!HJMJeXImDCbTfjueXC:matrix.org

Letters to Louis

445 Members
Any open letters that you wish for Louis Rossmann to personally read. **This isn't a comment section, please take conversations to an alternative channel.** Please do NOT write a letter asking for a private conversation/to read an email, just post it here. Louis checks this channel regularly. It is unnecessary to be pinging him here. Pinging him is unlikely to get you responses any faster, and more likely to get your letters ignored. **Excessive pinging will result in removal from this room.** FAQs: https://store.rossmanngroup.com/faq.txt These questions asked again will be deleted. Joe Rogan inquiries are now banned.48 Servers

Load older messages


SenderMessageTime
18 Mar 2023
@hellreaver:matrix.orghellreaverYay, more market consolidation... 02:06:20
19 Mar 2023
@wj25czxj47bu6q:jameskitt616.onewj25czxj47bu6q (J)

Regarding the Pixel baseband vulnerability: Yes it is bad, but nowhere near as bad as you and many others seem to think. The vulnerability only allows control over the modem, not the whole device. Your kernel and userspace are safe through various protections including most notably IOMMU isolation.

Furthermore, I would expect that enabling Airplane Mode and using your phone only over WiFi (without WiFi calling of course) would mitigate the vulnerability entirely until it is patched. I don't really agree with advice that people should disable VoLTE (even if they could), because previous standards are grossly insecure in their own right — namely, while VoLTE communications are encrypted between your phone and carrier, 2G and 3G voice can be trivially monitored by anyone in proximity. This is part of why GrapheneOS encourages using LTE-only mode.

Here is Daniel Micay himself commenting on this vulnerability: https://discuss.grapheneos.org/d/3942-baseband-vulnerabilities/7

