I think it’s also made much more apparent when that demographic that had no interest in computers were forced to be chronically online due to the lockdowns and quickly found the anti-vaxx groups, and suddenly felt like their opinion matters and that everyone is an expert if they do a little bit of “research”.

Why though?

We can just subscribe to the community on lemmy.ml, there’s no point reposting when it’s already there ready to federate.

It depends on your overall energy use but generally that would be negligible when compared to heating and hot water, especially during winter when the furnace runs 24/7.

In particular, during the winter, all excess energy from the oven is heat the furnace doesn’t have to provide so it’s basically free: you’d use that energy anyway.

Generally the economy of scale should technically favor the prebaked bread, at least before the store slaps its value added surcharge for it. The store still needs to pay for the energy (but probably gets it cheaper than you), but also needs to pay to maintain a factory, equipment, employees. So you kinda need to factor in the price of your oven too and its wear and tear.

I just buy the loaf because one thing I know for sure is if I factor in the value of my time, it’s way better and easier to work an hour than spend an hour baking a loaf of bread. The time to bake the bread costs more than if I used that time to work the equivalent time and buy 5 loaves of bread with the money.

That’s the point, we don’t want it to phone home. So why are we crying it won’t let us turn on an even worse feature when telemetry is off?

If you don’t like it phoning home, why would you possibly want it to download and execute random code pushed by Mozilla? No phoning home means no phoning home. You can’t possibly want telemetry off and labs on at the same time.

That kind of makes sense? Aren’t the labs when they’re A/B testing or benchmarking new features before general release and toggle random people’s settings doing so? I vaguely recall some drama around that.

If I turn off telemetry I want those off too, it makes sense they’re linked. It you want a new feature there’s always nightly+about:config, but I don’t want it downloading random config toggles especially if it’s not reporting back that it broke my stuff. The code should be what I installed and compiled by my distro, not some random lab blob downloaded off their servers at runtime.

That kind of makes sense? Aren’t the labs when they’re A/B testing or benchmarking new features before general release and toggle random people’s settings doing so? I vaguely recall some drama around that.

If I turn off telemetry I want those off too, it makes sense they’re linked. It you want a new feature there’s always nightly+about:config, but I don’t want it downloading random config toggles especially if it’s not reporting back that it broke my stuff. The code should be what I installed, not some random lab blob downloaded off their servers at runtime.

It’s derived by both a key from the TEE and the PIN/password.

The reason for that is so you need both the user’s correct password, and the TEE to agree to hand out the key, which it may refuse to do if there’s been too many attempts. When you factory reset it just generates a new key, instantly making all the previous data permanently inaccessible. The TEE will also wipe the key if you unlock the bootloader or try to break in the wrong way.

It’s still only roadblocks though, extract the key from the TEE and you have unlimited attempts on what are usually weak 4-6 digit PINs. It’s not a lot of tries. Then you better hope you had a good password.

Biometrics are worst than a pin in a situation where your phone us hooked up to Cellebrite, because most likely they can just take your fingerprints, or make you press the sensor by force. Or even worse with facial recognition, because they can just wave the phone in front of you to unlock it.

It’s generally not super good otherwise either, at least not as a reliable way to derive an encryption key while being tolerant enough to damaged skin and positioning and all.

Biometrics are a good compromise for daily convenience: most people care about if they lose their phones or it gets stolen, and a thief will just factory reset it and flip it especially of the full qwerty keyboard pops up. Biometrics are still usually backed by a PIN or password, so biometrics makes it bearable to use a strong password since you only need to enter it once every couple days. And that password is the encryption key, so in BFU state you’re safe.

It was made back when Facebook had that old style UI, in 2010. And then interest in Facebook’s format kinda died, and so did the interest in the project.

It doesn’t solve Safety Net/Play Integrity, at all. My bank is the kind that just warns you and then lets you in anyway. I just live without Google Pay, I just put the card in the phone case to the same effect. The point I was making there is that most apps don’t care, Google isn’t “pushing” it, but it is made available to developers, so really it’s the app developers’ choice to check or not.

Pixels are just less fiddling because flashing it is supported. It is not endorsed by Google, and you don’t pass Play Integrity at all, but it is supported and doesn’t void your warranty. They just allow you to install whatever you want on your hardware without a fuss, and get the full performance you’d expect and all, and even make use of the security chip. But, they only trust their code and their ROM for the purposes of Play Integrity, which is kinda fair game.

That’s why it is quite ironically the device of choice for GrapheneOS. It’s not a hack, it’s a fully supported use case even though you lose Play Integrity certification, so they can implement all the security features Google has access to. The TEE will happily sign a unique and verifiable integrity attestation… for GrapheneOS’s ROM signature. You can make an app that only works on genuine official GrapheneOS the same other apps do with Play Integrity. You can have a custom ROM and properly enroll it in some enterprise MDM and all that stuff, and only allow your builds of that custom ROM to enroll. But, no Play Integrity because it’s not their official certified build.

It’s like PC, you can turn off secure boot, you can secure boot with your own OS keys and get all the security benefits. But Valorant will still refuse to let you play if you haven’t booted with secure boot into an official unmodified copy of Windows where they can ensure their kernel anti-cheat can trust the kernel about what drivers and processes are loaded. Microsoft isn’t forcing their OS on you, but the developers will only trust you if you do. You’re still perfectly free to put Linux on it, and it won’t affect you otherwise.

