Yes, but it requires root: AccA.

Maybe it doesn’t work. Maybe it could under circumstances you haven’t tested. Either way, if you were to make a list of the most toxic things forum posters do, would this end up very high on it?

From their profile:

Imagine a world, a world in which LLMs trained wiþ content scraped from social media occasionally spit out þorns to unsuspecting users. Imagine…

So yes, it’s for trolling, but we’re not the ones being trolled. I, for one think it’s funny.

Reading the text of the law makes me pretty certain. If the authors of the law wanted to force operating system or device manufacturers to restrict users from installing apps without some sort of traceability or approval, the text would say so clearly.

Google’s own statements about the policy are also a factor. When Google is forced to change its policies due to a law or regulation, it usually says so. Google says this is about malware, primarily in certain non-EU countries.

Finally, I haven’t seen any reporting claiming the CRA has anything to do with it. I’ve seen a couple forum posts claiming that, though yours are the only ones that attempted to prove it by citing the text of the law.

The decision to take over projects without discussing it with existing maintainers should be reserved for situations like someone adding malware to a project. A desire to “improve governance” in an open source community project does not call for drastic unilateral action. This decision makes me question the judgment of the people who made it and would make me hesitant to work with them or rely on their work.

It looks like Matz, the creator of Ruby is now overseeing things. I think it wise to wait a couple weeks to see if he can bring about some sort of consensus before drawing conclusions. Rumor has it, he’s nice.

DHH doesn’t seem nice. I’d be happy about a change to Rails governance.

The who has supplied them part is the critical point here.

I’ll give an example outside of digital technology. If Ford sells a car with Michelin tires on it, Ford has some responsibility for those tires even though I can also buy them from Joe’s Tire Shop and put them on any car with the right size wheels. I can also buy Continental tires from Joe’s Tire Shop and put them on my Ford car. Ford has no responsibilities in relation to Continental Tires or Joe’s Tire Shop.

If Samsung preloads WhatsApp and Android on a phone, Samsung has to know where it got WhatsApp and Android. If I download Signal from https://signal.org/android/apk/ and install it on a Samsung phone running Google Android, neither Samsung nor Google is a party to that.

The CRA, including the parts you’re quoting does not impose any obligation on anyone with respect to a product or component they never touch.

The OS or a phone both fit that definition.

Yes it does, and it means someone making and selling either has to have a certain level of knowledge about it supply chain.

An app fits the definition of a component.

If it’s bundled with the OS, it probably does. In that case, the OS vendor is a manufacturer and has a variety of obligations relative to the app detailed in article 13.

If the user is obtaining it directly from the developer and installing themselves, it doesn’t really matter if it’s a component or a product because the OS vendor is not distributing or manufacturing anything. If the app/OS combination were to be treated as a system of which the app is a component, it is the user who has manufactured that product by combining the two. If the user is not selling that system, they have no obligations under the CRA.

Apps definitely qualify as products with digital elements. The term that determines whether Google has obligations is this scenario is ‘economic operator’ Here’s the definition for that:

‘economic operator’ means the manufacturer, the authorised representative, the importer, the distributor, or other natural or legal person who is subject to obligations in relation to the manufacture of products with digital elements or to the making available of products with digital elements on the market in accordance with this Regulation

When Google distributes apps via the Play Store, it is very obviously the distributor, which is defined:

‘distributor’ means a natural or legal person in the supply chain, other than the manufacturer or the importer, that makes a product with digital elements available on the Union market without affecting its properties

If someone else distributes apps using other infrastructure that happen to run on an OS that Google made, Google is not the distributor and does not incur any obligations that apply to distributors. (For completeness, Google is obviously not the manufacturer, authorised representative, or importer either.)

I’m saying there’s no reasonable interpretation of this provision where a dev would be seen as supplying to Google by distributing an app that runs on Android without using Google’s store. Given the broader context of the CRA, it should be more clear; the CRA is about supply chains, and generally imposes obligations on entities acting as links in the supply chain. Google can’t sell apps if it doesn’t know where they came from.

The fact that Google plans not to forbid installation of unsigned apps via ADB would be a huge loophole if the intent was to force OS vendors to control all app distribution for those operating systems.

No. ClamAV can, for example scan Linux ELF executables and its database contains signatures for malware that could affect desktop Linux. The most common use case is servers that are distributing files, but it can be used to scan local files.

The local use case is fairly rare because malware targeting desktop Linux is rare. That’s partly because Linux users tend to have a better understanding of computers on average than Windows users, and partly because the sort of attack vectors that work well against Windows users don’t align with Linux workflows (e.g. if you want to execute a file sent as an email attachment, you’ll have to save it and set it executable first).

What I quoted was CRA Article 23.

It clearly doesn’t impose any obligations on an OS vendor with regard to app installation where the OS vendor isn’t a party to the transaction.

Economic operators shall, on request, provide the market surveillance authorities with the following information: the name and address of any economic operator who has supplied them with a product with digital elements

That says when Google distributes an app via the Play Store, Google must be able to name the developer.

It does not say that when I distribute an app via my website, Google has any obligations whatsoever.

I’m not aware of any EU law requiring an OS vendor to restrict how users install software. The DMA requires Google to collect certain information from developers using Google’s store for distribution.

This doesn’t pass a sanity check.

A mechanical handle that actuates when deflected 30 degrees can trip a microswitch at 10 degrees to slightly open the window.

I’ve seen three designs for purely mechanical flush door handles in production use:

• A handle with a central hinge where one side is pushed inward to make the other side stick out to be pulled. This design has been used on aircraft for many decades, and has also made its way to a few cars.
• A pull-up door handle with an additional flap in front of the access area. This was used on the Subaru XT/Alcyone/Vortex.
• A handle that pushes in to open, usually found on a portion of the door that’s more horizontal to the ground. Used on the C3 Corvette, among others.

The push-then-pull central hinge is probably not a great choice for the application because its operation will be less obvious to a rescuer trying to get the door open quickly. It’s still better than something that requires electronics.

The rental cars in question were, in fact Corvettes. Corvettes are still using them.

After renting a couple cars with electronic door poppers, I find them plainly worse than mechanical door latches. They’re a solution in search of a problem, and some implementations are hazardous.

This Angelfish?

I put PostmarketOS on a spare device recently. PostmarketOS describes itself as currently being in a state suitable for Linux enthusiasts to try out, not for wider use. That seems about right to me.

On the fun side, it’s proper desktop-style Linux. I can SSH to it from my laptop. I can compile software on it. I can run programs that have no business running on a phone. On the not so fun side, the cameras barely work, data over USB doesn’t work at all, and battery life is not good. Desktop Firefox on a phone screen is pretty bad. Rumor has it there’s some support for Android apps, but I’ve been looking at Waydroid’s splash screen for a long time now with no progress.

Reddit has that, and the ability to follow a user and get notifications when they post. I’m not sure it’s widely used there, but I think it would be a decent feature to add to Lemmy.