Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
onli 2 hours ago

Sorry, but then I take this as the usual - GOS is attacking other projects, that I can easily see in all their socials, and the other projects have done nothing wrong. GOS always claims that the other projects attack them since years, and never shows any proof. And indeed, I still never have seen any attack against GOS. Seems like this won't change today.

You or other readers can check https://github.com/mozilla/ichnaea/issues/2065 for a public display on how GOS attacks work when they are mixed into technical debates, how they destroy any chance of cooperation.

palata 2 hours ago | parent [-]

> Sorry, but then I take this as the usual

Sure, you're free to do what you want. Just sharing my opinion given that I follow those projects from the outside.

> You or other readers can check

I guess what I am trying to say is that it takes multiple sides to argue.

For what it's worth, your link shows the founder of /e/OS engaging there. I have seen both technically wrong and misleading claims from the founder of /e/OS on Mastodon, then GrapheneOS explaining why they thought it was wrong on their forum, and then the founder of /e/OS calling them toxic and complaining about those attacks. And then /e/OS users would join the party and start attacking GrapheneOS, fully trusting those claims from the /e/OS founder. I can't really say that he didn't have any responsibility in the drama under those conditions...

Again, GrapheneOS tend to be blunt, but it doesn't make it technically wrong. And when the message is "it is unacceptable to us in terms of security", then it will be blunt anyway. I realised after years of using a phone I bought to Murena that my system (that they installed and sold to me) was entirely breaking the AOSP security model: it was signed with the Google testing keys and the bootloader was unlocked (and just couldn't be relocked, and anyway it wouldn't matter because of those keys that are not meant for production).

In other words, I bought a product to Murena that was unacceptable to me in terms of security, but genuinely thought it was better than Stock Android because of Murena / /e/OS marketing. I genuinely feel either they tricked me, or they didn't know it themselves. I have personally seen multiple /e/OS phones in a state where they were objectively less secure than Stock Android. I get that they don't like it when GrapheneOS says it, but that is not wrong.

onli 8 minutes ago | parent [-]

I still haven't seen what you describe, the behaviour of other projects. And I dont believe it without proof (since it was claimed so often by GOS without proof being shown, or in some cases with it obviously not existing).

For the security thing: It is wrong to claim that an unlocked bootloader completely breaks the android security model. If anything, it breaks one specific aspect, one that doesn't matter for many attacker models. Besides, on some phones the bootloader just can't be relocked, that's on the phone vendor though. Signing keys for bootloaders might just not matter if change detection was working or the bootloader was not relockable, but maybe I'm missing some specifics there.

So imho what you describe as catastrophic scenario likely wasn't one.