18 Mar 2023 |
hellreaver | Yay, more market consolidation... | 02:06:20 |
19 Mar 2023 |
wj25czxj47bu6q (J) | Regarding the Pixel baseband vulnerability: Yes it is bad, but nowhere near as bad as you and many others seem to think. The vulnerability only allows control over the modem, not the whole device. Your kernel and userspace are safe through various protections including most notably IOMMU isolation.
Furthermore, I would expect that enabling Airplane Mode and using your phone only over WiFi (without WiFi calling of course) would mitigate the vulnerability entirely until it is patched. I don't really agree with advice that people should disable VoLTE (even if they could), because previous standards are grossly insecure in their own right — namely, while VoLTE communications are encrypted between your phone and carrier, 2G and 3G voice can be trivially monitored by anyone in proximity. This is part of why GrapheneOS encourages using LTE-only mode.
Here is Daniel Micay himself commenting on this vulnerability: https://discuss.grapheneos.org/d/3942-baseband-vulnerabilities/7 | 11:29:42 |
wj25czxj47bu6q (J) | * Regarding the Pixel baseband vulnerability: Yes it is bad, but nowhere near as bad as you and many others seem to think. The vulnerability only allows control over the _modem_, not the whole device. Your kernel and userspace are safe through various protections including most notably [IOMMU isolation](https://mjg59.dreamwidth.org/54433.html).
Furthermore, I would expect that enabling Airplane Mode and using your phone only over WiFi (**without** WiFi calling of course) would mitigate the vulnerability entirely until it is patched. I don't really agree with advice that people should disable VoLTE (even if they could), because previous standards are grossly insecure in their own right — namely, while VoLTE communications are encrypted between your phone and carrier, 2G and 3G voice can be trivially monitored by anyone in proximity. This is part of why GrapheneOS encourages using LTE-only mode.
Here is Daniel Micay himself commenting on this vulnerability: https://discuss.grapheneos.org/d/3942-baseband-vulnerabilities/7 | 11:38:09 |
| jfixesmacs joined the room. | 14:20:39 |
jfixesmacs | Hi Louis, I have made a couple messages here about my work in Vermont for right to repair. I had a bill drafted a year ago and some progress has been made. I am a 13 year old kid from Vermont who just likes to fix shit. This tuesday, I am going to testify in front of the committee for the consumer right to repair bill. the farm repair and electronics repair were two separate bills and the farm bill didnt make it. Any tips for my testimony? I was also on the state news about right to repair. | 14:22:54 |
| strykeros joined the room. | 14:24:52 |
louis_rossmann | In reply to @jfixesmacs:matrix.org Hi Louis, I have made a couple messages here about my work in Vermont for right to repair. I had a bill drafted a year ago and some progress has been made. I am a 13 year old kid from Vermont who just likes to fix shit. This tuesday, I am going to testify in front of the committee for the consumer right to repair bill. the farm repair and electronics repair were two separate bills and the farm bill didnt make it. Any tips for my testimony? I was also on the state news about right to repair. Practice beforehand. Walk around your neighborhood wearing headphones so people think you are on the phone and not a schizo that's talking to yourself. Practice as if you're talking to normal people. Don't read off a sheet of paper, it bores people to tears | 17:42:38 |
Henky!! | In reply to@jfixesmacs:matrix.org Hi Louis, I have made a couple messages here about my work in Vermont for right to repair. I had a bill drafted a year ago and some progress has been made. I am a 13 year old kid from Vermont who just likes to fix shit. This tuesday, I am going to testify in front of the committee for the consumer right to repair bill. the farm repair and electronics repair were two separate bills and the farm bill didnt make it. Any tips for my testimony? I was also on the state news about right to repair. If you have any old phone with a swappable back laying around, it might be fun to do a "Battery repair" right in front of their eyes to see this stuff doesn't have to be unsafe or scary. Should provoke some sentimental value in the committee and goes against the narrative that it is very dangerous to do. Your age is an advantage here if you can show them a repair that is easy and quick for you to do, even if its as simple as taking the backplate off and swapping a battery. | 18:17:13 |
