@alcinnz@floss.social
@alcinnz@floss.social avatar

alcinnz

@alcinnz@floss.social

A browser developer posting mostly about how free software projects work, and occasionally about climate change.

Though I do enjoy german board games given an opponent.

Pronouns: he/him

This profile is from a federated server and may be incomplete. Browse more on the original instance.

alcinnz, to random
@alcinnz@floss.social avatar

I've now finished my metathread on hypothetical developer tools for self-hosted maintenance of my hypothetical hardware-Internet Communicator! And with it I believe I've described practically all the software & hardware comprising an inclusive decolonial browser & operating system! Following existing web (no JS), internet, Unicode, Xiph, USB, AutoMerge, etc standards.

Its not simple, but I think the hypothetical hardware made it much simpler!

1/2

alcinnz, (edited )
@alcinnz@floss.social avatar

So my question: Once I've published these threads, what do I tackle next? Whether I choose to extend this hardware/OS to new usecases or design new hardware?

I've heard interest in expanding my XMPP discussion beyond the basics.

I haven't said much about authentication & multi-user devices.

Mapping could be a useful feature!

So far I've leaned towards serving audiences in my design, I'd love to explore creative tools more!

Anything else? Specifics?

Please vote, please please discuss!

annika, to random
@annika@xoxo.zone avatar

💩 "We are approaching the use of AI in Firefox -- which many, many of you have been asking about -- in the same way. We’re focused on giving you AI features that solve tangible problems, respect your privacy, and give you real choice." https://connect.mozilla.org/t5/discussions/here-s-what-we-re-working-on-in-firefox/td-p/57694

alcinnz,
@alcinnz@floss.social avatar

@annika Hmmmm, if they're dedicated to solving tangible problems I wouldn't complain...

But as long as the focus is on the tool not the problem, I can't trust such statements!

alcinnz, to random
@alcinnz@floss.social avatar

Some data available in our hypothetical hardware-Internet Communicator is very sensitive with privacy concerns far outweighing any desire to reprogram its use. So how'd I keep a close eye on who uses this raw data?

This would necessarily involve a close eye on any password managers, & unnecessarily any instant messengers.

I'm talking about data like the framebuffer, open windows, password vault, status LEDs/buzzer output, notifications (UX reasons), fingerprint scanner, etc.

1/4?

alcinnz,
@alcinnz@floss.social avatar

To indicate that we approve of a certain component accessing sensitive I/O & data we'd cryptographically sign (encrypt a hash of the program) it before offering it for download. Ideally (especially as our userbase grows) we'd do this on a machine disconnected from the internet running a bare-bones OS, since any viruses here could infect all our users!

This would make the process for publishing updates to certain components a bit more cumbersome, but that should be rarely needed.

2/4?

alcinnz,
@alcinnz@floss.social avatar

On the clientside we can have the Filesystem & Linker components validate those signatures, by comparing the file's hash (computed by our Arithmetic Core) against the assymetrically-decrypted (by our FPMA) signature.

To ensure noone has nullified this check we'd need to validate these components (first things to boot past the firmware!) we'd to check that they're signed too. If we ensure not even we (the vendor) can overwrite the firmware undermining its security guarantees, no more to do!
3/4

alcinnz,
@alcinnz@floss.social avatar

Except... I'm a bit queasy about limiting the control others have over their devices, so how does this differ from Microsoft's, Apple's, or Nintendo's "Secure Boot"?

1st off I'd minimize how much I'd rely on these defences, minimize the constraints it puts upon you to a level most everyone should be comfortable with. Instead I'm mainly relying on hardware/firmware-level sandboxing!

2nd if you configure authenticated boot I'd let you use those creds to loosen (or tighten) these checks.

4/4.5!

alcinnz,
@alcinnz@floss.social avatar

The authenticators used to bypass our Secure Boot would have to be ones we (the vendor) approve of, if this check is to be meaningful at all. But it'd let you overwrite all the other software on your device!

With asymmetric cryptography these credentials don't even need to live on the device itself, which could be useful for work machines. Though I'd want to use our control over the authenticators to inform their employees that this is a work machine!

5/5 Fin!

alcinnz, to random
@alcinnz@floss.social avatar

Resuming my study of Elf Utils' commands...

After initializing internationalization & parsing commandline flags elflint iterates over each arg transiently & carefully opening each given file, branching upon its subtype. Whilst aggregating errors.

For proper ELF files it retrieves the E header, outputs the filename, initializes LibEBL, validates the ELF headers, validates its P headers, validates its Sheaders, validates exception handlers if present are non-NULL, & cleans up.

1/5?

alcinnz,
@alcinnz@floss.social avatar

Throughout elflint outputs any validation errors.

For ELF archives it instead finalizes a prefix/suffix for error lines, iterates over each file in this archive, & recurses into each of those.

After initializing internationalization & parsing commandline flags findtextrel iterates over remaining commandline flags (handling a singular arg specially) aggregating error codes.

For each it opens the ELF file, gets its header validating its dynamic, & iterates over sections.

2/5?

alcinnz,
@alcinnz@floss.social avatar

For each section findtextrel retrieves the header & branches over whether its dynamic. If it is it iterates over each entry there-in to flag whether we've found a TEXTREL one. If its a symtable it saves the index of the last one.

Afterwhich it errors out having not found a textrel. Or it allocates a segments array (initially 10 slots) & iterates over the P headers for each actually-existing P headers of type PT_LOAD & not flagged PF_W it appends to the array.

3/5?

alcinnz,
@alcinnz@floss.social avatar

If we've gathered any segments we initialize the DWARF iterator, possibly opens a debug info file, & iterates over the sections a final time. For each findtextrel double checks we actually have section data, & iterates over its entries (handled according to REL/RELA subtype) to exhaustively check against expected values.

Regardless we clean up.

3.5/3.5 Fin for today!

alcinnz, to random
@alcinnz@floss.social avatar

3 Layers of UI Interaction - Drew Powers:
https://pow.rs/blog/3-layers-of-ui-interaction/

Boosted by Robin Rendle "The Cascade":
https://csscade.com/three-layers-of-ui-interaction/

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • kavyap
  • DreamBathrooms
  • cubers
  • cisconetworking
  • osvaldo12
  • magazineikmin
  • Youngstown
  • thenastyranch
  • rosin
  • slotface
  • Durango
  • mdbf
  • khanakhh
  • megavids
  • tacticalgear
  • InstantRegret
  • normalnudes
  • modclub
  • ngwrru68w68
  • everett
  • GTA5RPClips
  • ethstaker
  • anitta
  • Leos
  • tester
  • provamag3
  • lostlight
  • All magazines
    •