Max-P

It’s derived by both a key from the TEE and the PIN/password.

The reason for that is so you need both the user’s correct password, and the TEE to agree to hand out the key, which it may refuse to do if there’s been too many attempts. When you factory reset it just generates a new key, instantly making all the previous data permanently inaccessible. The TEE will also wipe the key if you unlock the bootloader or try to break in the wrong way.

It’s still only roadblocks though, extract the key from the TEE and you have unlimited attempts on what are usually weak 4-6 digit PINs. It’s not a lot of tries. Then you better hope you had a good password.

Biometrics are worst than a pin in a situation where your phone us hooked up to Cellebrite, because most likely they can just take your fingerprints, or make you press the sensor by force. Or even worse with facial recognition, because they can just wave the phone in front of you to unlock it.

It’s generally not super good otherwise either, at least not as a reliable way to derive an encryption key while being tolerant enough to damaged skin and positioning and all.

Biometrics are a good compromise for daily convenience: most people care about if they lose their phones or it gets stolen, and a thief will just factory reset it and flip it especially of the full qwerty keyboard pops up. Biometrics are still usually backed by a PIN or password, so biometrics makes it bearable to use a strong password since you only need to enter it once every couple days. And that password is the encryption key, so in BFU state you’re safe.

It was made back when Facebook had that old style UI, in 2010. And then interest in Facebook’s format kinda died, and so did the interest in the project.

It doesn’t solve Safety Net/Play Integrity, at all. My bank is the kind that just warns you and then lets you in anyway. I just live without Google Pay, I just put the card in the phone case to the same effect. The point I was making there is that most apps don’t care, Google isn’t “pushing” it, but it is made available to developers, so really it’s the app developers’ choice to check or not.

Pixels are just less fiddling because flashing it is supported. It is not endorsed by Google, and you don’t pass Play Integrity at all, but it is supported and doesn’t void your warranty. They just allow you to install whatever you want on your hardware without a fuss, and get the full performance you’d expect and all, and even make use of the security chip. But, they only trust their code and their ROM for the purposes of Play Integrity, which is kinda fair game.

That’s why it is quite ironically the device of choice for GrapheneOS. It’s not a hack, it’s a fully supported use case even though you lose Play Integrity certification, so they can implement all the security features Google has access to. The TEE will happily sign a unique and verifiable integrity attestation… for GrapheneOS’s ROM signature. You can make an app that only works on genuine official GrapheneOS the same other apps do with Play Integrity. You can have a custom ROM and properly enroll it in some enterprise MDM and all that stuff, and only allow your builds of that custom ROM to enroll. But, no Play Integrity because it’s not their official certified build.

It’s like PC, you can turn off secure boot, you can secure boot with your own OS keys and get all the security benefits. But Valorant will still refuse to let you play if you haven’t booted with secure boot into an official unmodified copy of Windows where they can ensure their kernel anti-cheat can trust the kernel about what drivers and processes are loaded. Microsoft isn’t forcing their OS on you, but the developers will only trust you if you do. You’re still perfectly free to put Linux on it, and it won’t affect you otherwise.

If you’re buying something to mod I’d recommend a Pixel, unless you’re getting an older OnePlus for cheap.

It’s a OnePlus 8T, but I think any OnePlus before I think the OnePlus 11 have excellent custom ROM support.

AFAIK I got lucky and the 8T is the last model from their “being nice to developers” era. OnePlus was born originally to be developer friendly, it was based on CyanogenMod out of the box, they even sent phones to developers.

Mine launched with OxygenOS 11, and then OOS12 was completely rebuilt on Oppo’s ColorOS and they threw everything out the window. Took them forever to drop sources, and it just went downhill from there.

Google bought Widevine in 2010, so in my opinion they were already concerned about big corp’s interests above the users well before. I think SafetyNet is the natural evolution of that.

I think SafetyNet came with Google Pay for contactless payments, most likely at the request of the banks. They had to work with the banks for that, that’s when they got the leverage. If they didn’t they’d just go partner with Samsung instead, who already had Knox, and I did see Samsung Pay on my phone before Google Pay was available at all.

They also had to increasingly deal with shitty root detection libraries that were getting popular and excluding legitimate users because the latest Android changed things enough it looked modded to the apps. They probably saw it as a lesser evil to just take it in their hands.

You don’t need that much leverage to put enough pressure that there’s enough demands for a feature for the feature to get added. Android was dealing with a lot of fragmentation, piracy and quality problems already, Google needed people to see Android as not just the shitty budget option, they wanted to compete with the iPhone proper.

The entheusiast market only gets you so far. You need entheusiast buy-in at first, but then you have to pivot to end user “premium” experience, which is why brands like OnePlus eventually turn their back to the users that propped the company up. Regular users would rather pick the walled garden than the open world if it means their apps work better in the walled garden. The walled garden is a better experience for the average moron.

Because I have a OnePlus.

