I don't understand why it resets at universal jump engine. Is that the end of the game, or is there some way to end up in a different state? I got to the point where that was the only option left.
Does activity pub not use public key cryptography? (I don't know the answer to this but assumed it would have)
If each post is encrypted and signed by the author, and Sig chains are verified by servers when recieving updates that each link in the chain is an approved follower, then while posts could be more widely reshared by recipients, they wouldn't show up as from the original author, because the sharer and the Sig wouldn't match.
Seems to me this would be equivalent to using a centralised system like Facebook, where anyone with access to your posts can just copy paste to re share them.
I agree, and on top of that Google products used to be, in my experience of top notch quality.
But over the past couple of years I'm seeing more and more bugs in Google maps, chrome, and android. I think they've really let the quality bar slip.
They were/are in such a dominant position it's taking a long time to crumble, but crumbling they seem to be, slowly but surely.
I've been staunchly on the Android side of the Android / iOS question, but this carry-on with refusing to block tracking like Apple has done is really making me consider switching.
I already have a second hand iphone for iMessage. Having a "sanctioned" device for baking apps and a device I control for everything else seems like the best hope for compromise these days.
You can buy a ready to use phone on their web site or you can install the OS on a compatible phone of your own. I have installed this on about 10 phones (all Motorola) for friends and family. Here is an example of one that I just put together as a Christmas present.
> the Google Play store doesn't work but that's no big loss
It's the loss of an entire ecosystem worth of apps.
If you want an inexpensive phone that will get five or six years of first party support with security updates after that, go with an iPhone SE.
The original $399 version got six years of OS updates and just got another security update last month. That's $67 per year that got both an OS update and security update.
It's the loss of an entire ecosystem worth of apps.
No, it's not. With very few exceptions, the Aurora store pulls apps from Google Play. About the only thing I have seen missing from Aurora store is a few super strict banking apps but you can usually just use their web site.
You can do paid apps. You just have to login to Aurora using a Google account instead of anonymously.
This isn't so bad if you use a privacy focused ROM and create a special, single purpose Google login that is only used for app purchases. I also suggest keeping a Google gift card for the occasional purchase.
Privacy invasion doesn't really kick in until you start re-using your Google login and your phone/apps are reporting back to Google on a regular basis with your location, device IMEI, advertising ID, hardware fingerprint, email address, browsing/search history, banking/purchase details (aka Google Pay), etc..
>It's the loss of an entire ecosystem worth of apps.
He literally just said that he used the Aurora store as an alternative. If you don't know what that is, it is basically an anonymous version of the Play Store. Highly recommended
I'm not happy with that compromise. I don't want to choose between charging and audio. And the dongles that can do both are actually really bulky. And Bluetooth headphones are a scam: too small to be repaired, must worry about batteries, Bluetooth likes to be flaky in general, almost all buds have terrible frequency response curves so the audio quality is not very good.
Take a look at my Amazon link above. This is a 5G "daily driver" from 2021 with a headphone jack, 6/128 GB and a big 5000mAH battery.
It's everything that the average Joe really needs for only $99 refurbed. As I said above, I just installed e/OS on one as a Christmas present. It runs very smooth and fluid, better than stock because the background Google spyware crap is gone.
where did this come from all of a sudden? I thought I knew all the Android alternatives. why does this super polished website for this out of nowhere suddenly maintained technology give me strong [intelligence agency of your choice] vibes?
With hardware remote attestation there will no longer be any point in even owning an android phone anyway. Android is obviously inferior to iOS in every way but the whole point was you could have control over the machine and do whatever you wanted. Now apps will be able to verify that you "tampered" with the phone and will refuse to run, and since it's hardware cryptography it cannot be faked without massive effort. Might as well get an iPhone which at least isn't a shitty Google product.
Termux is the one android exclusive software I can't live without and they managed to fuck even that up by killing processes indiscriminately in order to save battery or whatever. If there's no solution by the time my phone dies, my next one will be an iPhone.
