I haven’t looked into it (because Android repos are confusing), but I assume it allows just one specific signature to spoof one other specific signature. If so then I do not see such a security issue, because it wouldn’t suddenly open this mechanism up to everyone.

Even if it would require spoofing of multiple signatures, if there is a limited list of signatures to spoof as and a whitelist of signatures for the apps that are allowed to spoof them, then it would also be limited enough, IMO.

IIUC, you don’t need to patch LineageOS anymore for MicroG: https://github.com/lineageos4microg/android_vendor_partner_gms/blob/master/README.md#microg-mobile-services

Maybe an unpopular opinion here, the Android security model is based around trusting the vendor of the device or ROM more than the end-user, which I find wrong in principle. The origin of trust needs to be fully in the hands of the owner of the device. Otherwise you take away the self-determination of the users, and that should never be an option when it comes to security.

Users themselves should be able to give or take away trust however they choose, and if they are unsure on whom to trust for certain things, they should be able to delegate that trust-management to a third-party on their own accord and with the ability to revoke it at any point.

Everyone is different, and trusts entities to different degrees. For instance I would trust MicroG more to only transmit data that is absolutely required to google servers, than the gapps.

Also, modifying the kernel is already done by google, in order to provide hardware support, so patching it additionally doesn’t automatically make it more or less secure. That depends on what those patches do, and if those patches are properly maintained.

I found the main issue with many non-rolling release distributions are the upgrade instructions from one stable release to the next, and not the difficulty of installing them.

I’m myself a Archlinux guy, but that does sometimes require some carefulness and regularly (at least weekly) applying updates and does not have stable automatic updates, so I started installing Fedora atomic desktop distributions (Fedora Silverblue/Kinolite/etc.) for people that just want to use their device for basic stuff.

The reason for that is long term maintainability without an expert at hand.

I had so many bad experiences updating distributions from one stable version to the next, be it Debian and Ubuntu-based, or Fedora-based distributions.

And with those atomic desktop distributions the amount of moving parts is much lower, so hopefully upgrading them to newer releases is much more stable.

So I would suggest giving Fedora Silverblue (Gnome desktop), Kinolite (KDE) or Budgie Edition a try.

If vendors are either forced by law to keep every device they produce up to date with security fixes, until is patents and copyright expires, or have to allow end users to install any alternative software, without loosing any features advertised and provided by the hardware. I would be fine with that compromise.

Yes! I think part of the right to repair is the ability to install your own software on devices you own, when the vendor stops fixing it.

When we are talking about laws, yes you are right.

I was arguing more about developers not releasing the source code on their own, when they stopped releasing patches, or even remove the game from stores or shutdown servers, while stating that reason: “We cannot because we use third-party stuff.”

No, they just do not want to. They might even think that their past games are in competition to their current games. So they do not want people to play (and improve/mod) them anymore.

This argument seems hollow, releasing source code is not an all or nothing situation. They can just release what they are allowed to, and let the community replace the missing stuff.

Releasing anything is better than releasing nothing and letting the community reverse engineer everything instead of just some third-party libraries.

Yeah, it seems to be a misunderstanding. They are using cloud tools to generate and update the base operating system.

“Better” is always relative. Personally I generally prefer not to use software that comes bundled with the hardware, that way I avoid any vendor lock in. The hardware vendor should not be in a position of deciding what I should or shouldn’t be able to do with their hardware, and software should be open to the customer, so that it does exactly what they want, not more or less.

Sure.

Valve can do a lot more, but what is more concerning to me is if they are actively consumer unfriendly. There is a difference between passively allowing bad stuff to happen, and actively doing bad stuff.

Which is what I said: “On Linux, you have to either install/update your games manually, or use a third-party client.” With third-party client I meant a client like Heroic.

Depends on the game developers, if they offer/upload a Linux/Mac version. On Linux, you have to either install/update your games manually, or use a third-party client. Idk about Mac. Third party clients can also integrate Wine for Windows games.

Well I can only speak for myself, but I prefer games stores in that order:

1. GOG, because DRM free and they don’t enforce game updates.
2. Steam, because they are well integrated into the SteamDeck, they push Linux gaming, and Gabe seems to be an alright guy.
3. Itch.io, because lots of indy games
4. Epic Game store, good: free games, bad: Epic and Tim Sweeney.

There are business decisions with all of them that I dislike.

For the top dog PC game store, Valve could behave much much worse. Epic is still in the customer and game developer acquisition phase (and still behave like a d*ck with their exclusive deals), if the ever manage to push Valve aside, I believe they will be much worse.

I feel the same, when the game is not available on GOG.

The underdog is often the one that is most pro-consumer, since that is in their business interest. As soon as the take the lead, the doors to enshittyfication open, because business shifts from getting new customers to not letting them leave. (Of course there are exceptions, but this is the case broadly)

Is it me, or does the person in front in the picture gives off Aloy vibes?

From the two unsuccessful ban trials of the NPD, I do not have much hope of this one succeeding. Sadly.

deleted by creator

One notable software business professional interviewed by RBC thought that the West’s decision would “adversely affect the life of the developer community, mutual trust within it, and therefore the quality of the product.”

It was Russia and other autocracies etc. that diminished the trust by actually financing developers for multiple years to first earn trust and finally introduce backdoors into open source software, as demonstrated by the XZ utils backdoor.

In open source projects, maintainers need to have some initial trust into each contributor, and let this trust naturally grow with time and contributions. They cannot perform intensive background checks on everyone before accepting a patch.

While it is easier to uncover backdoors in open source software, there is no good way to defend and prevent against this kind of attack in this type of development process. All open source projects can do is trying to take away some trust from people within higher risk groups. This of course might lead to discrimination.

I have nothing against any meta search engine, they are very useful, and I use them primarily as well.

However, they are not a true alternative, because they depend on third-party services. The same as Invidious is a very useful, but also not an alternative to YouTube itself, just a different user interface.

The best “server-side” anti cheat mechanisms online is streaming the game, and I am sure that eventually some talented developers are able to even write some aim bot (or more) for that.

Competitive games need a fully controlled environment. Doing it online with random unknown people should not be taken as serious as they currently do.

Alot about video games is not standardized. To be competitive all players should have the same hardware, internet connection, etc. So that it is actually individual skill that is measured, not just the size of players wallet.

But even then, developing skill takes alot of practice and time, which also, in our current system, can be converted into money. There just is no fair competition here anyway. Still many people believe in meritocracies…