![](https://lemmy.ml/pictrs/image/29444417-ac06-4822-af03-087c9a8aacf2.webp)
![](https://lemmy.ml/pictrs/image/q98XK4sKtw.png)
Okay, so it wasn’t VNC, it was ssh stuff instead.
Okay, so it wasn’t VNC, it was ssh stuff instead.
Similarly, there’s System Admin Girl★まんがでわかるLinux シス管系女子 Imported a physical edition just for the quirky factor of a Linux Admin manga, but it is pretty well made and does explain pretty well some bits (even if from the first episode, they explain how to do VNC if i remember, from a Ubuntu 16.04 LTS desktop, so fairly easy and old) but it still on-going !
Spotify Lite for you, and me.
Well, i believe in all showcased cases from people here, they are NOT replacing sudo entirely (Except if some are from BSD or if I’m incorrect with this assumption). They are just replacing their user habit with doas and use that command instead. In the end, all unix scripts or apps expect using sudo (If not, su) so… ### What’s even the need to ?
Really looking to corrections if i do some
And even that advantage can be minimized by getting any bundle of privacy products, like Proton which offer all of those (Mail, VPN, Drive, Calendar) or even with your self-hosted VPS (Some VPS seller even allow you to prepare it with Nextcloud and a VPN relay for near no extra paiement).
I see the “pay once to one company”, but you also need to trust them entirely, for EVERYTHING.
Also, there’s already plenty of companies doing such thing (regardless of how practical/private/secure they are)
Just higher standards.
Thanks for the tip ! To be fair, I haven’t even checked the result and missed on it.
It still create an attack vector, as it allows a potential extra method to get access to it, in addition of potential hardware exploits that i shared to gain root. Yes, you can minimize the risks correctly, but the user is the only real barrier against it, not the software anymore. The less potential way to exploit your phone, the better it is. You shouldn’t rely on thinking that such feature is fully attack-proof.
Stop it [send] Mom [send] This is [send] your warning [send] ⚠️ [send] … [send] Did you even read Mom ? [sent 53 photos]
Aggree with common sense, but more difficult to establish with some people.
The actual Magisk prompt that ask you if you want to give root to such app. This UI layer.
Although, i suppose it could be countered by explicitly refusing all requests or enabling a biometric confirmation
Just logical. If you gain the privilege to modify system bits, then it just open the potential for attacks abusing root access. And it has been done already. You are just removing one step for them. https://www.bleepingcomputer.com/news/security/loki-trojan-infects-android-libraries-and-system-process-to-get-root-privileges/ https://www.bleepingcomputer.com/news/security/highly-advanced-spydealer-malware-can-root-one-in-four-android-devices/ https://www.bleepingcomputer.com/news/security/new-abstractemu-malware-roots-android-devices-evades-detection/ https://promon.co/security-news/fjordphantom-android-malware/
Only big manufacturers can really pay to control entirely the hardware inside it, and allow you to modify it. Checkout Fairphone for example. They’ve been forced to stop hardware security updates due to their chip manufacturer, who refused to continue supporting it, despite them trying to support their devices for plenty more years. This explains the choice with Google.
Sadly, can’t be re-locked. Would have loved to get a Motorola if it was.
That’s the main issue really, as it open the possibility to manage your device for anyone getting hold of it. Probably some debug attack methods also with it.
Proove us that you can get better security while remaining able to be fully modified with other phones and brands. https://www.privacyguides.org/en/android/#divestos
If you have the UI layer able to grant root access, it has root access itself and is not sandboxed. If the UI layer can grant it, an attacker gaining slight control over it has root access. An accessibility service trivially has root access. A keyboard can probably get root access, and so on. Instead of a tiny little portion of the OS having root access, a massive portion of it does.
In the verified boot threat model, an attacker controls persistent state. If you have persistent root access as a possibility then verified boot doesn’t work since persistent state is entirely trusted.
A userdebug build of AOSP or GrapheneOS has a su binary and an adb root command providing root access via the Android Debug Bridge via physical access using USB. This does still significantly reduce security, particularly since ADB has a network mode that can be enabled. Most of the security model is still intact. This is not what people are referring to when they talk about rooting on Android, they are referring to granting root access to apps via the UI not using it via a shell.
Beat the main purpose of GrapheneOS. Open the phone to a broad lot of security issues.
Fairly certain Silence does allow you to block those. If not, it got plenty of other block options. And it’s Free and Open Source !
Sadly, it hasn’t been updated for more than 2 years, Including the blocklist database. https://gitlab.com/xynngh/YetAnotherCallBlocker_data It seemed to have just used the ShouldIAnswer database, which would have been my suggestion (Even if it isn’t open-source and does more than just block Geo-cals)
Speaking of doas, is there any advantage of using it when… sudo is still available to be used? I agree that most of the stuff we require to use doesn’t need all the options sudo as, but if it is for the sake of security, maintenance, and stability… is there any reason to use doas ON TOP of the already setup sudo or su? In the past, I even tried to just apply a simple alias to replace sudo with doas, but numerous scripts and programs when trying to request explicit super-user permissions, just didn’t know what to do with doas as expected, so this ain’t it.