>With hardware remote attestation there will no longer be any point in even owning an android phone anyway. Android is obviously inferior to iOS in every way but the whole point was you could have control over the machine and do whatever you wanted. Now apps will be able to verify that you "tampered" with the phone and will refuse to run, and since it's hardware cryptography it cannot be faked without massive effort. Might as well get an iPhone which at least isn't a shitty Google product.
Wait a minute, will something like this really come to Android phones? I guess that installing a custom rom will become impossible at the same time?
If this happens, then there truly isn't going to be much point in using an Android phone over an iPhone
Google SafetyNet can be used to attest that the device has not been modified or "tampered" with. Basically Google cryptographically proves it owns your phone and has control over what you do with it. You can fake the software attestation right now with stuff like Magisk but once it moves to hardware attestation it's over. You'll be able to install custom systems but what's the point if they can't run the apps you want or need?
Why wouldn't an app require this? Banks want it because "fraud", streaming services want it because "piracy"... You can come up with pretty much any reason for any "rightsholders" to want control over our computers. If WhatsApp starts requiring this, it's either accept Google control or my phone turns into a paperweight.
It won't become impossible to install a custom rom, it will simply become impossible to use many if not most popular apps.
Android already provides a mechanism for apps to refuse to run on modified devices, it's called SafetyNet and is widely used for example by banking apps. Currently, it's usually possible to trick it, but with hardware attestation it will become practically impossible.
The simple solution --- install the bank's web site as an app.
Go to the site, click the browser menu button (3 dots on Android or up arrow on iOS) and select "Add to Home Screen". You now have a link icon on your phone that looks and acts just like any other app.
Some banks (Chase for example) offer a "Progress Web App" which removes the browser interface elements so the causal observer can't even tell it's not a native app.
I am able to use Chase's app on my LineageOS + Magisk rooted device. The annoying part is that they seem to disable fingerprint login, so now I have to copy/paste the password every time.
Wait a minute, will something like this really come to Android phones?
Google has been doing this for quite some time to prevent unlocked devices from accessing the Play Store. The solution is to avoid Google Play --- along with all other Googly things.
This is a security feature and the play store doesn't require it AFAIK. Apps can choose to use it as a signal on whether a client is secure. Unlocked devices are insecure because an attacker can flash a malicious image and steal all of your sensitive data such as an authentication token for your bank account.
If your solution is to just be less secure go ahead, but don't complain when services don't want to serve you or treat you different since you are less secure than the other users.
> don't complain when services don't want to serve you or treat you different since you are less secure than the other users
Hell no. They should not be allowed to discriminate against me just because I chose to own my system. They should not even be able to figure out what software I'm running, to say nothing of "treating me different".
"Don't want to serve us" unless we let them invade and own our machines? Please. This should be illegal.
>They should not be allowed to discriminate against me just because I chose to own my system.
App developers don't care if you own your system. They just want a way to prove that the device their app is running on is secure and that the client has not been modified. If there was a way for you to prove that to them they wouldn't mind.
>They should not even be able to figure out what software I'm running, to say nothing of "treating me different".
They just want to know that the client has not been tampered with so that they know you are not going to shall user's tokens, scrape people's information, or mondo automated actions as a bot. A signal that you are using the vanilla client makes you much more trust worthy to a service.
>"Don't want to serve us" unless we let them invade and own our machines?
Apps aren't invading your machine. They just want some guarantees about the environment they are operating in. The information that they get from you is the package's name, certificate, version, whether it's from the play store, whether your device passes integrity checks, and whether the app is properly licensed.
> App developers don't care if you own your system.
> They just want a way to prove that the device their app is running on is secure and that the client has not been modified.
Contradictory. If I own the system, I can obviously modify it and everything running on it. Including your app. Therefore what they want is proof that I don't own the system.