11:29:42
@wj25czxj47bu6q:jameskitt616.onewj25czxj47bu6q (J)* Regarding the Pixel baseband vulnerability: Yes it is bad, but nowhere near as bad as you and many others seem to think. The vulnerability only allows control over the _modem_, not the whole device. Your kernel and userspace are safe through various protections including most notably [IOMMU isolation](https://mjg59.dreamwidth.org/54433.html). Furthermore, I would expect that enabling Airplane Mode and using your phone only over WiFi (**without** WiFi calling of course) would mitigate the vulnerability entirely until it is patched. I don't really agree with advice that people should disable VoLTE (even if they could), because previous standards are grossly insecure in their own right — namely, while VoLTE communications are encrypted between your phone and carrier, 2G and 3G voice can be trivially monitored by anyone in proximity. This is part of why GrapheneOS encourages using LTE-only mode. Here is Daniel Micay himself commenting on this vulnerability: https://discuss.grapheneos.org/d/3942-baseband-vulnerabilities/711:38:09
@jfixesmacs:matrix.orgjfixesmacs joined the room.14:20:39
@jfixesmacs:matrix.orgjfixesmacsHi Louis, I have made a couple messages here about my work in Vermont for right to repair. I had a bill drafted a year ago and some progress has been made. I am a 13 year old kid from Vermont who just likes to fix shit. This tuesday, I am going to testify in front of the committee for the consumer right to repair bill. the farm repair and electronics repair were two separate bills and the farm bill didnt make it. Any tips for my testimony? I was also on the state news about right to repair.14:22:54
@strykeros:matrix.orgstrykeros joined the room.14:24:52
@louis_rossmann:matrix.orglouis_rossmann
In reply to @jfixesmacs:matrix.org
Hi Louis, I have made a couple messages here about my work in Vermont for right to repair. I had a bill drafted a year ago and some progress has been made. I am a 13 year old kid from Vermont who just likes to fix shit. This tuesday, I am going to testify in front of the committee for the consumer right to repair bill. the farm repair and electronics repair were two separate bills and the farm bill didnt make it. Any tips for my testimony? I was also on the state news about right to repair.
Practice beforehand. Walk around your neighborhood wearing headphones so people think you are on the phone and not a schizo that's talking to yourself. Practice as if you're talking to normal people. Don't read off a sheet of paper, it bores people to tears
17:42:38
@henk717:matrix.orgHenky!!
In reply to@jfixesmacs:matrix.org
Hi Louis, I have made a couple messages here about my work in Vermont for right to repair. I had a bill drafted a year ago and some progress has been made. I am a 13 year old kid from Vermont who just likes to fix shit. This tuesday, I am going to testify in front of the committee for the consumer right to repair bill. the farm repair and electronics repair were two separate bills and the farm bill didnt make it. Any tips for my testimony? I was also on the state news about right to repair.
If you have any old phone with a swappable back laying around, it might be fun to do a "Battery repair" right in front of their eyes to see this stuff doesn't have to be unsafe or scary. Should provoke some sentimental value in the committee and goes against the narrative that it is very dangerous to do. Your age is an advantage here if you can show them a repair that is easy and quick for you to do, even if its as simple as taking the backplate off and swapping a battery.
18:17:13
20 Mar 2023
@jakeobsen:matrix.orgjakeobsenRedacted or Malformed Event00:44:11
@jakeobsen:matrix.orgjakeobsenHey Louis, remember that bullshit sign you saw at mcdonalds that said "up to" on the pay ... you should see the bullshit dublin bus is doing to their mechanics just check the front page of https://www.dublinbus.ie/ - they're willing to pay mechanics "up to 890 per week" - but when you see the fine print (click on the job ad on the front page) it's actually an 8 year pay scale starting at 742 - what the frick is that bullshit!00:46:39
@espresso98:matrix.orgEspresso98 changed their display name from espresso98 to Espresso98.02:55:44
@helper5:matrix.orghelper5next AMA stream when? 11:26:38
@zgardner007:matrix.orgzgardner007 joined the room.11:29:25
@jfixesmacs:matrix.orgjfixesmacs
In reply to @louis_rossmann:matrix.org
Practice beforehand. Walk around your neighborhood wearing headphones so people think you are on the phone and not a schizo that's talking to yourself. Practice as if you're talking to normal people. Don't read off a sheet of paper, it bores people to tears
my neighborhood is rural and doesnt have sidewalks and people speeding so to preserve my life I will just practice in my room tonight.
17:11:10
@louis_rossmann:matrix.orglouis_rossmann
In reply to @jfixesmacs:matrix.org
my neighborhood is rural and doesnt have sidewalks and people speeding so to preserve my life I will just practice in my room tonight.
Walk around your backyard?
17:11:42
@louis_rossmann:matrix.orglouis_rossmannIt helps to do this outside where you don't have the reflections of the internal walls closing in on you17:12:06
@jfixesmacs:matrix.orgjfixesmacsok17:16:36
@jfixesmacs:matrix.orgjfixesmacswhat about tips on like things I should say or things I shouldnt say? I have been watching your analysis on the testimonies and theyve been very helpful in telling me what to say and what not to say17:17:09
@waseemalkurdi:matrix.orgWaseemAlkurdiRedacted or Malformed Event17:46:58
@lyoko:arcticfoxes.net@lyoko:arcticfoxes.net joined the room.17:47:47
@moderation-tools:matrix.orgmoderation-tools banned @lyoko:arcticfoxes.net@lyoko:arcticfoxes.net (troll).17:47:51
@waseemalkurdi:matrix.orgWaseemAlkurdiRedacted or Malformed Event17:48:20
@waseemalkurdi:matrix.orgWaseemAlkurdiRedacted or Malformed Event17:48:47
@waseemalkurdi:matrix.orgWaseemAlkurdiRedacted or Malformed Event17:50:09
@waseemalkurdi:matrix.orgWaseemAlkurdi * A security researcher explained this in much, much more detail in a Telegram group, but I have been unable to reach out to said researcher to obtain their permission to share publicly, so if you'd let me, I can send the explanation to your DMs on this app. Plaintext, don't worry 😜17:52:06
@wj25czxj47bu6q:jameskitt616.onewj25czxj47bu6q (J)
In reply to @waseemalkurdi:matrix.org
louis_rossmann: the recent Google Exynos modem thing isn't even the worst ... the actual worst part is that on all devices with Qualcomm and Exynos modems, including both ARM devices and x86_64 laptops with Qualcomm X?? modems connected via M.2, the modems have full access to the memory of the host. This means that if someone compromised your modem, say by sending you a malicious text or call or whatever, your entire memory can potentially be accessed.

Don't want to derail this room, but no they absolutely do not have unrestricted DMA. I explained this just a few messages ago: https://matrix.to/#/!HJMJeXImDCbTfjueXC:matrix.org/$KA9fhPCgaWmyvErld6wsewUpoHXMrxpXJrgW5-LxPJc?via=jameskitt616.one&via=matrix.org&via=envs.net

Also, M.2 is just a physical connector, not a protocol. And M.2 is far too big to fit inside a phone.

17:52:10
@wj25czxj47bu6q:jameskitt616.onewj25czxj47bu6q (J)* Don't want to derail this room, but **no they absolutely do not have unrestricted DMA**. I explained this just a few messages ago: https://matrix.to/#/!HJMJeXImDCbTfjueXC:matrix.org/$KA9fhPCgaWmyvErld6wsewUpoHXMrxpXJrgW5-LxPJc?via=jameskitt616.one&via=matrix.org&via=envs.net Also, M.2 is just a physical connector, not a protocol. And M.2 is far too big to fit inside a phone. (If you wish to continue this discussion, please move to #rossmannrepair-general:matrix.org)17:56:28
@waseemalkurdi:matrix.orgWaseemAlkurdiRedacted or Malformed Event17:59:58
@waseemalkurdi:matrix.orgWaseemAlkurdiRedacted or Malformed Event18:03:10
@doskel:doskel.netdoskel joined the room.21:23:52

There are no newer messages yet.


Back to Room ListRoom Version: 9