This. Since Firefox claims to be a privacy-first browser, it should, by default, use the Arkenfox settings (report spoofed values for language, screen size, fonts, and many other attributes that aid fingerprinting), and include uBlock Origin out of the box.
But it should go even further; the ultimate goal should be for all Firefox users to basically look the same from the point of view of third parties and put an end to tracking in the modern Web.
> report spoofed values for language, screen size, fonts, and many other attributes that aid fingerprinting
How much do these break functionality? If I spoof language, am I going to start seeing websites in German? If I spoof screen size, am I going to get weirdly zoomed websites?
I have my browser set to request, in order, English, a different English, then a non-English language. Some sites (Android docs, Gitlab, F-Droid) will send me the non-English content; Google even preferentially does their AI translation thing instead of the original English.
Then for some web sites it won't matter and display the dominant language of the country that you're accessing from. My Firefox sends US English as the only preferred language, but a ton of US tech companies default to showing web sites in Japanese without a way to change it because I access them from Japan. It's pretty typical of American companies that don't understand localization and accessibility.
Most infuriating is when they do it based on GeoIP. So what I'm in Istanbul currently, I know maybe a dozen words in Turkish. But no, and also they insist on having broken language switchers.
It's all bug fixes it seems. What is surprising is that so many bugs remain even after all this time and effort. And no, for the most part these are not the kinds of bugs that are squashed by a rewrite in Rust.
This precisely. What started out as a way of rewarding authorship (of text, software, or other things) has mainly become a way of extracting rent -- see the music, movie, and software industries. In the digital age, when the cost of making copies of such works is approximately zero, copyright law ceases to make sense.
Note that this does not mean you cannot make money selling software or software-related services. For example, game developers could still sell keys for online play on their servers even if they couldn't copyright the binaries.
> and new maintainers aren’t stepping up because they can’t afford rent, let alone to devote their full time to FOSS work free of charge like a lot of older project maintainers do.
What about the Rust rewrite (sudo-rs)? I think it shows people are interested in maintaining and/or modernizing tools taken for granted.
It has a more lax license AFAIK. Also, many Rust projects and libraries have been abandoned, or are in so-so shapes.
Edit:
To specify, new projects like sudo-rs may seem promising, but going by observation and experience with similar projects, there is no guarantee that sudo-rs and similar projects will be successful, good and continued to be maintained. The problems with old projects can end up applying to new projects as well. And projects in Rust are no exception, going by experience with existing, older Rust projects.
Aside, a pet peeve I have is that for instance Ruffle has not turned out as successful as I had hoped for, even after several years and many sponsors. The proprietary Flash runtimes written in C still outperform Ruffle greatly in some cases, causing problems for some users that want to use Ruffle instead of other runtimes.
If there are 1000 projects that aren't sudo-rs but are similarly load bearing, and they have all been abandoned/in so-so shape, you're right that it doesn't actually say anything about sudo-rs, but there's a highly probable outcome that will be inferred by most people. Incorrectly or otherwise.
How is this a counter argument for anything? A more permissive license is not inherently a bad thing. Many C and C++ projects are also abandon or in so-so condition, why you uniquely call out Rust makes little sense. Either sudo-rs fills the void or it doesn't, but it is a counter point to this idea that open source projects have no path of evolution. Just because that path doesn't look like how you want it to doesn't mean it doesn't exist.
I used to have an SFP28 Mellanox card in my home server, but went back to a simple 2.5G Ethernet port for the LAN side. The Mellanox card ran hot and needed an extra fan near it to dissipate the heat. It was cool but there was no real benefit other than occasionally when transferring some large files.
Until motherboards include SFP ports it's probably not worth the effort at all in home setting; external adaptors like the one presented here are unreliable and add several ms of latency.
For reference, I'm seeing pings from my Mac to my Linux boxes (Lenovo Tiny5) at well under 1ms, not much worse than between them directly. But yeah, your mileage may vary.