> They just want to know that the client has not been tampered with
"Tampered with" -- there's that language again. Owning my computer is not "tampering", it is freedom.
> They just want some guarantees about the environment they are operating in.
Who cares what they want? It's my machine, I decide what they get. If they get anything at all. If I want them to believe they are running on a clean environment, that's what they should believe.
> The information that they get from you is the package's name, certificate, version, whether it's from the play store, whether your device passes integrity checks, and whether the app is properly licensed.
"Integrity" checks? Rooting my phone does not violate its "integrity". If anything it restores it.
Certificates? Store? Licensing checks? Look at all this crap that must be installed on "my" system just to give you your "guarantees". My phone's gotta come out of the factory pwned at the hardware level for your "guarantees" to be worth anything. It has to come with a full root of trust from the firmware to the bootloader to the operating system to each individual app just to prevent my "tampering". But you're seriously claiming apps aren't invading our machines.
I disagree. You can have control in modifying your system, but the software just needs a way to prove that the security features it assumes are true. There could be a way for it to analyze the changes you made and decide whether or not it should trust your system.
>"Tampered with" -- there's that language again. Owning my computer is not "tampering", it is freedom.
It's someone else's software. You may own your computer, but you don't own the YouTube client. Google owns the YouTube client. Tampering with Google's client is tampering.
>"Integrity" checks? Rooting my phone does not violate its "integrity". If anything it restores it.
No, it does not. One part of Android's security model is that app's have storage that only they can access. Take for example a 2FA app which stores it's private key in this location. This makes it so that you must physically have your phone in order to get a 2FA code. This is the "something you have" part of 2FA. Rooting your phone violates the integrity of the system because now someone can just become root and steal the private key. Now they can generate 2FA codes without physically having the device with them. It then becomes another "something you know."
>My phone's gotta come out of the factory pwned at the hardware level for your "guarantees" to be worth anything.
These are security features. Your phone is less secure without them. It's not pwned.
>An app "wanting" anything is invasion enough.
Everyone wants something. Every business transaction includes both parties wanting something from the other.
> According to an analysis by StockApps.com, out of the five major digital firms (Google, Twitter, Apple, Amazon, and Facebook.) Google harvests the most data on its users. The corporation collects thirty-nine data points for each user.
Apple is in a league above Amazon in protecting user privacy. It is the most privacy-conscious firm out there. Apple only stores the information that is necessary to maintain users’ accounts.
Apple stores data on who reads what articles in its News app to target ads. It stores data on who downloads which apps in the App Store to show ads. It will do more and more of this. Unlike Android, iPhone offers no other source for apps, and it does not let you uninstall the News app. User choice is required for real privacy. By that measure (for users who care about privacy and choose apps accordingly), Apple is the worst choice for privacy.
Basing the ad displayed on search terms entered or the page content is the opposite of a privacy violation.
The problem is companies like Google and Facebook, which track users across the web and relentlessly spy on everything they do.
Google literally spies on everyone's credit/debit card transaction data now, so they can spy on your offline life as much as they already do online.
>Of course, Google has been able to track your location using Google Maps for a long time. Since 2014, it has used that information to provide advertisers with information on how often people visit their stores. But store visits aren’t purchases, so, as Google said in a blog post on its new service for marketers, it has partnered with “third parties” that give them access to 70 percent of all credit and debit card purchases.
The difference between Android and iOS is that with Android, you don't have to use spying services from Google or Apple. With iOS, you are required to use spying services from Apple.
> Google literally spies on everyone's credit/debit card transaction data now, so they can spy on your offline life as much as they already do online.
Google gets your purchase history whether you use Android or iOS. iOS is strictly worse for privacy.
I don't know how you keep failing to understand this. How little Apple and Google care about privacy doesn't matter. What matters is being able to avoid them as much as possible. iOS fails completely at this, while Android fares much better.