Google outright lets you unlock your bootloader on Pixels, and relock it with your custom keys, and even tells you how to do all that in the docs. You lose Play Integrity certification which is where things are getting a bit messy.

But for that you have to blame Amazon, Netflix, Hulu, Disney, a lot of banks, a lot of games for using what is basically DRM for apps. It’s the developers that want those features, so you can’t mod their APKs and take the ads out, make sure you download the official version from Google Play because dumb users getting scammed and all that stuff.

I run LineageOS on my phone, I’m not doing anything whatsoever to hide it, and pretty much everything works perfectly except Google Pay. Which I guess is fair game, I hate it but there’s a reasonable argument to be made there.

The rest is the same DRM woes I deal with on Linux, I value my rights and freedoms more than running an app.

What do you want the UI for? For configuration it’s usually meh because it’s the kind of thing you configure by config file, often generated config files even. For stats it’s where it gets interesting, usually third-party options like Grafana is used along with something like Prometheus to collect the metrics.

When it comes to easy configuration, newer options go for the zero configuration angle rather than a nice UI to configure it. Just need some Docker tags and Traefik automagically configures itself, so the UI is just for viewing information.

I don’t remember the exact details but it didn’t work right. That was arguably a couple years ago on a server distro approaching EOL, may have been long fixed. It involved Android 4.4.

Few of them for most use cases, especially a VPS. My server have a couple of IPs each mapping to a different VM, they can all claim 22/80/443 as you’d expect, but that’s just basically the same as having a bunch of VPSes anyway.

It’s useful for some other uses like, I might want to dedicate an IP for VPN exit that doesn’t expose any services.

Another use is sometimes you just want two things to stay entirely separate, even if on a technical level it could work with a reverse proxy. It can eliminate some class of exploits like request smuggling.

One use case I’ve had for a customer is they have a system that can only do TLSv1.0, which is wildly obsolete and exploitable. So that particular API endpoint was served from a secondary IP, that way I can continue to enforce TLSv1.2+ on the primary IP. It’s possible with some reverse proxy magic with HAproxy, but I could also just make a new server block in the existing NGINX bound to that IP and call it a day.

I think I’m kind of on the other extreme, I day dream a lot. It’s like I can experience anything I’ve experienced before on demand and replay it. Sometimes it’s annoying, it’s like someone left 3 TVs and 2 radios on in my head and I can’t turn it off.

I didn’t know that was a thing until today, but also totally unsurprised, the brain is super weird.

I don’t struggle to picture it though, that only works for me if the book is interesting. When it’s boring (ie. forced to read it and there’s a test), I think my brain falls back to how you read books.

How do you guys without aphantasia manage to read when there’s pictures whizzing around your head all the time??

For me, the book and my surroundings completely disappear, the whole thing turns into a dream-like movie experience. I don’t see letters or words at all, it becomes an unconscious process that keeps feeding the dream and it looks similar to fuzzy AI videos.

Sometimes the process of getting pulled out into reality again can be brutal: suddenly it’s 3h later and I have to look around and take a moment to settle back. If you dream while you sleep, it’s like when you suddenly wake up while you were in an intense dream, takes a moment to process. I’m really completely gone in another world the whole time.

Í wonder if visualizing what you read slows people down.

Not really, I can read very fast too and also visualize it at the same time, like full blown movie. I think it’s more indicative of information processing abilities in general: I can generally keep up watching lectures at 3x speed and notice things on screen almost instantly too.

I’m super efficient at filtering information too: I’ll look at a paragraph in some documentation and immediately see “If you’re in X special case, then…” at the 5th sentence in the middle of the paragraph when skimming through documentation. Or of course skipping details I don’t care about.

I consider this one to be my public/serious account, so, eh why not, it adds a face, a personnality. And I think I look cute on it. Due to the origin of my nickname, it’s realllly not that hard to find out who I am. Facebook ruined the anonymity aspect a decade ago, so I just live with it. And it’s a little bit more recognizable than just the username. For anonymity I have alts.

It has some downsides though, like people telling me I look like I got my dick chopped off. I’m cis, my dick is perfectly intact. Come on guys it’s just hair dye lol.

Tesseract and other clients kinda do:

I had more in mind like an AM3 platform with an FX CPU, or equivalent old Intel platform.

Really starts depending on what you run on that GPU, like it’ll render Furmark just fine at full tilt but a modern open world game will probably struggle with asset pop-in and stutters because of both bandwidth and the CPU not issuing draw calls fast enough to keep up with the GPU.

If it’s PCI Express (as opposed to regular PCI), then it pretty much should work.

What may happen however is that the slot will run at a slower speed, so if you put a 5090 with a Core 2 Duo you will struggle to keep the GPU fed with enough data to fully load up the GPU while your CPU is pegged at 100%.

It’ll run though.

EDIT: You can also have issues with the legacy BIOS and your newer card not shipping a BIOS ROM to initialize it on boot, but once it gets into the OS it should activate. If you have an iGPU it should output there until the OS starts.

I think that’s what Friendica is supposed to be, decentralized Facebook.