• 0 Posts
  • 132 Comments
Joined 1 year ago
cake
Cake day: June 6th, 2023

help-circle

  • Don’t know about the rest, but…

    Does reflashing a ROM fix it?

    The phones appear to be simply dead with no response to anything. No way to connect ADB, no way to connect fastboot, nothing.

    Also the bootloader allows flashing over the cable only when it’s unlocked (at least on Pixels; I couldn’t find anything relevant in the Android documentation). The vast majority of Pixels should have their bootloaders locked, and it is only possible to unlock it through the system settings, so it’s pretty safe to say that most Pixels cannot be recovered if Android fails to boot because you cannot unlock the bootloader if you can’t get into settings.


  • Licensing the source as GPL doesn’t really force the copyright holder (which is 100% BitWarden due to their Contributors Agreement^*, no matter who contributed the code) to do anything - they are absolutely free to release binaries built on the same codebase as proprietary software without any mention of the GPL.

    For example if I write a hello world terminal program, release its source code under GPLv3 and then build it and give the built binary to you (and a permission to use it), you cannot force me to give you the source code for that build because I never gave you a GPL licensed binary.

    If you were to take my GPLv3 source code and distribute a build of it however, you would have to license your binaries under GPLv3, because that’s the terms of the license I provided the source code to you under. Your users would then have the right to request the source code of those binaries from you. And if you released the build under an incompatible license, I (but not the users) could sue you for violating my license.

    Their previous versions, still being under the GPL, would require them to release a change to make it usable on desktops.

    License violations are usually not resolved by making the violator comply retroactively, just going forward. And it’s the copyright holder (so BitWarden themselves) who needs to force the violator to comply.

    ^* this is the relevant part of the CA:

    By submitting a Contribution, you assign to Bitwarden all right, title, and interest in any copyright in the Contribution and you waive any rights, including any moral rights or database rights, that may affect our ownership of the copyright in the Contribution.

    It is followed by a workaround license for parts of the world where copyright cannot be given up.


  • That depends a lot on how the license gets interpreted and how license violations are handled by the local law. The argument for why the end user cannot do anything about GPL violation is that the violated contract is between upstream and the “bad” developer - the upstream project gave the bad developer access to their source code under the condition that the license stays the same. You as the end user only get exposed to the bad developer’s license, so you can’t do anything. It’s the upstream who must force them to extend a proper license to you.

    However there was also a case recently where the FSF argued that this interpretation / handling of the situation is against the spirit of GPL and I think they won, so… Yeah, it’s just unclear. Which is normal for legal texts (IMHO intentionally, but I’m not here to rag on lawyers, so I’ll leave it at that).


  • While I agree with your view (at least when it comes to firmware, especially given that hardware that doesn’t require a firmware upload on boot generally just has the very same proprietary firmware on a built-in memory, so the only difference is that you don’t get to even touch the software running on it), the point of this project is to remove non-libre components from coreboot/libreboot.

    It doesn’t differentiate itself from upstream in any other way, so if it fails to do the one thing it was made to do, then that’s in fact a newsworthy fact.


  • I do not know of any such dongle, but I’d like to ask you a question if you don’t mind: are you looking for a dongle with open-source firmware, or would a dongle that has its (proprietary) firmware stored in some onboard memory be acceptable?

    The second option wouldn’t require you to install any proprietary firmware on your computer, but you’d still rely on the proprietary firmware for the device to run. And it might also exist, unlike a dongle with FOSS firmware.


  • Maybe developers will finally start implementing predictive back now that it’s not hidden behind developer options. It’s kinda nice when you can just peek at where the app wants to take you when you go back, and it currently ironically tends to be implemented only by apps that already have decently made navigation.

    Also private space seems nice, finally a way to use the work profile sandbox natively without having to install third party apps that pretend to be work profile managers.


  • I know this isn’t Reddit, but r/peopleliveincities… When 90% of desktop users use Windows, it’s going to both be the most targeted by malware developers and have the highest chance of being operated by someone who doesn’t understand enough about computers to recognize that the shiny calculator app that just popped up after visiting a very legit Nigerian prince’s crowdfunding page probably shouldn’t need admin access.

