FutileRecipe @ FutileRecipe @lemmy.world

Posts

9

Comments

400

Joined

2 yr. ago

Production environment is typically in the corporate world, not usually a homelab. Service providers often have a SLA uptime guarantee of 99%. They don't often push patches as soon as available due to the varied nature of corporate environment. They don't have one or two PCs to worry about: they can have tens of thousands. Downtime equates to money lost. So patches get tested before being deployed. Depending on the patch, that can be 48 hours to a week or two. Major OS upgrades can be months-long test, but the company usually does that and follows it while it's still in beta.

Updates are pointed to a server the company controls, not the Internet. Updates get tested on test servers and test machines that replicate those in production. It typically gets monitored for 48 hours to measure glitches and performance. Once satisfied, the company controlled update server pushes into production machines.

Why test patches before deploying to productions?

Automatic updates are a thing and should be everywhere.

Absolutely not...most especially prior to production deployment. How else would someone see the change logs before hand or see/test if it would hurt their environment?

with limited budget, what is the best way to get as many people as possible to have their communications encrypted?

They could dump their existing code that let users SMS non-Signal users and upgrade it automatically to E2EE if the other number has Signal. Oh wait, that would worth adoption, nevermind.

Insecure in what way?

In the fact it doesn't have a major Android upgrade and probably not routine security which includes numerous security and CVE fixes. A quick search says (unofficially) NothingOS promised updates once every two months but aren't even honoring that.

Or are you implying that Android 13 is at least as secure as Android 14 or that a two month old OS (which includes all those CVEs) is secure?

https://source.android.com/docs/security/bulletin/asb-overview#sources

I dont like that phrasing. To me, that implies all browsers are based on it, not just those on their recommended list (as in Chrome).

There are three big reasons why we’re removing SMS support for the Android app now: prioritizing security and privacy, ensuring people aren’t hit with unexpected messaging bills, and creating a clear and intelligible user experience for anyone sending messages on Signal.

To me, all of those reasons are BS and easily gotten around. "Unexpected messaging bills?" Have a popup that warns you that this user doesn't have an account and is about to send a SMS, potentially incurring a cost, as an example.

They just didn't want to maintain the code and chased some users away. https://www.signal.org/blog/sms-removal-android/

You know landlines are still in use, right?

Mine didn't work so well when I left the house.

The fuck would I want to actively give all that data to Google for?

Heard of GrapheneOS on the Pixel line? "GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project." https://grapheneos.org/

fairly old Samsung tablets to use at work, and they’re absolute shit to set up when compared to an iPad. There’s all the stock Google apps, and all the stock Samsung apps that offer the same fucking features, and they keep bugging you to set them up.

Samsung is not the best manufacturer, plus you said old. Either one is bad, but that's a terrible combo. And all the Google apps and OEM bloatware is fixed (gone) with a deGoogled OS like Graphene's.

One of the many reasons I stick with Pixels. Best security combined with friendliest 3rd party OS support.

Working for me on the latest (2024012600) GrapheneOS with January 2024 security update.

It's under Settings > About Phone > Android Version > Android Security Update.

Mine, also with GrapheneOS, is on January 2024 with no issues.

Not really. DQ is a fairly large chain.

Since SMS is already sent in the clear, I actually use Google Messages. For those who also have it, it upgrades the SMS to RCS with end-to-end encryption. Sure, it's nowhere near as good as Signal (which OP says these people won't use), but it's better than plain-text SMS.

How RCS chats keep your conversations secure

well why don’t I just buy an iPhone then for longer os support

I've never owned an iPhone so I'm not too up to date on this, but a 30 second search (meaning I could be wrong), says:

"But it is around 5-6 years based on precedence. The iPhone 6s probably had its last major software update with iOS 14(2020)." https://discussions.apple.com/thread/252455935

I can't speak on Samsung, but Google is getting much better with updates. Hopefully Samsung follows suit. The Pixel 6 and 7 get 5 years, and the Pixel 8 getting 7 years. https://support.google.com/pixelphone/answer/4457705

Edit: to me, the Pixel is one of the best phone lines, especially when you consider GrapheneOS support and alternative OS in general support. However, I think Google falls way short on marketing, which is why they never really took off.

I am using rethink dns so i can't run a vpn

RethinkDNS VPN / Proxifier: Rethink supports forwarding TCP and UDP connections over SOCKS5, HTTP CONNECT, and WireGuard tunnels. Split-tunneling further helps run multiple such tunnels at the same time and lets users route different apps over different tunnels. For example, one could route Firefox over SOCKS5 connecting to Tor, Netflix over WireGuard connecting through any popular VPN provider, and Telegram or WhatsApp over censorship-resistant HTTP CONNECT endpoints at the same time.

All your data will pass over other hardware owned by other people. The only real online privacy is not connecting to the internet to begin with.

And now we're entering into the realm of encryption, especially end-to-end. Generally speaking, just because you're sending information that touches other people's hardware, doesn't mean it's public and readable.

I was gonna say air filter.

Specifically, the plug-ins are using our services in an unauthorized manner, which is causing significant economic harm to our Company.

How does this cause them "significant economic harm?" My immediate thought is they are losing out on data or ads, hence it being a privacy concern.

Lawnchair, according to the devs, is not abandoned. In late November (of 2023), they said:

Sorry for the long break in Lawnchair announcements.

We have made significant progress in regards to Lawnchair development, and we are now actually developing Lawnchair 13 (with A13 QuickSwitch support) and custom-made no-root global search. Stay tuned for more updates and sneak peeks.

Coming soon to a lawnmower near you™

(And no, we are not dead. Also No ETAs.)

Then in December:

Hello again!

This time around, we are now developing Lawnchair 14 (with A14 QuickSwitch support). Alongside that, we are also re-adding an option to Hide Dock and options for custom Feed Providers, alongside other new features (we wont give too many spoilers 👀)

We also plan to support QuickSwitch for Android 11 to Android 14, so you can use Lawnchair with QuickSwitch on all your recent devices. (We will prioritize A12.1 to A14 first though).

(As always, No ETAs)

Pixel 4a? To be fair, you're not the current target audience of GrapheneOS since your device is "end-of-life, no longer receive firmware or driver security updates and receive extended support from GrapheneOS via a legacy branch based on Android 13 with only the Android Open Source Project security backports, certain other security patches and other minimal changes to keep them working." And it's been that way for 4ish months.