20 Mar 2023 |
jakeobsen | Redacted or Malformed Event | 00:44:11 |
jakeobsen | Hey Louis, remember that bullshit sign you saw at mcdonalds that said "up to" on the pay ... you should see the bullshit dublin bus is doing to their mechanics just check the front page of https://www.dublinbus.ie/ - they're willing to pay mechanics "up to 890 per week" - but when you see the fine print (click on the job ad on the front page) it's actually an 8 year pay scale starting at 742 - what the frick is that bullshit! | 00:46:39 |
| Espresso98 changed their display name from espresso98 to Espresso98. | 02:55:44 |
helper5 | next AMA stream when? | 11:26:38 |
| zgardner007 joined the room. | 11:29:25 |
jfixesmacs | In reply to @louis_rossmann:matrix.org Practice beforehand. Walk around your neighborhood wearing headphones so people think you are on the phone and not a schizo that's talking to yourself. Practice as if you're talking to normal people. Don't read off a sheet of paper, it bores people to tears my neighborhood is rural and doesnt have sidewalks and people speeding so to preserve my life I will just practice in my room tonight. | 17:11:10 |
louis_rossmann | In reply to @jfixesmacs:matrix.org my neighborhood is rural and doesnt have sidewalks and people speeding so to preserve my life I will just practice in my room tonight. Walk around your backyard? | 17:11:42 |
louis_rossmann | It helps to do this outside where you don't have the reflections of the internal walls closing in on you | 17:12:06 |
jfixesmacs | ok | 17:16:36 |
jfixesmacs | what about tips on like things I should say or things I shouldnt say? I have been watching your analysis on the testimonies and theyve been very helpful in telling me what to say and what not to say | 17:17:09 |
WaseemAlkurdi | Redacted or Malformed Event | 17:46:58 |
| @lyoko:arcticfoxes.net joined the room. | 17:47:47 |
| moderation-tools banned @lyoko:arcticfoxes.net (troll). | 17:47:51 |
WaseemAlkurdi | Redacted or Malformed Event | 17:48:20 |
WaseemAlkurdi | Redacted or Malformed Event | 17:48:47 |
WaseemAlkurdi | Redacted or Malformed Event | 17:50:09 |
WaseemAlkurdi | * A security researcher explained this in much, much more detail in a Telegram group, but I have been unable to reach out to said researcher to obtain their permission to share publicly, so if you'd let me, I can send the explanation to your DMs on this app. Plaintext, don't worry 😜 | 17:52:06 |
wj25czxj47bu6q (J) | In reply to @waseemalkurdi:matrix.org louis_rossmann: the recent Google Exynos modem thing isn't even the worst ... the actual worst part is that on all devices with Qualcomm and Exynos modems, including both ARM devices and x86_64 laptops with Qualcomm X?? modems connected via M.2, the modems have full access to the memory of the host. This means that if someone compromised your modem, say by sending you a malicious text or call or whatever, your entire memory can potentially be accessed. Don't want to derail this room, but no they absolutely do not have unrestricted DMA. I explained this just a few messages ago: https://matrix.to/#/!HJMJeXImDCbTfjueXC:matrix.org/$KA9fhPCgaWmyvErld6wsewUpoHXMrxpXJrgW5-LxPJc?via=jameskitt616.one&via=matrix.org&via=envs.net
Also, M.2 is just a physical connector, not a protocol. And M.2 is far too big to fit inside a phone. | 17:52:10 |
wj25czxj47bu6q (J) | * Don't want to derail this room, but **no they absolutely do not have unrestricted DMA**. I explained this just a few messages ago: https://matrix.to/#/!HJMJeXImDCbTfjueXC:matrix.org/$KA9fhPCgaWmyvErld6wsewUpoHXMrxpXJrgW5-LxPJc?via=jameskitt616.one&via=matrix.org&via=envs.net
Also, M.2 is just a physical connector, not a protocol. And M.2 is far too big to fit inside a phone.
(If you wish to continue this discussion, please move to #rossmannrepair-general:matrix.org) | 17:56:28 |
WaseemAlkurdi | Redacted or Malformed Event | 17:59:58 |
WaseemAlkurdi | Redacted or Malformed Event | 18:03:10 |
| doskel joined the room. | 21:23:52 |