Max-P

They have a poor history of incidents that leaves many people not trust them.

https://manjarno.pages.dev/

Perks of still running bare metal in colo, no issues for any of my stuff. Not seeing anyone say anything in the Lemmy chat on Matrix either.

I bet they’ll eventually get caught using coffee shop cameras and conversations for AI training, say it’s for training a security product or something.

It’s meant to protect the software, not the hardware. Of course you can still put a hardware keylogger on it.

You’re also only considering the use case of the owner and user being the same person. In a business context, the user and the owner are two different persons. It can be used to ensure the company’s MDM and security software aren’t tampered with, for example if you try to exfiltrate company data. In that situation, even if you have a keylogger, it doesn’t help you much, it still won’t allow you root access on the machine, because the user of the machine doesn’t have root access either.

Same with servers: you don’t even care if the hardware is keylogged, nobody’s ever using the local console anyway. But it’ll tell you if a tech at the datacentre opened the case, and they can’t backdoor the OS during a planned hardware maintenance.

Same with kiosk machines: you can deface the hardware all you want, the machine’s still not gonna let you order a free sandwich. If you buy one off eBay you can bypass secure boot and wipe it and use it, but it won’t let you sneak a USB on it while nobody’s watching and attack the network or anything like that.

But yes, for most consumers it’s a bit less useful and often exploited in anti-consumer ways.

It’s mostly for use cases where you can lose physical access to the computer like overnight at the office, at a hotel while travelling, in a shared server room, etc. It’s extra assurance that the computer runs the software you expect it to run and nothing else without at least being somewhat noisy about it.

This can in turn be used to use the TPM to get a disk encryption key, so you can do full disk encryption but still boot to a normal login screen without entering a password. It will only hand out the key with the correct signed boot chain.

If you have a desktop PC at home that nobody untrusted touches, then yeah there isn’t that much value to it for you.

If we deleted everything written by insufficiently pure developers, we wouldn’t have a Linux desktop. Especially if we count the ones that were smart enough to not bring up anything political in public.

Not a fan of DHH, but then you delete Rails then there’s no GitHub, GitLab, Mastodon, and many many other things given how popular Rails is, and that’s just that one guy.

If you include all the sketchy stuff that happens in the supply chain mining the minerals, processing, assembly all the way up to the final computer product, you just can’t morally justify supporting any manufacturer either.

This really doesn’t do anything useful other than feeling good to not support one of those guys. If anything it just adds extra political drama that feeds into a much bigger worldwide division problem.

How much easier can it even get to deploy? You start it, point your domain at it and you’re good to go.

At this point I just net user /add it, which just creates the user manually and then you can reboot and just log into it.

It’s not like you need anything from the OOBE at all, so might as well just skip it entirely.

They said it would require network access and that they would have a handful of popular apps preloaded to avoid too much disruption so those can be installed offline. In practice that probably means Google apps, Meta apps and other big corp apps.

They also have you register package names with them, not just a certificate.

I was hoping it would be a certificate situation but we’re kind of past Google using the least intrusive and privacy preserving options.

Apps from outside the Play Store? No, because previously your phone had no reason to ask Google anything. You could always not sign in to Google and disable Play Protect and use F-Droid and Obtainium.

But now, it needs to check developer signatures to know if it’s a verified developer, and it obviously can’t cache all of them as the size would be insane.

And that in turn implies that your phone needs to reach out to Google and be like yo, is this app banned?

That query gives them at minimum the IP of the user, the package name, and the time at which it happened.

And thus they can effectively track anyone using say, privacy apps, making it that much riskier to use them in places where they’re not allowed.

For your “safety”.

That also means they now will know about every app installs, worldwide. So when the government comes in and ask who have installed this app they decided is bad, they can come get you.

Signal, VPNs, they’ll have a list of everyone opting out of government-mandated backdoors.

LineageOS so worth losing Play Integrity.

Arguably, if it was normal to sideload apps it wouldn’t be as much of a barrier to users, but they’ve been conditionned to think they need an app and the only place you can ever get them is the store.

It’s a technical hurdle only because Apple decided they want to control everything, and same on Android because of Google’s ever increasing war on sideloading. You used to download an APK from the browser and it would go like “This is an app! Install?”, but now you have to go enable third party installation and all that, and now the whole Play Protect forcing developer validation coming up.

At this point China doesn’t need propaganda, they just let the chinese users look at the US user’s misery by themselves and sit back.

When Rednote was first flooded by the first wave of TikTok refugees, the chinese users were baffled just how much worse it was than their propaganda said. Which is probably why they just let it go and didn’t immediately shut it down.

Rednote is pretty different vibes, I’m on it but not nearly as much as TikTok. It’s pretty interesting for what it is but it’s not a replacement and it’s not competing to be a replacement either.

I would guess they’ll probably move to Bytedance’s other app, Lemon8, or probably Skylight Social as Bluesky is generally pretty popular with the particular part of TikTok I’m on, so everyone already have ATproto accounts and follows.