Are you really that dense? I showed you how Apple violates your privacy on iOS in a way that you cannot avoid on iOS. On Android, you don't have to put up with that nonsense. What the hell does Google have to do with it, violating your privacy whether you use iOS or Android or no phone at all?
You have no choice but to let Google get your purchases (except maybe via some opt out with your card issuer). You do have a choice not to send your app usage to Apple and Google, but only if you use Android.
As far as whether Google or Apple is worse for surveillance capitalism, only the former (and Microsoft and Mozilla) lets me opt out of them collecting my SSID location. That is yet another reason iOS is worse for privacy than Android. Even worse, it is impossible to get your location on iOS without also sending your location to Apple.
> Spying on users is Google's entire business model.
What does that have to do with anything? On Android, I can use as few Google apps as an iOS user. Even better, I can use fewer spying Apple apps. Apple's entire business model is marketing to gullible users who hand over their money and their data.
It would increase the privacy of Google products if they blocked third-party tracking on their devices. It would be more private still if Google didn't do their own tracking but that is still a separate point.
I'm considering one of the Linux phones, don't use many apps anyway. I know that's a hard sell for most but it's becoming a real option even for normal users.
This is the cost of Librem 5 USA (made in USA) [0], not Librem 5 (made in China) [1]. Also, I preordered it for $600 a long time ago, and sometimes you can buy from resellers for a similar price [2].
>>This is the cost of Librem 5 USA (made in USA) [0], not Librem 5 (made in China)
I suppose that helps a little. I seem to have incorrectly assumed that the USA model was intended for use in the USA, not simply assembled there. Still crazy expensive. For that price I'd expect it to come with a keyboard and mouse and replace my Thinkpad altogether.
The only problem I'm seeing is this is all Gnome and I'm a big Mate desktop guy. I wouldn't really have a desktop replacement unless I could get the traditional desktop back. Still this situation is a much better one than I originally feared. I'll be watching this closely. Thanks for educating me.
I'm pretty sure you can start mate on it when you are plugged into keyboard/display/mouse. You just wouldn't have a smooth switch between phone and desktop.
Well if you really want a phone that's secure and private, prove it by paying for it. Mass production and the ability to sell your data to advertisers means the stuff that does that will always be cheaper.
How does the Librem 5 support verified boot? What about user data encryption? Those are the first, most basic security features I am expecting from a smartphone. How about app sandboxes and strict MAC policies?
Correct me if I'm wrong, but the way FDE is implemented in Librem 5 means that it is only effective when the phone is turned off? The disk is decrypted when you type in your LUKS passphrase and after that, it stays decrypted until you completely power it off or reboot. That makes it pretty much useless on a phone that you carry around.
The linked source has a lot of stuff that is done "in the future" and basically all of those "in the future" suggestions, are inferior to what AOSP has had for years.
The document lists some of the drawbacks of Librem 5, such as the use of memory-unsafe languages, and then blames Android for also relying on the same memory-unsafe languages and even some Android-specific components written in memory-unsafe languages. The fact is that Android has tons of mitigations specifically for this problem, which Librem 5 completely lacks. They're not comparable in that way. Librem 5 basically exposes the entire Linux kernel attack surface, whereas Android has multiple layers of protection between userspace and the Linux kernel. Apps written in memory safe language, proper app sandboxes, hardened memory allocator, extremely strict SELinux policies, CFI, PAC, ShadowCallStack, etc.
The only nice thing Librem 5 has, are the killswitches, but do those really matter at this point?
Yes, desktop GNU/Linux has a long way to go to get to the security model of Android. Yes, FDE only works for the turned off device (at the current stage). But, depending on your threat model, the phone can already be more secure nevertheless.
For example, if you do not trust the manufacturers in China, you can verify the schematics, or order Librem 5 USA. Or, if you suspect your device is compromised, you can rely on the kill switches to make sure you are not tracked or listened to. Can you do these on Android? I'm sure there are known vulnerabilities for the latter on the black market.
