notanapple

This is very weird, are using the default lemmy interface? I dont think the default lemmy interface has anything special so not sure why it would be acting like this.

You could use firefox only for apps that do not work well with librefox. Or try an alternative lemmy frontend like photon or voyager or tesseract or old lemmy (I forgot what the project is called).

Unfortunately it seems to be a completely proprietary kernel. I did find a paper on it (presented by Huawei in a conference): https://www.usenix.org/conference/osdi24/presentation/chen-haibo

The first line of the abstract reads

This paper presents the design and implementation of HongMeng kernel (HM), a commercialized general-purpose microkernel that preserves most of the virtues of microkernels while addressing the above challenges.

Another interesting tidbit from the paper:

We started the HongMeng kernel (HM) project over 7 years ago to re-examine and retrofit the microkernel into a general OS kernel for emerging scenarios. To be practical for production deployment, HM achieves full Linux API/ABI compatibility and is capable of reusing the Linux applications and driver ecosystems such that it can run complex frameworks like AOSP [42] and OpenHarmony [35] with rich peripherals.

Thats weird, lemmy shouldn't need any access to fingerprinting stuff. Its probably something else. What part of lemmy specifically does not work?

privacy.resistFingerprinting.block_mozAddonManager suggests it could be due an addon/extension (the flag enables extensions to work on 'restricted' pages such the new tab)

This is something people suggesting librewolf as an alternative to firefox don't get right, that librewolf is not just any fork of firefox, but a very hardened fork, with many options for privacy and security enabled at the cost of increased site breakage.

thats a very fair point, I had not seen anyone else make this one But the problem is that in this case, this functionality was entirely undocumented. I dont think it was intended for programmers.

Now if the firmware was open source, people would have gotten to know about this much sooner even if not documented. Also such functionality should ideally be gated somehow through some auth mechanism.

Also just like how the linux kernel allows decades old devices to be at the very least patched for security risks, open firmware would allow users of this chip to patch it themselves for bugs, security issues.

It was a skin, now its a completely different OS. The initial version, HarmonyOS, was based on Android/Linux, the new HarmonyOS Next, is a proprietary version (or successor) of HarmonyOS based on an open source project/OS, OpenHarmony. It uses a new microkernel instead of the linux kernel.

OpenHarmony is essentially an open source base for making an operating system on top. Its not like the Linux kernel, in the sense that its not just a kernel (in fact you can use the linux kernel with it), but rather a bunch of components people can build upon. And since it uses a permissive license, you can build a proprietary OS on top of it (like the HarmonyOS Next).

Huawei actually launched OpenHarmony many years back but it was not ready for phone usage yet. It was only with the launch of the 5th version that Huawei was confident enough in it to start using it on their own phones.

Its really a shame Huawei went for a closed source OS on phones (and probably laptops in the future if not now) instead of Linux or another open source OS (they even started with an open source version of their os). I hope this harmony os doesn't take up in other countries or we would be going backwards.

So the data of the 24 people, who signed for the beta program, were accessible to each other, to all the 24 people? Sounds like nothing burger to me. The odds of someone in the 24 people knowing about this issue beforehand I would say are pretty low.

We really should be pushing for fully open source stack (firmware, os) in all iot devices. They are not very complicated so this should be entirely possible. Probably will need a EU law though.

I saw a comment somewhere that to exploit this a person has to be physically in the area (i think it was in a radius of few meters iirc). Thats not much better i guess since its not hard to be around random iot devices but it at least prevents mass attacks (if true).

thanks for all the work! 2.0 is a lot snappier than the previous version, no more weird hangs on my phone.

aha thanks! i was wondering how ppl do this yeah but tbf discord has a lot of features