From ad32ee8318dab550be93616c605ad76c6307fb1e Mon Sep 17 00:00:00 2001
From: inference <admin@inferencium.net>
Date: Mon, 18 Mar 2024 03:55:17 +0000
Subject: [PATCH] Update webpage "Blog - #0" from version "9.0.0" to "9.0.1"

---
 blog/foss_is_working_against_itself.xhtml | 348 ++++++++++------------
 1 file changed, 164 insertions(+), 184 deletions(-)

diff --git a/blog/foss_is_working_against_itself.xhtml b/blog/foss_is_working_against_itself.xhtml
index 76b39c0..505bafc 100644
--- a/blog/foss_is_working_against_itself.xhtml
+++ b/blog/foss_is_working_against_itself.xhtml
@@ -1,195 +1,175 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Blog - #0 -->
-<!-- Version: 9.0.0 -->
+<!-- Version: 9.0.1 -->
 
 <!-- Copyright 2022 Jake Winters -->
-<!-- SPDX-License-Identifier: BSD-3-Clause -->
+<!-- SPDX-License-Identifier: BSD-3-Clause WITH AdditionRef-Inferencium-Personal-exception -->
 
 
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-		<head>
-				<meta charset="utf-8"/>
-				<meta name="viewport" content="width=device-width, initial-scale=1"/>
-				<link rel="stylesheet" href="../main.css"/>
-				<link rel="icon shortcut" href="../asset/img/logo/inferencium-notext.png"/>
-				<title>Inferencium - Blog - FOSS is Working Against Itself</title>
-		</head>
-		<body>
-				<nav class="navbar">
-						<div class="logo"><a href="../index.xhtml"><img src="../asset/img/logo/inferencium-notext.png" alt="Inferencium logo"/></a></div>
-						<div class="title"><a href="../index.xhtml">Inferencium</a></div>
-						<div><a href="../about.xhtml">About</a></div>
-						<div><a href="../news.xhtml">News</a></div>
-						<div><a href="../documentation.xhtml">Documentation</a></div>
-						<div><a href="../source.xhtml">Source</a></div>
-						<div><a href="../changelog.xhtml">Changelog</a></div>
-						<div><a href="../blog.xhtml">Blog</a></div>
-						<div><a href="../contact.xhtml">Contact</a></div>
-						<div><a href="../directory.xhtml">Directory</a></div>
-						<div><a href="../key.xhtml">Key</a></div>
-						<div class="sitemap"><a href="../sitemap.xhtml">Sitemap</a></div>
+	<head>
+		<meta charset="utf-8"/>
+		<meta name="viewport" content="width=device-width, initial-scale=1"/>
+		<link rel="stylesheet" href="../main.css"/>
+		<link rel="icon shortcut" href="../asset/img/logo/inferencium-notext.png"/>
+		<title>Inferencium - Blog - FOSS is Working Against Itself</title>
+	</head>
+	<body>
+		<nav class="navbar">
+			<div class="logo"><a href="../index.xhtml"><img src="../asset/img/logo/inferencium-notext.png" alt="Inferencium logo"/></a></div>
+			<div class="title"><a href="../index.xhtml">Inferencium</a></div>
+			<div><a href="../about.xhtml">About</a></div>
+			<div><a href="../news.xhtml">News</a></div>
+			<div><a href="../documentation.xhtml">Documentation</a></div>
+			<div><a href="../source.xhtml">Source</a></div>
+			<div><a href="../changelog.xhtml">Changelog</a></div>
+			<div><a href="../blog.xhtml">Blog</a></div>
+			<div><a href="../contact.xhtml">Contact</a></div>
+			<div><a href="../directory.xhtml">Directory</a></div>
+			<div><a href="../key.xhtml">Key</a></div>
+			<div class="sitemap"><a href="../sitemap.xhtml">Sitemap</a></div>
+		</nav>
+		<h1>Blog - #0</h1>
+			<h2>FOSS is Working Against Itself</h2>
+				<p class="update_date">Posted: 2022-01-27 (UTC+00:00)</p>
+				<p class="update_date">Updated: 2023-10-31 (UTC+00:00)</p>
+				<nav id="toc">
+					<h2><a href="#toc">Table of Contents</a></h2>
+						<ul>
+							<li><a href="#introduction">Introduction</a></li>
+							<li><a href="#examples">Examples</a></li>
+								<ul>
+									<li><a href="#examples-smartphones">Smartphones</a></li>
+								</ul>
+							<li><a href="#solution">Solution</a></li>
+							<li><a href="#conclusion">Conclusion</a></li>
+						</ul>
 				</nav>
-				<h1>Blog - #0</h1>
-						<h2>FOSS is Working Against Itself</h2>
-								<p class="update_date">Posted: 2022-01-27 (UTC+00:00)</p>
-								<p class="update_date">Updated: 2023-10-31 (UTC+00:00)</p>
-						<nav id="toc">
-								<h2><a href="#toc">Table of Contents</a></h2>
