|
is a well-designed Android
|
|
<a href="https://xmpp.org/">XMPP</a>
|
|
client which serves as the de facto XMPP reference client and
|
|
has great usability.</p>
|
|
<p>It supports the latest and most important XMPP extensions
|
|
(XEPs), including, but not limited to:</p>
|
|
<ul>
|
|
<li><a href="https://xmpp.org/extensions/xep-0384.html"><b>XEP-0384 (OMEMO Encryption)</b></a><b>:</b>
|
|
Provides end-to-end encryption with perfect forward
|
|
secrecy</li>
|
|
<li><a href="https://xmpp.org/extensions/xep-0065.html"><b>XEP-0065 (SOCKS5 Bytestreams)</b></a><b>:</b>
|
|
Allows file transfers behind network address translation
|
|
and firewalls</li>
|
|
<li><a href="https://xmpp.org/extensions/xep-0198.html"><b>XEP-0198 (Stream Management)</b></a><b>:</b>
|
|
Allows XMPP to survive small network outages and changes
|
|
of the underlying TCP connection</li>
|
|
<li><a href="https://xmpp.org/extensions/xep-0215.html"><b>XEP-0215 (External Service Discovery)</b></a><b>:</b>
|
|
Facilitates peer-to-peer audio and video calls via
|
|
STUN/TURN</li>
|
|
<li><a href="https://xmpp.org/extensions/xep-0280.html"><b>XEP-0280 (Message Carbons)</b></a><b>:</b>
|
|
Allows synchronising messages across different XMPP
|
|
clients and sessions</li>
|
|
<li><a href="https://xmpp.org/extensions/xep-0313.html"><b>XEP-0313 (Message Archive Management)</b></a><b>:</b>
|
|
Allows storing messages on, and synchronising messages
|
|
with, the server, which is useful for scenarios such as
|
|
being offline</li>
|
|
<li><a href="https://xmpp.org/extensions/xep-0363.html"><b>XEP-0363 (HTTP File Upload)</b></a><b>:</b>
|
|
Allows sharing files in multi-user chats and with
|
|
offline contacts</li>
|
|
</ul>
|
|
</td>
|
|
<td headers="software-smartphone-source_model conversations">
|
|
<p>Open-source</p>
|
|
<p>(GPL-3.0-only)</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<th id="software-smartphone-viewer">Viewer</th>
|
|
<th id="gallery" headers="software-smartphone software-smartphone-viewer">
|
|
<img src="asset/img/logo/gallery.png" width="100" height="100" alt="Gallery logo"/><br/>
|
|
Gallery</th>
|
|
<td class="desc" headers="software-smartphone-description gallery">
|
|
<p><a href="https://github.com/IacobIonut01/Gallery">Gallery</a>
|
|
is a lightweight image and video viewer with image editing
|
|
capabilities.</p>
|
|
<p>It has a clean and modern design without including
|
|
unnecessary features, and runs smoothly. It provides both
|
|
individual image and video file view, and folder view.</p>
|
|
</td>
|
|
<td headers="software-smartphone-source_model gallery">
|
|
<p>Open-source</p>
|
|
<p>(Apache-2.0)</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<th id="software-smartphone-calculator">Calculator</th>
|
|
<th id="opencalc" headers="software-smartphone software-smartphone-calculator">
|
|
<img src="asset/img/logo/opencalc.png" width="100" height="100" alt="OpenCalc logo"/><br/>
|
|
OpenCalc</th>
|
|
<td class="desc" headers="software-smartphone-description opencalc">
|
|
<p><a href="https://github.com/Darkempire78/OpenCalc">OpenCalc</a>
|
|
is a simple, lightweight calculator with optional scientific
|
|
features.</p>
|
|
</td>
|
|
<td headers="software-smartphone-source_model opencalc">
|
|
<p>Open-source</p>
|
|
<p>(GPL-3.0-only)</p>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</section>
|
|
</section>
|
|
<section id="recommendations-music">
|
|
<h3><a href="#recommendations-music">Music</a></h3>
|
|
<p>For a curated list of music I enjoy, visit my
|
|
<a href="music.xhtml">music page</a>.</p>
|
|
</section>
|
|
</section>
|
|
<section id="gnulinux_or_linux">
|
|
<h2><a href="#gnulinux_or_linux">Is it GNU/Linux or Just Linux?</a></h2>
|
|
<p>It's just Linux. GNU is unrelated to Linux, which is a kernel developed by
|
|
<a href="https://en.wikipedia.org/wiki/Linus_Torvalds">Linus Torvalds</a>.
|
|
Linux can be used entirely without GNU software in userspace, and the kernel can be compiled without
|
|
the use of GNU tools. Just because GNU tools were used to initally develop and compile the kernel,
|
|
and were initially the only available tools for userspace, does not make this true today, and it
|
|
never made GNU a part of Linux itself at any point of time.</p>
|
|
<p>Where are all of the other forward-slashes for every other piece of software on a Linux-based
|
|
system which makes it just as usable? If a system is running "GNU/Linux", it should be using more
|
|
than a single forward-slash when there is more to the system than only GNU.</p>
|
|
</section>
|
|
<div class="sitemap-small"><a href="sitemap.xhtml">Sitemap</a></div>
|
|
</body>
|
|
</html>
|