Andromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό

@[email protected]
65 Followers
251 Following
402 Posts

 

https://justmytoots.com/@andromxda@infosec.space

tootfinder

Lemmy@[email protected]
Old account@Andromxda
Show threadAndromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό1d ago
@GrapheneOS Consider hosting your own instance of ArchiveBox.
ArchiveBox

πŸ—ƒ Open source self-hosted web archiving. Takes URLs/browser history/bookmarks/Pocket/Pinboard/etc., saves HTML, JS, PDFs, media, and more…

ArchiveBox
Andromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό1d ago
Show threadDaniΓ«l de Kok1d ago

@khw @vollaficationist @celeduc @GrapheneOS @guilg @EUCommission Centralized remote attestation is diametrically opposed to privacy, since it makes projects vulnerable to pressure to weaken security & privacy, delay updates, etc.

AFAIK the support for remote attestation that is already provided in AOSP does not suffer from this issue, because there is not a single entity that enforces it (banks can whitelist signing key fingerprints).

So the only reason I can think of is control.

Andromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό1d ago
Show threadDaniΓ«l de Kok1d ago

@khw @vollaficationist @celeduc @GrapheneOS @guilg @EUCommission This is not just a theoretical concern.

Some European countries border on autocracy. Imagine that this initiative is successful. An autocrat could pressure Volla et al. to only attest phones that have a chat backdoor under the thread of banning them from the market.

It is anti-privacy, anti-security, and anti-freedom.

Andromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό1d ago
Show threadGrapheneOS1d ago
@khw @danieldk @vollaficationist @celeduc @guilg @EUCommission It has everything to do with a centralized attestation system. Once this system starts being adopted, the EU can require it for banking/government apps as they began the process of doing with the Play Integrity API. They can then hijack it and begin enforcing their own requirements such including disallowing encryption without backdoors. There should be no organization in charge of which devices and operating systems are allowed.
Show threadAndromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό1d ago
@vollaficationist You still haven't addressed the actual criticism. The point still stands that Volla and the other companies involved in this have a massive conflict of interest. The same conflict of interest Google has with Play Integrity. "Unified Attestation" being European doesn't make this conflict of interest go away. As an EU citizen: You're not helping Europeans, you aren't doing anything good for consumers. This is still an anti-competitive move and needs to be investigated, just like Google needs to be investigated and regulated because of their monopolistic Play Integrity API.
Andromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό1d ago
GrapheneOS1d ago

RE: https://mastodon.social/@vollaficationist/116250746129876535

Here's a post where the @vollaficationist clearly refers to themselves as being part of Volla and shares internal information which would only be known to someone working at Volla

This account doesn't belong to someone who uses and supports Volla's products but rather belongs to someone working at the company. Take note of how they claim to respect GrapheneOS at the end of that post. It's an extreme contrast with many of the other posts they've made trying to undermine the GrapheneOS project.

Andromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό2d ago
iFixit2d ago

The new MacBook Neo is the most repairable MacBook we’ve seen in 14 years. Screwed-in battery tray, modular ports, sensible layout, and day-one repair manuals. It’s not perfect, but it’s a real step forward for MacBook repair. Read the full breakdown at the link below.

https://www.ifixit.com/News/116152/macbook-neo-is-the-most-repairable-macbook-in-14-years
β€”
#iFixit #RightoRepair

Show threadAndromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό2d ago
@freya Here's a demo for Matcha-TTS, which the GrapheneOS TTS feature is based on: https://shivammehta25.github.io/Matcha-TTS/
Matcha-TTS: A fast TTS architecture with conditional flow matching

A fast TTS architecture with conditional flow matching

Matcha-TTS
Show threadAndromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό2d ago
@31113 It was considered, but ultimately decided against, since Mastodon doesn't natively offer an option to change the character limit, so it would require manually patching the code. https://grapheneos.social/@GrapheneOS/115463582032498642
GrapheneOS (@[email protected])

@[email protected] @[email protected] There isn't even build configuration to increase Mastodon's character limit. It requires changing it in multiple places in the code. We're not using a patched fork of Mastodon like infosec.exchange but rather the official upstream releases. We would have to deal with it ourselves as we don't want to use a fork.

GrapheneOS Mastodon
Andromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό3d ago
GrapheneOS3d ago

Android provides a standard hardware attestation system with support for alternate operating systems via allowing their verified boot key fingerprints. It's mainly used with Google's root of trust and remote key provisioning service but the API supports alternative roots of trust.

Volla's Unified Attestation is fully built on Android's hardware attestation API. It solely exists to create a centralized authority and service determining what's allowed under their control.

https://mastodon.social/@volla/116238706890314617