Avatar

henfredemars

henfredemars@lemdro.id
Joined
7 posts • 80 comments

This is a secondary account. My main account is listed below. The main will have a list of all the accounts that I use.

henfredemars@lemmy.world

Direct message

Good news; a true necessity if eSIM is to be consumer friendly.

permalink
report
reply

A smartphone is the ultimate, single-user personal computer. Choosing a device is too intimate for me to use any sort of tabular comparison tool. The device needs to be right for me qualitatively also.

I strongly recommend picking a handful of devices and getting a variety of opinions from reviewers. Then, weigh those opinions against what features are most important to you.

If this is your main computer which most likely it is for most people, it’s worthwhile to spend some time on selection.

permalink
report
reply

People get so hostile over such things. I have an iPhone for business. I have a Pixel for my personal use. They’re alright. It depends on what you need. Still a smartphone enthusiast.

permalink
report
parent
reply

There’s a lot of inertia to overcome here. There’s advice online everywhere that Android may not the best platform for tablets. As someone who loved the Nexus 7, until you have a large user base that’s using the tablets, it’s a tougher sell to developers and to users especially that iPads are cheaper now than they have been in the past.

It’s an uphill battle. Google has to pay those taxes for doing such a terrible job of getting into the tablet as its own related but different market from mobile.

permalink
report
parent
reply

Is this basically Ubuntu?

They do intentionally hold back packages based on a random value to do gradual rollouts. See below:

https://askubuntu.com/questions/1431940/what-are-phased-updates-and-why-does-ubuntu-use-them

Could this be your issue?

permalink
report
reply

The baseband firmware is not so privileged anymore. Most new phones, like the Google Pixel 7, have IOMMU to force the baseband to communicate through a very restricted interface to the kernel. Certainly, you can interfere with texts and calls, but a baseband RCE doesn’t yet compromise the data stored on the phone by itself–not to diminish the seriousness or to suggest that we shouldn’t patch such an exploit immediately.

RCE, the “remote” aspect, in the operating system? So directly in the kernel and accessible remotely, such as through the networking code? I’m curious now. Most of the ones I’ve seen are in some other component that is sandboxed. True system-level privilege RCEs seem to be relatively rare. Usually, you get RCE, then you need privilege escalation to do something especially interesting.

Indeed; I’m sometimes able to leverage even a few bits of memory corruption into execution in many cases, though the hardened allocator in Android makes this a serious PITA to arrange to overwrite something useful.

permalink
report
parent
reply

Mom said it’s my turn to post it!

permalink
report
reply

True that many potential RCEs are found, but I think there are a few points to keep in mind.

  • RCE classification is often conservatively assumed when it is theoretically possible even if it is not been demonstrated. Android bulletins appear to assume any memory corruption could be an RCE.
  • Remote code is no longer sufficient for privileged control. Next, you have to use it to break out of a restrictive sandbox for whatever service or application you have compromised.
permalink
report
parent
reply

To expand on this, most vulnerabilities that require the vendor to actually participate by providing security updates are specific to your hardware configuration. These kinds of vulnerabilities are less attractive to most attackers because of their specificity. Attackers would much prefer to have a vulnerability that applies to many different victims, not just a specific kind. Android has gone to great lengths to update these commonly targeted components regardless of your vendor support status. Unless you believe you would be specifically targeted, the risk is fairly low.

I’m not sure it’s fair to put iPhone down. They do take security very seriously, especially physical security with their formally verified bootloader. Not seeking a flame war. I just didn’t think it was accurate. Are we so sure they don’t have individuals focused on iPhone security at Apple? Compromised devices impact their brand image while the same bugs can be used for jailbreaking. I’m sure it’s very important. I interviewed with a team up there that I believe specialized in just that. Just recently Apple implemented an emergency security patching system for their devices to get security updates out even faster.

Full disclaimer: I use both devices for software development. I have no special preference.

permalink
report
parent
reply