I would argue that it is about incentives. A market economy is about maximizing profit, so that (the class of) shareholders get more money out of it, than they put into it. Incentivising making money means you incentives a race to the bottom, producing lots of expensive and addicting crap that easily breaks for as little cost as possible. And you incentivise massive consumption of it.

A socialist economy should instead incentivise improving the world for all the people that live in it. Produce stuff that is robust, adaptable, sustainable and so on. Incentivise the mindfulness of the social and ecological impact of each product. And if someone needs something special, incentivise local makerspaces etc. that allows people to produce custom stuff in low quantities.

China is not communist, they are market-captialistic, one-party highly authoritarian state. “socialism” and “cmmunism” is just used to make them sound better and more legitimate than they are.

The first phone I bought myself (I had others before, but they where hand-me-downs) was the N900, which should have been the next generation of smartphones/devices. But because of Microsoft and Stephen Elop it wasn’t.

Not sure you understood my point. The “Gold” that people search for when trying to push “AI” is that they have to pay less wages, because they need fewer employees. Wherever they find it, or not is irrelevant.

Automation was always heralded as a time saver, but do employees really need to work less to get the same amount of money? No, because automation is always used to give the top percentages more money for less work, not the workers or the broad public.

Obsolescence of human workers/employees.

I haven’t looked into it (because Android repos are confusing), but I assume it allows just one specific signature to spoof one other specific signature. If so then I do not see such a security issue, because it wouldn’t suddenly open this mechanism up to everyone.

Even if it would require spoofing of multiple signatures, if there is a limited list of signatures to spoof as and a whitelist of signatures for the apps that are allowed to spoof them, then it would also be limited enough, IMO.

IIUC, you don’t need to patch LineageOS anymore for MicroG: https://github.com/lineageos4microg/android_vendor_partner_gms/blob/master/README.md#microg-mobile-services

Maybe an unpopular opinion here, the Android security model is based around trusting the vendor of the device or ROM more than the end-user, which I find wrong in principle. The origin of trust needs to be fully in the hands of the owner of the device. Otherwise you take away the self-determination of the users, and that should never be an option when it comes to security.

Users themselves should be able to give or take away trust however they choose, and if they are unsure on whom to trust for certain things, they should be able to delegate that trust-management to a third-party on their own accord and with the ability to revoke it at any point.

Everyone is different, and trusts entities to different degrees. For instance I would trust MicroG more to only transmit data that is absolutely required to google servers, than the gapps.

Also, modifying the kernel is already done by google, in order to provide hardware support, so patching it additionally doesn’t automatically make it more or less secure. That depends on what those patches do, and if those patches are properly maintained.

I found the main issue with many non-rolling release distributions are the upgrade instructions from one stable release to the next, and not the difficulty of installing them.

I’m myself a Archlinux guy, but that does sometimes require some carefulness and regularly (at least weekly) applying updates and does not have stable automatic updates, so I started installing Fedora atomic desktop distributions (Fedora Silverblue/Kinolite/etc.) for people that just want to use their device for basic stuff.

The reason for that is long term maintainability without an expert at hand.

I had so many bad experiences updating distributions from one stable version to the next, be it Debian and Ubuntu-based, or Fedora-based distributions.

And with those atomic desktop distributions the amount of moving parts is much lower, so hopefully upgrading them to newer releases is much more stable.

So I would suggest giving Fedora Silverblue (Gnome desktop), Kinolite (KDE) or Budgie Edition a try.

If vendors are either forced by law to keep every device they produce up to date with security fixes, until is patents and copyright expires, or have to allow end users to install any alternative software, without loosing any features advertised and provided by the hardware. I would be fine with that compromise.

Yes! I think part of the right to repair is the ability to install your own software on devices you own, when the vendor stops fixing it.

When we are talking about laws, yes you are right.

I was arguing more about developers not releasing the source code on their own, when they stopped releasing patches, or even remove the game from stores or shutdown servers, while stating that reason: “We cannot because we use third-party stuff.”

No, they just do not want to. They might even think that their past games are in competition to their current games. So they do not want people to play (and improve/mod) them anymore.

This argument seems hollow, releasing source code is not an all or nothing situation. They can just release what they are allowed to, and let the community replace the missing stuff.

Releasing anything is better than releasing nothing and letting the community reverse engineer everything instead of just some third-party libraries.

To simplify, two main reasons. First when done via revolutions it often causes economic and societal shock in which autocrates take the power away from the people. And second, when done peacefull, foreign intervention of secret agencies which again try to put autocrates in powerful positions.

One notable software business professional interviewed by RBC thought that the West’s decision would “adversely affect the life of the developer community, mutual trust within it, and therefore the quality of the product.”

It was Russia and other autocracies etc. that diminished the trust by actually financing developers for multiple years to first earn trust and finally introduce backdoors into open source software, as demonstrated by the XZ utils backdoor.

In open source projects, maintainers need to have some initial trust into each contributor, and let this trust naturally grow with time and contributions. They cannot perform intensive background checks on everyone before accepting a patch.

While it is easier to uncover backdoors in open source software, there is no good way to defend and prevent against this kind of attack in this type of development process. All open source projects can do is trying to take away some trust from people within higher risk groups. This of course might lead to discrimination.

I have nothing against any meta search engine, they are very useful, and I use them primarily as well.

However, they are not a true alternative, because they depend on third-party services. The same as Invidious is a very useful, but also not an alternative to YouTube itself, just a different user interface.

Tesla’s CEO; The Inspiration For Tony Spark

Elon “Baby-Brain” Musk as the inspiration of “Tony Spark” the cheap knock-off Tony Stark.

Well, you and I just have a different understanding of “search engine” then. For me a search engine is something that doesn’t forward queries to third parties.

Which other trustworthy search engines are there? And I don’t mean some different frontend or a meta search engine like ddg, sp, kagi, searx(ng), etc… that mostly just use googles, bings or even yandex and beidu results?

Ages ago I configured and hosted yacy for myself, but that was a different time… Are there any real alternatives? With mayor internet companies like cloudflare, social media sites and many others restricting the access to the net and information, searching becomes more and more impossible if you aren’t a huge corporation…

Together with secure boot and your own signing keys, it could be a good way to en/decrypt the a dm-verity secured read-only rootfs. But for the home partition I would probably still want to enter my own decryption key, maybe via systemd-homed. From there you can update the kernel/initramfs and read-only rootfs image and sign them for the next boot.

This is complicated to set up. Otherwise maybe use TPM as a 2FA, so you still have to enter a pin?

The SDK is not closed source, you can find the source here: https://github.com/bitwarden/sdk

It might not be GPL open-source, but it is not closed either.

Sure. To me “source available” is still closed-source, since looking into it might give companies an attack surface for you to have violated their copyright in the future. Happened with IBM in the past: https://books.google.de/books?id=gy4EAAAAMBAJ&lpg=PA15&pg=PA15&redir_esc=y#v=onepage&q&f=false

Let’s wait and see before we get out the pitchforks.

Sure. Bitwarden doesn’t owe us anything, but it is still sad to see this decision and better clarification and explanation could have alleviated the breaking of the trust here.