> This is effectively a rando's basement. You. Do. Not. Know. Stop straw-manning stuff its so pointless.

The not knowing is the point. From a security perspective, you have to assume the worst.

And maybe that is F-Droid's point: Security through obscurity. If the build infrastructure with the signing keys is unknown, then it's that much harder for Bad Actor to do things like backdoor E2E encrypted communication apps. This is, of course, the weakness in E2E encryption in apps obtained from mainstream/commercial app stores. For all we know, these may already be backdoored depending on where it came from.

However, the obscurity makes F-Droid hard to trust as an outsider to the project.

Keep in mind this is also often caused by arbitrary "security" consultants that crap out a list of stuff you need to implement. Like jailbreak detection and the like.

One I repeatedly got back in the day was hilarious: "After uninstalling the app credentials stay present in the keychain". Yes thanks genius, I don't get to run code on uninstall.

probably, probably and more probably.

Why would they ever make it obvious? It makes no sense. google just had the luck of political inaction, and eventually enshitified it further to the point where you might not know it was an ad.

For the same reasons why Google did it in the first place.

To not undermine trust into their product and because ads are lower quality than organic results, and by making them indistinguishable, it will make their product worse.

The chatbot market is still competitive, and while users may tolerate ads alongside their answers, they may not tolerate lower quality answers (that is ads disguised as answers). With Google search, they can get away with it because they are still the best even with the enshitification.

There is another reason why it is in their best interest to make it really obvious there are ads. Chatbots want you to pay directly, sometimes hundreds of dollars a month, they are not getting that kind of money with ads, so obnoxious ads are also a way to say "hey look, if you pay, you won't get ads". It doesn't mean ads won't make a comeback in paid tiers later, but not initially.

So, yes, lots of "probably", but my guess would go towards the first ads being obvious and flashy rather than subtle.

but google did erode trust in their product, and the american government went after them, so they "made it more obvious" which still really didnt change that most people dont care if something is sponsored and just look at the first result.

it's something that continually needs to be reenforced again and again. somebody will be made example of.

It'll be the latter. Unfortunately a lot of damage (including psychological damage) has to be done before people realize it.

It’s interesting, it already is the former for niche areas in coding (e.g., basic web dev tasks). But as a whole for areas like social media or increased surveillance it could very well be a negative, and those affect a whole lot more people than coding and having more software would.

Now get people on this website to listen; Since it can be renamed to "AI" bro central at this point.

I don't think that's a fair criticism. There are plenty of AI boosters and hucksters on HN but there's a lot of thoughtful people too.

A good lesson. If you as an employer look at this history, and handle it in the interview appropriately (what did you learn / do better now for example) you can figure out if they did.

I'm sure lots won't, but if that is you as an employer you're worth nothing.

Curious what kind of deployments you are running with them? I only have personal stuff with Hetzner; but never had issues so far (bare metal in my case coz cheap for what I get and need).

Mostly EC2 type VMs with docker clients in them. Keeping infrastructure simple is important for us :)

The internet was designed to survive nukes.

Lets host it all with 2 companies instead and see how it goes.

Anyway random things you will encounter: Azure doesn't work because frontdoor has issues (again, and again) A webapp in Azure just randomly stops working, its not live migrated by any means, restarts don't work. Okay lets change SKU, change it back, oop its on a different baremetal cluster and now it works again. Sure there'll be some setup (read, upsell) that'll prevent such failures from reaching customers, but there is just simply no magic to any of this.

Really wish people would stop dreaming up reasons that hyperscalars are somehow magical places where issues don't happen and everything is perfect if you justtt increase the complexity a little bit more the next time around.

AMD GPU here, but I had issues connecting my Xbox controller to it and using it with Steam. On Bazzite this all works out of the box. Would love to know what the issue was but could've been my bluetooth chipset or something of the sort -- Don't know what Bazzite does differently from Linux Mint sadly.

Overall barely ever in Windows anymore and a happy Linux gamer.

Do you also have a source thats not a youtuber? Would be far more interesting to read on apparently it being a spy chip rather than just a HSM.

Here's a significantly more credible (stacksmashing) video that demonstrates how ineffective some TPM implementations are. If the TPM was integrated into the CPU die, this attack would likely not be possible. https://www.youtube.com/watch?v=wTl4vEednkQ

Despite the TPM being a pretty good and useful idea as a secure enclave for storing secrets, I'm concerned that giving companies the ability to perform attestation of your system's "integrity" will make the PC platform less open. We may be headed towards the same hellscape that we are currently experiencing with mobile devices.

Average folks aren't typically trying to run Linux or anything, so most people wouldn't even notice if secure boot became mandatory over night and you could only run Microsoft-signed kernels w/ remote attestation. Nobody noticed/intervened when the same thing happened to Android, and now you can't root your device or run custom firmware without crippling it and preventing the use of software that people expect to be able to use (i.e. banking apps, streaming services, gov apps, etc.).

Regardless, this is more of a social issue than a technical issue. Regulatory changes (lol) or mass revolt (also somewhat lol) would be effective in putting an end to this. The most realistic way would be average people boycotting companies that do this, but I highly doubt anyone normal will do that, so this may just be the hell we are doomed for unless smaller manufacturers step up to the plate to continue making open devices.

isn't the TPM integrated into the cpu die on many modern systems? i.e. AMD's PSP.

It’s not like these things aren’t publically documented by Microsoft.

You just need to be able to translate their doublespeak.

A tall order, and that's if you can even find it.

Apparently not.

Sure let’s just centralize hardware attestation to Microsoft’s cloud tied to a Microsoft account with keys you can’t change what could possibly go wrong?

This is all publicly documented by Microsoft you just need to translate their doublespeak.

Google is doing does the exact same thing and people were sounding the alarms when they did it but Microsoft gets a pass?

Use ChaGPT to outsource your critical thinking for you because I’m not gonna do it.