We don't know that none of the names are real. And even if they aren't, the article is still showcasing his failed attempt at doxing the owner of archive.today and providing a starting point for anyone else wanting to try.
> they were all already posted publicly previously
Doxing very often consists of nothing more than collecting data from a bunch of public sources
> Doxing very often consists of nothing more than collecting data from a bunch of public sources
I simply don't agree that this looks like doxing. No addresses or even any private information were reported. It's just a Google using WhoIs data and, in one case, the person said, in a public forum, that archive.is is "my website." Why would they have said that if they were worried about people finding out who it belongs to?
If they'd have stumbled upon an address to a private residence and reported that, sure, that would look like doxing. I just don't see it here.
I simply don't agree with that, either. It just seems like journalism to me. No details were reported that would reasonably be expected to compromise anyone's safety. Why should it be disallowed to investigate the ownership of a website? People used to do this all the time when they were going to order products from a web store they'd never used before, to try to deduce if it was trustworthy. They'd look up the owner, verify that the store has a physical address, etc. Were they not supposed to be doing that? They're just supposed to never Google any of that and just pray instead, because, if they learn any of that information, they've done something morally reprehensible? That's absurd.
And, to that point, archive.is isn't so different from a store. They accept donations, so it seems perfectly reasonable to ask and answer questions about where the donations go IMO. Is it unreasonable to look at and report on Archive.org's nonprofit details?
What does that even mean? Are you trying to suggest that journalism is inherently okay? A piece of despicable journalism simply cannot exist?
>No details were reported that would reasonably be expected to compromise anyone's safety.
So it's okay because he failed at what he set out to do? I'd counter that regardless of whether or not the doxing was successful, publishing this information serves no other purpose but to aid future attempts.
>Why should it be disallowed to investigate the ownership of a website?
You have to be kidding, I feel like anyone with even just the most basic social skills would be able to understand that absolutely nobody gives a shit about what you do as long as it doesn't affect other people.
> And, to that point, archive.is isn't so different from a store. They accept donations, so it seems perfectly reasonable to ask and answer questions about where the donations go IMO.
Obviously it is very different from a store.
Besides, why would you spend time trying to identify the owner of a store who is obviously not interested in identifying themselves? Surely the right choice is to pass in approximately 100% of such cases.
yeah looks like someone is either a hyper tailscale fan or had extremely bad experience with it, I also run several dozens of machines (and tablets and phones) on it. never had a single moment of downtime since I started.
They're missing support for newer codecs and current WiFi standards, can't decode Dolby Vision FEL, and, unless something had changed recently, they don't keep up on security updates (even if they are pushing out other updates).
I suspect the last point would be true even if they launched new hardware, though.
Also the current hardware has lots of overheating problems that hugely affect performance (you have to re-paste the heat sink to the CPU after only 2 years), and thier Bluetooth antenna is so awful it makes Bluetooth controllers for gaming completely unusable due to lag from lost/dropped packets (and the remote constantly disconnect and reconnect randomly).
CoreELEC is a godsend for FEL compatibility, IMO. With a little luck, you can get a device to do FEL for under $100, and you don't have to deal with some random, poorly maintained Android release that probably won't keep up with security updates, etc.
I thought one of the issues for Fairphone is that their security update schedule / security practices are a bit lax? Their phones are regularly requested by users to be targeted by GrapheneOS, but GOS developers contend that the security practices for the Fairphone are problematic. They apparently get security updates late and don't properly implement verified boot and attestation.
I like the devices, but I've stuck with Pixel devices for the better security practices. Honestly, I'm a little surprised that a university wouldn't be concerned about late security updates and the like.
I was going to keep to myself on this one, but this is a good jump-in point.
The security capabilities of their hardware are what makes GrapheneOS incompatible to target the phone,
Not any specific security practices of the developers of Fairphone.
Having said that: if there’s a way to MDM GrapheneOS, I’d be looking at that also!
The n+ patch interval on Lineage, /e/ and the rest of them, that’s plain and simply more days your administrators are at risk of giving up the keys to your castle - and that’s a tough pill to swallow!
That's not entirely correct. There are also updates to the baseband, bootloader, binary driver blobs, etc. E.g., the bootloader for the FP3 was set to trust roms signed with the AOSP test keys (https://forum.fairphone.com/t/bootloader-avb-keys-used-in-ro...). That's not something fixable by the OS / rom maker.
The security issues stemming from such things are likely real, as well. There was a paper released some time back, about binary blobs, that found:
> Our results reveal that device manufacturers often neglect vendor blob updates. About 82% of firmware releases contain outdated GPU blobs (up to 1,281 days). A significant number of blobs also rely on obsolete LLVM core libraries released more than 15 years ago. To analyze their security implications, we develop a performant fuzzer that requires no physical access to mobile devices. We discover 289 security and behavioral bugs within the blobs. We also present a case study demonstrating how these vulnerabilities can be exploited via WebGL.
These risks don't seem to materialize if you're not targeted by something like an intelligence agency. Not sure publicly funded research has such security requirements, at least by default (they can always buy custom equipment for a project, or just not put such data on devices you take home / out and about). Might be worth it compared to the very real benefits it has around the world by paying good salaries and fairer material sourcing
That's probably true, but some of the mistakes FP has made in the past could probably be widely exploited, so it doesn't instill a lot of confidence IMO. E.g., they were signing their OS images with the AOSP test keys.
It's not a particularly old company (a little over ten years I think?), so presumably they've had to learn a lot of those kinds of lessons at the start of their lifetime. But at this stage, I'd assume they've learned the lowest-hanging lessons, at least.
> It would work, but is it any better than existing options like a little computer on the desk, a computer on the back of the monitor, or an AIO PC?
I don't see how it would be better than just a mini PC. Presumably most people will be using a mouse in addition to the keyboard, so they've already got to plug in at least the mouse and the display. It seems like the added flexibility of being able to pick your own keyboard, and carry something smaller, would make a mini PC win at the cost of having one extra connector to plug in.
Most people don't care about mechanical keyboards, they just use whatever their employer provides, comes free with the PC, or is just the best deal on Amazon.
reply