Which chat service/protocol do you prefer? #matrix or #xmpp
Boosts appreciated

@n0btc XMPP by far, the client situation on mobile is just heaps better (on desktop they're about as shitty as each other in different ways)

@allison @n0btc Nope, it actually is an XMPP problem. It’s because of its connection oriented nature. Matrix works perfectly on iOS.

@js @n0btc If an operating system gates what kinds of protocols I can use on it, that's a bug, not a feature.

@allison @n0btc It does not gate which protocols you can use. It gates battery usage and does not allow keeping TCP connections open while the app is not running.

@js @n0btc >does not allow keeping TCP connections open
i.e. it gates protocol usage and user freedom full stop
I don't care what the rationalizations are, but a phone which doesn't even let me put MP3s on it properly without a sync application is of little more use to me than a paperweight.

@allison @n0btc Install an MP3 player and just upload via WiFi? Or, of course, you can also make your life harder for absolutely no reason ;).

@js @allison @n0btc > you can also make your life harder for absolutely no reason

what, by using Apple products?

(sorry :blobcatgiggle2:)

@js @allison @n0btc anyway uh. both of you are right here. iOS sucks. XMPP sucks. both of them together really suck

@mewmew @allison @n0btc Yep. Mobile OSes suck. All of them. It’s about picking the one that sucks less. And there’s not really much of a difference as they all suck.

@js @mewmew @n0btc I'll pick the one that lets me run newpipe, conversations and husky. Everything else, even the browser, is window dressing compared to those three apps

@allison @mewmew @n0btc I’m very happy with Element iOS, Toot!, Apollo, Tweetbot and many others ;).

@js @mewmew @n0btc You're also a literal rockefeller by my standards so you can afford paying for all that. I can't. Setting aside my new laptop ($550 a month ago), the newest pieces of gear I personally own are (in reverse chronological order) my LG V20, my ThinkPad X200, my MacPro2,1, and then you get out to the woods with a lot of non x86 stuff. I have to maintain and repair all of that on NEET incomes for reasons I don't wish to get into here. Something like an iPhone is obscenely, unjustifiably expensive to me compared to the medicines I need to actually feel that life is worth living

@allison @mewmew @n0btc Old iPhones still get updates and can be obtained for reasonable prices :). $150 will get you an iPhone 7 128 GB in almost mint condition, which is still plenty fast and has plenty of storage. But this is no longer arguing about OSes from a technical perspective. There’s Android phones that easily cost more than iPhones, too.

X200 is a nice notebook for Coreboot, though. I still have mine for exactly that reason.

@js @mewmew @n0btc it's not just price (although that's definitely a part of it), it's the economy of the ecosystem and value for money. Can I replace batteries on iPhones? Have reasonable assurance they won't break? Will they run all my apps? Can I use 3.5mm headphones with them? Until all these questions are answered in the affirmative, the iPhone is little more than a toy to me.

@allison @mewmew @n0btc Battery can be changed (done that). Breaking them can easily be fixed yourself since cheap 3rd party replacement parts are easily available. Apps depends on what apps you need. Headphone jack: Starting iPhone 7 they come with an adapter cable, 6s still has a HPJ and is not much older. Most androids no longer have HPJ either.

@js @mewmew @n0btc Note the phone I cited in my previous post, V20 has it and many of the newer ones I consider have it too. (incidentally I'm fiercely loyal to the V20 as the last good phone for all the reasons I just cited)

@allison @mewmew @n0btc Such a phone would be completely out of the question for me due to lack of updates. As soon as a phone no longer gets updates, it’s more useless than a brick.

@js @allison @mewmew @n0btc hat is it about “updates” that you like so much? To me, there're a sign that the software didn't work properly the first time.

Apart from my browser (to keep up with Google changing the web standards) and youtube-dl (to keep up with Google changing how YouTube works), none of my software ever needs another update. In fact, I don't notice when I've forgotten to install them for months.

You'd discard an entire piece of hardware just because updates have stopped‽

@wizzwizz4 @allison @mewmew @n0btc Yes. Because an insecure phone that allows every script kiddie to exploit me trivially is a useless phone.

@js @allison @mewmew @n0btc Why does your phone have trivially-exploitable security vulnerabilities on it in the first place?

@wizzwizz4 @js @mewmew @n0btc It's an iron law of software that any sufficiently complex system is going to have vulnerabilities. Question is if you can deal with them or not (in my case, it's proven irrelevant but for others not so much)

@allison @mewmew @n0btc @wizzwizz4 I think this is a real problem if we talk about price. Security is something only the wealthy can afford, because they can buy a new device when it goes EOL. This is a huge problem IMO. You must not limit security to wealthy people.

@js @allison @mewmew @n0btc My phone's DOS-based OS's SMS code doesn't have malformed-Unicode bugs, and the web browser is run in a lower privileged context. Apart from the USB stack and the *#nn# codes, I don't think there's any vector for a vulnerability.

My phone cost €15.

@wizzwizz4 @allison @mewmew @n0btc Those are even more insecure than any modern smartphones, as they usually don’t have a separate baseband and application processor. And the baseband softwares are all Swiss cheese. Worse than web browsers.

@js @allison @mewmew @n0btc But the processor's free from speculative execution, so you can prove the code correct.

(Thanks for letting me know about baseband issues, though. I'll look into trying to exploit mine when I next have time; there's some stuff I want to do with the hardware.)

@wizzwizz4 @allison @mewmew @n0btc Speculative execution is really the smallest of all problems for mobile device security ;)

@wizzwizz4 @allison @mewmew @n0btc Because that’s the current state of mobile OS security. On both Android and iOS. There’s new exploits every few weeks. So the bad guys get to know about them this way and you are not patched.

@js @allison @mewmew @n0btc This highlights an important difference. The community is able to keep an old Android phone up to date years after the manufacturer abandons it. I'm not aware of anything like that for the Apple devices.

@brad @allison @mewmew @n0btc The community is able to provide newer userland on the same old kernel. Security bugs in drivers are still not fixed. So far, every iPhone got updates for so many years that it basically fell apart before it no longer got updates. An iPhone that gets updates for 7 years is nothing unusual.

@js @allison @mewmew @n0btc There are Android phones with mainline kernel support. The OnePlus 3 is one example. The postmarketOS project often works on mainlining devices.

@brad @allison @mewmew @n0btc There’s still plenty of blobs, starting from TrustZone all the way to the GPU. And those don’t get security fixes after EOL.

@js @brad @allison @mewmew fair. I had an ipad on IOS9 for a minute and still hated it. A friend gave me their old iphone 6s when they upgraded. Even on 14 i like android better

Sadly theres stuff that needs updates other than the kernel

I've not heard of any community attempts to take on maintaining drivers for an android device (it would be a whole load of work)

Theres also the component (WiFi, display, Bluetooth etc. etc.) firmware updates which, for valid security reasons, have to be signed by the device vendor. Monthly security update bulletins provide an ever growing public list of vulnerabilities in these firmwares

@js @allison @mewmew @n0btc

Sign in to participate in the conversation

chaos.social – a Fediverse instance for & by the Chaos community