Have you ever wondered why #GrapheneOS has a separate PDF viewer?

Well that answer is pretty obvious, it is more secure to have a separate hardened, sandboxed utility designed for that instead of sharing such a responsibility with a much larger app with greater attack surface like a web browser or office suite. It is trivial for some threat actors to deliver weaponized, malicious PDF files to their targets.

If we know all of this, the next step for some may be to wonder "Why is the GrapheneOS PDF viewer secure?", for you, I will explain some of the most important details:

The GrapheneOS PDF Viewer app requires absolutely no user-facing permissions to run, it doesn't ask for any, nor does it need them. Without permissions the app is completely contained in the Android app sandbox and the security access model is far greater.

How the viewer opens a file is through making a false request to Localhost from the WebView and then intercepting that request with a stream of the PDF data. The benefits to this include:

1. We don't needing files access in the WebView (both setAllowFileAccess and setAllowContentAccess are set to false).

2. Allowing us to intercept headers into the request like CSP, Permissions Policy for hardening the sandboxing done via the WebView With CSP, all dynamic and inline CSS and JS is disabled. The only scripts loaded are those used for the viewer itself.

3. In addition to using WebView for PDF Viewer, Vanadium takes the place for the WebView on GrapheneOS, meaning GrapheneOS users take advantage of the exploit protections used in Vanadium.

Even with all of this, the PDF Viewer still has a fair amount of room for improvement when it comes to quality of life features and usability enhancements.

FREEDOM TECH PROJECTS THAT WORK TOGETHER WILL DO BETTER THAN THOSE THAT DO NOT.

FREEDOM COMPOUNDS. 🫡

Nearly every Bitcoiner feels like a “latecomer” when he first starts stacking sats.

As time goes one, he realizes there is never a bad time to become a Bitcoiner.

GM

#m=image%2Fjpeg&dim=736x1308&blurhash=%5DJFiPx00ofRjRj00%7EqM%7BM%7BxuIURjt7xuIU%7EqM%7Bt7RjWBIUj%5Bt7WBt7M%7BRjfQayWB%25MxuM%7Bt7ofj%5BRjofxuRjD%25Rjj%5Bj%5Bt7&x=40732a2437cb7f4c36bab2c5ffc86e647a8dd6c31c17139cd4109fe9f2a4c842

Rogue money

forgets to drink coffee; decides her life is just pain now; spends the weekend fighting caffeine withdrawal 😭

all the advice says to taper but im incapable of following a schedule 🪦

Can't sleep. Too many thoughts.

What are you into?

BULLISH ON THE FUTURE

💀

|{I}\_🫧

I/ \

/_ /_

if you haven't experienced a bull market while hodling #Bitcoin ...

prepare yourself mentally. Get your self custody in order. Whatever you're anticipating will probably not be the case.

A good goal is to end the cycle with more BTC in COLD STORAGE than you began it with. The euphoria of 5-10k candles will test your conviction.

Proceed with caution. Don't succumb to high time preference scams & don't leave your BTC in someone else's hands for illusory "yield".

When you self custody BTC, life is yield. Where we're going, nothing is worth the security trade off of 3rd party custody.

Don't get reckless. Security is not one and done solution. Spend time setting up a node and self custody solution that works for your situation.

Set stacking goals & don't let off the gas when things start to go parabolic.

Patience & diligence can set you free.

PS. the laws that will make us all criminals haven't been written yet...

Have you considered a remote citadel in another country anon?

Good Morning Nostrzens. I hope you all had a lovely Thanksgiving and/or Thursday. Mine was spectacular! Now back to writing more history of programming...

GM Nostr 🧡⚡

Custodial wallet gets removed from centralized US app stores.

Imagine my surprise 🙄

closed source custodial nostr clients are a threat to users and during these early days of nostr adoption represent an existential threat to nostr

if a non sovereign client or tool accrues significant market share they could potentially use their control over users to influence the greater network or bifuricate it

nostr is permissionless and we cannot stop people from shipping whatever tools they want but it highlights the importance of rapid development of freedom focused foss clients and tools

this is my main focus, supporting the individuals building out the freedom tech tools we sorely need, momentum is strong, incredibly hopeful, we must continue to push forward 🫡