OpenDesk is basically a huge helm file that configures the individual apps.
Given enough RAM it should be rather simple to deploy.
You can start right away, there is a community edition:
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk
I am surprised that no one criticized kernel architecture as base for a secure mobile OS, yet.
Let me heat up the discussion using this quote
> The Linux kernel has atrocious security. It has an anti-security architecture, implementation and culture. The Linux kernel is not a good base for building any new operating system with a focus on privacy and security
> business logic and http status codes
Why hold this custom mapping in our working memory? It's better to abstract away your business details from the HTTP transfer protocol, and return self-descriptive codes directly in the response body:
{ "code": "jwt_has_expired" }
While the logic behind it sounds reasonable, REST does the exact opposite with the same goal: simplicity, easy to learn, i.e. reduce mental load.
I know there are other reasons for REST/SOAP/Graphql, etc.
Still makes mental load a somewhat subjective matter to me.
In my experience, though, a lot of "REST in the real world" failed at its lofty original goals, precisely because its original goals required too much cognitive load.
The reason REST largely succeeded (or, rather, what I like to refer to as "REST-lite") is because people who wanted to build stuff quickly on the web realized "Hey, I don't need all this protocol complexity (see: SOAP), I can just make simple, human-readable API calls over the same HTTP layer my browser uses anyway".
There is other stuff in "official REST" that I think has some value, like the noun/verb structure of API routes, but shoehorning API-level error codes into HTTP status codes has been a disaster IMO. Every time I've seen this done I've seen the same issues come up again and again and new developers constantly have to rediscover solutions and problem spots. Does "404" mean the API endpoint doesn't exist, or that particular resource doesn't exist? How do I map my very specific API error to rather generic HTTP status codes? Does a status code error mean a problem with the networking or the application?
The article misses that http status code is not a custom mapping, it’s a standard mapping. Using this standard, most http libraries will already be equipped with features to handle them, for example automated retries and backoffs on a 429 with Retry-After.
Replacing this standard with custom strings in the response body is terrible advice. Even if we all could have wished that http status codes should have been human readable strings rather than numbers. Augmenting the standard response with additional custom information is still something you can and should do as cherry on the top, or if you have many conditions falling under the same standard code. Like, don’t shoehorn something custom into 418 I’m a teapot just because it happened to be unused.
That link seems to have... an agenda. It's way too hand-wavy (e.g., it doesn't at all attempt to tease out the nuance of whether a rooted phone inherently has a broken security boundary by design, or whether [like on Linux] it's secure as long as the implementation is non-buggy) and seems laser-focused on convincing users that desire sovereignty over their own devices that they might as well jump off a cliff.
As dataflow says that site has an agenda. I've used rooted phones continuously since Android v4 and I've had no trouble. Moreover, I'd posit that much of the crap I remove from phones lowers the attack risk which to some degree offsets the risk of rooting.
Granted, I'm not suggesting that everyone should root their phones, in fact in recent years I even stopped suggesting it to my tech-savvy friends (that is unless they approach me for advice).
I don't need to lecture about these things but all those who've rooted their phones know the huge advantages—power and control one has over one's phone is enormous.
For example, some apps contain so many trackers that normally you'd never use them except they're the only apps suitable for one's purpose. Rooting allows you the user to take control and have them do what you want and not that of the developer.
Yes, rooting has its risks but for my purposes its benefits far outweigh them.
Madaidan's articles are well-known to be centered around "security at all costs", and often at the cost of user freedom. That's just not a realistic take when it comes to privacy. What good is absolute security if all it does is secure the device from your "tampering"? Sure, it would be nice if the device were highly secure, but I'd rather it stop spying first.
With absolute security, you can rest assured that only Google has access to all of your data, and only Google is allowed to turn off the siphoning.
> The term [rooting] generally also includes the functionality for making runtime code patches (eg. with Zygisk) and making runtime filesystem modifications (eg. Magisk modules).
> Out of the many root-enabled apps I've studied or reverse engineered, the vast majority fail to handle arbitrary inputs properly (especially filenames). For example, some root-supporting file managers turn a seemingly benign action like listing a directory into local privilege escalation. This is trivially exploitable, especially with browsers auto-downloading files with server-provided filenames to /sdcard/Download/.
To avoid repeated root access UI prompts, some apps spawn a long-running shell session, write commands to stdin, and rely on parsing stdout and searching for the shell prompt to determine when commands complete. This approach is prone to desync, which can lead to commands being skipped or other inputs being interpreted as commands.
All in all, I simply do not trust most root-enabled apps to not leave a gaping security hole, so I avoid them entirely. There are apps that do handle root access in what I would consider a more proper way, by spawning a daemon as root and then talking to the daemon over a well defined binary protocol. Unfortunately, this approach is the extreme minority.
As someone who cherishes the power of root privs, I'd still like to make a point for alternative solutions that came up like distros such as GrapheneOS or CalyxOS or non-root filtering options via VPN.
If it weren't for backups I could manage my everyday life without root. For all other cases I would root and later unroot my phone via an OTA update :D
https://github.com/schnatterer/rooted-graphene/
Hopefully GrapheneOS deliver on their promise to provide a better backup solutions than seedvault.
> Android’s security design has fundamentally been based on a multi-party authorization model: an action should only happen if all involved parties authorize it.
> these are user, platform, and developer (implicitly representing stakeholders such as content producers and service providers). Any one party can veto the action.
How is this not anti-user? It explicitly states that the app developer should be able to veto my decisions...
Under the shared responsibility model, such veto makes sense. Just because the end-user (the app has no way to determine if it was a thief or a spy or a monkey or the actual device owner) approves of an action doesn't mean the OS and the app have to grant authorization.
I can see how such a setup is hostile to power users, but then Android is used by 50% of all humanity, and your guess is as good as mine as to just how many want "sudo make me a sandwich" level of control.
Interesting as companion for a phone.
Anyone know of a hackable or privacy friendly standalone watch that can be used to make calls (e.g. for children pre smartphone age)?
A bought several chromcasts pver the years, mainly because they provide a simple and uniform way to retrofit multi-room sound into my collection of sound systems from different brands an eras.
Surprised not to see more comments on this topic here.
Yes, video streaming can be done easily nowadays. But finding a multi-room audio solution that works across different brands and also on offline devices was my main reason for getting into chromcast.
https://www.404media.co/elite-the-palantir-app-ice-uses-to-f...
https://archive.ph/wa32f
reply