A compacted archive could be used as an attack vector.

• Zip Bombs
• Code execution through a vulnerability in the extracting algorithm

Both of them are valid for any OS.

if i recall correctly

I cannot, i did some searches when i wrote the comment but could not find info about it. It is possible that i am confusing it with another project. I added a iirc but maybe that was not clear enough that i am not sure about it.

That’s simply bad software practice, which was fixed once pointed out. Fact is that if they had done this on purpose, they wouldn’t have changed it and instead, would’ve came up with an excuse to keep it the same way.

This is not correct. While they have removed it from being installed on newer installs/updates, the certificate remains on the system that ran the corresponding version installer/upgrade unless it will be manually removed by the few percent that got the news.

I am talking about it in general. If you trust it or not depends on you. I am just saying that the argument that it is OS or that you can host the server yourself does not automatically mean that it is safe. That applies to any software.

It could install software that transmits the data some time else. Basically something virus would do. The code can be hidden somewhere or loaded from somewhere with simple code.

Those are basic tactics used for years by malware. If just simply monitoring would be enough to protect against malware then we would have way less problems.

You should never run untrusted code or code by untrusted ppl.

You are not running the software cause you do not trust the ppl running it? So you do host the software anyway? Just because it is OS and just because you can run it on your own hardware does not mean you can blindly trust it.

The installer has included a root certificate before that gets installed without asking. Also there are some code blobs in the code iirc.

Also how they handled the initial wayland “support”.

It is relatively easy to smuggle in backdoors if you are the maintainer of the code and afaik there was not even an independent audit.

Saying it is fine just because of it being OS is really naive.

You have clearly not understood what it does. It basically acts as a basic WAF by blocking the access to various paths that are required by the default sharing feature but not by this “proxy”.

I mean you have the current image cached on the local server when you use it.

1 GB of RAM for every TB of storage is recommended but you can do with way less for ZFS.

Obviously the USB port will not be usable after you blow the fuses in the SoC.

Actually worse than I thought.

So basically the USB is the point of entry? When you could permanently fuse the data connection in the SoC it would be a huge improvement in security. OFC you could only use the port for charging anymore.

If you expect ongoing maintenance, are you saying you feel entitled to the devs’ continuing work in perpetuity, and at no cost? Because that’s called slavery and we have laws against it.

Stop putting words in my mouth.

They only need the biggest contributors. Small contributions like single line or even a few lines edits etc. are not eligible for copyright. Also minor contributions can be easily rewritten.

Most ppl you will get with a paycheck.

How do you think encryption works?

What do you think does a lockscreen?

As i guessed. You are evading the question by again babbling nonsense and questioning my knowledge instead of actually proving anything you are saying.

You have shown that you have a bad understanding of what you are actually talking about (see the ‘cracked’ TPM discussion) and constantly shifting the discussion away from what you are saying : “Basically every device can be accessed without major problems” and what i am trying to explain to you.

You are acting in bad faith.

Bye

While true it is not impossible to relicense a software project.

Yep and eventually there will be a paid proprietary version. That’s usually how it goes. I hope I am wrong.

If you think TPMs are always encrypted, a key can be encrypted “with itself” and still be any use to you and android system pin is secure you are right. Might also believe in santa

Not sure what you are rambling about the TPM.

Then prove that the Lockscreen is insecure.

The device needs to be physically accessed and modified and then unlocked in order to exploit it.

Yes it is a vulnerability but with those steps you could also just solder a keylogger to the keyboard.

Similar outcome.