[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 24/07/18 18:34, Simon Waters wrote: >> unless you just want to vent fury about the tragic state of routers and > Well that. Well I read through your lengthy venting about routers and you are right about all of it of course, which is a bit depressing. Not only that but I'd actually like to add even more venting about related but less commonly known network vulnerabilities: BGP is still completely unsecured and regularly attacked and abused by state level actors. One day that's going to be used as the attack vector that literally brings down the entire internet when someone null routes a handful of international transit hubs at once. TR-069 and CWMP are still alive and well and being regularly used and abused by your ISP to backdoor - apologies, I mean provision and maintain - our routers. Little known, badly secured, often abused. SS7, a PSTN protocol, is completely broken and routinely abused by criminals and more frequently state level actors to tap, intercept and fake mobile phone communications including 2FA, SMS, etc. I throw this one in just in case anyone was unwisely thinking "at least my phone is safe from my ISP's ineptitude right?". Well correct, but it's extremely vulnerable thanks to your mobile provider's ineptitude instead. To return to ISPs and routers specifically, I personally think it's wise to treat your ISP as your own major adversary - they are closer to you than anyone else and are in the privileged position of owning all your network traffic. Their badly secured, badly maintained and flaky network hardware is _in your premises_ and it's there to serve them, not you. Your ISP literally has a toehold in your house and let's face it, with a few exceptions any ISP will roll over and give your data to anyone if they haven't already lost it several times over. They are actively seeking to monetize your data, if they're not already. State agents can and will request access to all of it, at any time, and your ISP will hand it over if they don't already just have fibre taps set up specifically for the three letter agencies. ISPs implement shady government block lists, hijack your DNS, refuse to modernise or implement IPv6 in any meaningful way and spent increasing amounts of their budget on deep packet inspection instead of upgrading their core network infrastructure. I could go on. It wouldn't be unfair to accuse me of not really having a very high regard for ISPs in general, although there are exceptions of course. Nearly all small ones, for example: https://www.aaisp.net.uk Anyway, none of this will be news at all to most people who have been paying attention - I just wanted to vent a bit as well after Simon had a go at the state of routers today. > Also I have a £50 Amazon voucher loitering on the bedside table since my birthday, > and I’m trying to decide if I want a tablet.... > > Amazon Fire are nice for the price, but people I trust say I’ll hate FireOS with a > vengeance. > > So what does it look like when you are done? Hmm, have you not owned a tablet before? Wouldn't surprise me if, like me, you've never actually owned one personally although you've no doubt fiddled with and setup loads for other people. It sounds like your friends know you well and they're probably right that you wouldn't be very impressed with a FireHD out of the box: I don't think anyone would really. In the default state Fire OS is just a skinned Android variant (hideously out of date, it's based on Lollipop!) who's entire job is to act as a one-way conduit between your wallet and Amazon's bank balance. Not that there's anything necessarily _wrong_ with that of course - for someone invested in the Amazon ecosystem who has a Prime subscription and uses Kindle books, Amazon Prime video, Alexa, buys a lot of stuff from Amazon, etc a Fire tablet is probably mostly fine as is (if a bit clunky and fatally flawed as a general purpose device). The unexpected root access glitch on the latest firmware does open an entire new realm of possibilities however - you're still not going to be able to unlock the bootloader and install lineageos (yet) but you can turn it into a very agreeable and incredibly good value Android tablet. I'd say at the £99.99 Prime sale price point it's easily the best value tablet available, doubly so if one happens to have a £50 Amazon voucher to hand! Both tablets I have here at the moment in their finished modified state (I'm still tweaking a little bit here and there whilst I write up a howto guide for XDA) are now really nice little units - I've completely disabled the custom Amazon launcher and skin and replaced it with the clean and simple Evie launcher: http://www.google.com/search?q=evie+launcher&tbm=isch You can drop in and switch between any reasonably sane alternative launchers as you like - most people use Nova which is a perfectly sane alternative but a bit busy for my liking. It's easy with root to remount the /system read+write, promote your chosen launcher to priv-apps and then disable/delete the com.amazon.firelauncher and com.amazon.paladin to make your launcher the new default. It eliminates using hacks like launcherhijack, stops screen flicker between full screen switching and fully restores expected home button activity. Judicious use of the "pm disable com.amazon.SOME.SHITTY.SPYWARE" command as root over adb will rip out any other Amazon goodies you no longer want: spyware, metrics, bloatware, special offers (including the adverts you normally pay to get rid of), Kindle reader, Prime, Amazon shopping, Alexa... there are many great XDA forum guides on debloating Fires that I have cribbed from. I should point out that if you like, you can actually leave this stuff in if you think you'll actually use it - of the two I have here one will got to a user who specifically wants some of the Amazon tools left running (they have Prime) but wants a clean interface, no ads and no spying while the other user wants everything mercilessly ripped out and the tablet to behave just like a standard off the shelf Android unit. Optionally the Amazon appstore (which sucks, obviously) can be removed/disabled and Google Play sideloaded completely - at which point you have full access to the usual several million apps. If you don't want either Amazon or Google holding the reins then there's F-Droid or Aptoide available as alternative app markets and no doubt many others. Finally, over the air updates from Amazon can be disabled or nuked entirely which closes off the last avenue for unwanted software "fixes" being forced on remotely and losing all your hard work. And if you go wrong at any point it's only a quick hard reset away from being able to start from scratch again. Perhaps the nicest thing I can say about the FireHD 10 is that I'm playing with one right now and seriously wishing that I had bought at least one for myself! Next time they're on sale at the same price point with a known vulnerable firmware version I will rectify that mistake. Hope that helps and if you end up buying one I'll post my howto here before the neat copy goes up on XDA. Cheers -- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq