LedgeDrop

This is a good article, especially if you’re the lucky 10,000.

You’d still need “developer mode” to install f-droid or epic games apk. People shouldn’t be scared or intimidated out of installing non-google store fronts. …but yes, Grandma should avoid random apks pulled from the internet.

I understand and agree with your sentiment, but try explaining how ”developer mode" does not make you a developer to my Grandma. It’s the same b.s. optics that invented “sideloading” as some technically shady practice, when it has always been: just installing the stupid app.

Enjoy it while it lasts. With Google forcing developers to register their Android apps (or they’re not allowed to be installed, unless you’re a developer), it puts pressure on applications like Firefox (or ublock origin) to tow-the-line. This won’t happen tomorrow or next year, but the writing is on the wall, unless people push back or the government begins to push back on Big Tech. The removal of device owner rights has always been a slow boil. edit: fixed typo

They’re two sides of the same coin. Can’t have privacy without security and can’t have security without privacy.

Hmmm… I half agree with what you said. The corner stone of most security is an element of initial trust.

With SSL, we’re trusting that the certificate authority is valid.

With tools like GPG, I (as the sender) are trusting that the key I’m using to sign a message is really yours.

With Android we (the users) and the application developers are trusting Google (hence why “sideloading” is now “bad”, because Google says it is).

I absolutely agree that privacy cannot exist without security. But, your privacy is dependent on who your security model trusts.

I don’t trust Google with my privacy (hence, I degoogle) , but my bank app doesn’t trust my security (hence, the app can only be installed via Google Play).

So, privacy is dependent on security, but security is built on trust.

To expand on this a bit: It’s all built on top of the concept of “a chain of trust”, starting at the hardware level. (as mentioned) TPM is a chip that’ll store encryption keys at a hardware level and retrieval of these keys can only happen if the hardware is unmodified. I assume that part of this key is derived from aspects of your OS (ie: all device drivers are signed by MS). The OS will fetch this key, if it’s valid - the OS knows that the hardware is untampered, it can then verify that the OS is unmodified, which can then be used by application to determine that their not modified, etc. Now you could spoof your own TPM chip (similar to how Switch 1’s are chipped/nodded), but the deal-breaker is that when you add your key to the TPM chip, you sign it with a hardware vendor specific public key. And that vendor private key is baked into the hardware (often into the CPU, so the private key never crosses the hardware bus).

It’s totally possible to achieve. TPM is the desktop equivalent of the technology that runs on your cellphone to have apps detect if you have an unlocked bootloader or root. It’s the same technology prevents your favorite concole (ie: switch 2, ect) from running pirated games. This improved security does come at a price: we/the users are the enemy and cannot be trusted. This means modifying your system will be prohibited and we (the consumer) will have to trust that Big Tech has our best interests in mind. /s

As far as I understand that’s exactly what this project has done. They took the leaked node code as “inspiration” and had it converted to python. Now they’re converting that python code in rust. I’m curious how that’ll play out, but as github is owned by microslop - I’m guessing it’ll be shutdown all the same.

Would you have a recommendation where I could use minimax m2.5 for cheap (I don’t have the hardware to host it myself)? I was experimenting with Kiro-cli (not to be confused with kiro-ide) and I really enjoyed the work flow: changes being communicated and reiterated as in memory diffs. Plus it really worked nicely from within neovim (so no ide or tui to get in the way). But I really want an OSS solution, maybe opencode is that solution.

I’m sure Anthropic will be including “Please, don’t include our source code” as part of their future release prompts.

I do use a (modded) version of graphene as a daily driver and I do appreciate many of the features that it offer.

And I totally agree that some people seem to try to turn graphene into some rigid cult (especially on the philosophy of running root and “who decides how application backup should be made? The application developer or the device/data owner”)

That said:

the idea that the only way I can not get assraped on the reg is to give a shitload of money to google and then use this elitist OS is something I have a gigantic problem with.

There is actually a technical reason for this. Pixel phones are the only ones to support custom AvB keys.

Basically, this allows you (or graphene) to create a key, which can be used to sign your custom firmware. So, you can have a locked bootloader that will only allow OS updates signed with your key.

You can basically create your own OTA updates. It’s fantastic.

It’s amazing and disappointing that most phone manufacturers don’t allow custom AvB keys, but it’s a reflection of how they truly don’t care about people who like to tinker.

Now, should the lack of custom AvB keys be a barrier towards using graphene? Tbh, I don’t think so - but it does fit the graphene rigid MO of “root is bad”.

edit : fixed link

Ahh, okay. I understand. Thank you for the clarification.

Considering he’s made $400B since acquiring Twitter… Serious question: How? AFAIK, Twitter wasn’t terribly profitable before they sold to Musk. Then after he purchased it, the enshittification accelerated. How on earth does this result in $400 Billions in profit?!?

I totally agree. I am so tired of this “slow boil”, bs.

Ding! Ding! This is the real answer: mail providers get to track you, your service get constant confirmation that your email is live (so they can send more ads from themselves plus their 400 closest affiliates). It's a win-win situation for everyone /s. "The ~~beatings~~ _enshitification_ will continue, until moral is improved."

Is this subscription model: daily, monthly, or yearly? If I pay more for the “pro-lite” subscription will it include AI integration? I’m so confused by this products pricing model - it seems so foreign. Without AI, I don’t see how you’ll be able to IPO and buy up all the other calendar companies. /s

Having Teams remind you that, during session recordings, your video and what you say can be used by Microsoft for what purpose they want, including (but not limited to) training AI. This wasn’t the line that was crossed? Seeing/hearing your likeness in the next generated AI / copilot commercial, because you needed to consent in order to work. This is “fine” /s … but having Microsoft know that you’re answering Teams messages while on the toilet… yeah, that’s where “the line gets crossed” (eyeroll) We need to wake-up and drop this technological cancer.

This is a fantastic post. Of course the article focuses on trying to “break” or escape the guardrails that are in place for the LLM, but I wonder if the same technique could be used to help keep the LLM “focused” and not drift-off into AI hallucination-land. Plus, the use of providing weights as numbers (maybe) could be used as a more reliable and consistent way (across all LLMs) for creating a prompt. Thus replacing the whole “You are a Senior Engineer, specializing in…”