<DocScrutinizer05>
even RMS takes e.g. processor instruction sets for given and doesn't ask for in-depth documentation how each single opcode works inside the ALU
<DocScrutinizer05>
you have to stop *somewhere*
<pabs3>
interesting that RMS talks about the same "layers of openness" that bunnie does
<DocScrutinizer05>
so far FSF pretty much failed to define that *"somewhere"
<pabs3>
I think their intention is to *not* define it, so we can have that manual for rebooting civilization from the ground up
<DocScrutinizer05>
FSF stops at arbitrary random borders where it becomes inconvenient to go further
<DocScrutinizer05>
exactly
<pabs3>
where would you stop?
<DocScrutinizer05>
and that's precisely the point where I bail out
<DocScrutinizer05>
tbh I wouldn't start like they did
<DocScrutinizer05>
since I've seen the stop-problem from beginning
<DocScrutinizer05>
if FSF was consequent and logical, they would admit that they cannot reach their own goals and would rather use a quantitative rating than a qualitative binary one
<DocScrutinizer05>
there is no "100% free" ever
<DocScrutinizer05>
the closer you look, the more arbitrary FSF ratings get
<DocScrutinizer05>
I'm not averse of their goals, not at all. I just question the approach a lot
joecool has quit [Remote host closed the connection]
<DocScrutinizer05>
blabla to me. aiui there is no way to guarantee such separation in nvidio chipset
<DocScrutinizer05>
what means “we assume that it’s a hostile router in the way we developed PrivatOS,” ?
<DocScrutinizer05>
meh, all that is about remote provisioning via SMS. Sure they can claim they segregated the baseband from their OS so such SMS wouldn't instantly change content of config variables, What I'm talking about here is a completely different story where the baseband OS has *illegal* access to the linux mamory in any way it wants
<DocScrutinizer05>
when (for simplicity) two processors (actually it's one) share the same RAM, then it doesn't help to claim "processor B has no API to change variables in processor A's address space" - which is basically what blackphone states here
<DocScrutinizer05>
unless they show me a schamtics of the Blackphone, I don't buy the separation myth
<DocScrutinizer05>
schematics*
<pabs3>
cool: "I've gotten several pull requests to my free hardware design that I sell as my primary source of income"
<DocScrutinizer05>
I guess I know the block diagrams of those nvidia chips, and if that's what they use then this is a shared RAM architecture which has no means whatsoever to guarantee the baseband will _not_ access RAM of linux
<DocScrutinizer05>
but I guess not even Blckphone has the schematics of those devices, and maybe they have no idea what architecture is actually used
<DocScrutinizer05>
they argue on a software level
<DocScrutinizer05>
while this issue is in hardware
<DocScrutinizer05>
you cannot develop your PrivatOS in a way so it fixes any such threat/vulnerability
<DocScrutinizer05>
of course even when they were aware, they wouldn't admit
<DocScrutinizer05>
since it's a bug they cannot fix and thus kills their product
<DocScrutinizer05>
to me it seems they thought they could turn an arbitrary android phone into a secure device by simply developing a secure OS. Flawed approach
<DocScrutinizer05>
but actually it doesn't even need schematics to check all this - simply disassemble a blacjphone and check if it has a dedicated linux SoC and RAM and a separate modem chip and RAM
<DocScrutinizer05>
my bet is you'll find *one* Nvidia SoC with integrated modem, and *one* RAM
ecloud is now known as ecloud_wfh
<DocScrutinizer05>
I'd love to stand corrected and see Blackphone doing a great job
<DocScrutinizer05>
for now I consider even the N9 on par with Blackphone, regarding OS and hw design immanent "security"
<DocScrutinizer05>
blackphone provides some "secure" apps for doing ZRTP etc
<DocScrutinizer05>
both Nokia and blackphone don't allow installation of arbitrary apps by default, only stuff signed on their particular repo with their particular cert
<DocScrutinizer05>
N9 definitely has a separate modem which is linked to the linux world via HSI interface
<DocScrutinizer05>
for Blackphone oddds are it does _not_ have anything like this
<DocScrutinizer05>
hmm, actually many Tegra SoC come without modem. However >>NVIDIA i500 LTE Modem - The i500 is a full LTE modem and supports any Tegra powered device as a separate but complementary chipset. Tegra 4i is a single-chip processor that delivers a full application processor, and integrates an optimized version of the i500 modem.<<
<DocScrutinizer05>
kudos to werner for the awesome work done
Pali has joined #neo900
P-G has quit [Quit: Quitter.]
modem has joined #neo900
<kerio>
DocScrutinizer05: It works by download and merge files to create the dists/ directory structure for devuan, and then by creating a pool of HTTP 302 redirects to the exteral repositories hosts for packages download.
<kerio>
i had to check if Pali wasn't the author :>
<DocScrutinizer05>
hehe
<DocScrutinizer05>
nice, isn't it? and so similar to what CSSU does/is
<DocScrutinizer05>
in the end both are overlays
<DocScrutinizer05>
thus I thought the maintainers might want to know
<DocScrutinizer05>
actually what devuan does is more the moving target problem like between cssu-t and cssu-thumb
<DocScrutinizer05>
where thumb would be devuan here, with the better packages, and cssu-testing the debian repo with the newer packages
<DocScrutinizer05>
just thta cssu-testing itself is just an overlay for maemo-proper
<DocScrutinizer05>
while debian is... just going nuts
<DocScrutinizer05>
maemo should clearly state a switch from basing on debian to basing at devuan
<DocScrutinizer05>
since... you don't want to backport all the systemd-infested packages on debian by yourselves when there already exists good depoetterized stuff at devuan, right?
freemangordon_ has quit [Remote host closed the connection]
<kerio>
DocScrutinizer05: i can't install the backported libvirt 1.something on debian stable without installing dbus, some *Kits and some libsystemd-* :(
raccoon_ has quit [Changing host]
raccoon_ has joined #neo900
che12 has quit [Ping timeout: 264 seconds]
che11 has joined #neo900
merlin1991 has quit [Remote host closed the connection]
merlin1991 has joined #neo900
ddark has joined #neo900
<DocScrutinizer05>
yeah, heard about that already
paulk-collins has joined #neo900
sparetire_ has joined #neo900
modem has quit [Ping timeout: 246 seconds]
<DocScrutinizer05>
inspecting N900 samples
<kerio>
so
<kerio>
which distro would a Veteran Unix Admin use for a tiny server vm
<kerio>
other than debian stable
<DocScrutinizer05>
devuan?
<DocScrutinizer05>
I know of one huge site that's using many SLE11.3 which are still without systemd, and SLE receives regular patches still
<DocScrutinizer05>
RHEL might be similar
<FIQ>
slackware
<kerio>
suse linux enterprise
<DocScrutinizer05>
or that :-)
<kerio>
oh nvm i misunderstood
<FIQ>
doesn't rhel use systemd now
<x29a>
kerio: coreos?
<kerio>
am i a hypocrite if i install openbsd under a linux hypervisor
<DocScrutinizer05>
yes, but I bet they also have "ancient" versions without
<x29a>
core-os that is, not c-oreos ;)
<DocScrutinizer05>
haha
<DocScrutinizer05>
(large site, SLE11.3) they however have an own genuine Suse maintainer taking care about keeping stuff afloat
<DocScrutinizer05>
they also use their own repo maintained by said suse dude