Yep, these cards need a fan (or any kind of directed air flow).
Where did you get "several ms of latency" figure from? I have not measured external card, but may be I should do it... Because cards themselves have latency in range of microseconds, not millis.
I haven't tested this particular Thunderbolt SFP adapter, but my experience with a TP-Link 1Gbps USB adapter is that it adds about 4ms of latency. Far from being unusable and similar to WiFi perhaps, but worse than PCIe cards that should be <1ms.
it's all just driver/options crap if I were to take a guess.
there are a lot of usb options that matter, and tp-link ships lots of realtek chipsets that require very special driver incantations that a lot of the linux drivers simply don't replicate.
two+ layers of bad options will surely add 4ms quick.
I think there's definitely something with that specific setup. For me, pinging between two cheap Realtek 2.5 GbE USB dongles (one is on a Mac one is on a 7 year old Intel Atom Synology) is still sub-ms (hovering around 0.7-0.8ms) so it's not an inherent problem to USB dongles.
USB itself can have a lot of issues anywhere in the chain. I have a Thunderbolt dock where half of the USB ports adds latency and reduced throughput just because the USB chipset that powers them is terrible (it has two separate USB chipsets from different brands). Switch to a different port on the exact same dock and it's fine.
Please talk to your congresspeople about getting DRM abolished, in the meantime, please don't try to deny my freedom to consume legally obtained content that is only available with DRM.
It's nice that you can unlock the bootloader on these and flash Lineage if you want to limit snooping by Google.
That being said, I think that you get more flexibility and performance with a mini PC and and air mouse. For one, stock (Googled) Android does not give you an easy way to use a browser with an ad-blocker, which is still the best way to stream from many sources without ads. Also all these anemic Android boxes struggle with high bitrate 4K videos.
You unfortunately lose Widevine support when you do this though (either switching to LineageOS or a mini-PC). That means you can't stream any of the mainstream services in anything like a half-decent quality.
It's very unfortunate that every streaming service has given up on supporting anything except Google-fied Android and Apple iOS/tvOS. I dont like the services to begin with, but a fully Jellyfin stack can only get you so far when there are niche requests involved as well.
That's the kicker I'm pointing out. It's a very limited number of people that agree.
If you're satisfied with the equivalent of 6-12 DVDs worth of content, or are only pulling the latest of a handful of shows and deleting them once watched, that's about all most people's setups will be able to store. But just like when streaming first started, people appreciate the 100s of TB of content from the streaming services and usually want that level of access.
I have 40+ TB on a >100TB system and we still use Netflix, HBO, or AppleTV+.
At this point I actually don’t know why I bother with the streaming services anymore. I recently watched a blu ray movie after a long time of just watching streams and the quality of the picture just blew me away.
Is there even Blu-ray level content available for series that are streaming only? Or is it restricted to just movie releases?
Edit: actually, now that I think of it, having the audio available in our local language instead of English is a boon for the kids. But otherwise, I don’t know why we bother.
The IronFox version of Firefox works excellently on my 2019 Shield TV.
Also the DuckDuckGo browser blocks a ton of stuff on my 2019 Shield TV when first installed via NeoStore (F-Droid and other repositories frontend) then upgraded via AuroraStore (Google Play Store frontend) or Google Play itself. I've found that I had to use that sequence because it could not install initially from the Play Store, but maybe that has changed.
Another browser option is Cromite, which is a hardened Chromium for Android.
But all the software is closed source, and there is little to no opportunity to verify all these security claims. You don't have the encryption keys, so effectively the data is not under your control.
If you want to see security done well (or at least better), see the GrapheneOS project.
GrapheneOS also doesn't give you the encryption keys. If you run the official version, there is no way for you to extract the data from your device at all beyond what app developers will let you access. This means that you do not own the data on your device. The backups are even less effective than Apple's, although they say they will work on it.
The developers also appear to believe that the apps have a right to inspect the trustworthiness of the user's device, by offering to support apps that would trust their keys [1], locking out users who maintain their freedom by building their own forks.