-										<ul>
-												<li><a href="#introduction">Introduction</a></li>
-												<li><a href="#examples">Examples</a></li>
-														<ul>
-																<li><a href="#examples-smartphones">Smartphones</a></li>
-														</ul>
-												<li><a href="#solution">Solution</a></li>
-												<li><a href="#conclusion">Conclusion</a></li>
-										</ul>
-						</nav>
-						<section id="introduction">
-								<h2><a href="#introduction">Introduction</a></h2>
-										<p>The world has become a dangerous, privacy invading, human rights stripping,
-										totalitarian place; in order to combat this, people are joining a growing, and
-										dangerous, trend, which I will refer to in this post as the "Free and Open
-										Source (FOSS) movement". With that stated, I will now debunk the misinformation
-										being spread inside of this extremely flawed movement.</p>
-										<p>The
-										<a href="https://en.wikipedia.org/wiki/Free_software">FOSS</a>
-										movement is an attempt to regain
-										<a href="https://en.wikipedia.org/wiki/Privacy">privacy</a>
-										and
-										<a href="https://en.wikipedia.org/wiki/Control_(psychology)">control</a>
-										over our devices and data, but the entire concept of FOSS-only, at the current
-										time, is severely, and dangerously, flawed. What the FOSS community does not
-										seem to understand is the fact that most FOSS software cares not about
-										<a href="https://en.wikipedia.org/wiki/Security">security</a>.
-										"Security"; keep that word in mind as you progress through this article. What is
-										security? Security is being safe and secure from adversaries and unwanted
-										consequences; security protects our rights and allows us to protect ourselves.
-										Without security, we have no protection, and without protection, we have a lack
-										of certainty of everything else, including privacy and control, which is what
-										the FOSS movement is seeking.</p>
-										<p>FOSS projects rarely take security into account; they simply look at the
-										surface level, rather than the actual
-										<a href="https://en.wikipedia.org/wiki/Root_cause_analysis">root cause</a>
-										of the issues they are attempting to fight against. In this case, the focus is
-										on privacy and control. Without security mechanisms to protect the privacy
-										features and the ability to control your devices and data, it can be stripped
-										away as if it never existed in the first place, which, inevitably, leads us back
-										to the beginning, and the cycle repeats. With this
-										<a href="https://en.wikipedia.org/wiki/Ideology">ideology</a>,
-										privacy and control will <em>never</em> be achieved. There is no foundation to
-										build privacy or control upon. It is impossible to build a solid, freedom
-										respecting platform on this model.</p>
+				<section id="introduction">
+					<h2><a href="#introduction">Introduction</a></h2>
+						<p>The world has become a dangerous, privacy invading, human rights stripping, totalitarian
+						place; in order to combat this, people are joining a growing, and dangerous, trend, which I will
+						refer to in this post as the "Free and Open Source (FOSS) movement". With that stated, I will
+						now debunk the misinformation being spread inside of this extremely flawed movement.</p>
+						<p>The
+						<a href="https://en.wikipedia.org/wiki/Free_software">FOSS</a>
+						movement is an attempt to regain
+						<a href="https://en.wikipedia.org/wiki/Privacy">privacy</a>
+						and
+						<a href="https://en.wikipedia.org/wiki/Control_(psychology)">control</a>
+						over our devices and data, but the entire concept of FOSS-only, at the current time, is
+						severely, and dangerously, flawed. What the FOSS community does not seem to understand is the
+						fact that most FOSS software cares not about
+						<a href="https://en.wikipedia.org/wiki/Security">security</a>.
