Inferencium/website
1
0
Fork 0
Code Issues Activity

Update webpage "About" from version 6.1.2 to 6.2.0

Browse Source
This commit is contained in:
inference 2023-10-27 07:18:26 +00:00
parent 00b6cae133
commit 9733c399f6
Signed by: inference
SSH Key Fingerprint: SHA256:FtEVfx1CmTKMy40VwZvF4k+3TC+QhCWy+EmPRg50Nnc
1 changed files with 52 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
about.html
View File

@ -5,7 +5,7 @@
<!-- Copyright 2022 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause -->
<!-- Version: 6.1.2 -->
<!-- Version: 6.2.0 -->
<html>
@ -237,14 +237,13 @@
</tr>
<tr>
<td>Smartphone</td>
<td><img src="asset/img/google-pixel_6.png" width="100px" height="100px"/><br>
<td><img src="asset/img/google-pixel_8_pro.png" width="100px" height="100px"/><br>
<br>
Google Pixel</td>
<td class="td-desc">Google Pixel devices are the best Android devices
<td class="td-desc"><p>Google Pixel devices are the best Android devices
available on the market for
<a href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">security and privacy</a>.<br>
<br>
They allow locking the bootloader with a
<a href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">security and privacy</a>.</p>
<p>They allow locking the bootloader with a
<a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">custom Android Verified Boot (AVB) key</a>
in order to
preserve security and privacy features when installing a
@ -255,9 +254,8 @@
<a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a>
which prevents an adversary
from rolling back the OS or firmware version to a
previous version with known security vulnerabilities.<br>
<br>
They also include a
previous version with known security vulnerabilities.</p>
<p>They also include a
<a href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule">hardware security module</a>
(Titan M2, improving on
the previous generation
@ -279,24 +277,21 @@
ensures that Titan M2
firmware can be flashed only if the user PIN/password is
already known, making it impossible to backdoor the
device without already knowing these secrets.<br>
<br>
Google Pixel device kernels are compiled with
device without already knowing these secrets.</p>
<p>Google Pixel device kernels are compiled with
<a href="https://android-developers.googleblog.com/2018/10/control-flow-integrity-in-android-kernel.html">forward-edge control-flow integrity</a>
and
<a href="https://security.googleblog.com/2019/10/protecting-against-code-reuse-in-linux_30.html">backward-edge control-flow integrity</a>
to prevent
code reuse attacks against the kernel. MAC address
randomisation is
<a href="https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html">implemented well, along with minimal probe requests and randomised initial sequence numbers</a>.<br>
<br>
Google releases
<a href="https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html">implemented well, along with minimal probe requests and randomised initial sequence numbers</a>.</p>
<p>Google releases
<a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>,
ensuring
Google Pixel devices are up-to-date and quickly
protected against security vulnerabilities.<br>
<br>
Pixel 6-series and 7-series devices are a large
protected against security vulnerabilities.</p>
<p>Pixel 6-series and 7-series devices are a large
improvement over the already very secure and private
previous generation Pixel devices. They replace
ARM-based Titan M with RISC-V-based Titan M2, reducing
@ -307,12 +302,21 @@
vulnerability assessment. Google's in-house Tensor SoC
includes Tensor Security Core, further improving device
security.<br>
<br>
Pixel 6-series and 7-series devices are supported for a
<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-and-later">minimum of 5 years from launch</a>,
an increase from
previous generations'
<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-xl-a-a-g-and-a-g">support lifecycles of 3 years</a>.</td>
Pixel 8-series includes Arm v9's
<a href="https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enhanced-security-through-mte">Memory Tagging Extension</a>,
which dramatically increases device security by
eliminating up to 95% of all security issues
caused by memory-unsafety.</p>
<p>Pixel 6-series and 7-series devices are supported for a
<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-a-pixel-pixel-pro-pixel-a-pixel-pixel-pro-pixel-fold">minimum of 5 years from launch</a>,
an increase from previous generations'
<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-a-g-pixel-pixel-a-g-pixel-a-pixel-xl-pixel">minimum support lifecycles of 3 years</a>.<br>
Pixel 8-series is supported for a
<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-pro">minimum of 7 years from launch</a>,
putting it on the same support level as Apple;
Google have even surpassed Apple in this regard,
as Apple does not commit to a support timeframe
for their devices.</p></td>
</tr>
</table>
</div>
@ -333,7 +337,7 @@
<td><img src="asset/img/logo-gentoo_linux.png" width="100px" height="100px"/><br>
<br>
Gentoo Linux</td>
<td class="td-desc"><a href="https://www.gentoo.org/">Gentoo Linux</a>
<td class="td-desc"><p><a href="https://www.gentoo.org/">Gentoo Linux</a>
is a highly modular, source-based,
Linux-based operating system which allows vast
customisation to tailor the operating system to suit
@ -342,9 +346,8 @@
ability to optimise the software for security, privacy,
performance, or power usage; however, there are
effectively unlimited other use cases, or a combination
of multiple use cases.<br>
<br>
I have focused on security hardening and privacy
of multiple use cases.</p>
<p>I have focused on security hardening and privacy
hardening, placing performance below those aspects,
although my system is still very performant. Some of the
hardening I apply includes
@ -352,11 +355,10 @@