It's disheartening that a lot of security-minded people seem to be fixated on the "AOSP security model", without realizing or ignoring the fact that a lot of that security is aimed at protecting the apps from the users, not the other way around. App sandboxing is great, but I should still be able to see the app data, even if via an inconvenient method such as the adb shell.
We could use it to install magisk, but that wouldn't make the build proper "userdebug" one.
I fully agree with your original comment - AOSP security model is NOT a proper solution to the security problem, and I'd add to it that it was also designed to be anticompetitive - Google can do what third party apps can't.
Android architecture is tainted by Google's business model and it shouldn't be used as an example of a secure operating system..
> The developers also appear to believe that the apps have a right to inspect the trustworthiness of the user's device, by offering to support apps that would trust their keys [1], locking out users who maintain their freedom by building their own forks.
That is not a bad thing. The alternative is not having apps that do these checks available on the platform at all. It’s ridiculous that someone should expect that every fork of it should have that capability (because the average developer is not going to accept the keys of someone’s one off fork).
If there’s anyone to blame, it should be the app developers choosing to do that (benefits of attestation aside).
Attestation is also a security feature, which is one of the points of GOS. People are free to use any other distribution of Android if they take issue with it.
Obviously I could be wrong here, this is just the general sentiment that I get from reading GOS documentation and its developer’s comments.
I don't actually disagree with this. The auditor is a perfectly valid use of it. It's good to be able to verify cryptographically your device is running what it's supposed to.
The problem is when it transcends ownership boundaries and becomes a mechanism to exert control over things someone doesn't own, like your bank or government controlling your phone. It is one of the biggest threats to ownership worldwide.
Note also that getting "trusted" comes at the cost of other security features, such as spoofing your location securely to apps:
You were not going to be able to use those apps anyways, so what does it matter to you? I, and I suspect many, agree with the purpose of attestation. The problems around it are strictly around establishing good ways to teach apps who they should trust, not around attestation itself. By putting your head in the sand, you'll never improve the situation.
Ah, the apps^Wgovernment (look at that page, most of it is government IDs) should be able to discriminate against me for daring to assert control over my own device. And GrapheneOS is saying:
Hey government! We pinky promise to oppress the user just the same, but even more securely and competently than Google/Samsung!
> what does it matter to you
It shows that the developers maybe don't fully have your best interests at heart?
The way I look at it is that there is certain software that other entities aren't willing to let you run without assurances that it won't be tampered with. You don't necessarily have a right to be able to use that software if you cannot provide it suitable accomodations. It's your choice whether or not you want to run it or not, anything else is simply entitlement. This may seem annoying if it's your bank, but ultimately it's their choice to make. The current approach makes certain things painful, like trying to customize your os, but that's a problem worth solving rather than just ignoring. More software will start relying on this over time. At the end of the day trust is a hard problem to solve.
Ah, classic false choice. Do you know it is illegal to do cash transactions over a certain amount in most Western countries now? In my mind, if I have a right to do something (buy a home), and there is only one approved way to do it, then I automatically have the right to use the approved way.
Similarly, having a government ID might technically be a choice now, but it won't be soon with all these age verification BS rolling out. So no, this is not entitlement. Your argument would work for anticheat in online games or DRM media, but not banks or government services.
I know this argument is used a lot, but it it really doesn't make sense to me. A government is expected to give you reasonable accommodation, but it's not their duty to let you run their software via a means they don't trust. It's convenient to use their app, but again not required.
Having controls is part of participating in society. I don't believe you should be able to make large transactions in total anonymity either. It's robbing you of a freedom, but society has deemed it a worthwhile tradeoff for preventing crime via money laundering and what not.
We can't verify that the Pixel phones are safe. Nor can the GrapheneOS people, because they don't know everything that's running in the Google Tensor SoC, and they don't have the source code to the firmware running in the Samsung Exynos cellular modem.
reply