    And speaking of user error, I’m willing to bet that basic security practices like using full disk encryption, SecureBoot, some MAC layer (provided by antivirus on Windows, AppArmor/SELinux on Linux) and regularly applying security updates are way more common over in the Windows land - if I was in a situation where there was one completely randomly selected Windows PC and one also completely randomly selected Linux PC, and my life depended on being able to gain access to either of them (some kind of really messed up Saw trap? idk), I would definitely bet my life on the Linux one being misconfigured.

    Don’t get me wrong, Linux can make for a very secure and private OS, but most installs most definitely cannot be described as such - just look at the popularity of random unverified PPAs on Ubuntu derivatives or AUR packages on Arch.


  • A reasonable build of the kernel optimized for virtualization won’t take more than a few tens of megabytes of RAM (and it will have support for memory ballooning, so the virtualized kernel will give the memory it doesn’t need back to the host), and the userspace will need to be separate anyway due to how different Android is to normal Linux distros.

    Containers are nice when you want to run dozens of separate services on the same server or want to get the benefits of infrastructure as code, but in this case they would provide minimal benefits at the cost of having no way of loading any kernel modules not built into whatever ancient kernel version your SoC manufacturer decided you have to use on your phone. Also, container escape vulnerabilities are still a bit more common than full VM escape, so this is also good for security on top of being more useful.




  • OK, cool. Just remember that the only entity who can sue in this situation is Microsoft (because when you contribute code to VS Code, you must sign a CLA that says you give Microsoft full perpetual rights to distribute your code under any license they wish - it is Microsoft who then “graciously” releases your code under a copy left license while also building their proprietary version of VS Code using it).

    And Microsoft cannot use the code if it gets released under a copyleft license - that wouldn’t allow them to build their proprietary build with it. So the only one who can do anything has less than zero (because it would improve only the FOSS forks, which are meant to be inferior) interest in making these guys publish the source code as proper FOSS.





  • Even on my home server (a desktop with 64 gigs of ram) the ram check takes longer than the OS.

    I was pretty sure I messed something up when I upgraded the RAM in my desktop from 16 to 64 gigs and it wouldn’t output any signal for solid 10 seconds, lol. And the regular 5 second black screen on normal boots was still something I had to get used to coming from maybe a second with 16 GB


  • Your argument is to have 2 subtly incompatible abis and one day binaries magically break.

    Whereas your argument seems to be to have a special C variant for 32bit Linux - there’s no reason to have a special time64_t anywhere else.

    No program with time32_t will ever work after 2038, so any compiled that way are broken from compilation.

    Yeah, so what will breaking the ABI do? Break it a bit more?

    If you really want to be clever, mangle the symbols for the functions that handle time so they encode time64 as appropriate

    That’s what MUSL libc does, and the result is two subtly incompatible ABIs - statically linked programs are fine, but if a dynamically linked library exports any function with time_t parameter or return value, it will use whatever size was configured at build time and it becomes a part of its ABI. So fixing this properly would require every library that wants to pass time_t values in its API to implement its own name mangling. That’s not a reasonable request for a barely used platform (remember, this is just 32bit userland, 64bit was always unaffected).


  • Ah, the joys of requiring non-standard library calls for apps to function.

    The problem is that this approach breaks the C standard library API, which is one of the few things that are actually pretty universal and expected to work on any platform. You don’t want to force app developers to support your snowflake OS that doesn’t support C.

    The current way forward accepted by every other distro is to just recompile everything against the new 64-bit libraries. Unless the compiled software makes weird hardcoded assumptions about sizes of structs (hand-coded assembly might be one somewhat legitimate reason for that, but other distros have been migrating to 64-bit time_t for long enough that this should have been caught already), this fixes the problem entirely for software that can be recompiled.

    That leaves just the proprietary software, for which you can either have a separate library path with 32-bit time_t dependencies, or use containers to effectively do the same.

    Sneaky edit: why not add new 64-bit APIs to C? Because the C standard never said anything about how to represent time_t. If the chosen implementation is insufficient, it’s purely on the platform to fix it. The C17 standard:

    The range and precision of times representable in clock_t and time_t are implementation-defined.