Well it seems like a pretty natural fallacy to think that if something talks to us, in a language that we understand, that it must be intelligent. But it also doesn't help that LLMs, aka. fancy text generators built with machine learning algorithms, are marketed as artificial intelligence.
cmhe
joined 2 years ago
Maybe an unpopular opinion here, the Android security model is based around trusting the vendor of the device or ROM more than the end-user, which I find wrong in principle. The origin of trust needs to be fully in the hands of the owner of the device. Otherwise you take away the self-determination of the users, and that should never be an option when it comes to security.
Users themselves should be able to give or take away trust however they choose, and if they are unsure on whom to trust for certain things, they should be able to delegate that trust-management to a third-party on their own accord and with the ability to revoke it at any point.
Everyone is different, and trusts entities to different degrees. For instance I would trust MicroG more to only transmit data that is absolutely required to google servers, than the gapps.
Also, modifying the kernel is already done by google, in order to provide hardware support, so patching it additionally doesn't automatically make it more or less secure. That depends on what those patches do, and if those patches are properly maintained.
I found the main issue with many non-rolling release distributions are the upgrade instructions from one stable release to the next, and not the difficulty of installing them.
I'm myself a Archlinux guy, but that does sometimes require some carefulness and regularly (at least weekly) applying updates and does not have stable automatic updates, so I started installing Fedora atomic desktop distributions (Fedora Silverblue/Kinolite/etc.) for people that just want to use their device for basic stuff.
The reason for that is long term maintainability without an expert at hand.
I had so many bad experiences updating distributions from one stable version to the next, be it Debian and Ubuntu-based, or Fedora-based distributions.
And with those atomic desktop distributions the amount of moving parts is much lower, so hopefully upgrading them to newer releases is much more stable.
So I would suggest giving Fedora Silverblue (Gnome desktop), Kinolite (KDE) or Budgie Edition a try.
Yes, but only in one direction and if you use UDP instead of TCP. Also your MTU needs to be small enough for the packages to fit between the blades of the fan, otherwise that causes package fragmentation.
/s
I spend a lot more money on good Ethernet switches. But at least that works and is easier to manage than Wifi.
If vendors are either forced by law to keep every device they produce up to date with security fixes, until is patents and copyright expires, or have to allow end users to install any alternative software, without loosing any features advertised and provided by the hardware. I would be fine with that compromise.
Yes! I think part of the right to repair is the ability to install your own software on devices you own, when the vendor stops fixing it.
When we are talking about laws, yes you are right.
I was arguing more about developers not releasing the source code on their own, when they stopped releasing patches, or even remove the game from stores or shutdown servers, while stating that reason: "We cannot because we use third-party stuff."
No, they just do not want to. They might even think that their past games are in competition to their current games. So they do not want people to play (and improve/mod) them anymore.
This argument seems hollow, releasing source code is not an all or nothing situation. They can just release what they are allowed to, and let the community replace the missing stuff.
Releasing anything is better than releasing nothing and letting the community reverse engineer everything instead of just some third-party libraries.
view more: next ›
I haven't looked into it (because Android repos are confusing), but I assume it allows just one specific signature to spoof one other specific signature. If so then I do not see such a security issue, because it wouldn't suddenly open this mechanism up to everyone.
Even if it would require spoofing of multiple signatures, if there is a limited list of signatures to spoof as and a whitelist of signatures for the apps that are allowed to spoof them, then it would also be limited enough, IMO.
IIUC, you don't need to patch LineageOS anymore for MicroG: https://github.com/lineageos4microg/android_vendor_partner_gms/blob/master/README.md#microg-mobile-services