+						"Security"; keep that word in mind as you progress through this article. What is security?
+						Security is being safe and secure from adversaries and unwanted consequences; security protects
+						our rights and allows us to protect ourselves. Without security, we have no protection, and
+						without protection, we have a lack of certainty of everything else, including privacy and
+						control, which is what the FOSS movement is seeking.</p>
+						<p>FOSS projects rarely take security into account; they simply look at the surface level,
+						rather than the actual
+						<a href="https://en.wikipedia.org/wiki/Root_cause_analysis">root cause</a>
+						of the issues they are attempting to fight against. In this case, the focus is on privacy and
+						control. Without security mechanisms to protect the privacy features and the ability to control
+						your devices and data, it can be stripped away as if it never existed in the first place, which,
+						inevitably, leads us back to the beginning, and the cycle repeats. With this
+						<a href="https://en.wikipedia.org/wiki/Ideology">ideology</a>,
+						privacy and control will <em>never</em> be achieved. There is no foundation to build privacy or
+						control upon. It is impossible to build a solid, freedom respecting platform on this model.</p>
+				</section>
+				<section id="examples">
+					<h2><a href="#examples">Examples</a></h2>
+						<section id="examples-smartphones">
+							<h3><a href="#examples-smartphones">Smartphones</a></h3>
+								<p>A FOSS phone, especially so-called
+								"<a href="https://en.wikipedia.org/wiki/Linux_for_mobile_devices#Smartphones">Linux phones</a>"
+								are completely detrimental to privacy and control, because they do not have the security
+								necessary to enforce that privacy.
+								<a href="https://en.wikipedia.org/wiki/Bootloader_unlocking">Unlocked bootloaders</a>
+								prevent the device from
+								<a href="https://source.android.com/docs/security/features/verifiedboot/">verifying the integrity of the boot chain</a>,
+								including the OS, meaning any adversary, whether a stranger who happens to pick up the
+								device, or a big tech or government entity, can simply inject malicious code into your
+								software and you wouldn't have any idea it was there. If that's not enough of a backdoor
+								for you to reconsider your position, how about the trivial
+								<a href="https://en.wikipedia.org/wiki/Evil_maid_attack">evil maid</a>
+								and data extraction attacks which could be executed on your device, without coercion?
+								With Android phones, this is bad enough to completely break the privacy and control the
+								FOSS movement seeks, but "Linux phones" take it a step further by implementing barely
+								any security, if any at all.
+								<a href="https://en.wikipedia.org/wiki/Privilege_escalation">Privilege escalation</a>
+								is trivial to achieve on any Linux system, which is the reason Linux
+								<a href="https://en.wikipedia.org/wiki/Hardening_(computing)">hardening</a>
+								strategies often include restricting access to the root account; if you
+								<a href="https://en.wikipedia.org/wiki/Rooting_(Android)">root your Android phone</a>,
+								or use a "Linux phone", you've already destroyed the security model, and thus privacy
+								and control model you were attempting to achieve. Not only are these side effects of
+								FOSS, so is the absolutely illogical restriction of not being able to, or making it
+								unnecessarily difficult to, install and update critical components of the system, such
+								as proprietary
+								<a href="https://en.wikipedia.org/wiki/Firmware">firmware</a>,
+								which just so happens to be almost all of them. "Linux phones" are not as free as they
+								proclaim to be.</p>
+								<p>You may ask "What's so bad about using
+								<a href="https://lineageos.org/">LineageOS</a>?",
+								to which I answer with "What's not bad about it?".</p>
+									<ul>
+										<li>LineageOS uses
+										<a href="https://github.com/LineageOS/hudson/blob/master/lineage-build-targets">debug builds</a>,
+										not safe and secure release builds.</li>
+										<li>LineageOS requires an unlocked bootloader. Even when installed on devices
+										which support custom Android Verified Boot (AVB) keys, the bootloader cannot be
+										locked due to lack of the OS being signed.</li>
+										<li>LineageOS does not install critically important firmware without manual
+										flashing, requiring users to perform a second update to install this firmware;
+										this likely causes users to ignore the notification or miss firmware
+										updates.</li>
+										<li>LineageOS does not implement
+										<a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a>,
+										meaning any adversary, from a stranger who physically picks up the device, to a
+										goverment entity remotely, can simply downgrade the OS to a previous version in
+										order to exploit known
+										<a href="https://en.wikipedia.org/wiki/Vulnerability_(computing)">security vulnerabilities</a>.</li>
+									</ul>
+								<p>LineageOS is not the only Android OS (commonly, and incorrectly, referred to as a
+								"ROM") with such issues, but it is one of the worst. The only things such insecure OSes
+								can provide you are customisation abilities, and a backdoor to your data. They are best
+								suited as a development OS, not a production OS.</p>
 						</section>
-						<section id="examples">
-								<h2><a href="#examples">Examples</a></h2>
-										<section id="examples-smartphones">
-												<h3><a href="#examples-smartphones">Smartphones</a></h3>
-														<p>A FOSS phone, especially so-called
-														"<a href="https://en.wikipedia.org/wiki/Linux_for_mobile_devices#Smartphones">Linux phones</a>"
-														are completely detrimental to privacy and control, because they
-														do not have the security necessary to enforce that privacy.