Another example: If you use the smart card to read or sign your emails, you can be sure that even a hacked or stolen unlocked phone would not allow the attackers to manage your email identity.
People who say that Librem 5 is less secure than Android do not take into consideration that threat models can affect it a lot. You cannot simply declare "it's insecure" without considering the threat models. Also, I guess if you are fine with the security of your GNU/Linux laptop, which you take with you, you should be also more or less fine with the Librem 5 security.
I am not even speaking about the freedom benefits. Also, there is no security and privacy without freedom (https://puri.sm/posts/why-freedom-is-essential-to-security-a...). In the long term, Google is heading toward the walled garden on Android, just like Apple does. I would not bet on it for the future. If you care about security more than freedom and need Android-style security now, then Librem 5 is not for you.
Beats me, I dunno if it does. But if it actually has no ad network tracking, that's more than any other platform, and could easily be worth the extra cost if you actually care about that.
Lots and lots of people say they don't want to be tracked by ad companies. But how many are willing to open their wallets to make it happen? I'd say you can judge how sincere their commitment is by that.
I have a Samsung printer and have installed the "Samsung Print Service Plugin" on my phone. From Firefox, I can then share the page with that plugin and it prints.
Yes, but anything can be a race if you set your mind to it, which is why we have terms like the "Embankment Peloton" to describe a class of aerodynamically-optimised road cyclists that commute eastwards during rush hour on their way to London's banking and legal centres:
Correct. A more widely used term (in my experience) for this sort of thing is a "pace line", which isn't always as wide as a peloton due to lack of road closure.
Riders form a paceline because of the crosswind which forces everyone to look for draft on the left or the right side of a rider in front of you. Eventually, there's not enough road for everyone to be in the draft and the first paceline is formed (also called an echelon).
More specifically though, paceline refers to the mechanics of the echelon, the way riders rotate, or take turns at the front to stay in the echelon. This rotation is the paceline.
Pelotons - the race variety of a paceline - can only be safely formed with road closures because they typically swell to fill at least one lane of the road. They are not just 1 rider behind another, but often 2-4 riders wide.
Pacelines for group rides and the like can be formed whenever, and they do not form just because of a crosswind. When I used to train with a group, we would almost always form pacelines in single file, on every ride.
Interesting, I’m not a French speaker but my Spanish is OK. Always thought it was rooted in “pelota” as ball - but after looking both meanings are accurate just one being a bit more literal
1630s, "a small body of soldiers acting together but separate from the main body of troops," from French peloton "platoon, group of people," literally "little ball" (15c.), hence, "agglomeration," diminutive of Old French pelote "ball" (see pellet).
They are indeed the same number of words, but as headlines go they are extremely weak compared to the original. In my view they are not at all close.
The original (before HN edited the title) told you what the subject was immediately. It went from specific to general.
"Planet's most energy efficient ..." is the most terrestrially broad introduction one could use.
Likewise, "New research finds ..." is such a common phrase that it almost repels people (particularly since much research is bogus).
It's only a subset of US English speaking people which will be confused by the original title. To the subset of US residents who have never heard of the company Peleton, and the hundreds of millions of English speakers outside the US, this headline wouldn't have been confusing at all.
It's not the "strength of the brand", it's a brand name that should have never been allowed in the first place because of that kind of confusion, that's specially why they went with that name, they knew, it is market manipulation, for the same reason Phone is not allowed as a phone brand
There's a difference between whether a name is sufficiently distinguished to trademark and whether it is prohibited as "market manipulation." One certainly could not trademark the word "phone," but it would be perfectly legal to sell a phone branded as such.
...and? Yes, there's a difference, but Peloton isn't just selling "peloton bikes," they've trademarked the name Peloton. Unless you are agreeing that a phone company named "Phone" would be as bad as a company named "Peloton"
