vim/neovim

You’d still need “developer mode” to install f-droid or epic games apk.

People shouldn’t be scared or intimidated out of installing non-google store fronts.

…but yes, Grandma should avoid random apks pulled from the internet.

I understand and agree with your sentiment, but try explaining how ”developer mode" does not make you a developer to my Grandma.

It’s the same b.s. optics that invented “sideloading” as some technically shady practice, when it has always been: just installing the stupid app.

Enjoy it while it lasts. With Google forcing developers to register their Android apps (or they’re not allowed to be installed, unless you’re a developer), it puts pressure on applications like Firefox (or ublock origin) to tow-the-line.

This won’t happen tomorrow or next year, but the writing is on the wall, unless people push back or the government begins to push back on Big Tech.

The removal of device owner rights has always been a slow boil.

edit: fixed typo

That’s the strength of public/private key encryption.

The application (or OS) knows what the hardware vendors public key is. Thus ,it can verify that any message (or application key) claiming to come from that hardware (TPM) is legitimate or not. Thus, the OS is just a proxy or the middle man.

Now what you could do (in theory) is to start modifying the application and replace the hardware vendor public key with your own. …but you’d need to do this with every application and they’ll probably have some sort of anti-tampering or (more likely) you won’t even be allowed to install the application because your OS isn’t “safe/secure”.

disclaimer: I’m a bit hazy on some of these details. There are probably more elegant solutions.

They’re two sides of the same coin. Can’t have privacy without security and can’t have security without privacy.

Hmmm… I half agree with what you said. The corner stone of most security is an element of initial trust.

With SSL, we’re trusting that the certificate authority is valid.

With tools like GPG, I (as the sender) are trusting that the key I’m using to sign a message is really yours.

With Android we (the users) and the application developers are trusting Google (hence why “sideloading” is now “bad”, because Google says it is).

I absolutely agree that privacy cannot exist without security. But, your privacy is dependent on who your security model trusts.

I don’t trust Google with my privacy (hence, I degoogle) , but my bank app doesn’t trust my security (hence, the app can only be installed via Google Play).

So, privacy is dependent on security, but security is built on trust.

To expand on this a bit:

It’s all built on top of the concept of “a chain of trust”, starting at the hardware level.

(as mentioned) TPM is a chip that’ll store encryption keys at a hardware level and retrieval of these keys can only happen if the hardware is unmodified.

I assume that part of this key is derived from aspects of your OS (ie: all device drivers are signed by MS).

The OS will fetch this key, if it’s valid - the OS knows that the hardware is untampered, it can then verify that the OS is unmodified, which can then be used by application to determine that their not modified, etc.

Now you could spoof your own TPM chip (similar to how Switch 1’s are chipped/nodded), but the deal-breaker is that when you add your key to the TPM chip, you sign it with a hardware vendor specific public key. And that vendor private key is baked into the hardware (often into the CPU, so the private key never crosses the hardware bus).

It’s totally possible to achieve. TPM is the desktop equivalent of the technology that runs on your cellphone to have apps detect if you have an unlocked bootloader or root. It’s the same technology prevents your favorite concole (ie: switch 2, ect) from running pirated games.

This improved security does come at a price: we/the users are the enemy and cannot be trusted. This means modifying your system will be prohibited and we (the consumer) will have to trust that Big Tech has our best interests in mind. /s

They forgot to add “… otherwise, my boss will fire me” /s

As far as I understand that’s exactly what this project has done. They took the leaked node code as “inspiration” and had it converted to python. Now they’re converting that python code in rust.

I’m curious how that’ll play out, but as github is owned by microslop - I’m guessing it’ll be shutdown all the same.

Would you have a recommendation where I could use minimax m2.5 for cheap (I don’t have the hardware to host it myself)?

I was experimenting with Kiro-cli (not to be confused with kiro-ide) and I really enjoyed the work flow: changes being communicated and reiterated as in memory diffs. Plus it really worked nicely from within neovim (so no ide or tui to get in the way). But I really want an OSS solution, maybe opencode is that solution.

I’m sure Anthropic will be including “Please, don’t include our source code” as part of their future release prompts.

While the BitTorrent angle is not new, the authors previously only included a ‘distribution’ claim based on direct copyright infringement. This claim has a higher evidence standard, as it typically requires evidence that the infringer shares a whole work with a third party.

Since BitTorrent transfers break up files into smaller chunks before they are shared, it might be difficult to prove that a whole work is shared.

If the case sides with Meta, I can see future defenses pouring in “Ya, see your honor - I’m innocent cause I only seeded 99.99% of that movie.”

The watermark says 1990.

I do use a (modded) version of graphene as a daily driver and I do appreciate many of the features that it offer.

And I totally agree that some people seem to try to turn graphene into some rigid cult (especially on the philosophy of running root and “who decides how application backup should be made? The application developer or the device/data owner”)

That said:

the idea that the only way I can not get assraped on the reg is to give a shitload of money to google and then use this elitist OS is something I have a gigantic problem with.

There is actually a technical reason for this. Pixel phones are the only ones to support custom AvB keys.

Basically, this allows you (or graphene) to create a key, which can be used to sign your custom firmware. So, you can have a locked bootloader that will only allow OS updates signed with your key.

You can basically create your own OTA updates. It’s fantastic.

It’s amazing and disappointing that most phone manufacturers don’t allow custom AvB keys, but it’s a reflection of how they truly don’t care about people who like to tinker.

Now, should the lack of custom AvB keys be a barrier towards using graphene? Tbh, I don’t think so - but it does fit the graphene rigid MO of “root is bad”.

edit : fixed link

Not really. If I’m running as root or with a custom firmware, I can easily fake that my phones bootloader is locked, when in fact it isn’t.

Attestation creates a “chain of trust”, starting at the hardware level. So, an external website can verify that the hardware -> operating system -> application software are all “intact”.

“intact” is a very subjective term (which is why many technical people are against it), but that definition of “intact” will be defined by Google, Apple, Microsoft, or (possibly) whatever this EU Governing Body is.

However, it will not be defined by you the device owner.

Yup, and it’s the perfect demonstration how all the proposed “voter reforms” will have an impact (in favoring the republicans).

Ahh, okay. I understand. Thank you for the clarification.

Considering he’s made $400B since acquiring Twitter…

Serious question: How?

AFAIK, Twitter wasn’t terribly profitable before they sold to Musk. Then after he purchased it, the enshittification accelerated.

How on earth does this result in $400 Billions in profit?!?

I totally agree.

I am so tired of this “slow boil”, bs.