-														<a href="https://en.wikipedia.org/wiki/Bootloader_unlocking">Unlocked bootloaders</a>
-														prevent the device from
-														<a href="https://source.android.com/docs/security/features/verifiedboot/">verifying the integrity of the boot chain</a>,
-														including the OS, meaning any adversary, whether a stranger who
-														happens to pick up the device, or a big tech or government
-														entity, can simply inject malicious code into your software and
-														you wouldn't have any idea it was there. If that's not enough of
-														a backdoor for you to reconsider your position, how about the
-														trivial
-														<a href="https://en.wikipedia.org/wiki/Evil_maid_attack">evil maid</a>
-														and data extraction attacks which could be executed on your
-														device, without coercion? With Android phones, this is bad
-														enough to completely break the privacy and control the FOSS
-														movement seeks, but "Linux phones" take it a step further by
-														implementing barely any security, if any at all.
-														<a href="https://en.wikipedia.org/wiki/Privilege_escalation">Privilege escalation</a>
-														is trivial to achieve on any Linux system, which is the reason
-														Linux
-														<a href="https://en.wikipedia.org/wiki/Hardening_(computing)">hardening</a>
-														strategies often include restricting access to the root account;
-														if you
-														<a href="https://en.wikipedia.org/wiki/Rooting_(Android)">root your Android phone</a>,
-														or use a "Linux phone", you've already destroyed the security
-														model, and thus privacy and control model you were attempting to
-														achieve. Not only are these side effects of FOSS, so is the
-														absolutely illogical restriction of not being able to, or making
-														it unnecessarily difficult to, install and update critical
-														components of the system, such as proprietary
-														<a href="https://en.wikipedia.org/wiki/Firmware">firmware</a>,
-														which just so happens to be almost all of them. "Linux phones"
-														are not as free as they proclaim to be.</p>
-														<p>You may ask "What's so bad about using
-														<a href="https://lineageos.org/">LineageOS</a>?",
-														to which I answer with "What's not bad about it?".
-																<ul>
-																		<li>LineageOS uses
-																		<a href="https://github.com/LineageOS/hudson/blob/master/lineage-build-targets">debug builds</a>,
-																		not safe and secure release builds.</li>
-																		<li>LineageOS requires an unlocked bootloader.
-																		Even when installed on devices which support
-																		custom Android Verified Boot (AVB) keys, the
-																		bootloader cannot be locked due to lack of the
-																		OS being signed.</li>
-																		<li>LineageOS does not install critically
-																		important firmware without manual flashing,
-																		requiring users to perform a second update to
-																		install this firmware; this likely causes users
-																		to ignore the notification or miss firmware
-																		updates.</li>
-																		<li>LineageOS does not implement
-																		<a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a>,
-																		meaning any adversary, from a stranger who
-																		physically picks up the device, to a goverment
-																		entity remotely, can simply downgrade the OS to
-																		a previous version in order to exploit known
-																		<a href="https://en.wikipedia.org/wiki/Vulnerability_(computing)">security vulnerabilities</a>.</li>
-																</ul>
-														</p>
-														<p>LineageOS is not the only Android OS (commonly, and
-														incorrectly, referred to as a "ROM") with such issues, but it is
-														one of the worst. The only things such insecure OSes can provide
-														you are customisation abilities, and a backdoor to your data.