<a href="https://en.wikipedia.org/wiki/Integer_overflow">signed integer overflow wrapping</a>,
and GrapheneOS'
<a href="https://github.com/GrapheneOS/hardened_malloc/">hardened_malloc</a>
memory allocator.<br>
<br>
memory allocator.</p>
You can find my Gentoo Linux configurations in
my
<a href="https://src.inferencium.net/Inferencium/cfg/">configuration respository</a>.</td>
<a href="https://src.inferencium.net/Inferencium/cfg/">configuration respository</a>.</p></td>
<td>Open source<br>
<br>
(GPL-2.0-only)</td>
@ -366,7 +368,7 @@
<td><img src="asset/img/logo-chromium.png" width="100px" height="100px"/><br>
<br>
Chromium</td>
<td class="td-desc"><a href="https://chromium.org/">Chromium</a>
<td class="td-desc"><p><a href="https://chromium.org/">Chromium</a>
is a highly secure web browser which is
often ahead of other web browsers in security aspects.
It has a dedicated security team and a very impressive
@ -377,7 +379,7 @@
<a href="https://www.chromium.org/Home/chromium-security/site-isolation">site isolation</a>,
<a href="https://www.chromium.org/Home/chromium-security/binding-integrity">Binding Integrity</a>
memory hardening, and
<a href="https://www.chromium.org/developers/testing/control-flow-integrity/">control-flow integrity (CFI)</a>.</td>
<a href="https://www.chromium.org/developers/testing/control-flow-integrity/">control-flow integrity (CFI)</a>.</p></td>
<td>Open source<br>
<br>
(BSD-3-Clause)</td>
@ -400,7 +402,7 @@
<td><img src="asset/img/logo-grapheneos.png" width="100px" height="100px"/><br>
<br>
GrapheneOS</td>
<td class="td-desc"><a href="https://grapheneos.org/">GrapheneOS</a>
<td class="td-desc"><p><a href="https://grapheneos.org/">GrapheneOS</a>
is a security-hardened,
privacy-hardened, secure-by-default, Android-based
operating system which implements extensive, systemic
@ -421,20 +423,17 @@
hardware-backed attestation
(<a href="https://attestation.app/about/">Auditor</a>)
to ensure the OS has not been corrupted or
tampered with.<br>
<br>
GrapheneOS only supports
tampered with.</p>
<p>GrapheneOS only supports
<a href="https://grapheneos.org/faq#device-support">high security and well-supported devices</a>
which
receive full support from their manufacturers, including
firmware updates, long support lifecycles, secure
hardware, and overall high security practices.<br>
<br>
For an extensive list of features GrapheneOS provides,
hardware, and overall high security practices.</p>
<p>For an extensive list of features GrapheneOS provides,
visit its
<a href="https://grapheneos.org/features/">official features list</a>
which provides extensive
documentation.</td>
which provides extensive documentation.</p></td>
<td>Open source<br>
<br>
(MIT)</td>
@ -444,7 +443,7 @@
<td><img src="asset/img/logo-vanadium.png" width="100px" height="100px"/><br>
<br>
Vanadium</td>
<td class="td-desc">Vanadium is a security-hardened, privacy-hardened
<td class="td-desc"><p>Vanadium is a security-hardened, privacy-hardened
Chromium-based web browser which utilises GrapheneOS'
operating system hardening to implement stronger
defenses to the already very secure Chromium web
@ -453,11 +452,10 @@
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0081-Implement-UI-for-JIT-site-settings.patch">disabling JavaScript just-in-time (JIT) compilation by default</a>,
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0051-stub-out-the-battery-status-API.patch">stubbing out the battery status API to prevent abuse of it</a>,
and
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0084-Toggle-for-navigating-external-URL-in-incognito.patch">always-on Incognito mode as an option</a>.<br>
<br>
Vanadium's source code, including its Chromium patchset,
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0084-Toggle-for-navigating-external-URL-in-incognito.patch">always-on Incognito mode as an option</a>.</p>
<p>Vanadium's source code, including its Chromium patchset,
can be found in its
<a href="https://github.com/GrapheneOS/Vanadium/">official repository</a>.</td>
<a href="https://github.com/GrapheneOS/Vanadium/">official repository</a>.</p></td>
<td>Open source<br>
<br>
(GPL-2.0-only)</td>
@ -467,7 +465,7 @@
<td><img src="asset/img/logo-molly.png" width="100px" height="100px"><br>
<br>
Molly</td>
<td class="td-desc"><a href="https://molly.im/">Molly</a>
<td class="td-desc"><p><a href="https://molly.im/">Molly</a>
is a security-hardened, privacy-hardened
<a href="https://signal.org/">Signal</a>
client which hardens Signal by using a
@ -478,10 +476,9 @@
and
<a href="https://github.com/mollyim/mollyim-android/blob/a81ff7d120adc9d427be17239107343146bad704/app/src/main/java/org/thoughtcrime/securesms/crypto/MasterSecretUtil.java#L91">utilising Android StrongBox</a>
to protect user keys
using the device's hardware security module.<br>
<br>
Molly is available in
<a href="https://github.com/mollyim/mollyim-android#free-and-open-source">2 flavours</a>:<br>
using the device's hardware security module.</p>
<p>Molly is available in
<a href="https://github.com/mollyim/mollyim-android#free-and-open-source">2 flavours</a>:
<ul>
<li>Molly, which includes the same
proprietary Google code as Signal to
@ -491,7 +488,7 @@
proprietary Google code to provide an
entirely open-source client.</li>
</ul>
</td>
</p></td>
<td>Open source<br>
<br>
(GPL-3.0-only)</td>
@ -501,11 +498,11 @@
<td><img src="asset/img/logo-conversations.png" width="100px" height="100px"><br>
<br>
Conversations</td>
<td class="td-desc"><a href="https://conversations.im/">Conversations</a>
<td class="td-desc"><p><a href="https://conversations.im/">Conversations</a>
is a well-designed Android
<a href="https://xmpp.org/">XMPP</a>
client which serves as the de facto XMPP
reference client and has great usability.</td>
reference client and has great usability.</p></td>
<td>Open source<br>
<br>
(GPL-3.0-only)</td>