🚨🚨 Apple says to "protect children," they're updating every iPhone to continuously compare your photos and cloud storage against a secret blacklist. If it finds a hit, they call the cops.
iOS will also tell your parents if you view a nude in iMessage.
Conversation
True linux phones like just don't have mature enough software for real use yet - but I'm a fan of 's , which uses an extremely hardened version of the Android Open Source Project. It's dope.
1
4
53
GrapheneOS is Linux. Using systemd, polkit, glibc, etc. isn't what makes something Linux. Moving to an incredibly insecure userspace without broad use of memory safe languages, strong application security model, modern exploit mitigations, strong sandboxing, etc. isn't desirable.
1
1
55
Linux kernel itself is a major issue. AOSP+GrapheneOS substantially reduce kernel attack surface and aggressively harden it.
Monolithic kernels are architecturally insecure. Design is comparable to running all userspace in 1 process as root. systemd has nothing on Linux itself.
1
28
Replacing the Linux kernel is mandatory as part of broader efforts needed to truly provide incredibly strong defenses against targeted attacks.
Until there's a proper replacement with an app compatibility layer, it can be hardened, but it's definitely far from an ideal approach.
1
1
29
The biggest statement here that is underappreciated is the app compatibility layer. They are remarkably hard to make, and necessary for any phone platform to get adoption.
There's what the specs say, what the apis actually do, and then all the side effects developers depended on
1
2
github.com/google/gvisor is essentially a Linux compatibility layer, which could be ported elsewhere. It's a userspace implementation of the APIs. There's a lot more to it than just having that though.
Can give compatibility with existing applications but you need drivers, etc.
It wouldn't be hard to port it to another *nix API with it handling making that into the Linux API. It would be quite a lot more involved to port it to a totally different way of doing things. There's a huge amount of work already done including userspace TCP/IP stack, etc.
1
That's cool! Thanks for the heads up.
I more meant for phone adoption though, since people aren't going to port apps to a new comer, and people (generally) won't use a phone without apps.
Emulation is an option but it's really not performant enough for phones emulating phones.
1
2
What I meant is that it gives a path to having Android app compatibility without the Linux kernel while keeping the rest of what makes it Android. Of course, still need a Linux kernel for the drivers until the SoC platform supports something else.
1
2
Show replies