-														They are best suited as a development OS, not a production
-														OS.</p>
-										</section>
-						</section>
-						<section id="solution">
-								<h2><a href="#solution">Solution</a></h2>
-										<p>What can you do about this? The answer is simple; however, it does require
-										you to use logic, fact, and evidence, not emotion, which is a difficult pill for
-										most people to swallow. Use your adversaries' weapons against them. The only way
-										to effectively combat the privacy invasion and lack of control of our devices
-										and data is to become a
-										<a href="https://en.wikipedia.org/wiki/Turncoat">renegade</a>
-										and not take sides. Yes, that means not taking sides with the closed-source,
-										proprietary, big tech and government entities, but it also means not taking
-										sides with any FOSS entities. The only way to win this war is to take
-										<em>whatever</em> hardware and software you can, and use it tactically.</p>
-										<p>The best solution for device security, privacy, and control, is to use a
-										Google Pixel (currently, Pixel 5a or newer) running
-										<a href="https://grapheneos.org/">GrapheneOS</a>.
-										Google Pixel devices allow you complete bootloader freedom, including the
-										<a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">ability to lock the bootloader after flashing a custom OS</a>
-										(GrapheneOS includes a custom OS signing key to allow locking the bootloader and
-										enabling verified boot to prevent
-										<a href="https://en.wikipedia.org/wiki/Malware">malware</a>
-										persistence, evil maid attacks, and boot chain
-										<a href="https://en.wikipedia.org/wiki/Data_corruption">corruption</a>),
-										<a href="https://support.google.com/nexus/answer/4457705">long device support lifecycles</a>
-										(minimum 3 years for Pixel 5a, minimum 5 years for Pixel 6-series and 7-series,
-										and minimum 7 years for Pixel 8-series and newer), and
-										<a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>
-										for the entire support timeframe of the devices.</p>
-						</section>
-						<section id="conclusion">
-								<h2><a href="#conclusion">Conclusion</a></h2>
-										<p>Use what you can, and do what you can. By neglecting security, you are, even
-										if unintentionally, neglecting exactly what you are trying to gain; privacy and
-										control.</p>
-						</section>
-				<div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div>
-		</body>
+				</section>
+				<section id="solution">
+					<h2><a href="#solution">Solution</a></h2>
+						<p>What can you do about this? The answer is simple; however, it does require you to use logic,
+						fact, and evidence, not emotion, which is a difficult pill for most people to swallow. Use your
+						adversaries' weapons against them. The only way to effectively combat the privacy invasion and
+						lack of control of our devices and data is to become a
+						<a href="https://en.wikipedia.org/wiki/Turncoat">renegade</a>
+						and not take sides. Yes, that means not taking sides with the closed-source, proprietary, big
+						tech and government entities, but it also means not taking sides with any FOSS entities. The
+						only way to win this war is to take <em>whatever</em> hardware and software you can, and use it
+						tactically.</p>
+						<p>The best solution for device security, privacy, and control, is to use a Google Pixel
+						(currently, Pixel 5a or newer) running
+						<a href="https://grapheneos.org/">GrapheneOS</a>.
+						Google Pixel devices allow you complete bootloader freedom, including the
+						<a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">ability to lock the bootloader after flashing a custom OS</a>
+						(GrapheneOS includes a custom OS signing key to allow locking the bootloader and enabling
+						verified boot to prevent
+						<a href="https://en.wikipedia.org/wiki/Malware">malware</a>
+						persistence, evil maid attacks, and boot chain
+						<a href="https://en.wikipedia.org/wiki/Data_corruption">corruption</a>),
+						<a href="https://support.google.com/nexus/answer/4457705">long device support lifecycles</a>
+						(minimum 3 years for Pixel 5a, minimum 5 years for Pixel 6-series and 7-series, and minimum 7
+						years for Pixel 8-series and newer), and
+						<a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>
+						for the entire support timeframe of the devices.</p>
+				</section>
+				<section id="conclusion">
+					<h2><a href="#conclusion">Conclusion</a></h2>
+						<p>Use what you can, and do what you can. By neglecting security, you are, even if
+						unintentionally, neglecting exactly what you are trying to gain; privacy and control.</p>
+				</section>
+		<div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div>
+	</body>
 </html>