read_deleuze

joined 3 years ago
[–] [email protected] 9 points 10 months ago

Yes; Organisation du traité de l'Atlantique nord

[–] [email protected] 4 points 11 months ago (3 children)

Just because everything checks out in principle doesn't mean it's actually secure. First off, we have no certainty of the client code running; it's open source, sure, but unless they ensure reproducible builds - which, given it's on the Play store (and I assume Apple app store), they can't be, since the binaries must be signed - we have no way of knowing whether the code actually being downloaded and run is actually the same as the FOSS version. Further, even if it is, it may have intentional subtle vulnerabilities meant to be used by the French govt (so would easily pass certification by having the ANSSI be instructed top-down to overlook certain things), or it may be that the server can trigger a known bug resulting in leakage of data. At an even more paranoid level, it's possible that the encryption itself is faulty; the specification says it uses aes256 and ed25519 which is about as battle-tested as it gets, but the PRNG seems to be mostly their own innovation. It specifies a minimum of 32 bytes of entropy, which (though cryptography is not my expertise, so at this point I'm wildly speculating) is probably trivial to send or embed in some other communication with the server e.g. by ensuring the PRNG is deterministic after the first keygen and faulty in some known way and sending over a future result.

I wouldn't trust the French government.

[–] [email protected] 5 points 1 year ago (1 children)

To be fair, nix would probably be a lot more intuitive if commands were in black speech instead

[–] [email protected] 10 points 1 year ago (2 children)

cope and seethe, transphobe

[–] [email protected] 32 points 1 year ago (7 children)

The IP seems to be in Norway, vaguely around Oslo, and owned by TerraHost. IANAL but I assume this means Lemmygrad could be taken down by either the hosting provider or Norwegian/EEA law. Someone more knowledgeable can probably answer how likely this is, but my guess is "not very".

As for your other question, no matter where this was hosted, the government of said country could probably take it down if it so wanted. All clearnet domains are under jurisdiction of either a national government (for .ml, this would be Mali) or ICANN, and physical servers obviously can be raided.

I do, however, doubt the Norwegian government cares enough about some marxists on the internet to go through the process of judicial approval for seizure of the servers, and the folks in Mali definitely have more pressing matters right now.

[–] [email protected] 38 points 1 year ago (3 children)

Nieuw-Amsterdam komt terug, het is slechts een kwestie van tijd

[–] [email protected] 6 points 1 year ago

Love how you just assume I'm from the west. I'm eastern european, my family is also, and we lived through everything - and I've yet to meet someone other than western investors and young kids who thinks things are good/better now

[–] [email protected] 30 points 1 year ago (9 children)

I'm deeply sorry that we don't like supporting the oppression of marginalized groups here

[–] [email protected] 1 points 1 year ago

Glad to have been informative :D and good luck on your laptop hunt

[–] [email protected] 3 points 1 year ago

That's correct, mea culpa; I've only seriously worked with qcom so entirely forgot that's a thing. I'll update my comment, thanks!

[–] [email protected] 17 points 1 year ago* (last edited 1 year ago) (5 children)

It's complicated.

ARM system initialization doesn't happen the same way as on x86 (the instruction set your computer is probably using unless you're on a phone/tablet). On x86, once the CPU is initialized, it can inform the Linux kernel of what hardware is installed and how to talk to it through a protocol called ACPI. Thus, for Linux to work on a system, it must only support the CPU and some necessary hardware (e.g. I doubt you'll have a usable system if USB, graphics, audio, and networking are unsupported, but otherwise it's fine).

~~ARM functions quite differently; ACPI doesn't exist~~ ACPI is also usable on ARM but Qualcomm refuses to implement it, so instead the Linux kernel has to already know what hardware is installed and where through a configuration file called a device tree blob - basically weird JSON. Therefore it's not enough that Linux supports the Snapdragon 7c (it does) - there must also be a builtin device tree config for your specific device. There likely is one; a simple way to check would be to look here for your device's name (the Snapdragon 7c's codename is SC7180, so the file you're looking for would be sc7180-$vendor-$model.dts). If there isn't and you're willing to get moderately deep in the weeds, you can write your own device tree source file and load it into the kernel (assuming you have at least a rudimentary familiarity with programming, this is doable with a little dedication).

As for your other questions, you don't need to worry too much about instruction set and architecture - being ARM will limit what software can run, but emulation is sort of okay too. It will, however, be far more power-efficient than a 6th gen Intel i3 if that's what you care about - and gut instinct says faster.

It really depends on your usecase, though. If your budget is limited enough that these are serious options, I'd honestly recommend finding a decent second-hand laptop running something a bit better and more recent - but if you run mostly open-source software, don't care about gaming at all, and are willing to get a little deeper than the average hobbyist for some extra battery life, the ARM laptop might be interesting.

[–] [email protected] 0 points 1 year ago (3 children)
view more: next ›