If you’re buying something to mod I’d recommend a Pixel, unless you’re getting an older OnePlus for cheap.

It’s a OnePlus 8T, but I think any OnePlus before I think the OnePlus 11 have excellent custom ROM support.

AFAIK I got lucky and the 8T is the last model from their “being nice to developers” era. OnePlus was born originally to be developer friendly, it was based on CyanogenMod out of the box, they even sent phones to developers.

Mine launched with OxygenOS 11, and then OOS12 was completely rebuilt on Oppo’s ColorOS and they threw everything out the window. Took them forever to drop sources, and it just went downhill from there.

Google bought Widevine in 2010, so in my opinion they were already concerned about big corp’s interests above the users well before. I think SafetyNet is the natural evolution of that.

I think SafetyNet came with Google Pay for contactless payments, most likely at the request of the banks. They had to work with the banks for that, that’s when they got the leverage. If they didn’t they’d just go partner with Samsung instead, who already had Knox, and I did see Samsung Pay on my phone before Google Pay was available at all.

They also had to increasingly deal with shitty root detection libraries that were getting popular and excluding legitimate users because the latest Android changed things enough it looked modded to the apps. They probably saw it as a lesser evil to just take it in their hands.

You don’t need that much leverage to put enough pressure that there’s enough demands for a feature for the feature to get added. Android was dealing with a lot of fragmentation, piracy and quality problems already, Google needed people to see Android as not just the shitty budget option, they wanted to compete with the iPhone proper.

The entheusiast market only gets you so far. You need entheusiast buy-in at first, but then you have to pivot to end user “premium” experience, which is why brands like OnePlus eventually turn their back to the users that propped the company up. Regular users would rather pick the walled garden than the open world if it means their apps work better in the walled garden. The walled garden is a better experience for the average moron.

Because I have a OnePlus.

Google outright lets you unlock your bootloader on Pixels, and relock it with your custom keys, and even tells you how to do all that in the docs. You lose Play Integrity certification which is where things are getting a bit messy.

But for that you have to blame Amazon, Netflix, Hulu, Disney, a lot of banks, a lot of games for using what is basically DRM for apps. It’s the developers that want those features, so you can’t mod their APKs and take the ads out, make sure you download the official version from Google Play because dumb users getting scammed and all that stuff.

I run LineageOS on my phone, I’m not doing anything whatsoever to hide it, and pretty much everything works perfectly except Google Pay. Which I guess is fair game, I hate it but there’s a reasonable argument to be made there.

The rest is the same DRM woes I deal with on Linux, I value my rights and freedoms more than running an app.

What do you want the UI for? For configuration it’s usually meh because it’s the kind of thing you configure by config file, often generated config files even. For stats it’s where it gets interesting, usually third-party options like Grafana is used along with something like Prometheus to collect the metrics.

When it comes to easy configuration, newer options go for the zero configuration angle rather than a nice UI to configure it. Just need some Docker tags and Traefik automagically configures itself, so the UI is just for viewing information.

I don’t remember the exact details but it didn’t work right. That was arguably a couple years ago on a server distro approaching EOL, may have been long fixed. It involved Android 4.4.

Few of them for most use cases, especially a VPS. My server have a couple of IPs each mapping to a different VM, they can all claim 22/80/443 as you’d expect, but that’s just basically the same as having a bunch of VPSes anyway.

It’s useful for some other uses like, I might want to dedicate an IP for VPN exit that doesn’t expose any services.

Another use is sometimes you just want two things to stay entirely separate, even if on a technical level it could work with a reverse proxy. It can eliminate some class of exploits like request smuggling.

One use case I’ve had for a customer is they have a system that can only do TLSv1.0, which is wildly obsolete and exploitable. So that particular API endpoint was served from a secondary IP, that way I can continue to enforce TLSv1.2+ on the primary IP. It’s possible with some reverse proxy magic with HAproxy, but I could also just make a new server block in the existing NGINX bound to that IP and call it a day.

I think I’m kind of on the other extreme, I day dream a lot. It’s like I can experience anything I’ve experienced before on demand and replay it. Sometimes it’s annoying, it’s like someone left 3 TVs and 2 radios on in my head and I can’t turn it off.

I didn’t know that was a thing until today, but also totally unsurprised, the brain is super weird.

I don’t struggle to picture it though, that only works for me if the book is interesting. When it’s boring (ie. forced to read it and there’s a test), I think my brain falls back to how you read books.

How do you guys without aphantasia manage to read when there’s pictures whizzing around your head all the time??

For me, the book and my surroundings completely disappear, the whole thing turns into a dream-like movie experience. I don’t see letters or words at all, it becomes an unconscious process that keeps feeding the dream and it looks similar to fuzzy AI videos.

Sometimes the process of getting pulled out into reality again can be brutal: suddenly it’s 3h later and I have to look around and take a moment to settle back. If you dream while you sleep, it’s like when you suddenly wake up while you were in an intense dream, takes a moment to process. I’m really completely gone in another world the whole time.